Add to collection(s) Add to saved
  1. Engineering & Technology
  2. Computer Science
  3. Computer Networks
Uploaded by Miguel Martinez

681938b4-7099-4fd7-929c-d7e903bdb3f9 INFORMATION SECURITY

advertisement 
INFORMATION SECURITY
WHAT IS INFORMATION SECURITY
📹
What is information security?
information security is keeping data, software and hardware secure
against unauthorized access, use disclosure, disruption, modification, or
destruction.
whats worth protecting?
every business has assets both tangible and intangible.
assets should always be protected by value to the organization in this
order most important people, data least important hardware/ software.
Compliance
is the requirement that are set foth by laws and industry regulations some
examples are
HIPPA/HITECH
PIC-DSS
FISMA
COMPLIANCE DOES NOT MEAN SECURE
Security models
CIA TRIAD
confidential
allowing only those authorized to access the data requested
integrity
keeping data unaltered by Accidental or Malicious intent
availability
is the ability to access data when needed
INFORMATION SECURITY
1
parkerian hexad
expands on the CIA triad
possessions/ control
prefers to the physical disposition of the media on which the data
is stored
authenticity
allows us to talk about the proper attribution as to the owner or
creator of the data in question
utility
refers to how useful the data is to us
ATTACKS
interception
allows unauthorized users to access our data, application or
environment
interruption
causes assets to be unsubtle or unavailable on a temporary or
permanent basis.
modification
tampering with assets
fabrication
generating data, processes, communications.
what is affected ?
Confidentiality
interception
interruption
INFORMATION SECURITY
✅
integrity
availability
✅
✅
2
✅
✅
modification
fabrication
✅
✅
risk
likelyhood of an event
what makes up a risk?
threat and vulnerability
threats
events being man made, natural or environmental that could cause
damage to assets
vulnerabilities
weakness that a threat event or the threat agent can take advantage
risk management
identify assets
identify threats
assess vulnerabilities
assess risks
migrating risks
how do you protect assets?
CONTROLS
Three types
physical
locks, doors, fences
technical/ logical
firewall, av, ids and ips
INFORMATION SECURITY
3
administrative
policies
incident response
what happens when risk management fails
6 steps
preparation
detection and analysis
containment
eradication
recovery
post incident activity
defense in depth
LAYING CONTROLS
INFORMATION SECURITY
4
Related documents
information security
information security
Knowledge Check Protecting Information
Knowledge Check Protecting Information
CPSC 6126 Computer Security
CPSC 6126 Computer Security
Goals of Cyber Security
Goals of Cyber Security
Download
advertisement