Presentation is loading. Please wait.

Presentation is loading. Please wait.

Foundations of Organizational Information Assurance Fall 2007 Dr. Barbara Endicott-Popovsky IMT551.

Published byJulian Bailey Modified over 9 years ago

Similar presentations

Presentation on theme: "Foundations of Organizational Information Assurance Fall 2007 Dr. Barbara Endicott-Popovsky IMT551."— Presentation transcript:

1 Foundations of Organizational Information Assurance Fall 2007 Dr. Barbara Endicott-Popovsky IMT551

2

3 “OJT” Certification Education The Options …

4 The CIA of IA Confidentiality Integrity Availability ƒ(context, needs, customs, laws)

5 CIA Implementation Controls DefinitionToolsDependencies Confidentiality Concealment of info & resources Hide existence of info & resources Encryption Access control Reliance on system Assumptions & trust about reliance Integrity Trustworthiness of info & resources - Authentication Correctness of data - Data integrity Prevention - Block attempts - Unauth. actions Detection - Block attempts - Unauth. actions Assumptions about source Trust of source Availability Ability to use info & resources System design Statistical models of use Accuracy of statistical models ID anomalies

6 Governance CISO Corp Counsel Business Mgmt IT Legal HR Comm IT Mgmt IT Engineering Business Mgmt IT Legal HR Comm. Enterprise-Wide Implementation of IA Governance CIO CISO Corp Counsel CPA firm Business Goals Secure IT Systems

7 Organization Mission What do you wish to secure? Decide what “secure” means to you, Then identify the threats you care about. Virus Identity Theft Denial of Service Espionage Stolen Customer Data Modified Databases Cyberterrorism Equipment Theft

8 Policies Policies can range from standards to guidelines; general to procedural Policies are requirements for security solutions Controls derive from policies Consequences tied to policies

9 Plethora of Legislation and Regulation Govt. Requirements for better security –HIPAA: Health Insurance Portability & Accountability Act –Sarbanes Oxley –US Patriot Act And more are coming….

10 Threats to Personal Privacy Buying / selling confidential Social Security info. Browsing IRS files. Buying / selling bank account name lists. E-commerce credit card #s, names, passwords

11

Download ppt "Foundations of Organizational Information Assurance Fall 2007 Dr. Barbara Endicott-Popovsky IMT551."

Similar presentations

IT Security Policy Framework

IT Security Policy Framework
Why Security? A Commitment for [the Agency’s] Executives [CIO’s name] EC Presentation [date]

Why Security? A Commitment for [the Agency’s] Executives [CIO’s name] EC Presentation [date]
Red Flag Rules: What they are? & What you need to do

Red Flag Rules: What they are? & What you need to do
HIPAA Security Standards Emmanuelle Mirsakov USC School of Pharmacy.

HIPAA Security Standards Emmanuelle Mirsakov USC School of Pharmacy.
Massachusetts privacy law and your business  Jonathan Gossels, President, SystemExperts Corporation  Moderator: Illena Armstrong  Actual Topic: Intersecting.

Massachusetts privacy law and your business  Jonathan Gossels, President, SystemExperts Corporation  Moderator: Illena Armstrong  Actual Topic: Intersecting.
11 Section D: SQL  SQL Basics  Adding Records  Searching for Information  Updating Fields  Joining Tables Chapter 11: Databases1.

11 Section D: SQL  SQL Basics  Adding Records  Searching for Information  Updating Fields  Joining Tables Chapter 11: Databases1.
September 10, 2012Introduction to Computer Security ©2004 Matt Bishop Slide #1-1 Chapter 1: Introduction Components of computer security Threats Policies.

September 10, 2012Introduction to Computer Security ©2004 Matt Bishop Slide #1-1 Chapter 1: Introduction Components of computer security Threats Policies.
Chap 1: Overview Concepts of CIA: confidentiality, integrity, and availability Confidentiality: concealment of information –The need arises from sensitive.

Chap 1: Overview Concepts of CIA: confidentiality, integrity, and availability Confidentiality: concealment of information –The need arises from sensitive.
Information Security Policies Larry Conrad September 29, 2009.

Information Security Policies Larry Conrad September 29, 2009.
Security Controls – What Works

Security Controls – What Works
Information Security Policies and Standards

Information Security Policies and Standards
Security+ Guide to Network Security Fundamentals

Security+ Guide to Network Security Fundamentals
1 An Overview of Computer Security computer security.

1 An Overview of Computer Security computer security.
INFO498 Information Security Fall 2004 Lesson 1 Barbara Endicott-Popovsky INFO498.

INFO498 Information Security Fall 2004 Lesson 1 Barbara Endicott-Popovsky INFO498.
CSE 4482, 2009 Session 21 Personal Information Protection and Electronic Documents Act Payment Card Industry standard Web Trust Sys Trust.

CSE 4482, 2009 Session 21 Personal Information Protection and Electronic Documents Act Payment Card Industry standard Web Trust Sys Trust.
Information Technology for the Health Professions, 2/e By Lillian Burke and Barbara Weill ©2005 Pearson Education, Inc. Pearson Prentice Hall Upper Saddle.

Information Technology for the Health Professions, 2/e By Lillian Burke and Barbara Weill ©2005 Pearson Education, Inc. Pearson Prentice Hall Upper Saddle.
July 1, 2004Computer Security: Art and Science ©2002-2004 Matt Bishop Slide #1-1 Chapter 1: Introduction Components of computer security Threats Policies.

July 1, 2004Computer Security: Art and Science © Matt Bishop Slide #1-1 Chapter 1: Introduction Components of computer security Threats Policies.
Stephen S. Yau CSE465 & CSE591, Fall 2006 1 Information Assurance (IA) & Security Overview Concepts Security principles & strategies Techniques Guidelines,

Stephen S. Yau CSE465 & CSE591, Fall Information Assurance (IA) & Security Overview Concepts Security principles & strategies Techniques Guidelines,
Security Overview. 2 Objectives Understand network security Understand security threat trends and their ramifications Understand the goals of network.

Security Overview. 2 Objectives Understand network security Understand security threat trends and their ramifications Understand the goals of network.
Topics in Information Security Prof. JoAnne Holliday Santa Clara University.

Topics in Information Security Prof. JoAnne Holliday Santa Clara University.

Similar presentations

Ads by Google