SlideShare ist ein Scribd-Unternehmen logo

chapter 1. Introduction to Information Security

Als PPT, PDF herunterladen
E
elmuhammadmuhammad

This training creates the awareness of the security threats facing individuals, business owner’s, and corporations in today’s society and induces a’ plan-protection’ attitude. It enriches individuals, students’, business owners’ and workers’ approach to handling these threats and responding appropriately when these threats occur.

Technologie
1 von 44
SQUARE NORTH TECHNOLOGIES Information Security Training Chapter 1 Introduction to Information Security Muhammad Lawal Chief Executive Officer elmuhammadm@gmail.com 08124350304
Learning Objectives  Understand what information security is and how it came to mean what it does today.  Comprehend the history of computer security and how it evolved into information security.  Understand the key terms and critical concepts of information security as presented in the chapter.  Outline the phases of the security systems development life cycle.  Understand the role professionals involved in information security in an organizational structure.  Understand the business need for information security.  Understand a successful information security program is the responsibility of an organization‘s general management and I T management.  Understand the some threats posed to information security and the more common attacks associated with those threats.
Introduction  Some hundreds of years ago, we would have been making living on agriculture.  Say a hundred years ago you were likely to be making a living working in a factory.  Today, we live in the information age where everyone has a job somehow connected to information stored in digital form on a network.
The History Of Information Security Computer security began immediately after the first mainframes were developed Physical controls were needed to limit access to authorized personnel to sensitive military locations Only rudimentary controls were available to defend against physical theft, espionage, and sabotage
The 1960s • Department of Defense’s Advanced Research Project Agency (ARPA) began examining the feasibility of a redundant networked communi cations
The 1970s and 80s • ARPANET grew in popularity as did its potential for misuse • Fundamental problems with ARPANET security were identified – No safety procedures for dial-up connections to the ARPANET – User identification and authorization to the system were non-existent • In the late 1970s the microprocessor expanded computing capabilities and security threats
R-609 – The Start of the Study of Computer Security • Information Security began with Rand Report R-609 • The scope of computer security grew from physical security to include: – Safety of the data – Limiting unauthorized access to that data – Involvement of personnel from multiple levels of the organization
The 1990s • Networks of computers became more common, so too did the need to interconnect the networks • Resulted in the Internet, the first manifestation of a global network of networks • In early Internet deployments, security was treated as a low priority
The Present • The Internet has brought millions of computer networks into communication with each other – many of them unsecured • Ability to secure each now influenced by the security on every computer to which it is connected
What is Security?  The quality or state of being secure—to be fre e from danger  A successful organization should have multipl e layers of security in place: • Physical security • Personal security • Operations security • Communications security • Network security • Information security
Critical Characteristics of Information • The value of information comes from the char acteristics it possesses: – Availability – Accuracy – Authenticity – Confidentiality – Integrity – Utility – Possession
Components of an Information System • Information system (IS) is the entire set of software, hardware, data, people, procedures, and networks necessary to use information as a resource in the organisation
Bottom Up Approach • Security from a grass-roots effort - systems administrators attempt to improve the security of their systems • Key advantage - technical expertise of the individual administrators • Seldom works, as it lacks a number of critical features: – participant support – organizational staying power
Top-down Approach • Initiated by upper management: – issue policy, procedures, and processes – dictate the goals and expected outcomes of the project – determine who is accountable for each of the required actions • This approach has strong upper management support, a dedicated champion, dedicated funding, clear planning, and the chance to influence organizational culture • May also involve a formal development strategy referred to as a systems development life cycle – Most successful top-down approach
The Systems Development Life Cycle • Information security must be managed in a manner similar to any other major system implemented in the organization • Using a methodology – ensures a rigorous process – avoids missing steps • The goal is creating a comprehensive security posture/program
The Security Systems Development Life Cycle • The same phases used in traditional SDLC may be adapte d to support specialized implementation of an IS project • Investigation • Analysis • Logical design • Physical design • Implementation • Maintenance & change • Identification of specific threats and creating controls to counter them • SecSDLC is a coherent program rather than a seri es of random, seemingly unconnected actions
Investigation • Identifies process, outcomes, goals, and const raints of the project • Begins with enterprise information security po licy • Organizational feasibility analysis is performed
Analysis • Documents from investigation phase are studied • Analyzes existing security policies or programs, a long with documented current threats and assoc iated controls • Includes analysis of relevant legal issues that co uld impact design of the security solution • The risk management task begins
Logical Design • Creates and develops blueprints for information secu rity • Incident response actions planned: – Continuity planning – Incident response – Disaster recovery • Feasibility analysis to determine whether project sho uld continue or be outsourced
Physical Design • Needed security technology is evaluated, alternatives generated, and final design selected • At end of phase, feasibility study determines readiness of organization for project
Implementation • Security solutions are acquired, tested, implemented, and tested again • Personnel issues evaluated; specific training and education programs conducted • Entire tested package is presented to management for final approval
Maintenance and Change • Perhaps the most important phase, given the ever-changing threat environment • Often, reparation and restoration of information is a constant duel with an unseen adversary • Information security profile of an organization requires constant adaptation as new threats emerge and old threats evolve
Professionals involved in information security within an organization Senior Management  Chief Information Officer (CIO) • Senior technology officer • Primarily responsible for advising senior executives on strategic planning  Chief Information Security Officer (CISO) • Primarily responsible for assessment, management, an d implementation of IS in the organization • Usually reports directly to the CIO
Information Security Project Team  A number of individuals who are experienced in one or more facets of required technical an d nontechnical areas: • Champion • Team leader • Security policy developers • Risk assessment specialists • Security professionals • Systems administrators • End users
Data Ownership • Data owner: responsible for the security and u se of a particular set of information • Data custodian: responsible for storage, maint enance, and protection of information • Data users: end users who work with informat ion to perform their daily jobs supporting the mission of the organization
What is Information Security? • “The concepts, techniques, technical measures, and adminis trative measures used to protect information assets from deli berate or inadvertent unauthorised acquisition, damage, discl osure, manipulation, modification, loss, or use is information security.” or • means protecting information and information systems from unauthorised access, use, disclosure, modification or destructi on. or • Implementing suitable controls - policies, practices, procedur es, organisational structures, software, etc, to secure informa tion for any information user.
• The protection of information and its critical e lements, including systems and hardware that use, store, and transmit that information • Necessary tools: policy, awareness, training, e ducation, technology • C.I.A. triangle was standard based on confiden tiality, integrity, and availability • C.I.A. triangle now expanded into list of critica l characteristics of information
How Can Information Security Be Achieved Access to network resource will be granted through a unique user ID and password Passwords will be 8 characters long Passwords should include one non-alpha and not found in dictionary Information Security is achieved by implementing a suitable set of controls, which could be: These controls need to be established in order to ensure that the specific security objectives of the organization are met.
Information Security Goals  Confidentiality - making sure that those who should not see the information can not see it.  Integrity - making sure the information has not been changed from how it was intended to be.  Availability – making sure the information is available for use when needed.
Confidentiality Integrity Availability Security Goals
Securing Components • Computer can be subject of an attack and/or the obj ect of an attack – When the subject of an attack, computer is used as an active tool to conduct attack – When the object of an attack, computer is the entity b eing attacked
Balancing Information Security and Access • Impossible to obtain perfect security—it is a p rocess, not an absolute • Security should be considered balance betwee n protection and availability • To achieve balance, level of security must allo w reasonable access, yet protect against threa ts
Balancing security and access
The Need for Information Security Business Needs First Technology Needs Last Information security performs three important functions for an organization: • Protects the organization‘s ability to function – Communities of interest must argue for information security in ter ms of impact and cost • Enables the safe operation of applications implemented on the organization‘s IT systems – Organizations must create integrated, efficient, and capable applic ations – Organization need environments that safeguard applications
• Protects the data the organization collects and uses – One of the most valuable assets is data – Without data, an organization loses its record of trans actions and/or its ability to deliver value to its custom ers – An effective information security program is essential to the protection of the integrity and value of the orga nization‘s data Technology Needs • Safeguards the technological assets in use at the organi zation • Organizations must have secure infrastructure services b ased on the size and scope of the enterprise
Areas of Information System Security  Data security  Computer security  LAN or Network security  Internet security
Major Threats & Issues Basic Threats  Theft of password  E-mail based threats  E-mail based extortion  Launch of malicious codes (trojans)
Corporate threats • Web defacement • Corporate espionage • Website based launch of malicious code cheating and fraud • Exchange of criminal ideas and tools • Cyber harassment • Forge websites Online threats • E-mail spamming • Theft of software and electronic records • Cyber stalking • E-mail bombing • Denial of service attacks
Protecting your computer and network  Physical security  Securing desktop computers  Securing laptops/notebooks/handheld computers  Securing network security  Software security  Protect against internet intruders with firewall s and IDS  Protect against viruses and other malware  Protect against spyware and adware  Protect against unwanted email
General spam protection practices  Do not give out your email address indiscriminately  Leave your email signature line blank if you post to a newsgroup  Do not reply to junk messages  Do not open obvious spam mails  Report to appropriate person – systems administrator

Empfohlen

Information security
Information securityInformation security
Information securityLusungu Mkandawire CISA,CISM,CGEIT,CPF,PRINCE2
 
Information Security Risk Management
Information Security Risk Management Information Security Risk Management
Information Security Risk Management Ersoy AKSOY
 
INFORMATION SECURITY
INFORMATION SECURITYINFORMATION SECURITY
INFORMATION SECURITYAhmed Moussa
 
Information Security Lecture #1 ppt
Information Security Lecture #1 pptInformation Security Lecture #1 ppt
Information Security Lecture #1 pptvasanthimuniasamy
 
Introduction to Cyber Security
Introduction to Cyber SecurityIntroduction to Cyber Security
Introduction to Cyber SecurityStephen Lahanas
 
Information security
Information securityInformation security
Information securityavinashbalakrishnan2
 
The CIA triad.pptx
The CIA triad.pptxThe CIA triad.pptx
The CIA triad.pptxGulnurAzat
 
Information Assurance And Security - Chapter 2 - Lesson 2
Information Assurance And Security - Chapter 2 - Lesson 2Information Assurance And Security - Chapter 2 - Lesson 2
Information Assurance And Security - Chapter 2 - Lesson 2MLG College of Learning, Inc
 

Empfohlen

Information security
Information securityInformation security
Information securityLusungu Mkandawire CISA,CISM,CGEIT,CPF,PRINCE2
 
Information Security Risk Management
Information Security Risk Management Information Security Risk Management
Information Security Risk Management Ersoy AKSOY
 
INFORMATION SECURITY
INFORMATION SECURITYINFORMATION SECURITY
INFORMATION SECURITYAhmed Moussa
 
Information Security Lecture #1 ppt
Information Security Lecture #1 pptInformation Security Lecture #1 ppt
Information Security Lecture #1 pptvasanthimuniasamy
 
Introduction to Cyber Security
Introduction to Cyber SecurityIntroduction to Cyber Security
Introduction to Cyber SecurityStephen Lahanas
 
Information security
Information securityInformation security
Information securityavinashbalakrishnan2
 
The CIA triad.pptx
The CIA triad.pptxThe CIA triad.pptx
The CIA triad.pptxGulnurAzat
 
Information Assurance And Security - Chapter 2 - Lesson 2
Information Assurance And Security - Chapter 2 - Lesson 2Information Assurance And Security - Chapter 2 - Lesson 2
Information Assurance And Security - Chapter 2 - Lesson 2MLG College of Learning, Inc
 
Introduction to Information Security
Introduction to Information Security Introduction to Information Security
Introduction to Information Security Shreedevi Tharanidharan
 
Information security management
Information security managementInformation security management
Information security managementUMaine
 
Introduction to Cybersecurity Fundamentals
Introduction to Cybersecurity FundamentalsIntroduction to Cybersecurity Fundamentals
Introduction to Cybersecurity FundamentalsToño Herrera
 
Information security and Attacks
Information security and AttacksInformation security and Attacks
Information security and AttacksSachin Darekar
 
Security policy
Security policySecurity policy
Security policyDhani Ahmad
 
Information Assurance And Security - Chapter 1 - Lesson 2
Information Assurance And Security - Chapter 1 - Lesson 2Information Assurance And Security - Chapter 1 - Lesson 2
Information Assurance And Security - Chapter 1 - Lesson 2MLG College of Learning, Inc
 
Introduction to information security
Introduction to information securityIntroduction to information security
Introduction to information securityjayashri kolekar
 
Information security in todays world
Information security in todays worldInformation security in todays world
Information security in todays worldSibghatullah Khattak
 
Cia security model
Cia security modelCia security model
Cia security modelImran Ahmed
 
Data Privacy & Security
Data Privacy & SecurityData Privacy & Security
Data Privacy & SecurityEryk Budi Pratama
 
Legal, Ethical, and Professional Issues In Information Security
Legal, Ethical, and Professional Issues In Information SecurityLegal, Ethical, and Professional Issues In Information Security
Legal, Ethical, and Professional Issues In Information SecurityCarl Ceder
 
Ethics in IT Security
Ethics in IT SecurityEthics in IT Security
Ethics in IT Securitymtvvvv
 
Cyber Security Incident Response
Cyber Security Incident ResponseCyber Security Incident Response
Cyber Security Incident ResponsePECB
 
The difference between Cybersecurity and Information Security
The difference between Cybersecurity and Information SecurityThe difference between Cybersecurity and Information Security
The difference between Cybersecurity and Information SecurityPECB
 
Data security
Data securityData security
Data securityForeSolutions
 
Security risk management
Security risk managementSecurity risk management
Security risk managementG Prachi
 
Information Security Lecture Notes
Information Security Lecture NotesInformation Security Lecture Notes
Information Security Lecture NotesFellowBuddy.com
 
Information Security It's All About Compliance
Information Security It's All About ComplianceInformation Security It's All About Compliance
Information Security It's All About ComplianceDinesh O Bareja
 
Information Assurance And Security - Chapter 2 - Lesson 1
Information Assurance And Security - Chapter 2 - Lesson 1Information Assurance And Security - Chapter 2 - Lesson 1
Information Assurance And Security - Chapter 2 - Lesson 1MLG College of Learning, Inc
 
Chapter 3: Information Security Framework
Chapter 3: Information Security FrameworkChapter 3: Information Security Framework
Chapter 3: Information Security FrameworkNada G.Youssef
 
Introduction to information security
Introduction to information securityIntroduction to information security
Introduction to information securityKumawat Dharmpal
 
01Introduction to Information Security.ppt
01Introduction to Information Security.ppt01Introduction to Information Security.ppt
01Introduction to Information Security.pptit160320737038
 

Weitere ähnliche Inhalte

Was ist angesagt?

Information security management
Information security managementInformation security management
Information security managementUMaine
 
Introduction to Cybersecurity Fundamentals
Introduction to Cybersecurity FundamentalsIntroduction to Cybersecurity Fundamentals
Introduction to Cybersecurity FundamentalsToño Herrera
 
Information security and Attacks
Information security and AttacksInformation security and Attacks
Information security and AttacksSachin Darekar
 
Information Assurance And Security - Chapter 1 - Lesson 2
Information Assurance And Security - Chapter 1 - Lesson 2Information Assurance And Security - Chapter 1 - Lesson 2
Information Assurance And Security - Chapter 1 - Lesson 2MLG College of Learning, Inc
 
Introduction to information security
Introduction to information securityIntroduction to information security
Introduction to information securityjayashri kolekar
 
Information security in todays world
Information security in todays worldInformation security in todays world
Information security in todays worldSibghatullah Khattak
 
Cia security model
Cia security modelCia security model
Cia security modelImran Ahmed
 
Legal, Ethical, and Professional Issues In Information Security
Legal, Ethical, and Professional Issues In Information SecurityLegal, Ethical, and Professional Issues In Information Security
Legal, Ethical, and Professional Issues In Information SecurityCarl Ceder
 
Ethics in IT Security
Ethics in IT SecurityEthics in IT Security
Ethics in IT Securitymtvvvv
 
Cyber Security Incident Response
Cyber Security Incident ResponseCyber Security Incident Response
Cyber Security Incident ResponsePECB
 
The difference between Cybersecurity and Information Security
The difference between Cybersecurity and Information SecurityThe difference between Cybersecurity and Information Security
The difference between Cybersecurity and Information SecurityPECB
 
Security risk management
Security risk managementSecurity risk management
Security risk managementG Prachi
 
Information Security Lecture Notes
Information Security Lecture NotesInformation Security Lecture Notes
Information Security Lecture NotesFellowBuddy.com
 
Information Security It's All About Compliance
Information Security It's All About ComplianceInformation Security It's All About Compliance
Information Security It's All About ComplianceDinesh O Bareja
 
Information Assurance And Security - Chapter 2 - Lesson 1
Information Assurance And Security - Chapter 2 - Lesson 1Information Assurance And Security - Chapter 2 - Lesson 1
Information Assurance And Security - Chapter 2 - Lesson 1MLG College of Learning, Inc
 
Chapter 3: Information Security Framework
Chapter 3: Information Security FrameworkChapter 3: Information Security Framework
Chapter 3: Information Security FrameworkNada G.Youssef
 

Was ist angesagt? (20)

Introduction to Information Security
Introduction to Information Security Introduction to Information Security
Introduction to Information Security
 
Information security management
Information security managementInformation security management
Information security management
 
Introduction to Cybersecurity Fundamentals
Introduction to Cybersecurity FundamentalsIntroduction to Cybersecurity Fundamentals
Introduction to Cybersecurity Fundamentals
 
Information security and Attacks
Information security and AttacksInformation security and Attacks
Information security and Attacks
 
Security policy
Security policySecurity policy
Security policy
 
Information Assurance And Security - Chapter 1 - Lesson 2
Information Assurance And Security - Chapter 1 - Lesson 2Information Assurance And Security - Chapter 1 - Lesson 2
Information Assurance And Security - Chapter 1 - Lesson 2
 
Introduction to information security
Introduction to information securityIntroduction to information security
Introduction to information security
 
Information security in todays world
Information security in todays worldInformation security in todays world
Information security in todays world
 
Cia security model
Cia security modelCia security model
Cia security model
 
Data Privacy & Security
Data Privacy & SecurityData Privacy & Security
Data Privacy & Security
 
Legal, Ethical, and Professional Issues In Information Security
Legal, Ethical, and Professional Issues In Information SecurityLegal, Ethical, and Professional Issues In Information Security
Legal, Ethical, and Professional Issues In Information Security
 
Ethics in IT Security
Ethics in IT SecurityEthics in IT Security
Ethics in IT Security
 
Cyber Security Incident Response
Cyber Security Incident ResponseCyber Security Incident Response
Cyber Security Incident Response
 
The difference between Cybersecurity and Information Security
The difference between Cybersecurity and Information SecurityThe difference between Cybersecurity and Information Security
The difference between Cybersecurity and Information Security
 
Data security
Data securityData security
Data security
 
Security risk management
Security risk managementSecurity risk management
Security risk management
 
Information Security Lecture Notes
Information Security Lecture NotesInformation Security Lecture Notes
Information Security Lecture Notes
 
Information Security It's All About Compliance
Information Security It's All About ComplianceInformation Security It's All About Compliance
Information Security It's All About Compliance
 
Information Assurance And Security - Chapter 2 - Lesson 1
Information Assurance And Security - Chapter 2 - Lesson 1Information Assurance And Security - Chapter 2 - Lesson 1
Information Assurance And Security - Chapter 2 - Lesson 1
 
Chapter 3: Information Security Framework
Chapter 3: Information Security FrameworkChapter 3: Information Security Framework
Chapter 3: Information Security Framework
 

Ähnlich wie chapter 1. Introduction to Information Security

Introduction to information security
Introduction to information securityIntroduction to information security
Introduction to information securityKumawat Dharmpal
 
01Introduction to Information Security.ppt
01Introduction to Information Security.ppt01Introduction to Information Security.ppt
01Introduction to Information Security.pptit160320737038
 
Introduction to Cybersecurity.pdf
Introduction to Cybersecurity.pdfIntroduction to Cybersecurity.pdf
Introduction to Cybersecurity.pdfssuserf98dd4
 
Introduction to information security
Introduction to information securityIntroduction to information security
Introduction to information securityKATHEESKUMAR S
 
is_1_Introduction to Information Security
is_1_Introduction to Information Securityis_1_Introduction to Information Security
is_1_Introduction to Information SecuritySARJERAO Sarju
 
Human Factors_MODULE_2.pptx
Human Factors_MODULE_2.pptxHuman Factors_MODULE_2.pptx
Human Factors_MODULE_2.pptxShreeveni
 
Chapter 1 introduction(web security)
Chapter 1 introduction(web security)Chapter 1 introduction(web security)
Chapter 1 introduction(web security)Kirti Ahirrao
 
SECURITY AND CONTROL
SECURITY AND CONTROLSECURITY AND CONTROL
SECURITY AND CONTROLshinydey
 
IT8073 INFORMATION SECURITY FOR FINAL YEAR COMPUTER SCIENCE ENGINEERING
IT8073 INFORMATION SECURITY FOR FINAL YEAR COMPUTER SCIENCE ENGINEERINGIT8073 INFORMATION SECURITY FOR FINAL YEAR COMPUTER SCIENCE ENGINEERING
IT8073 INFORMATION SECURITY FOR FINAL YEAR COMPUTER SCIENCE ENGINEERINGThumilvannanSambanda
 
Unit 1&2.pdf
Unit 1&2.pdfUnit 1&2.pdf
Unit 1&2.pdfNdheh
 
Information security
Information securityInformation security
Information securityPraveen Minz
 
information security management
information security managementinformation security management
information security managementGurpreetkaur838
 
Information security
Information security Information security
Information security razendar79
 
Cervone uof t - nist framework (1)
Cervone uof t - nist framework (1)Cervone uof t - nist framework (1)
Cervone uof t - nist framework (1)Stephen Abram
 
Fundamentals of-information-security
Fundamentals of-information-security Fundamentals of-information-security
Fundamentals of-information-security madunix
 
IT Security Architecture & Leadership, 03 - 06 March 2019 Dubai, UAE
IT Security Architecture & Leadership, 03 - 06 March 2019 Dubai, UAEIT Security Architecture & Leadership, 03 - 06 March 2019 Dubai, UAE
IT Security Architecture & Leadership, 03 - 06 March 2019 Dubai, UAE360 BSI
 
Cyber-Security-Unit-1.pptx
Cyber-Security-Unit-1.pptxCyber-Security-Unit-1.pptx
Cyber-Security-Unit-1.pptxTikdiPatel
 
Introduction to information security - by Ivan Nganda
Introduction to information security - by Ivan NgandaIntroduction to information security - by Ivan Nganda
Introduction to information security - by Ivan NgandaSee You Rise Holdings
 

Ähnlich wie chapter 1. Introduction to Information Security (20)

Introduction to information security
Introduction to information securityIntroduction to information security
Introduction to information security
 
01Introduction to Information Security.ppt
01Introduction to Information Security.ppt01Introduction to Information Security.ppt
01Introduction to Information Security.ppt
 
Introduction to Cybersecurity.pdf
Introduction to Cybersecurity.pdfIntroduction to Cybersecurity.pdf
Introduction to Cybersecurity.pdf
 
Introduction to information security
Introduction to information securityIntroduction to information security
Introduction to information security
 
is_1_Introduction to Information Security
is_1_Introduction to Information Securityis_1_Introduction to Information Security
is_1_Introduction to Information Security
 
Human Factors_MODULE_2.pptx
Human Factors_MODULE_2.pptxHuman Factors_MODULE_2.pptx
Human Factors_MODULE_2.pptx
 
Chapter 1 introduction(web security)
Chapter 1 introduction(web security)Chapter 1 introduction(web security)
Chapter 1 introduction(web security)
 
SECURITY AND CONTROL
SECURITY AND CONTROLSECURITY AND CONTROL
SECURITY AND CONTROL
 
IT8073 INFORMATION SECURITY FOR FINAL YEAR COMPUTER SCIENCE ENGINEERING
IT8073 INFORMATION SECURITY FOR FINAL YEAR COMPUTER SCIENCE ENGINEERINGIT8073 INFORMATION SECURITY FOR FINAL YEAR COMPUTER SCIENCE ENGINEERING
IT8073 INFORMATION SECURITY FOR FINAL YEAR COMPUTER SCIENCE ENGINEERING
 
Unit 1&2.pdf
Unit 1&2.pdfUnit 1&2.pdf
Unit 1&2.pdf
 
Information security
Information securityInformation security
Information security
 
information security management
information security managementinformation security management
information security management
 
Information security
Information security Information security
Information security
 
Cervone uof t - nist framework (1)
Cervone uof t - nist framework (1)Cervone uof t - nist framework (1)
Cervone uof t - nist framework (1)
 
Fundamentals of-information-security
Fundamentals of-information-security Fundamentals of-information-security
Fundamentals of-information-security
 
IT Security Architecture & Leadership, 03 - 06 March 2019 Dubai, UAE
IT Security Architecture & Leadership, 03 - 06 March 2019 Dubai, UAEIT Security Architecture & Leadership, 03 - 06 March 2019 Dubai, UAE
IT Security Architecture & Leadership, 03 - 06 March 2019 Dubai, UAE
 
Cyber-Security-Unit-1.pptx
Cyber-Security-Unit-1.pptxCyber-Security-Unit-1.pptx
Cyber-Security-Unit-1.pptx
 
internet security and cyber lawUnit1
internet security and cyber lawUnit1internet security and cyber lawUnit1
internet security and cyber lawUnit1
 
Introduction to information security - by Ivan Nganda
Introduction to information security - by Ivan NgandaIntroduction to information security - by Ivan Nganda
Introduction to information security - by Ivan Nganda
 
Information security.pptx
Information security.pptxInformation security.pptx
Information security.pptx
 

Kürzlich hochgeladen

How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonetsnaman860154
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024The Digital Insurer
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfsudhanshuwaghmare1
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Scriptwesley chun
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoffsammart93
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Neo4j
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsJoaquim Jorge
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Igalia
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)Gabriella Davis
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationSafe Software
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking MenDelhi Call girls
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processorsdebabhi2
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherRemote DBA Services
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking MenDelhi Call girls
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdfhans926745
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProduct Anonymous
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsMaria Levchenko
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptxHampshireHUG
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreternaman860154
 

Kürzlich hochgeladen (20)

How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonets
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdf
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Script
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and Myths
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a Fresher
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed texts
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreter
 

chapter 1. Introduction to Information Security

  • 1. SQUARE NORTH TECHNOLOGIES Information Security Training Chapter 1 Introduction to Information Security Muhammad Lawal Chief Executive Officer elmuhammadm@gmail.com 08124350304
  • 2. Learning Objectives  Understand what information security is and how it came to mean what it does today.  Comprehend the history of computer security and how it evolved into information security.  Understand the key terms and critical concepts of information security as presented in the chapter.  Outline the phases of the security systems development life cycle.  Understand the role professionals involved in information security in an organizational structure.  Understand the business need for information security.  Understand a successful information security program is the responsibility of an organization‘s general management and I T management.  Understand the some threats posed to information security and the more common attacks associated with those threats.
  • 3. Introduction  Some hundreds of years ago, we would have been making living on agriculture.  Say a hundred years ago you were likely to be making a living working in a factory.  Today, we live in the information age where everyone has a job somehow connected to information stored in digital form on a network.
  • 4. The History Of Information Security Computer security began immediately after the first mainframes were developed Physical controls were needed to limit access to authorized personnel to sensitive military locations Only rudimentary controls were available to defend against physical theft, espionage, and sabotage
  • 5. The 1960s • Department of Defense’s Advanced Research Project Agency (ARPA) began examining the feasibility of a redundant networked communi cations
  • 6.
  • 7. The 1970s and 80s • ARPANET grew in popularity as did its potential for misuse • Fundamental problems with ARPANET security were identified – No safety procedures for dial-up connections to the ARPANET – User identification and authorization to the system were non-existent • In the late 1970s the microprocessor expanded computing capabilities and security threats
  • 8. R-609 – The Start of the Study of Computer Security • Information Security began with Rand Report R-609 • The scope of computer security grew from physical security to include: – Safety of the data – Limiting unauthorized access to that data – Involvement of personnel from multiple levels of the organization
  • 9. The 1990s • Networks of computers became more common, so too did the need to interconnect the networks • Resulted in the Internet, the first manifestation of a global network of networks • In early Internet deployments, security was treated as a low priority
  • 10. The Present • The Internet has brought millions of computer networks into communication with each other – many of them unsecured • Ability to secure each now influenced by the security on every computer to which it is connected
  • 11. What is Security?  The quality or state of being secure—to be fre e from danger  A successful organization should have multipl e layers of security in place: • Physical security • Personal security • Operations security • Communications security • Network security • Information security
  • 12. Critical Characteristics of Information • The value of information comes from the char acteristics it possesses: – Availability – Accuracy – Authenticity – Confidentiality – Integrity – Utility – Possession
  • 13. Components of an Information System • Information system (IS) is the entire set of software, hardware, data, people, procedures, and networks necessary to use information as a resource in the organisation
  • 14. Bottom Up Approach • Security from a grass-roots effort - systems administrators attempt to improve the security of their systems • Key advantage - technical expertise of the individual administrators • Seldom works, as it lacks a number of critical features: – participant support – organizational staying power
  • 15. Top-down Approach • Initiated by upper management: – issue policy, procedures, and processes – dictate the goals and expected outcomes of the project – determine who is accountable for each of the required actions • This approach has strong upper management support, a dedicated champion, dedicated funding, clear planning, and the chance to influence organizational culture • May also involve a formal development strategy referred to as a systems development life cycle – Most successful top-down approach
  • 16.
  • 17. The Systems Development Life Cycle • Information security must be managed in a manner similar to any other major system implemented in the organization • Using a methodology – ensures a rigorous process – avoids missing steps • The goal is creating a comprehensive security posture/program
  • 18. The Security Systems Development Life Cycle • The same phases used in traditional SDLC may be adapte d to support specialized implementation of an IS project • Investigation • Analysis • Logical design • Physical design • Implementation • Maintenance & change • Identification of specific threats and creating controls to counter them • SecSDLC is a coherent program rather than a seri es of random, seemingly unconnected actions
  • 19.
  • 20. Investigation • Identifies process, outcomes, goals, and const raints of the project • Begins with enterprise information security po licy • Organizational feasibility analysis is performed
  • 21. Analysis • Documents from investigation phase are studied • Analyzes existing security policies or programs, a long with documented current threats and assoc iated controls • Includes analysis of relevant legal issues that co uld impact design of the security solution • The risk management task begins
  • 22. Logical Design • Creates and develops blueprints for information secu rity • Incident response actions planned: – Continuity planning – Incident response – Disaster recovery • Feasibility analysis to determine whether project sho uld continue or be outsourced
  • 23. Physical Design • Needed security technology is evaluated, alternatives generated, and final design selected • At end of phase, feasibility study determines readiness of organization for project
  • 24. Implementation • Security solutions are acquired, tested, implemented, and tested again • Personnel issues evaluated; specific training and education programs conducted • Entire tested package is presented to management for final approval
  • 25. Maintenance and Change • Perhaps the most important phase, given the ever-changing threat environment • Often, reparation and restoration of information is a constant duel with an unseen adversary • Information security profile of an organization requires constant adaptation as new threats emerge and old threats evolve
  • 26. Professionals involved in information security within an organization Senior Management  Chief Information Officer (CIO) • Senior technology officer • Primarily responsible for advising senior executives on strategic planning  Chief Information Security Officer (CISO) • Primarily responsible for assessment, management, an d implementation of IS in the organization • Usually reports directly to the CIO
  • 27. Information Security Project Team  A number of individuals who are experienced in one or more facets of required technical an d nontechnical areas: • Champion • Team leader • Security policy developers • Risk assessment specialists • Security professionals • Systems administrators • End users
  • 28. Data Ownership • Data owner: responsible for the security and u se of a particular set of information • Data custodian: responsible for storage, maint enance, and protection of information • Data users: end users who work with informat ion to perform their daily jobs supporting the mission of the organization
  • 29. What is Information Security? • “The concepts, techniques, technical measures, and adminis trative measures used to protect information assets from deli berate or inadvertent unauthorised acquisition, damage, discl osure, manipulation, modification, loss, or use is information security.” or • means protecting information and information systems from unauthorised access, use, disclosure, modification or destructi on. or • Implementing suitable controls - policies, practices, procedur es, organisational structures, software, etc, to secure informa tion for any information user.
  • 30. • The protection of information and its critical e lements, including systems and hardware that use, store, and transmit that information • Necessary tools: policy, awareness, training, e ducation, technology • C.I.A. triangle was standard based on confiden tiality, integrity, and availability • C.I.A. triangle now expanded into list of critica l characteristics of information
  • 31. How Can Information Security Be Achieved Access to network resource will be granted through a unique user ID and password Passwords will be 8 characters long Passwords should include one non-alpha and not found in dictionary Information Security is achieved by implementing a suitable set of controls, which could be: These controls need to be established in order to ensure that the specific security objectives of the organization are met.
  • 32. Information Security Goals  Confidentiality - making sure that those who should not see the information can not see it.  Integrity - making sure the information has not been changed from how it was intended to be.  Availability – making sure the information is available for use when needed.
  • 34. Securing Components • Computer can be subject of an attack and/or the obj ect of an attack – When the subject of an attack, computer is used as an active tool to conduct attack – When the object of an attack, computer is the entity b eing attacked
  • 35.
  • 36. Balancing Information Security and Access • Impossible to obtain perfect security—it is a p rocess, not an absolute • Security should be considered balance betwee n protection and availability • To achieve balance, level of security must allo w reasonable access, yet protect against threa ts
  • 38. The Need for Information Security Business Needs First Technology Needs Last Information security performs three important functions for an organization: • Protects the organization‘s ability to function – Communities of interest must argue for information security in ter ms of impact and cost • Enables the safe operation of applications implemented on the organization‘s IT systems – Organizations must create integrated, efficient, and capable applic ations – Organization need environments that safeguard applications
  • 39. • Protects the data the organization collects and uses – One of the most valuable assets is data – Without data, an organization loses its record of trans actions and/or its ability to deliver value to its custom ers – An effective information security program is essential to the protection of the integrity and value of the orga nization‘s data Technology Needs • Safeguards the technological assets in use at the organi zation • Organizations must have secure infrastructure services b ased on the size and scope of the enterprise
  • 40. Areas of Information System Security  Data security  Computer security  LAN or Network security  Internet security
  • 41. Major Threats & Issues Basic Threats  Theft of password  E-mail based threats  E-mail based extortion  Launch of malicious codes (trojans)
  • 42. Corporate threats • Web defacement • Corporate espionage • Website based launch of malicious code cheating and fraud • Exchange of criminal ideas and tools • Cyber harassment • Forge websites Online threats • E-mail spamming • Theft of software and electronic records • Cyber stalking • E-mail bombing • Denial of service attacks
  • 43. Protecting your computer and network  Physical security  Securing desktop computers  Securing laptops/notebooks/handheld computers  Securing network security  Software security  Protect against internet intruders with firewall s and IDS  Protect against viruses and other malware  Protect against spyware and adware  Protect against unwanted email
  • 44. General spam protection practices  Do not give out your email address indiscriminately  Leave your email signature line blank if you post to a newsgroup  Do not reply to junk messages  Do not open obvious spam mails  Report to appropriate person – systems administrator

Hinweis der Redaktion

  1. 3