Presentation is loading. Please wait.

Presentation is loading. Please wait.

Lecture 29 Information Security

Published byLeonard Jonathan Fields Modified over 9 years ago

Similar presentations

Presentation on theme: "Lecture 29 Information Security"— Presentation transcript:

1 Lecture 29 Information Security

2 Overview The CIA Security Governance Information Classification
Policies, Procedures, etc. Organizational Structures Roles and Responsibilities Information Classification Risk Management

3 The CIA: Information Security Principles
Confidentiality Allowing only authorized subjects access to information Integrity Allowing only authorized subjects to modify information Availability Ensuring that information and resources are accessible when needed

4 Reverse CIA Confidentiality Integrity Availability
Preventing unauthorized subjects from accessing information Integrity Preventing unauthorized subjects from modifying information Availability Preventing information and resources from being inaccessible when needed

5 Using the CIA Think in terms of the core information security principles How does this threat impact the CIA? What controls can be used to reduce the risk to CIA? If we increase confidentiality, will we decrease availability?

6 Security Governance Security Governance is the organizational processes and relationships for managing risk Policies, Procedures, Standards, Guidelines, Baselines Organizational Structures Roles and Responsibilities

7 Policy Mapping Laws, Regulations, Requirements, Organizational Goals, Objectives General Organizational Policies Functional Policies Procedures Standards Guidelines Baselines

8 Policies Policies are statements of management intentions and goals
Senior Management support and approval is vital to success General, high-level objectives Acceptable use, internet access, logging, information security, etc

9 Procedures Procedures are detailed steps to perform a specific task
Usually required by policy Decommissioning resources, adding user accounts, deleting user accounts, change management, etc

10 Standards Standards specify the use of specific technologies in a uniform manner Requires uniformity throughout the organization Operating systems, applications, server tools, router configurations, etc

11 Guidelines Guidelines are recommended methods for performing a task
Recommended, but not required Malware cleanup, spyware removal, data conversion, sanitization, etc

12 Baselines Baselines are similar to standards but account for differences in technologies and versions from different vendors Operating system security baselines FreeBSD 6.2, Mac OS X Panther, Solaris 10, Red Hat Enterprise Linux 5, Windows 2000, Windows XP, Windows Vista, etc

Download ppt "Lecture 29 Information Security"

Similar presentations

Information Technology – Guidelines for the Management of IT Security

Information Technology – Guidelines for the Management of IT Security
FDCC Implementation Efforts at Idaho National Laboratory Justin Hansen NLIT 2009.

FDCC Implementation Efforts at Idaho National Laboratory Justin Hansen NLIT 2009.
Deploying GMP Applications Scott Fry, Director of Professional Services.

Deploying GMP Applications Scott Fry, Director of Professional Services.
A Technical Overview of Microsoft Forefront Client Security (FCS) Howard Chow Microsoft MVP.

A Technical Overview of Microsoft Forefront Client Security (FCS) Howard Chow Microsoft MVP.
Security Controls – What Works

Security Controls – What Works
Information Security Policies and Standards

Information Security Policies and Standards
Security Management Practices Keith A. Watson, CISSP CERIAS.

Security Management Practices Keith A. Watson, CISSP CERIAS.
NIST framework vs TENACE Protect Function (Sestriere, 21-23 Gennaio 2015)

NIST framework vs TENACE Protect Function (Sestriere, Gennaio 2015)
© 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Security Policies and Implementation Issues.

© 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company All rights reserved. Security Policies and Implementation Issues.
Stephen S. Yau CSE 465-591, Fall 2006 1 Security Strategies.

Stephen S. Yau CSE , Fall Security Strategies.
Chapter 7 Database Auditing Models

Chapter 7 Database Auditing Models
Mastering Windows Network Forensics and Investigation Chapter 14: Other Audit Events.

Mastering Windows Network Forensics and Investigation Chapter 14: Other Audit Events.
Module 8: Implementing Administrative Templates and Audit Policy.

Module 8: Implementing Administrative Templates and Audit Policy.
Presented by Manager, MIS.  GRIDCo’s intentions for publishing an Acceptable Use Policy are not to impose restrictions that are contrary to GRIDCo’s.

Presented by Manager, MIS.  GRIDCo’s intentions for publishing an Acceptable Use Policy are not to impose restrictions that are contrary to GRIDCo’s.
Chapter 7 WORKING WITH GROUPS.

Chapter 7 WORKING WITH GROUPS.
Module 16: Software Maintenance Using Windows Server Update Services.

Module 16: Software Maintenance Using Windows Server Update Services.
Release & Deployment ITIL Version 3

Release & Deployment ITIL Version 3
© Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. Automatically control.

© Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. Automatically control.
Principles of Computer Security: CompTIA Security + ® and Beyond, Second Edition © 2010 Baselines Chapter 14.

Principles of Computer Security: CompTIA Security + ® and Beyond, Second Edition © 2010 Baselines Chapter 14.
Audit – Proof Information System Security Controls Wednesday, August 18, 2010 John R. Robles Tel: 787-647-3961.

Audit – Proof Information System Security Controls Wednesday, August 18, 2010 John R. Robles Tel:

Similar presentations

Ads by Google