SlideShare ist ein Scribd-Unternehmen logo

101 Basic concepts of information security

Als PPTX, PDF herunterladen
S
SsendiSamuel

101 Basic concepts of information security

Bildung
1 von 32
www.huawei.com Copyright © 2018 Huawei Technologies Co., Ltd. All rights reserved. Huawei Certified ICT Associate Security v3.0 Professional Training Program
www.huawei.com Copyright © 2018 Huawei Technologies Co., Ltd. All rights reserved. Huawei Certified ICT Associate Security v3.0 Instructor: Ssendi Samuel
www.huawei.com Copyright © 2018 Huawei Technologies Co., Ltd. All rights reserved. Basic Concepts of Information Security
Page 3 Copyright © 2018 Huawei Technologies Co., Ltd. All rights reserved. Foreword  Information security is the process of ensuring safe data communication and preventing issues such as information leakage, modification, and disruption.  This document describes the basic concepts and protection measures of information security, as well as information security risks and associated assessment and avoidance methods.
Page 4 Copyright © 2018 Huawei Technologies Co., Ltd. All rights reserved. Objectives  Upon completion of this course, you will be able to:  Describe the definition and characteristics of information security.  Explain the characteristics and differences of security models.  Differentiate between security risks.
Page 5 Copyright © 2018 Huawei Technologies Co., Ltd. All rights reserved. Contents 1. Information and Information Security 2. Information Security Risks and Management
Page 6 Copyright © 2018 Huawei Technologies Co., Ltd. All rights reserved. Information  information created, received, and maintained as evidence and information by an organization or person, in pursuance of legal obligations or in the transaction of business. --- ISO/IEC Guidelines for the Management of IT Security (GMITS) What is information? Books/ Letters Emails Radar signals State secrets Test questions Transaction data
Page 7 Copyright © 2018 Huawei Technologies Co., Ltd. All rights reserved. Information Security  Information security refers to the preservation of the confidentiality, integrity, and availability of data through security technologies.  These technologies include computer software and hardware, network, and key technologies. Organizational management measures throughout the information lifecycle (generation, transmission, exchange, processing, and storage) are also essential.  The following will be affected if information assets are damaged:  The aim of information security is to protect data against threats through technical means and effective management. National security System operating and continuous development Personal privacy and property
Page 8 Copyright © 2018 Huawei Technologies Co., Ltd. All rights reserved. Information Security Development Limited communication technologies and dispersedly stored data Early 1900s Communication secrecy stage Information-based security replaces traditional security 1980s Information assurance stage Post-1960s Information security stage Internet development brings new challenges and threats to information security
Page 9 Copyright © 2018 Huawei Technologies Co., Ltd. All rights reserved. Photo or Information Leakage?  After the Chinese government invited bids for oil production equipment, Japanese intelligence experts used this simple photo to uncover the following secrets of the Daqing Oilfield:  Located between 46N and 48N, as indicated by the clothing of Wang Jinxi  Diameter of the oil well, inferred from the handle rack
Page 10 Copyright © 2018 Huawei Technologies Co., Ltd. All rights reserved. Communication Secrecy Stage  In the early 1900s, communication technologies were underdeveloped, and data was stored in different locations.  Information system security was limited to physical security of information and cipher- based security of communication (mainly stream cipher).  As long as information was in a relatively secure place and unauthorized users were prohibited from accessing the information, data security could be generally guaranteed.
Page 11 Copyright © 2018 Huawei Technologies Co., Ltd. All rights reserved. Information Security Stage  Since the 1990s, Internet technologies have developed rapidly, and information leaks have increased.  As a result, in addition to confidentiality, integrity and availability, information security began to focus on more principles and objectives, such as controllability and non- repudiation. Confidentiality Integrity Availability Controllability Non- repudiation
Page 12 Copyright © 2018 Huawei Technologies Co., Ltd. All rights reserved. Information Assurance Stage  Business-oriented information security assurance Different service traffic with various risks and protection methods Security system Cohesive security management and technical protection; proactive defense but not passive protection Management Talent development and system establishment for security management Business
Page 13 Copyright © 2018 Huawei Technologies Co., Ltd. All rights reserved. Case - WannaCry  In 2017, the WannaCry ransomware cryptoworm, propagated through EternalBlue, infected over 100,000 computers, causing a loss of US$8 billion. Energy Government Education Transportation
Page 14 Copyright © 2018 Huawei Technologies Co., Ltd. All rights reserved. Case - OceanLotus  Since April 2012, the OceanLotus group has carried out targeted penetration and attacks on important sectors of China, such as the government, scientific research institutes, maritime institutions, maritime construction, and shipping enterprises.  The attacks are intended to obtain confidential information, intercept intelligence sent out by attacked computers, and enable the computers to automatically send related intelligence.
Page 15 Copyright © 2018 Huawei Technologies Co., Ltd. All rights reserved. Discussion: What Are the Causes of Such Attacks? Direct Cause Indirect Cause  Virus  Vulnerability  Trojan horse  Backdoor program  DDoS attack  …  Information system complexity  Human and environment factors
Page 16 Copyright © 2018 Huawei Technologies Co., Ltd. All rights reserved. Increasing importance • The information network has become the foundation of economic prosperity, social stability, and national development. • Informatization profoundly influences the global economic integration, national strategy adjustment, and security priorities. • Information security has transformed from a technical issue into a matter of national security worldwide. Applicable to many technical fields For example: • Command, Control, Communications, Computers and Intelligence (C4I) system • E-commerce system • Biomedical system • Intelligent Transport System (ITS) Significance of Building Information Security Importance Applicability
Page 17 Copyright © 2018 Huawei Technologies Co., Ltd. All rights reserved. Contents 1. Information and Information Security 2. Information Security Risks and Management
Page 18 Copyright © 2018 Huawei Technologies Co., Ltd. All rights reserved. Risks Involved in Information Security Risks Physical risks Other risks System risks Information risks Management risks Application risks Network risks
Page 19 Copyright © 2018 Huawei Technologies Co., Ltd. All rights reserved. Physical Risks  Device theft and destruction  Link aging, man-made damage, and bite from animals  Network device fault  Network device unavailability due to power failure  Electromagnetic radiation in the equipment room
Page 20 Copyright © 2018 Huawei Technologies Co., Ltd. All rights reserved. Information Risks  Storage security  Transmission security  Access security
Page 21 Copyright © 2018 Huawei Technologies Co., Ltd. All rights reserved. Information Transmission Security Headquarters Branch Enterprise business information Tampered information Attacker
Page 22 Copyright © 2018 Huawei Technologies Co., Ltd. All rights reserved. Information Access Security Intranet Unauthorized user Illegal login Authorized user Authentication server on the network
Page 23 Copyright © 2018 Huawei Technologies Co., Ltd. All rights reserved. System Risks  Database system configuration security  Security database  Security of services running in the system
Page 24 Copyright © 2018 Huawei Technologies Co., Ltd. All rights reserved. Application Risks  Network virus  Operating system security  Email application security  Web service security  FTP service security  DNS service security  Business application software security
Page 25 Copyright © 2018 Huawei Technologies Co., Ltd. All rights reserved. Network Risks Security zone
Page 26 Copyright © 2018 Huawei Technologies Co., Ltd. All rights reserved. Management Risks  Determine whether the information system has management risks from the following aspects: National policy • Effective national information security regulations formulated • Specialized agency to manage information security • Security management rules and equipment room management system with clear responsibilities and rights • Enterprises can establish own security management organizations Enterprise system • Effective security policies and high-quality security management personnel • Effective supervision and inspection system, and adherence to rules and regulations Management system
Page 27 Copyright © 2018 Huawei Technologies Co., Ltd. All rights reserved. Significance of Information Security Management  According to statistics, 70% of enterprise information loss is caused by negligence or intentional leakage by internal staff.  Security technologies are only the means to control information security. They can only be effective with the appropriate support of management procedures. 70% Weak security awareness among employees Loose authorization rules Non- standard system operations Malicious data theft Technologies 30% Management 70%
Page 28 Copyright © 2018 Huawei Technologies Co., Ltd. All rights reserved. Current Development of Information Security Management Each country has introduced its own information security development strategy and plan. Introducing information security development strategies and plans Defining and standardizing information security work through laws is the strongest guarantee for effective implementation of security measures. Strengthening legislation to achieve unified and standardized management The era of standardized and systematized information security management began in the 1990s. ISO/IEC 27000 is the best known system. Entering the era of standardized and systematized management Information Security Management
Page 29 Copyright © 2018 Huawei Technologies Co., Ltd. All rights reserved. Quiz 1. Information security incidents frequently occur because of security attack methods, such as vulnerabilities, viruses, and backdoor programs. A. True B. False
Page 30 Copyright © 2018 Huawei Technologies Co., Ltd. All rights reserved. Summary  Information security development history  Basic concepts of information security
Page 31 Copyright © 2018 Huawei Technologies Co., Ltd. All rights reserved. Thank You www.huawei.com

Empfohlen

Information security
Information securityInformation security
Information securityLusungu Mkandawire CISA,CISM,CGEIT,CPF,PRINCE2
 
Cia security model
Cia security modelCia security model
Cia security modelImran Ahmed
 
Protection and security
Protection and securityProtection and security
Protection and securitymbadhi
 
system Security
system Security system Security
system Security Gaurav Mishra
 
The CIA Triad - Assurance on Information Security
The CIA Triad - Assurance on Information SecurityThe CIA Triad - Assurance on Information Security
The CIA Triad - Assurance on Information SecurityBharath Rao
 
OPERATING SYSTEM SECURITY
OPERATING SYSTEM SECURITYOPERATING SYSTEM SECURITY
OPERATING SYSTEM SECURITYRohitK71
 
Basic concepts in computer security
Basic concepts in computer securityBasic concepts in computer security
Basic concepts in computer securityArzath Areeff
 
Information security
Information securityInformation security
Information securityavinashbalakrishnan2
 

Empfohlen

Information security
Information securityInformation security
Information securityLusungu Mkandawire CISA,CISM,CGEIT,CPF,PRINCE2
 
Cia security model
Cia security modelCia security model
Cia security modelImran Ahmed
 
Protection and security
Protection and securityProtection and security
Protection and securitymbadhi
 
system Security
system Security system Security
system Security Gaurav Mishra
 
The CIA Triad - Assurance on Information Security
The CIA Triad - Assurance on Information SecurityThe CIA Triad - Assurance on Information Security
The CIA Triad - Assurance on Information SecurityBharath Rao
 
OPERATING SYSTEM SECURITY
OPERATING SYSTEM SECURITYOPERATING SYSTEM SECURITY
OPERATING SYSTEM SECURITYRohitK71
 
Basic concepts in computer security
Basic concepts in computer securityBasic concepts in computer security
Basic concepts in computer securityArzath Areeff
 
Information security
Information securityInformation security
Information securityavinashbalakrishnan2
 
Information security in todays world
Information security in todays worldInformation security in todays world
Information security in todays worldSibghatullah Khattak
 
Basics of Information System Security
Basics of Information System SecurityBasics of Information System Security
Basics of Information System Securitychauhankapil
 
Introduction to information security
Introduction to information securityIntroduction to information security
Introduction to information securityjayashri kolekar
 
Chapter 11 laws and ethic information security
Chapter 11 laws and ethic information securityChapter 11 laws and ethic information security
Chapter 11 laws and ethic information securitySyaiful Ahdan
 
System Security-Chapter 1
System Security-Chapter 1System Security-Chapter 1
System Security-Chapter 1Vamsee Krishna Kiran
 
Cyber Security Incident Response
Cyber Security Incident ResponseCyber Security Incident Response
Cyber Security Incident ResponsePECB
 
Introduction to Information Security
Introduction to Information Security Introduction to Information Security
Introduction to Information Security Shreedevi Tharanidharan
 
Operating System Security
Operating System SecurityOperating System Security
Operating System SecurityRamesh Upadhaya
 
Access control
Access controlAccess control
Access controlMohibullah Saail
 
Information Security Risk Management
Information Security Risk Management Information Security Risk Management
Information Security Risk Management Ersoy AKSOY
 
102 Information security standards and specifications
102 Information security standards and specifications102 Information security standards and specifications
102 Information security standards and specificationsSsendiSamuel
 
Information Security Lecture #1 ppt
Information Security Lecture #1 pptInformation Security Lecture #1 ppt
Information Security Lecture #1 pptvasanthimuniasamy
 
Network Security
Network SecurityNetwork Security
Network SecurityManoj Singh
 
Computer security design principles
Computer security design principlesComputer security design principles
Computer security design principlesShaishav Dahal
 
Security policies
Security policiesSecurity policies
Security policiesNishant Pahad
 
Domain 2 - Asset Security
Domain 2 - Asset SecurityDomain 2 - Asset Security
Domain 2 - Asset SecurityMaganathin Veeraragaloo
 
Information security and Attacks
Information security and AttacksInformation security and Attacks
Information security and AttacksSachin Darekar
 
CompTIA Security+ SY0-601 Domain 1
CompTIA Security+ SY0-601 Domain 1CompTIA Security+ SY0-601 Domain 1
CompTIA Security+ SY0-601 Domain 1ShivamSharma909
 
Information Security
Information SecurityInformation Security
Information SecurityDhilsath Fathima
 
Information Security
Information SecurityInformation Security
Information SecurityDr. Himanshu Gupta
 
HCSCA101 Basic Concepts of Information Security.pptx
HCSCA101 Basic Concepts of Information Security.pptxHCSCA101 Basic Concepts of Information Security.pptx
HCSCA101 Basic Concepts of Information Security.pptxJordanKinobe1
 
106 Threat defense and information security development trends
106 Threat defense and information security development trends106 Threat defense and information security development trends
106 Threat defense and information security development trendsSsendiSamuel
 

Weitere ähnliche Inhalte

Was ist angesagt?

Information security in todays world
Information security in todays worldInformation security in todays world
Information security in todays worldSibghatullah Khattak
 
Basics of Information System Security
Basics of Information System SecurityBasics of Information System Security
Basics of Information System Securitychauhankapil
 
Introduction to information security
Introduction to information securityIntroduction to information security
Introduction to information securityjayashri kolekar
 
Chapter 11 laws and ethic information security
Chapter 11 laws and ethic information securityChapter 11 laws and ethic information security
Chapter 11 laws and ethic information securitySyaiful Ahdan
 
Cyber Security Incident Response
Cyber Security Incident ResponseCyber Security Incident Response
Cyber Security Incident ResponsePECB
 
Operating System Security
Operating System SecurityOperating System Security
Operating System SecurityRamesh Upadhaya
 
Information Security Risk Management
Information Security Risk Management Information Security Risk Management
Information Security Risk Management Ersoy AKSOY
 
102 Information security standards and specifications
102 Information security standards and specifications102 Information security standards and specifications
102 Information security standards and specificationsSsendiSamuel
 
Information Security Lecture #1 ppt
Information Security Lecture #1 pptInformation Security Lecture #1 ppt
Information Security Lecture #1 pptvasanthimuniasamy
 
Network Security
Network SecurityNetwork Security
Network SecurityManoj Singh
 
Computer security design principles
Computer security design principlesComputer security design principles
Computer security design principlesShaishav Dahal
 
Information security and Attacks
Information security and AttacksInformation security and Attacks
Information security and AttacksSachin Darekar
 
CompTIA Security+ SY0-601 Domain 1
CompTIA Security+ SY0-601 Domain 1CompTIA Security+ SY0-601 Domain 1
CompTIA Security+ SY0-601 Domain 1ShivamSharma909
 

Was ist angesagt? (20)

Information security in todays world
Information security in todays worldInformation security in todays world
Information security in todays world
 
Basics of Information System Security
Basics of Information System SecurityBasics of Information System Security
Basics of Information System Security
 
Introduction to information security
Introduction to information securityIntroduction to information security
Introduction to information security
 
Chapter 11 laws and ethic information security
Chapter 11 laws and ethic information securityChapter 11 laws and ethic information security
Chapter 11 laws and ethic information security
 
System Security-Chapter 1
System Security-Chapter 1System Security-Chapter 1
System Security-Chapter 1
 
Cyber Security Incident Response
Cyber Security Incident ResponseCyber Security Incident Response
Cyber Security Incident Response
 
Introduction to Information Security
Introduction to Information Security Introduction to Information Security
Introduction to Information Security
 
Operating System Security
Operating System SecurityOperating System Security
Operating System Security
 
Access control
Access controlAccess control
Access control
 
Information Security Risk Management
Information Security Risk Management Information Security Risk Management
Information Security Risk Management
 
102 Information security standards and specifications
102 Information security standards and specifications102 Information security standards and specifications
102 Information security standards and specifications
 
Information Security Lecture #1 ppt
Information Security Lecture #1 pptInformation Security Lecture #1 ppt
Information Security Lecture #1 ppt
 
Network Security
Network SecurityNetwork Security
Network Security
 
Computer security design principles
Computer security design principlesComputer security design principles
Computer security design principles
 
Security policies
Security policiesSecurity policies
Security policies
 
Domain 2 - Asset Security
Domain 2 - Asset SecurityDomain 2 - Asset Security
Domain 2 - Asset Security
 
Information security and Attacks
Information security and AttacksInformation security and Attacks
Information security and Attacks
 
CompTIA Security+ SY0-601 Domain 1
CompTIA Security+ SY0-601 Domain 1CompTIA Security+ SY0-601 Domain 1
CompTIA Security+ SY0-601 Domain 1
 
Information Security
Information SecurityInformation Security
Information Security
 
Information Security
Information SecurityInformation Security
Information Security
 

Ähnlich wie 101 Basic concepts of information security

HCSCA101 Basic Concepts of Information Security.pptx
HCSCA101 Basic Concepts of Information Security.pptxHCSCA101 Basic Concepts of Information Security.pptx
HCSCA101 Basic Concepts of Information Security.pptxJordanKinobe1
 
106 Threat defense and information security development trends
106 Threat defense and information security development trends106 Threat defense and information security development trends
106 Threat defense and information security development trendsSsendiSamuel
 
Aalto cyber-10.4.18
Aalto cyber-10.4.18Aalto cyber-10.4.18
Aalto cyber-10.4.18japijapi
 
L12. Digital Forensics BS.pptx
L12. Digital Forensics BS.pptxL12. Digital Forensics BS.pptx
L12. Digital Forensics BS.pptxtalhajann43
 
Cyber Security Intelligence
Cyber Security IntelligenceCyber Security Intelligence
Cyber Security Intelligenceijtsrd
 
Maloney slides
Maloney slidesMaloney slides
Maloney slidesOnkar Sule
 
Cyber Security Education Materials.pptx
Cyber Security Education Materials.pptxCyber Security Education Materials.pptx
Cyber Security Education Materials.pptxbentidiane21
 
Breaking down the cyber security framework closing critical it security gaps
Breaking down the cyber security framework closing critical it security gapsBreaking down the cyber security framework closing critical it security gaps
Breaking down the cyber security framework closing critical it security gapsIBM Security
 
Fundamentals of Information Systems Security Chapter 2
Fundamentals of Information Systems Security Chapter 2 Fundamentals of Information Systems Security Chapter 2
Fundamentals of Information Systems Security Chapter 2 Dr. Ahmed Al Zaidy
 
Cyber Security Awareness
Cyber Security AwarenessCyber Security Awareness
Cyber Security AwarenessRamiro Cid
 
Maloney Slides
Maloney SlidesMaloney Slides
Maloney Slidesecommerce
 
Cybersecurity: Connectivity, Collaboration and Security Controls
Cybersecurity: Connectivity, Collaboration and Security ControlsCybersecurity: Connectivity, Collaboration and Security Controls
Cybersecurity: Connectivity, Collaboration and Security ControlsKristian Alisasis Pura
 
Securing the Digital Economy: Reinventing the Internet
Securing the Digital Economy: Reinventing the InternetSecuring the Digital Economy: Reinventing the Internet
Securing the Digital Economy: Reinventing the Internetaccenture
 
Securing the Digital Economy: Reinventing the Internet
Securing the Digital Economy: Reinventing the InternetSecuring the Digital Economy: Reinventing the Internet
Securing the Digital Economy: Reinventing the Internetaccenture
 
Fundamental Areas of Cyber Security on Latest Technology
Fundamental Areas of Cyber Security on Latest TechnologyFundamental Areas of Cyber Security on Latest Technology
Fundamental Areas of Cyber Security on Latest Technologyijtsrd
 
2014 the future evolution of cybersecurity
2014 the future evolution of cybersecurity2014 the future evolution of cybersecurity
2014 the future evolution of cybersecurityMatthew Rosenquist
 
Effective Cyber Security Technology Solutions for Modern Challenges
Effective Cyber Security Technology Solutions for Modern ChallengesEffective Cyber Security Technology Solutions for Modern Challenges
Effective Cyber Security Technology Solutions for Modern Challengescyberprosocial
 

Ähnlich wie 101 Basic concepts of information security (20)

HCSCA101 Basic Concepts of Information Security.pptx
HCSCA101 Basic Concepts of Information Security.pptxHCSCA101 Basic Concepts of Information Security.pptx
HCSCA101 Basic Concepts of Information Security.pptx
 
106 Threat defense and information security development trends
106 Threat defense and information security development trends106 Threat defense and information security development trends
106 Threat defense and information security development trends
 
Aalto cyber-10.4.18
Aalto cyber-10.4.18Aalto cyber-10.4.18
Aalto cyber-10.4.18
 
L12. Digital Forensics BS.pptx
L12. Digital Forensics BS.pptxL12. Digital Forensics BS.pptx
L12. Digital Forensics BS.pptx
 
Cyber Security Intelligence
Cyber Security IntelligenceCyber Security Intelligence
Cyber Security Intelligence
 
Maloney slides
Maloney slidesMaloney slides
Maloney slides
 
Chapter 5
Chapter 5Chapter 5
Chapter 5
 
Cyber Security Education Materials.pptx
Cyber Security Education Materials.pptxCyber Security Education Materials.pptx
Cyber Security Education Materials.pptx
 
Breaking down the cyber security framework closing critical it security gaps
Breaking down the cyber security framework closing critical it security gapsBreaking down the cyber security framework closing critical it security gaps
Breaking down the cyber security framework closing critical it security gaps
 
Fundamentals of Information Systems Security Chapter 2
Fundamentals of Information Systems Security Chapter 2 Fundamentals of Information Systems Security Chapter 2
Fundamentals of Information Systems Security Chapter 2
 
Cyber Security Awareness
Cyber Security AwarenessCyber Security Awareness
Cyber Security Awareness
 
Maloney Slides
Maloney SlidesMaloney Slides
Maloney Slides
 
Cybersecurity: Connectivity, Collaboration and Security Controls
Cybersecurity: Connectivity, Collaboration and Security ControlsCybersecurity: Connectivity, Collaboration and Security Controls
Cybersecurity: Connectivity, Collaboration and Security Controls
 
Securing the Digital Economy: Reinventing the Internet
Securing the Digital Economy: Reinventing the InternetSecuring the Digital Economy: Reinventing the Internet
Securing the Digital Economy: Reinventing the Internet
 
Securing the Digital Economy: Reinventing the Internet
Securing the Digital Economy: Reinventing the InternetSecuring the Digital Economy: Reinventing the Internet
Securing the Digital Economy: Reinventing the Internet
 
Class activity 4
Class activity 4 Class activity 4
Class activity 4
 
Fundamental Areas of Cyber Security on Latest Technology
Fundamental Areas of Cyber Security on Latest TechnologyFundamental Areas of Cyber Security on Latest Technology
Fundamental Areas of Cyber Security on Latest Technology
 
CCA study group
CCA study groupCCA study group
CCA study group
 
2014 the future evolution of cybersecurity
2014 the future evolution of cybersecurity2014 the future evolution of cybersecurity
2014 the future evolution of cybersecurity
 
Effective Cyber Security Technology Solutions for Modern Challenges
Effective Cyber Security Technology Solutions for Modern ChallengesEffective Cyber Security Technology Solutions for Modern Challenges
Effective Cyber Security Technology Solutions for Modern Challenges
 

Mehr von SsendiSamuel

105 Common information security threats
105 Common information security threats105 Common information security threats
105 Common information security threatsSsendiSamuel
 
104 Common network devices
104 Common network devices104 Common network devices
104 Common network devicesSsendiSamuel
 
103 Basic network concepts
103 Basic network concepts103 Basic network concepts
103 Basic network conceptsSsendiSamuel
 
Chapter 06: cloud computing trends
Chapter 06: cloud computing trendsChapter 06: cloud computing trends
Chapter 06: cloud computing trendsSsendiSamuel
 
Chapter 05: introduction to virtualization features
Chapter 05: introduction to virtualization featuresChapter 05: introduction to virtualization features
Chapter 05: introduction to virtualization featuresSsendiSamuel
 
Chapter 04: Storage virtualization basics
Chapter 04: Storage virtualization basicsChapter 04: Storage virtualization basics
Chapter 04: Storage virtualization basicsSsendiSamuel
 
Chapter 03: Network basics for cloud computing
Chapter 03: Network basics for cloud computingChapter 03: Network basics for cloud computing
Chapter 03: Network basics for cloud computingSsendiSamuel
 
Chapter 01: A brief introduction to cloud computing
Chapter 01: A brief introduction to cloud computingChapter 01: A brief introduction to cloud computing
Chapter 01: A brief introduction to cloud computingSsendiSamuel
 
Chapter 02: Introduction to compute virtualization
Chapter 02: Introduction to compute virtualizationChapter 02: Introduction to compute virtualization
Chapter 02: Introduction to compute virtualizationSsendiSamuel
 

Mehr von SsendiSamuel (9)

105 Common information security threats
105 Common information security threats105 Common information security threats
105 Common information security threats
 
104 Common network devices
104 Common network devices104 Common network devices
104 Common network devices
 
103 Basic network concepts
103 Basic network concepts103 Basic network concepts
103 Basic network concepts
 
Chapter 06: cloud computing trends
Chapter 06: cloud computing trendsChapter 06: cloud computing trends
Chapter 06: cloud computing trends
 
Chapter 05: introduction to virtualization features
Chapter 05: introduction to virtualization featuresChapter 05: introduction to virtualization features
Chapter 05: introduction to virtualization features
 
Chapter 04: Storage virtualization basics
Chapter 04: Storage virtualization basicsChapter 04: Storage virtualization basics
Chapter 04: Storage virtualization basics
 
Chapter 03: Network basics for cloud computing
Chapter 03: Network basics for cloud computingChapter 03: Network basics for cloud computing
Chapter 03: Network basics for cloud computing
 
Chapter 01: A brief introduction to cloud computing
Chapter 01: A brief introduction to cloud computingChapter 01: A brief introduction to cloud computing
Chapter 01: A brief introduction to cloud computing
 
Chapter 02: Introduction to compute virtualization
Chapter 02: Introduction to compute virtualizationChapter 02: Introduction to compute virtualization
Chapter 02: Introduction to compute virtualization
 

Kürzlich hochgeladen

Key note speaker Neum_Admir Softic_ENG.pdf
Key note speaker Neum_Admir Softic_ENG.pdfKey note speaker Neum_Admir Softic_ENG.pdf
Key note speaker Neum_Admir Softic_ENG.pdfAdmir Softic
 
2024-NATIONAL-LEARNING-CAMP-AND-OTHER.pptx
2024-NATIONAL-LEARNING-CAMP-AND-OTHER.pptx2024-NATIONAL-LEARNING-CAMP-AND-OTHER.pptx
2024-NATIONAL-LEARNING-CAMP-AND-OTHER.pptxMaritesTamaniVerdade
 
ICT Role in 21st Century Education & its Challenges.pptx
ICT Role in 21st Century Education & its Challenges.pptxICT Role in 21st Century Education & its Challenges.pptx
ICT Role in 21st Century Education & its Challenges.pptxAreebaZafar22
 
How to Give a Domain for a Field in Odoo 17
How to Give a Domain for a Field in Odoo 17How to Give a Domain for a Field in Odoo 17
How to Give a Domain for a Field in Odoo 17Celine George
 
General Principles of Intellectual Property: Concepts of Intellectual Proper...
General Principles of Intellectual Property: Concepts of Intellectual Proper...General Principles of Intellectual Property: Concepts of Intellectual Proper...
General Principles of Intellectual Property: Concepts of Intellectual Proper...Poonam Aher Patil
 
Activity 01 - Artificial Culture (1).pdf
Activity 01 - Artificial Culture (1).pdfActivity 01 - Artificial Culture (1).pdf
Activity 01 - Artificial Culture (1).pdfciinovamais
 
1029 - Danh muc Sach Giao Khoa 10 . pdf
1029 - Danh muc Sach Giao Khoa 10 . pdf1029 - Danh muc Sach Giao Khoa 10 . pdf
1029 - Danh muc Sach Giao Khoa 10 . pdfQucHHunhnh
 
Micro-Scholarship, What it is, How can it help me.pdf
Micro-Scholarship, What it is, How can it help me.pdfMicro-Scholarship, What it is, How can it help me.pdf
Micro-Scholarship, What it is, How can it help me.pdfPoh-Sun Goh
 
Explore beautiful and ugly buildings. Mathematics helps us create beautiful d...
Explore beautiful and ugly buildings. Mathematics helps us create beautiful d...Explore beautiful and ugly buildings. Mathematics helps us create beautiful d...
Explore beautiful and ugly buildings. Mathematics helps us create beautiful d...christianmathematics
 
Python Notes for mca i year students osmania university.docx
Python Notes for mca i year students osmania university.docxPython Notes for mca i year students osmania university.docx
Python Notes for mca i year students osmania university.docxRamakrishna Reddy Bijjam
 
Making and Justifying Mathematical Decisions.pdf
Making and Justifying Mathematical Decisions.pdfMaking and Justifying Mathematical Decisions.pdf
Making and Justifying Mathematical Decisions.pdfChris Hunter
 
Ecological Succession. ( ECOSYSTEM, B. Pharmacy, 1st Year, Sem-II, Environmen...
Ecological Succession. ( ECOSYSTEM, B. Pharmacy, 1st Year, Sem-II, Environmen...Ecological Succession. ( ECOSYSTEM, B. Pharmacy, 1st Year, Sem-II, Environmen...
Ecological Succession. ( ECOSYSTEM, B. Pharmacy, 1st Year, Sem-II, Environmen...Shubhangi Sonawane
 
Grant Readiness 101 TechSoup and Remy Consulting
Grant Readiness 101 TechSoup and Remy ConsultingGrant Readiness 101 TechSoup and Remy Consulting
Grant Readiness 101 TechSoup and Remy ConsultingTechSoup
 
This PowerPoint helps students to consider the concept of infinity.
This PowerPoint helps students to consider the concept of infinity.This PowerPoint helps students to consider the concept of infinity.
This PowerPoint helps students to consider the concept of infinity.christianmathematics
 
Unit-IV- Pharma. Marketing Channels.pptx
Unit-IV- Pharma. Marketing Channels.pptxUnit-IV- Pharma. Marketing Channels.pptx
Unit-IV- Pharma. Marketing Channels.pptxVishalSingh1417
 
Unit-V; Pricing (Pharma Marketing Management).pptx
Unit-V; Pricing (Pharma Marketing Management).pptxUnit-V; Pricing (Pharma Marketing Management).pptx
Unit-V; Pricing (Pharma Marketing Management).pptxVishalSingh1417
 
ICT role in 21st century education and it's challenges.
ICT role in 21st century education and it's challenges.ICT role in 21st century education and it's challenges.
ICT role in 21st century education and it's challenges.MaryamAhmad92
 

Kürzlich hochgeladen (20)

Key note speaker Neum_Admir Softic_ENG.pdf
Key note speaker Neum_Admir Softic_ENG.pdfKey note speaker Neum_Admir Softic_ENG.pdf
Key note speaker Neum_Admir Softic_ENG.pdf
 
2024-NATIONAL-LEARNING-CAMP-AND-OTHER.pptx
2024-NATIONAL-LEARNING-CAMP-AND-OTHER.pptx2024-NATIONAL-LEARNING-CAMP-AND-OTHER.pptx
2024-NATIONAL-LEARNING-CAMP-AND-OTHER.pptx
 
INDIA QUIZ 2024 RLAC DELHI UNIVERSITY.pptx
INDIA QUIZ 2024 RLAC DELHI UNIVERSITY.pptxINDIA QUIZ 2024 RLAC DELHI UNIVERSITY.pptx
INDIA QUIZ 2024 RLAC DELHI UNIVERSITY.pptx
 
ICT Role in 21st Century Education & its Challenges.pptx
ICT Role in 21st Century Education & its Challenges.pptxICT Role in 21st Century Education & its Challenges.pptx
ICT Role in 21st Century Education & its Challenges.pptx
 
How to Give a Domain for a Field in Odoo 17
How to Give a Domain for a Field in Odoo 17How to Give a Domain for a Field in Odoo 17
How to Give a Domain for a Field in Odoo 17
 
General Principles of Intellectual Property: Concepts of Intellectual Proper...
General Principles of Intellectual Property: Concepts of Intellectual Proper...General Principles of Intellectual Property: Concepts of Intellectual Proper...
General Principles of Intellectual Property: Concepts of Intellectual Proper...
 
Activity 01 - Artificial Culture (1).pdf
Activity 01 - Artificial Culture (1).pdfActivity 01 - Artificial Culture (1).pdf
Activity 01 - Artificial Culture (1).pdf
 
1029 - Danh muc Sach Giao Khoa 10 . pdf
1029 - Danh muc Sach Giao Khoa 10 . pdf1029 - Danh muc Sach Giao Khoa 10 . pdf
1029 - Danh muc Sach Giao Khoa 10 . pdf
 
Micro-Scholarship, What it is, How can it help me.pdf
Micro-Scholarship, What it is, How can it help me.pdfMicro-Scholarship, What it is, How can it help me.pdf
Micro-Scholarship, What it is, How can it help me.pdf
 
Explore beautiful and ugly buildings. Mathematics helps us create beautiful d...
Explore beautiful and ugly buildings. Mathematics helps us create beautiful d...Explore beautiful and ugly buildings. Mathematics helps us create beautiful d...
Explore beautiful and ugly buildings. Mathematics helps us create beautiful d...
 
Asian American Pacific Islander Month DDSD 2024.pptx
Asian American Pacific Islander Month DDSD 2024.pptxAsian American Pacific Islander Month DDSD 2024.pptx
Asian American Pacific Islander Month DDSD 2024.pptx
 
Mehran University Newsletter Vol-X, Issue-I, 2024
Mehran University Newsletter Vol-X, Issue-I, 2024Mehran University Newsletter Vol-X, Issue-I, 2024
Mehran University Newsletter Vol-X, Issue-I, 2024
 
Python Notes for mca i year students osmania university.docx
Python Notes for mca i year students osmania university.docxPython Notes for mca i year students osmania university.docx
Python Notes for mca i year students osmania university.docx
 
Making and Justifying Mathematical Decisions.pdf
Making and Justifying Mathematical Decisions.pdfMaking and Justifying Mathematical Decisions.pdf
Making and Justifying Mathematical Decisions.pdf
 
Ecological Succession. ( ECOSYSTEM, B. Pharmacy, 1st Year, Sem-II, Environmen...
Ecological Succession. ( ECOSYSTEM, B. Pharmacy, 1st Year, Sem-II, Environmen...Ecological Succession. ( ECOSYSTEM, B. Pharmacy, 1st Year, Sem-II, Environmen...
Ecological Succession. ( ECOSYSTEM, B. Pharmacy, 1st Year, Sem-II, Environmen...
 
Grant Readiness 101 TechSoup and Remy Consulting
Grant Readiness 101 TechSoup and Remy ConsultingGrant Readiness 101 TechSoup and Remy Consulting
Grant Readiness 101 TechSoup and Remy Consulting
 
This PowerPoint helps students to consider the concept of infinity.
This PowerPoint helps students to consider the concept of infinity.This PowerPoint helps students to consider the concept of infinity.
This PowerPoint helps students to consider the concept of infinity.
 
Unit-IV- Pharma. Marketing Channels.pptx
Unit-IV- Pharma. Marketing Channels.pptxUnit-IV- Pharma. Marketing Channels.pptx
Unit-IV- Pharma. Marketing Channels.pptx
 
Unit-V; Pricing (Pharma Marketing Management).pptx
Unit-V; Pricing (Pharma Marketing Management).pptxUnit-V; Pricing (Pharma Marketing Management).pptx
Unit-V; Pricing (Pharma Marketing Management).pptx
 
ICT role in 21st century education and it's challenges.
ICT role in 21st century education and it's challenges.ICT role in 21st century education and it's challenges.
ICT role in 21st century education and it's challenges.
 

101 Basic concepts of information security

  • 1. www.huawei.com Copyright © 2018 Huawei Technologies Co., Ltd. All rights reserved. Huawei Certified ICT Associate Security v3.0 Professional Training Program
  • 2. www.huawei.com Copyright © 2018 Huawei Technologies Co., Ltd. All rights reserved. Huawei Certified ICT Associate Security v3.0 Instructor: Ssendi Samuel
  • 3. www.huawei.com Copyright © 2018 Huawei Technologies Co., Ltd. All rights reserved. Basic Concepts of Information Security
  • 4. Page 3 Copyright © 2018 Huawei Technologies Co., Ltd. All rights reserved. Foreword  Information security is the process of ensuring safe data communication and preventing issues such as information leakage, modification, and disruption.  This document describes the basic concepts and protection measures of information security, as well as information security risks and associated assessment and avoidance methods.
  • 5. Page 4 Copyright © 2018 Huawei Technologies Co., Ltd. All rights reserved. Objectives  Upon completion of this course, you will be able to:  Describe the definition and characteristics of information security.  Explain the characteristics and differences of security models.  Differentiate between security risks.
  • 6. Page 5 Copyright © 2018 Huawei Technologies Co., Ltd. All rights reserved. Contents 1. Information and Information Security 2. Information Security Risks and Management
  • 7. Page 6 Copyright © 2018 Huawei Technologies Co., Ltd. All rights reserved. Information  information created, received, and maintained as evidence and information by an organization or person, in pursuance of legal obligations or in the transaction of business. --- ISO/IEC Guidelines for the Management of IT Security (GMITS) What is information? Books/ Letters Emails Radar signals State secrets Test questions Transaction data
  • 8. Page 7 Copyright © 2018 Huawei Technologies Co., Ltd. All rights reserved. Information Security  Information security refers to the preservation of the confidentiality, integrity, and availability of data through security technologies.  These technologies include computer software and hardware, network, and key technologies. Organizational management measures throughout the information lifecycle (generation, transmission, exchange, processing, and storage) are also essential.  The following will be affected if information assets are damaged:  The aim of information security is to protect data against threats through technical means and effective management. National security System operating and continuous development Personal privacy and property
  • 9. Page 8 Copyright © 2018 Huawei Technologies Co., Ltd. All rights reserved. Information Security Development Limited communication technologies and dispersedly stored data Early 1900s Communication secrecy stage Information-based security replaces traditional security 1980s Information assurance stage Post-1960s Information security stage Internet development brings new challenges and threats to information security
  • 10. Page 9 Copyright © 2018 Huawei Technologies Co., Ltd. All rights reserved. Photo or Information Leakage?  After the Chinese government invited bids for oil production equipment, Japanese intelligence experts used this simple photo to uncover the following secrets of the Daqing Oilfield:  Located between 46N and 48N, as indicated by the clothing of Wang Jinxi  Diameter of the oil well, inferred from the handle rack
  • 11. Page 10 Copyright © 2018 Huawei Technologies Co., Ltd. All rights reserved. Communication Secrecy Stage  In the early 1900s, communication technologies were underdeveloped, and data was stored in different locations.  Information system security was limited to physical security of information and cipher- based security of communication (mainly stream cipher).  As long as information was in a relatively secure place and unauthorized users were prohibited from accessing the information, data security could be generally guaranteed.
  • 12. Page 11 Copyright © 2018 Huawei Technologies Co., Ltd. All rights reserved. Information Security Stage  Since the 1990s, Internet technologies have developed rapidly, and information leaks have increased.  As a result, in addition to confidentiality, integrity and availability, information security began to focus on more principles and objectives, such as controllability and non- repudiation. Confidentiality Integrity Availability Controllability Non- repudiation
  • 13. Page 12 Copyright © 2018 Huawei Technologies Co., Ltd. All rights reserved. Information Assurance Stage  Business-oriented information security assurance Different service traffic with various risks and protection methods Security system Cohesive security management and technical protection; proactive defense but not passive protection Management Talent development and system establishment for security management Business
  • 14. Page 13 Copyright © 2018 Huawei Technologies Co., Ltd. All rights reserved. Case - WannaCry  In 2017, the WannaCry ransomware cryptoworm, propagated through EternalBlue, infected over 100,000 computers, causing a loss of US$8 billion. Energy Government Education Transportation
  • 15. Page 14 Copyright © 2018 Huawei Technologies Co., Ltd. All rights reserved. Case - OceanLotus  Since April 2012, the OceanLotus group has carried out targeted penetration and attacks on important sectors of China, such as the government, scientific research institutes, maritime institutions, maritime construction, and shipping enterprises.  The attacks are intended to obtain confidential information, intercept intelligence sent out by attacked computers, and enable the computers to automatically send related intelligence.
  • 16. Page 15 Copyright © 2018 Huawei Technologies Co., Ltd. All rights reserved. Discussion: What Are the Causes of Such Attacks? Direct Cause Indirect Cause  Virus  Vulnerability  Trojan horse  Backdoor program  DDoS attack  …  Information system complexity  Human and environment factors
  • 17. Page 16 Copyright © 2018 Huawei Technologies Co., Ltd. All rights reserved. Increasing importance • The information network has become the foundation of economic prosperity, social stability, and national development. • Informatization profoundly influences the global economic integration, national strategy adjustment, and security priorities. • Information security has transformed from a technical issue into a matter of national security worldwide. Applicable to many technical fields For example: • Command, Control, Communications, Computers and Intelligence (C4I) system • E-commerce system • Biomedical system • Intelligent Transport System (ITS) Significance of Building Information Security Importance Applicability
  • 18. Page 17 Copyright © 2018 Huawei Technologies Co., Ltd. All rights reserved. Contents 1. Information and Information Security 2. Information Security Risks and Management
  • 19. Page 18 Copyright © 2018 Huawei Technologies Co., Ltd. All rights reserved. Risks Involved in Information Security Risks Physical risks Other risks System risks Information risks Management risks Application risks Network risks
  • 20. Page 19 Copyright © 2018 Huawei Technologies Co., Ltd. All rights reserved. Physical Risks  Device theft and destruction  Link aging, man-made damage, and bite from animals  Network device fault  Network device unavailability due to power failure  Electromagnetic radiation in the equipment room
  • 21. Page 20 Copyright © 2018 Huawei Technologies Co., Ltd. All rights reserved. Information Risks  Storage security  Transmission security  Access security
  • 22. Page 21 Copyright © 2018 Huawei Technologies Co., Ltd. All rights reserved. Information Transmission Security Headquarters Branch Enterprise business information Tampered information Attacker
  • 23. Page 22 Copyright © 2018 Huawei Technologies Co., Ltd. All rights reserved. Information Access Security Intranet Unauthorized user Illegal login Authorized user Authentication server on the network
  • 24. Page 23 Copyright © 2018 Huawei Technologies Co., Ltd. All rights reserved. System Risks  Database system configuration security  Security database  Security of services running in the system
  • 25. Page 24 Copyright © 2018 Huawei Technologies Co., Ltd. All rights reserved. Application Risks  Network virus  Operating system security  Email application security  Web service security  FTP service security  DNS service security  Business application software security
  • 26. Page 25 Copyright © 2018 Huawei Technologies Co., Ltd. All rights reserved. Network Risks Security zone
  • 27. Page 26 Copyright © 2018 Huawei Technologies Co., Ltd. All rights reserved. Management Risks  Determine whether the information system has management risks from the following aspects: National policy • Effective national information security regulations formulated • Specialized agency to manage information security • Security management rules and equipment room management system with clear responsibilities and rights • Enterprises can establish own security management organizations Enterprise system • Effective security policies and high-quality security management personnel • Effective supervision and inspection system, and adherence to rules and regulations Management system
  • 28. Page 27 Copyright © 2018 Huawei Technologies Co., Ltd. All rights reserved. Significance of Information Security Management  According to statistics, 70% of enterprise information loss is caused by negligence or intentional leakage by internal staff.  Security technologies are only the means to control information security. They can only be effective with the appropriate support of management procedures. 70% Weak security awareness among employees Loose authorization rules Non- standard system operations Malicious data theft Technologies 30% Management 70%
  • 29. Page 28 Copyright © 2018 Huawei Technologies Co., Ltd. All rights reserved. Current Development of Information Security Management Each country has introduced its own information security development strategy and plan. Introducing information security development strategies and plans Defining and standardizing information security work through laws is the strongest guarantee for effective implementation of security measures. Strengthening legislation to achieve unified and standardized management The era of standardized and systematized information security management began in the 1990s. ISO/IEC 27000 is the best known system. Entering the era of standardized and systematized management Information Security Management
  • 30. Page 29 Copyright © 2018 Huawei Technologies Co., Ltd. All rights reserved. Quiz 1. Information security incidents frequently occur because of security attack methods, such as vulnerabilities, viruses, and backdoor programs. A. True B. False
  • 31. Page 30 Copyright © 2018 Huawei Technologies Co., Ltd. All rights reserved. Summary  Information security development history  Basic concepts of information security
  • 32. Page 31 Copyright © 2018 Huawei Technologies Co., Ltd. All rights reserved. Thank You www.huawei.com