SlideShare ist ein Scribd-Unternehmen logo

Cyber security vs information assurance

Als PPT, PDF herunterladen
Vaughan Olufemi ACIB, AICEN, ANIM
Vaughan Olufemi ACIB, AICEN, ANIM

Cyber security refers to the ability to defend against cyber-attacks, protect resources, and prevent cyber-attacks while information assurance is to ensure the confidentiality, possession or control, integrity, authenticity, availability and utility of information and information systems.

Technologie
1 von 22
Distance Education for Africa / Enseignement á Distance Pour L’Afrique WWW.DEAFRICA.COM Cyber Security VS Information Assurance Olufemi Vaughan CISA, ITIL Instructor, DeAfrica July, 2015
Distance Education for Africa / Enseignement á Distance Pour L’Afrique WWW.DEAFRICA.COM Table of Contents: Cyber Security vs Information Assurance: What is the difference? Introduction to Cyber Security and Information Assurance: What is the difference? Careers in Cyber security: challenges and issues and how to prepare for them
Distance Education for Africa / Enseignement á Distance Pour L’Afrique WWW.DEAFRICA.COM Introduction  Richard Clarke was famously heard to say, "If you spend more on coffee than on IT security, then you will be hacked. What's more, you deserve to be hacked.”  The growing number of attacks on our cyber networks has become, in President Obama’s words, “one of the most serious economic and national security threats our nation faces.”
Distance Education for Africa / Enseignement á Distance Pour L’Afrique WWW.DEAFRICA.COM What is Cyber Security?  Cyber security is the process of applying security measures to ensure confidentiality, integrity, and availability of data. Cyber security attempts to assure the protection of assets, which includes data, desktops, servers, buildings, and most importantly, humans. The goal of cyber security is to protect data both in transit and at rest.
Distance Education for Africa / Enseignement á Distance Pour L’Afrique WWW.DEAFRICA.COM Who and What is at Risk?  Economy  Defense  Transportation  Medical  Government  Telecommunications  Energy Sector  Critical Infrastructure  Computers/Cable TV/Phones/MP3/Games
Distance Education for Africa / Enseignement á Distance Pour L’Afrique WWW.DEAFRICA.COM What is Information Assurance? Information assurance is the process of adding business benefit through the use of Information Risk Management which increases the utility of information to authorized users, and reduces the utility of information to those unauthorized. It is strongly related to the field of information security, and also with business continuity.
Distance Education for Africa / Enseignement á Distance Pour L’Afrique WWW.DEAFRICA.COM Fundamental Concept of Information Assurance  Confidentiality (privacy)  Integrity (quality, accuracy, relevance)  Availability (accessibility)
Distance Education for Africa / Enseignement á Distance Pour L’Afrique WWW.DEAFRICA.COM Information Assurance Process The information assurance process typically begins with the enumeration and classification of the information assets to be protected. Next, the IA practitioner will perform a risk assessment for those assets. Vulnerabilities in the information assets are determined in order to enumerate the threats capable of exploiting the assets.
Distance Education for Africa / Enseignement á Distance Pour L’Afrique WWW.DEAFRICA.COM Information Assurance Process The assessment then considers both the probability and impact of a threat exploiting a vulnerability in an asset, with impact usually measured in terms of cost to the asset's stakeholders. The sum of the products of the threats' impact and the probability of their occurring is the total risk to the information asset.
Distance Education for Africa / Enseignement á Distance Pour L’Afrique WWW.DEAFRICA.COM Information Assurance Process With the risk assessment complete, the IA practitioner then develops a risk management plan. This plan proposes countermeasures that involve mitigating, eliminating, accepting, or transferring the risks, and considers prevention, detection, and response to threats. A framework published by a standards organization, such as Risk IT, CobiT, PCI DSS or ISO/IEC 27002, may guide development.
Distance Education for Africa / Enseignement á Distance Pour L’Afrique WWW.DEAFRICA.COM Information Assurance Process After the risk management plan is implemented, it is tested and evaluated, often by means of formal audits. The IA process is an iterative one, in that the risk assessment and risk management plan are meant to be periodically revised and improved based on data gathered about their completeness and effectiveness.
Distance Education for Africa / Enseignement á Distance Pour L’Afrique WWW.DEAFRICA.COM Concept of Information Security Physical Security: This is a significant part of any security system and cannot be ignored as it is an important line of defense for most organizations. Hardware Security can be primarily considered under Physical Security, even though some of the components of the hardware can be considered under other securities such as Network Security. TCP/IP is the underlying protocol for computer communication that facilitates distributed connectivity and communication facilities for sharing data between two computers present at different locations. TCP/IP is the underlying protocol that resulted in the invention of the Internet and the World Wide Web (WWW).
Distance Education for Africa / Enseignement á Distance Pour L’Afrique WWW.DEAFRICA.COM Concept of Information Security Network Security: This is extremely essential to protect the data that is being transmitted and guarantee that the data is not tampered with during the transmission. Communications Security, that is, securing communications through the use of various mechanisms, can be considered broadly as a part of Network Security. Secure routing mechanisms, secure session mechanisms, and secure encryption mechanisms may be considered as part of Communications Security. Software Security, which broadly deals with the Operating System Security, the Application Security, and the security of software utilities/tools, including the security of tools used to provide information security. Operating systems provide many of the functionalities required for the servers and computers to work effectively, including communication capabilities with other systems, processing of information, and effective functioning of applications.
Distance Education for Africa / Enseignement á Distance Pour L’Afrique WWW.DEAFRICA.COM Human or personnel security is another important layer. Keeping personnel motivated, making them aware of the information security risks, and involving them in the implementation of the same is an important aspect of information security which cannot be forgotten at any cost. Employees (permanent or temporary), contractors, and suppliers are all significant in this regard.
Distance Education for Africa / Enseignement á Distance Pour L’Afrique WWW.DEAFRICA.COM Internet Usage  In 1995, 16 million users (0.4%)  In 2010, 1.6 billion users (23.5%)  In 2015, 3 billion users (47%)  Unable to treat physical and cyber security separately, they are intertwined.
Distance Education for Africa / Enseignement á Distance Pour L’Afrique WWW.DEAFRICA.COM
Distance Education for Africa / Enseignement á Distance Pour L’Afrique WWW.DEAFRICA.COM  A threat is any potential danger to information and systems  3 levels of cyber threats  Unstructured  Structured  Highly structured  Two types of threats: Internal and External Security Threats
Distance Education for Africa / Enseignement á Distance Pour L’Afrique WWW.DEAFRICA.COM External Threats
Distance Education for Africa / Enseignement á Distance Pour L’Afrique WWW.DEAFRICA.COM Internal Threat Internal threats originate from within the organization. The primary contributors to internal threats are employees, contractors, or suppliers to whom work is outsourced. The major threats are frauds, misuse of information, and/or destruction of information. Many internal threats primarily originate for the following reasons:
Distance Education for Africa / Enseignement á Distance Pour L’Afrique WWW.DEAFRICA.COM Internal Threat Weak Security Policy Weak Security Administration Lack of User Security Awareness Layered Security and Defense In-depth Security
Distance Education for Africa / Enseignement á Distance Pour L’Afrique WWW.DEAFRICA.COM Layered Approach to Security
Distance Education for Africa / Enseignement á Distance Pour L’Afrique WWW.DEAFRICA.COM Questions? For more information, please visit www.deafrica.org or email info@deafrica.org

Empfohlen

InformationSecurity
InformationSecurityInformationSecurity
InformationSecuritylearnt
 
Threat Modelling
Threat ModellingThreat Modelling
Threat Modellingn|u - The Open Security Community
 
Cyber Security 101: Training, awareness, strategies for small to medium sized...
Cyber Security 101: Training, awareness, strategies for small to medium sized...Cyber Security 101: Training, awareness, strategies for small to medium sized...
Cyber Security 101: Training, awareness, strategies for small to medium sized...Stephen Cobb
 
Cybersecurity Awareness
Cybersecurity AwarenessCybersecurity Awareness
Cybersecurity AwarenessJoshuaWisniewski3
 
Building An Information Security Awareness Program
Building An Information Security Awareness ProgramBuilding An Information Security Awareness Program
Building An Information Security Awareness ProgramBill Gardner
 
Cyber Security Incident Response
Cyber Security Incident ResponseCyber Security Incident Response
Cyber Security Incident ResponsePECB
 
Information Security Awareness Training Open
Information Security Awareness Training OpenInformation Security Awareness Training Open
Information Security Awareness Training OpenFred Beck MBA, CPA
 
Information Security Lecture Notes
Information Security Lecture NotesInformation Security Lecture Notes
Information Security Lecture NotesFellowBuddy.com
 

Empfohlen

InformationSecurity
InformationSecurityInformationSecurity
InformationSecuritylearnt
 
Threat Modelling
Threat ModellingThreat Modelling
Threat Modellingn|u - The Open Security Community
 
Cyber Security 101: Training, awareness, strategies for small to medium sized...
Cyber Security 101: Training, awareness, strategies for small to medium sized...Cyber Security 101: Training, awareness, strategies for small to medium sized...
Cyber Security 101: Training, awareness, strategies for small to medium sized...Stephen Cobb
 
Cybersecurity Awareness
Cybersecurity AwarenessCybersecurity Awareness
Cybersecurity AwarenessJoshuaWisniewski3
 
Building An Information Security Awareness Program
Building An Information Security Awareness ProgramBuilding An Information Security Awareness Program
Building An Information Security Awareness ProgramBill Gardner
 
Cyber Security Incident Response
Cyber Security Incident ResponseCyber Security Incident Response
Cyber Security Incident ResponsePECB
 
Information Security Awareness Training Open
Information Security Awareness Training OpenInformation Security Awareness Training Open
Information Security Awareness Training OpenFred Beck MBA, CPA
 
Information Security Lecture Notes
Information Security Lecture NotesInformation Security Lecture Notes
Information Security Lecture NotesFellowBuddy.com
 
National Life IT Department's Cyber Security Awareness Presentation
National Life IT Department's Cyber Security Awareness PresentationNational Life IT Department's Cyber Security Awareness Presentation
National Life IT Department's Cyber Security Awareness PresentationJamie Proctor-Brassard
 
Chapter 11: Information Security Incident Management
Chapter 11: Information Security Incident ManagementChapter 11: Information Security Incident Management
Chapter 11: Information Security Incident ManagementNada G.Youssef
 
Information security
Information securityInformation security
Information securityLusungu Mkandawire CISA,CISM,CGEIT,CPF,PRINCE2
 
IT security
IT securityIT security
IT securityAman Jain
 
Security on Cloud Computing
Security on Cloud Computing Security on Cloud Computing
Security on Cloud Computing Reza Pahlava
 
NETWORK SECURITY
NETWORK SECURITYNETWORK SECURITY
NETWORK SECURITYafaque jaya
 
Network security (vulnerabilities, threats, and attacks)
Network security (vulnerabilities, threats, and attacks)Network security (vulnerabilities, threats, and attacks)
Network security (vulnerabilities, threats, and attacks)Fabiha Shahzad
 
Cyber Threat Intelligence
Cyber Threat IntelligenceCyber Threat Intelligence
Cyber Threat Intelligenceseadeloitte
 
The importance of Cybersecurity
The importance of CybersecurityThe importance of Cybersecurity
The importance of CybersecurityBenoit Callebaut
 
Overview of Information Security & Privacy
Overview of Information Security & PrivacyOverview of Information Security & Privacy
Overview of Information Security & PrivacyNawanan Theera-Ampornpunt
 
End User Security Awareness Presentation
End User Security Awareness PresentationEnd User Security Awareness Presentation
End User Security Awareness PresentationCristian Mihai
 
Overview of the Cyber Kill Chain [TM]
Overview of the Cyber Kill Chain [TM]Overview of the Cyber Kill Chain [TM]
Overview of the Cyber Kill Chain [TM]David Sweigert
 
Application Security | Application Security Tutorial | Cyber Security Certifi...
Application Security | Application Security Tutorial | Cyber Security Certifi...Application Security | Application Security Tutorial | Cyber Security Certifi...
Application Security | Application Security Tutorial | Cyber Security Certifi...Edureka!
 
7 Steps to Threat Modeling
7 Steps to Threat Modeling7 Steps to Threat Modeling
7 Steps to Threat ModelingDanny Wong
 
Domain 6 - Security Assessment and Testing
Domain 6 - Security Assessment and TestingDomain 6 - Security Assessment and Testing
Domain 6 - Security Assessment and TestingMaganathin Veeraragaloo
 
Phishing
PhishingPhishing
PhishingSouganthikaSankaresw
 
Security Awareness Training.pptx
Security Awareness Training.pptxSecurity Awareness Training.pptx
Security Awareness Training.pptxMohammedYaseen638128
 
Cybersecurity
CybersecurityCybersecurity
CybersecurityEng Hasan Shamroukh CISCO Exams Author
 
Cyber Security Best Practices
Cyber Security Best PracticesCyber Security Best Practices
Cyber Security Best PracticesEvolve IP
 
Cybersecurity Fundamentals | Understanding Cybersecurity Basics | Cybersecuri...
Cybersecurity Fundamentals | Understanding Cybersecurity Basics | Cybersecuri...Cybersecurity Fundamentals | Understanding Cybersecurity Basics | Cybersecuri...
Cybersecurity Fundamentals | Understanding Cybersecurity Basics | Cybersecuri...Edureka!
 
Theories of Gender Development
Theories of Gender DevelopmentTheories of Gender Development
Theories of Gender DevelopmentSektor Pengurusan Akademik JPN Pahang
 
Gender and development
Gender and developmentGender and development
Gender and developmentEmerson Rey Giendel Avila
 

Weitere ähnliche Inhalte

Was ist angesagt?

National Life IT Department's Cyber Security Awareness Presentation
National Life IT Department's Cyber Security Awareness PresentationNational Life IT Department's Cyber Security Awareness Presentation
National Life IT Department's Cyber Security Awareness PresentationJamie Proctor-Brassard
 
Chapter 11: Information Security Incident Management
Chapter 11: Information Security Incident ManagementChapter 11: Information Security Incident Management
Chapter 11: Information Security Incident ManagementNada G.Youssef
 
Security on Cloud Computing
Security on Cloud Computing Security on Cloud Computing
Security on Cloud Computing Reza Pahlava
 
NETWORK SECURITY
NETWORK SECURITYNETWORK SECURITY
NETWORK SECURITYafaque jaya
 
Network security (vulnerabilities, threats, and attacks)
Network security (vulnerabilities, threats, and attacks)Network security (vulnerabilities, threats, and attacks)
Network security (vulnerabilities, threats, and attacks)Fabiha Shahzad
 
Cyber Threat Intelligence
Cyber Threat IntelligenceCyber Threat Intelligence
Cyber Threat Intelligenceseadeloitte
 
The importance of Cybersecurity
The importance of CybersecurityThe importance of Cybersecurity
The importance of CybersecurityBenoit Callebaut
 
End User Security Awareness Presentation
End User Security Awareness PresentationEnd User Security Awareness Presentation
End User Security Awareness PresentationCristian Mihai
 
Overview of the Cyber Kill Chain [TM]
Overview of the Cyber Kill Chain [TM]Overview of the Cyber Kill Chain [TM]
Overview of the Cyber Kill Chain [TM]David Sweigert
 
Application Security | Application Security Tutorial | Cyber Security Certifi...
Application Security | Application Security Tutorial | Cyber Security Certifi...Application Security | Application Security Tutorial | Cyber Security Certifi...
Application Security | Application Security Tutorial | Cyber Security Certifi...Edureka!
 
7 Steps to Threat Modeling
7 Steps to Threat Modeling7 Steps to Threat Modeling
7 Steps to Threat ModelingDanny Wong
 
Domain 6 - Security Assessment and Testing
Domain 6 - Security Assessment and TestingDomain 6 - Security Assessment and Testing
Domain 6 - Security Assessment and TestingMaganathin Veeraragaloo
 
Cyber Security Best Practices
Cyber Security Best PracticesCyber Security Best Practices
Cyber Security Best PracticesEvolve IP
 
Cybersecurity Fundamentals | Understanding Cybersecurity Basics | Cybersecuri...
Cybersecurity Fundamentals | Understanding Cybersecurity Basics | Cybersecuri...Cybersecurity Fundamentals | Understanding Cybersecurity Basics | Cybersecuri...
Cybersecurity Fundamentals | Understanding Cybersecurity Basics | Cybersecuri...Edureka!
 

Was ist angesagt? (20)

National Life IT Department's Cyber Security Awareness Presentation
National Life IT Department's Cyber Security Awareness PresentationNational Life IT Department's Cyber Security Awareness Presentation
National Life IT Department's Cyber Security Awareness Presentation
 
Chapter 11: Information Security Incident Management
Chapter 11: Information Security Incident ManagementChapter 11: Information Security Incident Management
Chapter 11: Information Security Incident Management
 
Information security
Information securityInformation security
Information security
 
IT security
IT securityIT security
IT security
 
Security on Cloud Computing
Security on Cloud Computing Security on Cloud Computing
Security on Cloud Computing
 
NETWORK SECURITY
NETWORK SECURITYNETWORK SECURITY
NETWORK SECURITY
 
Network security (vulnerabilities, threats, and attacks)
Network security (vulnerabilities, threats, and attacks)Network security (vulnerabilities, threats, and attacks)
Network security (vulnerabilities, threats, and attacks)
 
Cyber Threat Intelligence
Cyber Threat IntelligenceCyber Threat Intelligence
Cyber Threat Intelligence
 
The importance of Cybersecurity
The importance of CybersecurityThe importance of Cybersecurity
The importance of Cybersecurity
 
Overview of Information Security & Privacy
Overview of Information Security & PrivacyOverview of Information Security & Privacy
Overview of Information Security & Privacy
 
End User Security Awareness Presentation
End User Security Awareness PresentationEnd User Security Awareness Presentation
End User Security Awareness Presentation
 
Overview of the Cyber Kill Chain [TM]
Overview of the Cyber Kill Chain [TM]Overview of the Cyber Kill Chain [TM]
Overview of the Cyber Kill Chain [TM]
 
Application Security | Application Security Tutorial | Cyber Security Certifi...
Application Security | Application Security Tutorial | Cyber Security Certifi...Application Security | Application Security Tutorial | Cyber Security Certifi...
Application Security | Application Security Tutorial | Cyber Security Certifi...
 
7 Steps to Threat Modeling
7 Steps to Threat Modeling7 Steps to Threat Modeling
7 Steps to Threat Modeling
 
Domain 6 - Security Assessment and Testing
Domain 6 - Security Assessment and TestingDomain 6 - Security Assessment and Testing
Domain 6 - Security Assessment and Testing
 
Phishing
PhishingPhishing
Phishing
 
Security Awareness Training.pptx
Security Awareness Training.pptxSecurity Awareness Training.pptx
Security Awareness Training.pptx
 
Cybersecurity
CybersecurityCybersecurity
Cybersecurity
 
Cyber Security Best Practices
Cyber Security Best PracticesCyber Security Best Practices
Cyber Security Best Practices
 
Cybersecurity Fundamentals | Understanding Cybersecurity Basics | Cybersecuri...
Cybersecurity Fundamentals | Understanding Cybersecurity Basics | Cybersecuri...Cybersecurity Fundamentals | Understanding Cybersecurity Basics | Cybersecuri...
Cybersecurity Fundamentals | Understanding Cybersecurity Basics | Cybersecuri...
 

Andere mochten auch

INFORMATION SECURITY
INFORMATION SECURITYINFORMATION SECURITY
INFORMATION SECURITYAhmed Moussa
 
GENDER DIFFERENCES POWERPOINT
GENDER DIFFERENCES POWERPOINT GENDER DIFFERENCES POWERPOINT
GENDER DIFFERENCES POWERPOINT Andrew Schwartz
 

Andere mochten auch (6)

Theories of Gender Development
Theories of Gender DevelopmentTheories of Gender Development
Theories of Gender Development
 
Gender and development
Gender and developmentGender and development
Gender and development
 
Gender issues
Gender issuesGender issues
Gender issues
 
INFORMATION SECURITY
INFORMATION SECURITYINFORMATION SECURITY
INFORMATION SECURITY
 
GENDER DIFFERENCES POWERPOINT
GENDER DIFFERENCES POWERPOINT GENDER DIFFERENCES POWERPOINT
GENDER DIFFERENCES POWERPOINT
 
gender and development
gender and developmentgender and development
gender and development
 

Ähnlich wie Cyber security vs information assurance

Chapter 6 Security of Information and Cyber Security(FASS)
Chapter 6 Security of Information and Cyber Security(FASS)Chapter 6 Security of Information and Cyber Security(FASS)
Chapter 6 Security of Information and Cyber Security(FASS)Md Shaifullar Rabbi
 
Importance Of Cybersecurity In Education System | SOCVault
Importance Of Cybersecurity In Education System | SOCVaultImportance Of Cybersecurity In Education System | SOCVault
Importance Of Cybersecurity In Education System | SOCVaultSOCVault
 
Concept Of Cyber Security.pdf
Concept Of Cyber Security.pdfConcept Of Cyber Security.pdf
Concept Of Cyber Security.pdfFahadZaman38
 
Combating cyber crimes chinatu
Combating cyber crimes chinatuCombating cyber crimes chinatu
Combating cyber crimes chinatuChinatu Uzuegbu
 
Noah Maina: Computer Emergency Response Team (CERT)
Noah Maina: Computer Emergency Response Team (CERT)Noah Maina: Computer Emergency Response Team (CERT)
Noah Maina: Computer Emergency Response Team (CERT)Hamisi Kibonde
 
Cyber security and critical information infrastructure protection from a sout...
Cyber security and critical information infrastructure protection from a sout...Cyber security and critical information infrastructure protection from a sout...
Cyber security and critical information infrastructure protection from a sout...Business Finland
 
Cybersecurity Interview Questions and Answers.pdf
Cybersecurity Interview Questions and Answers.pdfCybersecurity Interview Questions and Answers.pdf
Cybersecurity Interview Questions and Answers.pdfJazmine Brown
 
Building Cybersecurity Ecosystems in Africa: A Prescription for Resilience
Building Cybersecurity Ecosystems in Africa: A Prescription for ResilienceBuilding Cybersecurity Ecosystems in Africa: A Prescription for Resilience
Building Cybersecurity Ecosystems in Africa: A Prescription for ResilienceMoses Kemibaro
 
Navigating Safely in Cyberspace_ A Guide to Internet Safety and Cybersecurity...
Navigating Safely in Cyberspace_ A Guide to Internet Safety and Cybersecurity...Navigating Safely in Cyberspace_ A Guide to Internet Safety and Cybersecurity...
Navigating Safely in Cyberspace_ A Guide to Internet Safety and Cybersecurity...Assignment Help
 
All About Network Security & its Essentials.pptx
All About Network Security & its Essentials.pptxAll About Network Security & its Essentials.pptx
All About Network Security & its Essentials.pptxInfosectrain3
 
what is cybersecurity.pdf
what is cybersecurity.pdfwhat is cybersecurity.pdf
what is cybersecurity.pdfpublicchats
 
Secure your network to secure your reputation and your income
Secure your network to secure your reputation and your incomeSecure your network to secure your reputation and your income
Secure your network to secure your reputation and your incomeUnify
 
Cybersecurity Vs Information Security.pptx
Cybersecurity Vs Information Security.pptxCybersecurity Vs Information Security.pptx
Cybersecurity Vs Information Security.pptxInfosectrain3
 
Cyber-Security-Unit-1.pptx
Cyber-Security-Unit-1.pptxCyber-Security-Unit-1.pptx
Cyber-Security-Unit-1.pptxTikdiPatel
 
The Cost Of Preventing Breaches Educause Nat Conf Denver Nov 09
The Cost Of Preventing Breaches Educause Nat Conf Denver Nov 09The Cost Of Preventing Breaches Educause Nat Conf Denver Nov 09
The Cost Of Preventing Breaches Educause Nat Conf Denver Nov 09Tammy Clark
 
security in it (data and cyber security)
security in it (data and cyber security)security in it (data and cyber security)
security in it (data and cyber security)Rohana K Amarakoon
 

Ähnlich wie Cyber security vs information assurance (20)

Bright future ahead in Cybersecurity
Bright future ahead in CybersecurityBright future ahead in Cybersecurity
Bright future ahead in Cybersecurity
 
Chapter 6 Security of Information and Cyber Security(FASS)
Chapter 6 Security of Information and Cyber Security(FASS)Chapter 6 Security of Information and Cyber Security(FASS)
Chapter 6 Security of Information and Cyber Security(FASS)
 
Cyber security standards
Cyber security standardsCyber security standards
Cyber security standards
 
Importance Of Cybersecurity In Education System | SOCVault
Importance Of Cybersecurity In Education System | SOCVaultImportance Of Cybersecurity In Education System | SOCVault
Importance Of Cybersecurity In Education System | SOCVault
 
Concept Of Cyber Security.pdf
Concept Of Cyber Security.pdfConcept Of Cyber Security.pdf
Concept Of Cyber Security.pdf
 
Combating cyber crimes chinatu
Combating cyber crimes chinatuCombating cyber crimes chinatu
Combating cyber crimes chinatu
 
Noah Maina: Computer Emergency Response Team (CERT)
Noah Maina: Computer Emergency Response Team (CERT)Noah Maina: Computer Emergency Response Team (CERT)
Noah Maina: Computer Emergency Response Team (CERT)
 
Case Study.pdf
Case Study.pdfCase Study.pdf
Case Study.pdf
 
Cyber security and critical information infrastructure protection from a sout...
Cyber security and critical information infrastructure protection from a sout...Cyber security and critical information infrastructure protection from a sout...
Cyber security and critical information infrastructure protection from a sout...
 
Cybersecurity Interview Questions and Answers.pdf
Cybersecurity Interview Questions and Answers.pdfCybersecurity Interview Questions and Answers.pdf
Cybersecurity Interview Questions and Answers.pdf
 
Building Cybersecurity Ecosystems in Africa: A Prescription for Resilience
Building Cybersecurity Ecosystems in Africa: A Prescription for ResilienceBuilding Cybersecurity Ecosystems in Africa: A Prescription for Resilience
Building Cybersecurity Ecosystems in Africa: A Prescription for Resilience
 
Navigating Safely in Cyberspace_ A Guide to Internet Safety and Cybersecurity...
Navigating Safely in Cyberspace_ A Guide to Internet Safety and Cybersecurity...Navigating Safely in Cyberspace_ A Guide to Internet Safety and Cybersecurity...
Navigating Safely in Cyberspace_ A Guide to Internet Safety and Cybersecurity...
 
All About Network Security & its Essentials.pptx
All About Network Security & its Essentials.pptxAll About Network Security & its Essentials.pptx
All About Network Security & its Essentials.pptx
 
what is cybersecurity.pdf
what is cybersecurity.pdfwhat is cybersecurity.pdf
what is cybersecurity.pdf
 
Secure your network to secure your reputation and your income
Secure your network to secure your reputation and your incomeSecure your network to secure your reputation and your income
Secure your network to secure your reputation and your income
 
Cybersecurity Vs Information Security.pptx
Cybersecurity Vs Information Security.pptxCybersecurity Vs Information Security.pptx
Cybersecurity Vs Information Security.pptx
 
Cyber-Security-Unit-1.pptx
Cyber-Security-Unit-1.pptxCyber-Security-Unit-1.pptx
Cyber-Security-Unit-1.pptx
 
The Cost Of Preventing Breaches Educause Nat Conf Denver Nov 09
The Cost Of Preventing Breaches Educause Nat Conf Denver Nov 09The Cost Of Preventing Breaches Educause Nat Conf Denver Nov 09
The Cost Of Preventing Breaches Educause Nat Conf Denver Nov 09
 
security in it (data and cyber security)
security in it (data and cyber security)security in it (data and cyber security)
security in it (data and cyber security)
 
Cyber Security.pptx
Cyber Security.pptxCyber Security.pptx
Cyber Security.pptx
 

Kürzlich hochgeladen

Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...Angeliki Cooney
 
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdfRising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdfOrbitshub
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processorsdebabhi2
 
FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024The Digital Insurer
 
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...apidays
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfsudhanshuwaghmare1
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024The Digital Insurer
 
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAndrey Devyatkin
 
MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024MIND CTI
 
Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...apidays
 
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWEREMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWERMadyBayot
 
CNIC Information System with Pakdata Cf In Pakistan
CNIC Information System with Pakdata Cf In PakistanCNIC Information System with Pakdata Cf In Pakistan
CNIC Information System with Pakdata Cf In Pakistandanishmna97
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century educationjfdjdjcjdnsjd
 
AXA XL - Insurer Innovation Award Americas 2024
AXA XL - Insurer Innovation Award Americas 2024AXA XL - Insurer Innovation Award Americas 2024
AXA XL - Insurer Innovation Award Americas 2024The Digital Insurer
 
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...apidays
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMESafe Software
 
Ransomware_Q4_2023. The report. [EN].pdf
Ransomware_Q4_2023. The report. [EN].pdfRansomware_Q4_2023. The report. [EN].pdf
Ransomware_Q4_2023. The report. [EN].pdfOverkill Security
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherRemote DBA Services
 
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...Zilliz
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc
 

Kürzlich hochgeladen (20)

Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
 
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdfRising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
 
FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024
 
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdf
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
 
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of Terraform
 
MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024
 
Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...
 
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWEREMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
 
CNIC Information System with Pakdata Cf In Pakistan
CNIC Information System with Pakdata Cf In PakistanCNIC Information System with Pakdata Cf In Pakistan
CNIC Information System with Pakdata Cf In Pakistan
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century education
 
AXA XL - Insurer Innovation Award Americas 2024
AXA XL - Insurer Innovation Award Americas 2024AXA XL - Insurer Innovation Award Americas 2024
AXA XL - Insurer Innovation Award Americas 2024
 
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
 
Ransomware_Q4_2023. The report. [EN].pdf
Ransomware_Q4_2023. The report. [EN].pdfRansomware_Q4_2023. The report. [EN].pdf
Ransomware_Q4_2023. The report. [EN].pdf
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a Fresher
 
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
 

Cyber security vs information assurance

  • 1. Distance Education for Africa / Enseignement á Distance Pour L’Afrique WWW.DEAFRICA.COM Cyber Security VS Information Assurance Olufemi Vaughan CISA, ITIL Instructor, DeAfrica July, 2015
  • 2. Distance Education for Africa / Enseignement á Distance Pour L’Afrique WWW.DEAFRICA.COM Table of Contents: Cyber Security vs Information Assurance: What is the difference? Introduction to Cyber Security and Information Assurance: What is the difference? Careers in Cyber security: challenges and issues and how to prepare for them
  • 3. Distance Education for Africa / Enseignement á Distance Pour L’Afrique WWW.DEAFRICA.COM Introduction  Richard Clarke was famously heard to say, "If you spend more on coffee than on IT security, then you will be hacked. What's more, you deserve to be hacked.”  The growing number of attacks on our cyber networks has become, in President Obama’s words, “one of the most serious economic and national security threats our nation faces.”
  • 4. Distance Education for Africa / Enseignement á Distance Pour L’Afrique WWW.DEAFRICA.COM What is Cyber Security?  Cyber security is the process of applying security measures to ensure confidentiality, integrity, and availability of data. Cyber security attempts to assure the protection of assets, which includes data, desktops, servers, buildings, and most importantly, humans. The goal of cyber security is to protect data both in transit and at rest.
  • 5. Distance Education for Africa / Enseignement á Distance Pour L’Afrique WWW.DEAFRICA.COM Who and What is at Risk?  Economy  Defense  Transportation  Medical  Government  Telecommunications  Energy Sector  Critical Infrastructure  Computers/Cable TV/Phones/MP3/Games
  • 6. Distance Education for Africa / Enseignement á Distance Pour L’Afrique WWW.DEAFRICA.COM What is Information Assurance? Information assurance is the process of adding business benefit through the use of Information Risk Management which increases the utility of information to authorized users, and reduces the utility of information to those unauthorized. It is strongly related to the field of information security, and also with business continuity.
  • 7. Distance Education for Africa / Enseignement á Distance Pour L’Afrique WWW.DEAFRICA.COM Fundamental Concept of Information Assurance  Confidentiality (privacy)  Integrity (quality, accuracy, relevance)  Availability (accessibility)
  • 8. Distance Education for Africa / Enseignement á Distance Pour L’Afrique WWW.DEAFRICA.COM Information Assurance Process The information assurance process typically begins with the enumeration and classification of the information assets to be protected. Next, the IA practitioner will perform a risk assessment for those assets. Vulnerabilities in the information assets are determined in order to enumerate the threats capable of exploiting the assets.
  • 9. Distance Education for Africa / Enseignement á Distance Pour L’Afrique WWW.DEAFRICA.COM Information Assurance Process The assessment then considers both the probability and impact of a threat exploiting a vulnerability in an asset, with impact usually measured in terms of cost to the asset's stakeholders. The sum of the products of the threats' impact and the probability of their occurring is the total risk to the information asset.
  • 10. Distance Education for Africa / Enseignement á Distance Pour L’Afrique WWW.DEAFRICA.COM Information Assurance Process With the risk assessment complete, the IA practitioner then develops a risk management plan. This plan proposes countermeasures that involve mitigating, eliminating, accepting, or transferring the risks, and considers prevention, detection, and response to threats. A framework published by a standards organization, such as Risk IT, CobiT, PCI DSS or ISO/IEC 27002, may guide development.
  • 11. Distance Education for Africa / Enseignement á Distance Pour L’Afrique WWW.DEAFRICA.COM Information Assurance Process After the risk management plan is implemented, it is tested and evaluated, often by means of formal audits. The IA process is an iterative one, in that the risk assessment and risk management plan are meant to be periodically revised and improved based on data gathered about their completeness and effectiveness.
  • 12. Distance Education for Africa / Enseignement á Distance Pour L’Afrique WWW.DEAFRICA.COM Concept of Information Security Physical Security: This is a significant part of any security system and cannot be ignored as it is an important line of defense for most organizations. Hardware Security can be primarily considered under Physical Security, even though some of the components of the hardware can be considered under other securities such as Network Security. TCP/IP is the underlying protocol for computer communication that facilitates distributed connectivity and communication facilities for sharing data between two computers present at different locations. TCP/IP is the underlying protocol that resulted in the invention of the Internet and the World Wide Web (WWW).
  • 13. Distance Education for Africa / Enseignement á Distance Pour L’Afrique WWW.DEAFRICA.COM Concept of Information Security Network Security: This is extremely essential to protect the data that is being transmitted and guarantee that the data is not tampered with during the transmission. Communications Security, that is, securing communications through the use of various mechanisms, can be considered broadly as a part of Network Security. Secure routing mechanisms, secure session mechanisms, and secure encryption mechanisms may be considered as part of Communications Security. Software Security, which broadly deals with the Operating System Security, the Application Security, and the security of software utilities/tools, including the security of tools used to provide information security. Operating systems provide many of the functionalities required for the servers and computers to work effectively, including communication capabilities with other systems, processing of information, and effective functioning of applications.
  • 14. Distance Education for Africa / Enseignement á Distance Pour L’Afrique WWW.DEAFRICA.COM Human or personnel security is another important layer. Keeping personnel motivated, making them aware of the information security risks, and involving them in the implementation of the same is an important aspect of information security which cannot be forgotten at any cost. Employees (permanent or temporary), contractors, and suppliers are all significant in this regard.
  • 15. Distance Education for Africa / Enseignement á Distance Pour L’Afrique WWW.DEAFRICA.COM Internet Usage  In 1995, 16 million users (0.4%)  In 2010, 1.6 billion users (23.5%)  In 2015, 3 billion users (47%)  Unable to treat physical and cyber security separately, they are intertwined.
  • 16. Distance Education for Africa / Enseignement á Distance Pour L’Afrique WWW.DEAFRICA.COM
  • 17. Distance Education for Africa / Enseignement á Distance Pour L’Afrique WWW.DEAFRICA.COM  A threat is any potential danger to information and systems  3 levels of cyber threats  Unstructured  Structured  Highly structured  Two types of threats: Internal and External Security Threats
  • 18. Distance Education for Africa / Enseignement á Distance Pour L’Afrique WWW.DEAFRICA.COM External Threats
  • 19. Distance Education for Africa / Enseignement á Distance Pour L’Afrique WWW.DEAFRICA.COM Internal Threat Internal threats originate from within the organization. The primary contributors to internal threats are employees, contractors, or suppliers to whom work is outsourced. The major threats are frauds, misuse of information, and/or destruction of information. Many internal threats primarily originate for the following reasons:
  • 20. Distance Education for Africa / Enseignement á Distance Pour L’Afrique WWW.DEAFRICA.COM Internal Threat Weak Security Policy Weak Security Administration Lack of User Security Awareness Layered Security and Defense In-depth Security
  • 21. Distance Education for Africa / Enseignement á Distance Pour L’Afrique WWW.DEAFRICA.COM Layered Approach to Security
  • 22. Distance Education for Africa / Enseignement á Distance Pour L’Afrique WWW.DEAFRICA.COM Questions? For more information, please visit www.deafrica.org or email info@deafrica.org