SlideShare ist ein Scribd-Unternehmen logo
1 von 22
Downloaden Sie, um offline zu lesen
Distance Education for Africa / Enseignement á Distance Pour L’Afrique WWW.DEAFRICA.COM
Cyber Security VS Information
Assurance
Olufemi Vaughan CISA, ITIL
Instructor, DeAfrica
July, 2015
Distance Education for Africa / Enseignement á Distance Pour L’Afrique WWW.DEAFRICA.COM
Table of Contents:
Cyber Security vs Information Assurance: What is
the difference?
Introduction to Cyber Security and Information
Assurance: What is the difference?
Careers in Cyber security: challenges and issues
and how to prepare for them
Distance Education for Africa / Enseignement á Distance Pour L’Afrique WWW.DEAFRICA.COM
Introduction
 Richard Clarke was famously heard to say, "If
you spend more on coffee than on IT security,
then you will be hacked. What's more, you
deserve to be hacked.”
 The growing number of attacks on our cyber
networks has become, in President Obama’s
words, “one of the most serious economic and
national security threats our nation faces.”
Distance Education for Africa / Enseignement á Distance Pour L’Afrique WWW.DEAFRICA.COM
What is Cyber Security?
 Cyber security is the process of applying security
measures to ensure confidentiality, integrity, and
availability of data. Cyber security attempts to assure the
protection of assets, which includes data, desktops,
servers, buildings, and most importantly, humans. The
goal of cyber security is to protect data both in transit and
at rest.
Distance Education for Africa / Enseignement á Distance Pour L’Afrique WWW.DEAFRICA.COM
Who and What is at Risk?
 Economy
 Defense
 Transportation
 Medical
 Government
 Telecommunications
 Energy Sector
 Critical Infrastructure
 Computers/Cable TV/Phones/MP3/Games
Distance Education for Africa / Enseignement á Distance Pour L’Afrique WWW.DEAFRICA.COM
What is Information Assurance?
Information assurance is the process of adding
business benefit through the use of Information
Risk Management which increases the utility of
information to authorized users, and reduces
the utility of information to those unauthorized.
It is strongly related to the field of information
security, and also with business continuity.
Distance Education for Africa / Enseignement á Distance Pour L’Afrique WWW.DEAFRICA.COM
Fundamental Concept of
Information Assurance
 Confidentiality (privacy)
 Integrity (quality, accuracy, relevance)
 Availability (accessibility)
Distance Education for Africa / Enseignement á Distance Pour L’Afrique WWW.DEAFRICA.COM
Information Assurance Process
The information assurance process typically
begins with the enumeration and classification
of the information assets to be protected. Next,
the IA practitioner will perform a risk
assessment for those assets. Vulnerabilities in
the information assets are determined in order
to enumerate the threats capable of exploiting
the assets.
Distance Education for Africa / Enseignement á Distance Pour L’Afrique WWW.DEAFRICA.COM
Information Assurance Process
The assessment then considers both the
probability and impact of a threat exploiting a
vulnerability in an asset, with impact usually
measured in terms of cost to the asset's
stakeholders. The sum of the products of the
threats' impact and the probability of their
occurring is the total risk to the information
asset.
Distance Education for Africa / Enseignement á Distance Pour L’Afrique WWW.DEAFRICA.COM
Information Assurance Process
With the risk assessment complete, the IA
practitioner then develops a risk management
plan. This plan proposes countermeasures that
involve mitigating, eliminating, accepting, or
transferring the risks, and considers prevention,
detection, and response to threats. A
framework published by a standards
organization, such as Risk IT, CobiT, PCI DSS
or ISO/IEC 27002, may guide development.
Distance Education for Africa / Enseignement á Distance Pour L’Afrique WWW.DEAFRICA.COM
Information Assurance Process
After the risk management plan is
implemented, it is tested and evaluated, often
by means of formal audits. The IA process is
an iterative one, in that the risk assessment
and risk management plan are meant to be
periodically revised and improved based on
data gathered about their completeness and
effectiveness.
Distance Education for Africa / Enseignement á Distance Pour L’Afrique WWW.DEAFRICA.COM
Concept of Information Security
Physical Security: This is a significant part of any security system
and cannot be ignored as it is an important line of defense for
most organizations. Hardware Security can be primarily
considered under Physical Security, even though some of the
components of the hardware can be considered under other
securities such as Network Security. TCP/IP is the underlying
protocol for computer communication that facilitates distributed
connectivity and communication facilities for sharing data between
two computers present at different locations. TCP/IP is the
underlying protocol that resulted in the invention of the Internet
and the World Wide Web (WWW).
Distance Education for Africa / Enseignement á Distance Pour L’Afrique WWW.DEAFRICA.COM
Concept of Information Security
Network Security: This is extremely essential to protect the data that is being
transmitted and guarantee that the data is not tampered with during the
transmission.
Communications Security, that is, securing communications through the use of
various mechanisms, can be considered broadly as a part of Network Security.
Secure routing mechanisms, secure session mechanisms, and secure encryption
mechanisms may be considered as part of Communications Security.
Software Security, which broadly deals with the Operating System Security, the
Application Security, and the security of software utilities/tools, including the
security of tools used to provide information security. Operating systems provide
many of the functionalities required for the servers and computers to work
effectively, including communication capabilities with other systems, processing of
information, and effective functioning of applications.
Distance Education for Africa / Enseignement á Distance Pour L’Afrique WWW.DEAFRICA.COM
Human or personnel security is another important layer.
Keeping personnel motivated, making them aware of the
information security risks, and involving them in the
implementation of the same is an important aspect of information
security which cannot be forgotten at any cost. Employees
(permanent or temporary), contractors, and suppliers are all
significant in this regard.
Distance Education for Africa / Enseignement á Distance Pour L’Afrique WWW.DEAFRICA.COM
Internet Usage
 In 1995, 16 million users (0.4%)
 In 2010, 1.6 billion users (23.5%)
 In 2015, 3 billion users (47%)
 Unable to treat physical and cyber security
separately, they are intertwined.
Distance Education for Africa / Enseignement á Distance Pour L’Afrique WWW.DEAFRICA.COM
Distance Education for Africa / Enseignement á Distance Pour L’Afrique WWW.DEAFRICA.COM
 A threat is any potential danger to information and
systems
 3 levels of cyber threats
 Unstructured
 Structured
 Highly structured
 Two types of threats: Internal and External
Security Threats
Distance Education for Africa / Enseignement á Distance Pour L’Afrique WWW.DEAFRICA.COM
External Threats
Distance Education for Africa / Enseignement á Distance Pour L’Afrique WWW.DEAFRICA.COM
Internal Threat
Internal threats originate from within the organization. The
primary contributors to internal threats are employees,
contractors, or suppliers to whom work is outsourced. The
major threats are frauds, misuse of information, and/or
destruction of information. Many internal threats primarily
originate for the following reasons:
Distance Education for Africa / Enseignement á Distance Pour L’Afrique WWW.DEAFRICA.COM
Internal Threat
Weak Security Policy
Weak Security Administration
Lack of User Security Awareness
Layered Security and Defense In-depth
Security
Distance Education for Africa / Enseignement á Distance Pour L’Afrique WWW.DEAFRICA.COM
Layered Approach to Security
Distance Education for Africa / Enseignement á Distance Pour L’Afrique WWW.DEAFRICA.COM
Questions?
For more information,
please visit
www.deafrica.org
or email
info@deafrica.org

Weitere ähnliche Inhalte

Was ist angesagt?

Information security in todays world
Information security in todays worldInformation security in todays world
Information security in todays worldSibghatullah Khattak
 
NIST CyberSecurity Framework: An Overview
NIST CyberSecurity Framework: An OverviewNIST CyberSecurity Framework: An Overview
NIST CyberSecurity Framework: An OverviewTandhy Simanjuntak
 
Cybersecurity Frameworks | NIST Cybersecurity Framework | Cybersecurity Certi...
Cybersecurity Frameworks | NIST Cybersecurity Framework | Cybersecurity Certi...Cybersecurity Frameworks | NIST Cybersecurity Framework | Cybersecurity Certi...
Cybersecurity Frameworks | NIST Cybersecurity Framework | Cybersecurity Certi...Edureka!
 
Cybersecurity Attack Vectors: How to Protect Your Organization
Cybersecurity Attack Vectors: How to Protect Your OrganizationCybersecurity Attack Vectors: How to Protect Your Organization
Cybersecurity Attack Vectors: How to Protect Your OrganizationTriCorps Technologies
 
Cyber Security 101: Training, awareness, strategies for small to medium sized...
Cyber Security 101: Training, awareness, strategies for small to medium sized...Cyber Security 101: Training, awareness, strategies for small to medium sized...
Cyber Security 101: Training, awareness, strategies for small to medium sized...Stephen Cobb
 
Information security for dummies
Information security for dummiesInformation security for dummies
Information security for dummiesIvo Depoorter
 
Basics of Information System Security
Basics of Information System SecurityBasics of Information System Security
Basics of Information System Securitychauhankapil
 
STRIDE And DREAD
STRIDE And DREADSTRIDE And DREAD
STRIDE And DREADchuckbt
 
Latest Top 10 Types of Cyber Security Threats
Latest Top 10 Types of Cyber Security ThreatsLatest Top 10 Types of Cyber Security Threats
Latest Top 10 Types of Cyber Security ThreatsB R SOFTECH PVT LTD
 
Network Security
Network SecurityNetwork Security
Network SecurityMAJU
 
Information Assurance And Security - Chapter 1 - Lesson 1
Information Assurance And Security - Chapter 1 - Lesson 1Information Assurance And Security - Chapter 1 - Lesson 1
Information Assurance And Security - Chapter 1 - Lesson 1MLG College of Learning, Inc
 
Information security
Information security Information security
Information security AishaIshaq4
 
NIST cybersecurity framework
NIST cybersecurity frameworkNIST cybersecurity framework
NIST cybersecurity frameworkShriya Rai
 
What is network security and Types
What is network security and TypesWhat is network security and Types
What is network security and TypesVikram Khanna
 
Network Security ppt
Network Security pptNetwork Security ppt
Network Security pptSAIKAT BISWAS
 
Vulnerability assessment and penetration testing
Vulnerability assessment and penetration testingVulnerability assessment and penetration testing
Vulnerability assessment and penetration testingAbu Sadat Mohammed Yasin
 

Was ist angesagt? (20)

Information security in todays world
Information security in todays worldInformation security in todays world
Information security in todays world
 
Cybersecurity
CybersecurityCybersecurity
Cybersecurity
 
NIST CyberSecurity Framework: An Overview
NIST CyberSecurity Framework: An OverviewNIST CyberSecurity Framework: An Overview
NIST CyberSecurity Framework: An Overview
 
Cybersecurity Frameworks | NIST Cybersecurity Framework | Cybersecurity Certi...
Cybersecurity Frameworks | NIST Cybersecurity Framework | Cybersecurity Certi...Cybersecurity Frameworks | NIST Cybersecurity Framework | Cybersecurity Certi...
Cybersecurity Frameworks | NIST Cybersecurity Framework | Cybersecurity Certi...
 
Cybersecurity Attack Vectors: How to Protect Your Organization
Cybersecurity Attack Vectors: How to Protect Your OrganizationCybersecurity Attack Vectors: How to Protect Your Organization
Cybersecurity Attack Vectors: How to Protect Your Organization
 
Cyber Security 101: Training, awareness, strategies for small to medium sized...
Cyber Security 101: Training, awareness, strategies for small to medium sized...Cyber Security 101: Training, awareness, strategies for small to medium sized...
Cyber Security 101: Training, awareness, strategies for small to medium sized...
 
Information security for dummies
Information security for dummiesInformation security for dummies
Information security for dummies
 
Basics of Information System Security
Basics of Information System SecurityBasics of Information System Security
Basics of Information System Security
 
STRIDE And DREAD
STRIDE And DREADSTRIDE And DREAD
STRIDE And DREAD
 
Latest Top 10 Types of Cyber Security Threats
Latest Top 10 Types of Cyber Security ThreatsLatest Top 10 Types of Cyber Security Threats
Latest Top 10 Types of Cyber Security Threats
 
Network Security
Network SecurityNetwork Security
Network Security
 
Information Assurance And Security - Chapter 1 - Lesson 1
Information Assurance And Security - Chapter 1 - Lesson 1Information Assurance And Security - Chapter 1 - Lesson 1
Information Assurance And Security - Chapter 1 - Lesson 1
 
Information security
Information security Information security
Information security
 
NIST cybersecurity framework
NIST cybersecurity frameworkNIST cybersecurity framework
NIST cybersecurity framework
 
What is network security and Types
What is network security and TypesWhat is network security and Types
What is network security and Types
 
Network Security ppt
Network Security pptNetwork Security ppt
Network Security ppt
 
Security Awareness Training by Fortinet
Security Awareness Training by FortinetSecurity Awareness Training by Fortinet
Security Awareness Training by Fortinet
 
Vulnerability assessment and penetration testing
Vulnerability assessment and penetration testingVulnerability assessment and penetration testing
Vulnerability assessment and penetration testing
 
CyberSecurity
CyberSecurityCyberSecurity
CyberSecurity
 
Information Security
Information SecurityInformation Security
Information Security
 

Andere mochten auch (6)

Theories of Gender Development
Theories of Gender DevelopmentTheories of Gender Development
Theories of Gender Development
 
Gender and development
Gender and developmentGender and development
Gender and development
 
Gender issues
Gender issuesGender issues
Gender issues
 
INFORMATION SECURITY
INFORMATION SECURITYINFORMATION SECURITY
INFORMATION SECURITY
 
GENDER DIFFERENCES POWERPOINT
GENDER DIFFERENCES POWERPOINT GENDER DIFFERENCES POWERPOINT
GENDER DIFFERENCES POWERPOINT
 
gender and development
gender and developmentgender and development
gender and development
 

Ähnlich wie Cyber security vs information assurance

Chapter 6 Security of Information and Cyber Security(FASS)
Chapter 6 Security of Information and Cyber Security(FASS)Chapter 6 Security of Information and Cyber Security(FASS)
Chapter 6 Security of Information and Cyber Security(FASS)Md Shaifullar Rabbi
 
Concept Of Cyber Security.pdf
Concept Of Cyber Security.pdfConcept Of Cyber Security.pdf
Concept Of Cyber Security.pdfFahadZaman38
 
Combating cyber crimes chinatu
Combating cyber crimes chinatuCombating cyber crimes chinatu
Combating cyber crimes chinatuChinatu Uzuegbu
 
CYBER SECURITY COURSES IN KERALA - Offenso
CYBER SECURITY COURSES IN KERALA - OffensoCYBER SECURITY COURSES IN KERALA - Offenso
CYBER SECURITY COURSES IN KERALA - Offensooffcybers
 
Noah Maina: Computer Emergency Response Team (CERT)
Noah Maina: Computer Emergency Response Team (CERT)Noah Maina: Computer Emergency Response Team (CERT)
Noah Maina: Computer Emergency Response Team (CERT)Hamisi Kibonde
 
Cyber security and critical information infrastructure protection from a sout...
Cyber security and critical information infrastructure protection from a sout...Cyber security and critical information infrastructure protection from a sout...
Cyber security and critical information infrastructure protection from a sout...Business Finland
 
Cybersecurity Interview Questions and Answers.pdf
Cybersecurity Interview Questions and Answers.pdfCybersecurity Interview Questions and Answers.pdf
Cybersecurity Interview Questions and Answers.pdfJazmine Brown
 
Developing A Quality Product Within Budget And On Time
Developing A Quality Product Within Budget And On TimeDeveloping A Quality Product Within Budget And On Time
Developing A Quality Product Within Budget And On TimeAshley Davis
 
Building Cybersecurity Ecosystems in Africa: A Prescription for Resilience
Building Cybersecurity Ecosystems in Africa: A Prescription for ResilienceBuilding Cybersecurity Ecosystems in Africa: A Prescription for Resilience
Building Cybersecurity Ecosystems in Africa: A Prescription for ResilienceMoses Kemibaro
 
Internal Quality Assurance
Internal Quality AssuranceInternal Quality Assurance
Internal Quality AssuranceLiz Harris
 
The Security Measure Can Be Deployed For Enhancing Cyber...
The Security Measure Can Be Deployed For Enhancing Cyber...The Security Measure Can Be Deployed For Enhancing Cyber...
The Security Measure Can Be Deployed For Enhancing Cyber...Katreka Howard
 
what is cybersecurity.pdf
what is cybersecurity.pdfwhat is cybersecurity.pdf
what is cybersecurity.pdfpublicchats
 
Secure your network to secure your reputation and your income
Secure your network to secure your reputation and your incomeSecure your network to secure your reputation and your income
Secure your network to secure your reputation and your incomeUnify
 
Essay About Threats To Computer And Data Systems Today
Essay About Threats To Computer And Data Systems TodayEssay About Threats To Computer And Data Systems Today
Essay About Threats To Computer And Data Systems TodayAngilina Jones
 
Cyber-Security-Unit-1.pptx
Cyber-Security-Unit-1.pptxCyber-Security-Unit-1.pptx
Cyber-Security-Unit-1.pptxTikdiPatel
 
The Cost Of Preventing Breaches Educause Nat Conf Denver Nov 09
The Cost Of Preventing Breaches Educause Nat Conf Denver Nov 09The Cost Of Preventing Breaches Educause Nat Conf Denver Nov 09
The Cost Of Preventing Breaches Educause Nat Conf Denver Nov 09Tammy Clark
 
The Security Of A Home Network
The Security Of A Home NetworkThe Security Of A Home Network
The Security Of A Home NetworkAlexis Naranjo
 

Ähnlich wie Cyber security vs information assurance (20)

Bright future ahead in Cybersecurity
Bright future ahead in CybersecurityBright future ahead in Cybersecurity
Bright future ahead in Cybersecurity
 
Chapter 6 Security of Information and Cyber Security(FASS)
Chapter 6 Security of Information and Cyber Security(FASS)Chapter 6 Security of Information and Cyber Security(FASS)
Chapter 6 Security of Information and Cyber Security(FASS)
 
Cyber security standards
Cyber security standardsCyber security standards
Cyber security standards
 
Concept Of Cyber Security.pdf
Concept Of Cyber Security.pdfConcept Of Cyber Security.pdf
Concept Of Cyber Security.pdf
 
Combating cyber crimes chinatu
Combating cyber crimes chinatuCombating cyber crimes chinatu
Combating cyber crimes chinatu
 
CYBER SECURITY COURSES IN KERALA - Offenso
CYBER SECURITY COURSES IN KERALA - OffensoCYBER SECURITY COURSES IN KERALA - Offenso
CYBER SECURITY COURSES IN KERALA - Offenso
 
Noah Maina: Computer Emergency Response Team (CERT)
Noah Maina: Computer Emergency Response Team (CERT)Noah Maina: Computer Emergency Response Team (CERT)
Noah Maina: Computer Emergency Response Team (CERT)
 
Case Study.pdf
Case Study.pdfCase Study.pdf
Case Study.pdf
 
Cyber security and critical information infrastructure protection from a sout...
Cyber security and critical information infrastructure protection from a sout...Cyber security and critical information infrastructure protection from a sout...
Cyber security and critical information infrastructure protection from a sout...
 
Cybersecurity Interview Questions and Answers.pdf
Cybersecurity Interview Questions and Answers.pdfCybersecurity Interview Questions and Answers.pdf
Cybersecurity Interview Questions and Answers.pdf
 
Developing A Quality Product Within Budget And On Time
Developing A Quality Product Within Budget And On TimeDeveloping A Quality Product Within Budget And On Time
Developing A Quality Product Within Budget And On Time
 
Building Cybersecurity Ecosystems in Africa: A Prescription for Resilience
Building Cybersecurity Ecosystems in Africa: A Prescription for ResilienceBuilding Cybersecurity Ecosystems in Africa: A Prescription for Resilience
Building Cybersecurity Ecosystems in Africa: A Prescription for Resilience
 
Internal Quality Assurance
Internal Quality AssuranceInternal Quality Assurance
Internal Quality Assurance
 
The Security Measure Can Be Deployed For Enhancing Cyber...
The Security Measure Can Be Deployed For Enhancing Cyber...The Security Measure Can Be Deployed For Enhancing Cyber...
The Security Measure Can Be Deployed For Enhancing Cyber...
 
what is cybersecurity.pdf
what is cybersecurity.pdfwhat is cybersecurity.pdf
what is cybersecurity.pdf
 
Secure your network to secure your reputation and your income
Secure your network to secure your reputation and your incomeSecure your network to secure your reputation and your income
Secure your network to secure your reputation and your income
 
Essay About Threats To Computer And Data Systems Today
Essay About Threats To Computer And Data Systems TodayEssay About Threats To Computer And Data Systems Today
Essay About Threats To Computer And Data Systems Today
 
Cyber-Security-Unit-1.pptx
Cyber-Security-Unit-1.pptxCyber-Security-Unit-1.pptx
Cyber-Security-Unit-1.pptx
 
The Cost Of Preventing Breaches Educause Nat Conf Denver Nov 09
The Cost Of Preventing Breaches Educause Nat Conf Denver Nov 09The Cost Of Preventing Breaches Educause Nat Conf Denver Nov 09
The Cost Of Preventing Breaches Educause Nat Conf Denver Nov 09
 
The Security Of A Home Network
The Security Of A Home NetworkThe Security Of A Home Network
The Security Of A Home Network
 

Kürzlich hochgeladen

AI You Can Trust - Ensuring Success with Data Integrity Webinar
AI You Can Trust - Ensuring Success with Data Integrity WebinarAI You Can Trust - Ensuring Success with Data Integrity Webinar
AI You Can Trust - Ensuring Success with Data Integrity WebinarPrecisely
 
Videogame localization & technology_ how to enhance the power of translation.pdf
Videogame localization & technology_ how to enhance the power of translation.pdfVideogame localization & technology_ how to enhance the power of translation.pdf
Videogame localization & technology_ how to enhance the power of translation.pdfinfogdgmi
 
KubeConEU24-Monitoring Kubernetes and Cloud Spend with OpenCost
KubeConEU24-Monitoring Kubernetes and Cloud Spend with OpenCostKubeConEU24-Monitoring Kubernetes and Cloud Spend with OpenCost
KubeConEU24-Monitoring Kubernetes and Cloud Spend with OpenCostMatt Ray
 
Secure your environment with UiPath and CyberArk technologies - Session 1
Secure your environment with UiPath and CyberArk technologies - Session 1Secure your environment with UiPath and CyberArk technologies - Session 1
Secure your environment with UiPath and CyberArk technologies - Session 1DianaGray10
 
The Data Metaverse: Unpacking the Roles, Use Cases, and Tech Trends in Data a...
The Data Metaverse: Unpacking the Roles, Use Cases, and Tech Trends in Data a...The Data Metaverse: Unpacking the Roles, Use Cases, and Tech Trends in Data a...
The Data Metaverse: Unpacking the Roles, Use Cases, and Tech Trends in Data a...Aggregage
 
Meet the new FSP 3000 M-Flex800™
Meet the new FSP 3000 M-Flex800™Meet the new FSP 3000 M-Flex800™
Meet the new FSP 3000 M-Flex800™Adtran
 
IaC & GitOps in a Nutshell - a FridayInANuthshell Episode.pdf
IaC & GitOps in a Nutshell - a FridayInANuthshell Episode.pdfIaC & GitOps in a Nutshell - a FridayInANuthshell Episode.pdf
IaC & GitOps in a Nutshell - a FridayInANuthshell Episode.pdfDaniel Santiago Silva Capera
 
Salesforce Miami User Group Event - 1st Quarter 2024
Salesforce Miami User Group Event - 1st Quarter 2024Salesforce Miami User Group Event - 1st Quarter 2024
Salesforce Miami User Group Event - 1st Quarter 2024SkyPlanner
 
Cybersecurity Workshop #1.pptx
Cybersecurity Workshop #1.pptxCybersecurity Workshop #1.pptx
Cybersecurity Workshop #1.pptxGDSC PJATK
 
Basic Building Blocks of Internet of Things.
Basic Building Blocks of Internet of Things.Basic Building Blocks of Internet of Things.
Basic Building Blocks of Internet of Things.YounusS2
 
Using IESVE for Loads, Sizing and Heat Pump Modeling to Achieve Decarbonization
Using IESVE for Loads, Sizing and Heat Pump Modeling to Achieve DecarbonizationUsing IESVE for Loads, Sizing and Heat Pump Modeling to Achieve Decarbonization
Using IESVE for Loads, Sizing and Heat Pump Modeling to Achieve DecarbonizationIES VE
 
Connector Corner: Extending LLM automation use cases with UiPath GenAI connec...
Connector Corner: Extending LLM automation use cases with UiPath GenAI connec...Connector Corner: Extending LLM automation use cases with UiPath GenAI connec...
Connector Corner: Extending LLM automation use cases with UiPath GenAI connec...DianaGray10
 
Apres-Cyber - The Data Dilemma: Bridging Offensive Operations and Machine Lea...
Apres-Cyber - The Data Dilemma: Bridging Offensive Operations and Machine Lea...Apres-Cyber - The Data Dilemma: Bridging Offensive Operations and Machine Lea...
Apres-Cyber - The Data Dilemma: Bridging Offensive Operations and Machine Lea...Will Schroeder
 
Computer 10: Lesson 10 - Online Crimes and Hazards
Computer 10: Lesson 10 - Online Crimes and HazardsComputer 10: Lesson 10 - Online Crimes and Hazards
Computer 10: Lesson 10 - Online Crimes and HazardsSeth Reyes
 
COMPUTER 10 Lesson 8 - Building a Website
COMPUTER 10 Lesson 8 - Building a WebsiteCOMPUTER 10 Lesson 8 - Building a Website
COMPUTER 10 Lesson 8 - Building a Websitedgelyza
 
IESVE Software for Florida Code Compliance Using ASHRAE 90.1-2019
IESVE Software for Florida Code Compliance Using ASHRAE 90.1-2019IESVE Software for Florida Code Compliance Using ASHRAE 90.1-2019
IESVE Software for Florida Code Compliance Using ASHRAE 90.1-2019IES VE
 
Igniting Next Level Productivity with AI-Infused Data Integration Workflows
Igniting Next Level Productivity with AI-Infused Data Integration WorkflowsIgniting Next Level Productivity with AI-Infused Data Integration Workflows
Igniting Next Level Productivity with AI-Infused Data Integration WorkflowsSafe Software
 
activity_diagram_combine_v4_20190827.pdfactivity_diagram_combine_v4_20190827.pdf
activity_diagram_combine_v4_20190827.pdfactivity_diagram_combine_v4_20190827.pdfactivity_diagram_combine_v4_20190827.pdfactivity_diagram_combine_v4_20190827.pdf
activity_diagram_combine_v4_20190827.pdfactivity_diagram_combine_v4_20190827.pdfJamie (Taka) Wang
 
VoIP Service and Marketing using Odoo and Asterisk PBX
VoIP Service and Marketing using Odoo and Asterisk PBXVoIP Service and Marketing using Odoo and Asterisk PBX
VoIP Service and Marketing using Odoo and Asterisk PBXTarek Kalaji
 

Kürzlich hochgeladen (20)

AI You Can Trust - Ensuring Success with Data Integrity Webinar
AI You Can Trust - Ensuring Success with Data Integrity WebinarAI You Can Trust - Ensuring Success with Data Integrity Webinar
AI You Can Trust - Ensuring Success with Data Integrity Webinar
 
Videogame localization & technology_ how to enhance the power of translation.pdf
Videogame localization & technology_ how to enhance the power of translation.pdfVideogame localization & technology_ how to enhance the power of translation.pdf
Videogame localization & technology_ how to enhance the power of translation.pdf
 
KubeConEU24-Monitoring Kubernetes and Cloud Spend with OpenCost
KubeConEU24-Monitoring Kubernetes and Cloud Spend with OpenCostKubeConEU24-Monitoring Kubernetes and Cloud Spend with OpenCost
KubeConEU24-Monitoring Kubernetes and Cloud Spend with OpenCost
 
Secure your environment with UiPath and CyberArk technologies - Session 1
Secure your environment with UiPath and CyberArk technologies - Session 1Secure your environment with UiPath and CyberArk technologies - Session 1
Secure your environment with UiPath and CyberArk technologies - Session 1
 
The Data Metaverse: Unpacking the Roles, Use Cases, and Tech Trends in Data a...
The Data Metaverse: Unpacking the Roles, Use Cases, and Tech Trends in Data a...The Data Metaverse: Unpacking the Roles, Use Cases, and Tech Trends in Data a...
The Data Metaverse: Unpacking the Roles, Use Cases, and Tech Trends in Data a...
 
Meet the new FSP 3000 M-Flex800™
Meet the new FSP 3000 M-Flex800™Meet the new FSP 3000 M-Flex800™
Meet the new FSP 3000 M-Flex800™
 
IaC & GitOps in a Nutshell - a FridayInANuthshell Episode.pdf
IaC & GitOps in a Nutshell - a FridayInANuthshell Episode.pdfIaC & GitOps in a Nutshell - a FridayInANuthshell Episode.pdf
IaC & GitOps in a Nutshell - a FridayInANuthshell Episode.pdf
 
Salesforce Miami User Group Event - 1st Quarter 2024
Salesforce Miami User Group Event - 1st Quarter 2024Salesforce Miami User Group Event - 1st Quarter 2024
Salesforce Miami User Group Event - 1st Quarter 2024
 
Cybersecurity Workshop #1.pptx
Cybersecurity Workshop #1.pptxCybersecurity Workshop #1.pptx
Cybersecurity Workshop #1.pptx
 
Basic Building Blocks of Internet of Things.
Basic Building Blocks of Internet of Things.Basic Building Blocks of Internet of Things.
Basic Building Blocks of Internet of Things.
 
20150722 - AGV
20150722 - AGV20150722 - AGV
20150722 - AGV
 
Using IESVE for Loads, Sizing and Heat Pump Modeling to Achieve Decarbonization
Using IESVE for Loads, Sizing and Heat Pump Modeling to Achieve DecarbonizationUsing IESVE for Loads, Sizing and Heat Pump Modeling to Achieve Decarbonization
Using IESVE for Loads, Sizing and Heat Pump Modeling to Achieve Decarbonization
 
Connector Corner: Extending LLM automation use cases with UiPath GenAI connec...
Connector Corner: Extending LLM automation use cases with UiPath GenAI connec...Connector Corner: Extending LLM automation use cases with UiPath GenAI connec...
Connector Corner: Extending LLM automation use cases with UiPath GenAI connec...
 
Apres-Cyber - The Data Dilemma: Bridging Offensive Operations and Machine Lea...
Apres-Cyber - The Data Dilemma: Bridging Offensive Operations and Machine Lea...Apres-Cyber - The Data Dilemma: Bridging Offensive Operations and Machine Lea...
Apres-Cyber - The Data Dilemma: Bridging Offensive Operations and Machine Lea...
 
Computer 10: Lesson 10 - Online Crimes and Hazards
Computer 10: Lesson 10 - Online Crimes and HazardsComputer 10: Lesson 10 - Online Crimes and Hazards
Computer 10: Lesson 10 - Online Crimes and Hazards
 
COMPUTER 10 Lesson 8 - Building a Website
COMPUTER 10 Lesson 8 - Building a WebsiteCOMPUTER 10 Lesson 8 - Building a Website
COMPUTER 10 Lesson 8 - Building a Website
 
IESVE Software for Florida Code Compliance Using ASHRAE 90.1-2019
IESVE Software for Florida Code Compliance Using ASHRAE 90.1-2019IESVE Software for Florida Code Compliance Using ASHRAE 90.1-2019
IESVE Software for Florida Code Compliance Using ASHRAE 90.1-2019
 
Igniting Next Level Productivity with AI-Infused Data Integration Workflows
Igniting Next Level Productivity with AI-Infused Data Integration WorkflowsIgniting Next Level Productivity with AI-Infused Data Integration Workflows
Igniting Next Level Productivity with AI-Infused Data Integration Workflows
 
activity_diagram_combine_v4_20190827.pdfactivity_diagram_combine_v4_20190827.pdf
activity_diagram_combine_v4_20190827.pdfactivity_diagram_combine_v4_20190827.pdfactivity_diagram_combine_v4_20190827.pdfactivity_diagram_combine_v4_20190827.pdf
activity_diagram_combine_v4_20190827.pdfactivity_diagram_combine_v4_20190827.pdf
 
VoIP Service and Marketing using Odoo and Asterisk PBX
VoIP Service and Marketing using Odoo and Asterisk PBXVoIP Service and Marketing using Odoo and Asterisk PBX
VoIP Service and Marketing using Odoo and Asterisk PBX
 

Cyber security vs information assurance

  • 1. Distance Education for Africa / Enseignement á Distance Pour L’Afrique WWW.DEAFRICA.COM Cyber Security VS Information Assurance Olufemi Vaughan CISA, ITIL Instructor, DeAfrica July, 2015
  • 2. Distance Education for Africa / Enseignement á Distance Pour L’Afrique WWW.DEAFRICA.COM Table of Contents: Cyber Security vs Information Assurance: What is the difference? Introduction to Cyber Security and Information Assurance: What is the difference? Careers in Cyber security: challenges and issues and how to prepare for them
  • 3. Distance Education for Africa / Enseignement á Distance Pour L’Afrique WWW.DEAFRICA.COM Introduction  Richard Clarke was famously heard to say, "If you spend more on coffee than on IT security, then you will be hacked. What's more, you deserve to be hacked.”  The growing number of attacks on our cyber networks has become, in President Obama’s words, “one of the most serious economic and national security threats our nation faces.”
  • 4. Distance Education for Africa / Enseignement á Distance Pour L’Afrique WWW.DEAFRICA.COM What is Cyber Security?  Cyber security is the process of applying security measures to ensure confidentiality, integrity, and availability of data. Cyber security attempts to assure the protection of assets, which includes data, desktops, servers, buildings, and most importantly, humans. The goal of cyber security is to protect data both in transit and at rest.
  • 5. Distance Education for Africa / Enseignement á Distance Pour L’Afrique WWW.DEAFRICA.COM Who and What is at Risk?  Economy  Defense  Transportation  Medical  Government  Telecommunications  Energy Sector  Critical Infrastructure  Computers/Cable TV/Phones/MP3/Games
  • 6. Distance Education for Africa / Enseignement á Distance Pour L’Afrique WWW.DEAFRICA.COM What is Information Assurance? Information assurance is the process of adding business benefit through the use of Information Risk Management which increases the utility of information to authorized users, and reduces the utility of information to those unauthorized. It is strongly related to the field of information security, and also with business continuity.
  • 7. Distance Education for Africa / Enseignement á Distance Pour L’Afrique WWW.DEAFRICA.COM Fundamental Concept of Information Assurance  Confidentiality (privacy)  Integrity (quality, accuracy, relevance)  Availability (accessibility)
  • 8. Distance Education for Africa / Enseignement á Distance Pour L’Afrique WWW.DEAFRICA.COM Information Assurance Process The information assurance process typically begins with the enumeration and classification of the information assets to be protected. Next, the IA practitioner will perform a risk assessment for those assets. Vulnerabilities in the information assets are determined in order to enumerate the threats capable of exploiting the assets.
  • 9. Distance Education for Africa / Enseignement á Distance Pour L’Afrique WWW.DEAFRICA.COM Information Assurance Process The assessment then considers both the probability and impact of a threat exploiting a vulnerability in an asset, with impact usually measured in terms of cost to the asset's stakeholders. The sum of the products of the threats' impact and the probability of their occurring is the total risk to the information asset.
  • 10. Distance Education for Africa / Enseignement á Distance Pour L’Afrique WWW.DEAFRICA.COM Information Assurance Process With the risk assessment complete, the IA practitioner then develops a risk management plan. This plan proposes countermeasures that involve mitigating, eliminating, accepting, or transferring the risks, and considers prevention, detection, and response to threats. A framework published by a standards organization, such as Risk IT, CobiT, PCI DSS or ISO/IEC 27002, may guide development.
  • 11. Distance Education for Africa / Enseignement á Distance Pour L’Afrique WWW.DEAFRICA.COM Information Assurance Process After the risk management plan is implemented, it is tested and evaluated, often by means of formal audits. The IA process is an iterative one, in that the risk assessment and risk management plan are meant to be periodically revised and improved based on data gathered about their completeness and effectiveness.
  • 12. Distance Education for Africa / Enseignement á Distance Pour L’Afrique WWW.DEAFRICA.COM Concept of Information Security Physical Security: This is a significant part of any security system and cannot be ignored as it is an important line of defense for most organizations. Hardware Security can be primarily considered under Physical Security, even though some of the components of the hardware can be considered under other securities such as Network Security. TCP/IP is the underlying protocol for computer communication that facilitates distributed connectivity and communication facilities for sharing data between two computers present at different locations. TCP/IP is the underlying protocol that resulted in the invention of the Internet and the World Wide Web (WWW).
  • 13. Distance Education for Africa / Enseignement á Distance Pour L’Afrique WWW.DEAFRICA.COM Concept of Information Security Network Security: This is extremely essential to protect the data that is being transmitted and guarantee that the data is not tampered with during the transmission. Communications Security, that is, securing communications through the use of various mechanisms, can be considered broadly as a part of Network Security. Secure routing mechanisms, secure session mechanisms, and secure encryption mechanisms may be considered as part of Communications Security. Software Security, which broadly deals with the Operating System Security, the Application Security, and the security of software utilities/tools, including the security of tools used to provide information security. Operating systems provide many of the functionalities required for the servers and computers to work effectively, including communication capabilities with other systems, processing of information, and effective functioning of applications.
  • 14. Distance Education for Africa / Enseignement á Distance Pour L’Afrique WWW.DEAFRICA.COM Human or personnel security is another important layer. Keeping personnel motivated, making them aware of the information security risks, and involving them in the implementation of the same is an important aspect of information security which cannot be forgotten at any cost. Employees (permanent or temporary), contractors, and suppliers are all significant in this regard.
  • 15. Distance Education for Africa / Enseignement á Distance Pour L’Afrique WWW.DEAFRICA.COM Internet Usage  In 1995, 16 million users (0.4%)  In 2010, 1.6 billion users (23.5%)  In 2015, 3 billion users (47%)  Unable to treat physical and cyber security separately, they are intertwined.
  • 16. Distance Education for Africa / Enseignement á Distance Pour L’Afrique WWW.DEAFRICA.COM
  • 17. Distance Education for Africa / Enseignement á Distance Pour L’Afrique WWW.DEAFRICA.COM  A threat is any potential danger to information and systems  3 levels of cyber threats  Unstructured  Structured  Highly structured  Two types of threats: Internal and External Security Threats
  • 18. Distance Education for Africa / Enseignement á Distance Pour L’Afrique WWW.DEAFRICA.COM External Threats
  • 19. Distance Education for Africa / Enseignement á Distance Pour L’Afrique WWW.DEAFRICA.COM Internal Threat Internal threats originate from within the organization. The primary contributors to internal threats are employees, contractors, or suppliers to whom work is outsourced. The major threats are frauds, misuse of information, and/or destruction of information. Many internal threats primarily originate for the following reasons:
  • 20. Distance Education for Africa / Enseignement á Distance Pour L’Afrique WWW.DEAFRICA.COM Internal Threat Weak Security Policy Weak Security Administration Lack of User Security Awareness Layered Security and Defense In-depth Security
  • 21. Distance Education for Africa / Enseignement á Distance Pour L’Afrique WWW.DEAFRICA.COM Layered Approach to Security
  • 22. Distance Education for Africa / Enseignement á Distance Pour L’Afrique WWW.DEAFRICA.COM Questions? For more information, please visit www.deafrica.org or email info@deafrica.org