Powerpoint

advertisement
Course
Year
: M0792 INFORMATION SYSTEMS SECURITY (2 sks)
: 2014
INTRODUCTION AND
INFORMATION SECURITY
SESSION 1
LECTURER INTRODUCTION
 Lecturer gives introduction of him or herself:
• The background of education
• The professional experiences (if any)
• The family, hobbies, etc
Bina Nusantara
Profile
•
•
•
•
•
Kode Dosen : D3709
Nama : Novan Zulkarnain, ST., Mkom.
Email : novan.zulkarnain@gmail.com
Website : www.BrenzSoft.com
Certificate:
–
–
–
–
Windows Server & SQL Server
Oracle
IBM DB2
SAP - FICO
Bina Nusantara University
4
Rules
• Waktu : 9:20
• No Sandal
• Mahasiswa Terlambat
Bina Nusantara University
5
LECTURER INTRODUCTION
 Lecturer gives motivation to the students:
• The important of the course
• The important of group discussion, in the class as well
as in the case study problem solving
Lecturer gives Short Explanation about CO and OR
Lecturer gives explanation about rules of the course (if
any)
Students are grouped by them self. The size of group
depends on lecturer decision.
Bina Nusantara
THE NEED FOR INFORMATION
SECURITY
TOPICS
• What information systems security is?
• What the tenets of information systems security are?
• What the seven domain of an IT infrastructure is?
• How an IT security policy framework can reduce risk?
• How a data classification standard affects an IT
infrastructure’s security needs?
Bina Nusantara
THE NEED FOR INFORMATION
SECURITY
THE GOALS
• Relate how availability, integrity and confidentiality
requirements affect the seven domain of a typical IT
Infrastructure
• Describe the threats and vulnerabilities commonly found
within the seven domains
• Identify a layered security approach throughout the
seven domains
• Develop an IT security policy framework to help reduce
risk from common threats and vulnerabilities
• Relate how a data classification standard affects the
seven domains.
Bina Nusantara
Information Systems Security
Cyberspace
• Let see fig 1-1
Bina Nusantara
Information Systems Security
• TCP/IP communications are in cleartext
• Let see fig. 1-2
Bina Nusantara
Information Systems Security
• Risks
• Threats
• Vulnerabilities
• Let see fig 1-3.
• Definition of ISS
Bina Nusantara
Figure 1.3
Bina Nusantara University
12
Tenets of ISS
• Let see fig. 1-5
• Availability: uptime, downtime, availability, Mean time to
failure, mean time to repair, Recovery time objectives
• Integrity: let see fig 1-6
• Confidentiality is includes private data of individuals;
intellectual property of business; and national security for
countries and governments.
Bina Nusantara
Figure 1.5
Bina Nusantara University
14
The seven domain of a typical IT
Infrastructure
Let see fig. 1-8
1. User domain: roles and tasks; responsibilities; accountability.
look at table 1-1.
2. Workstation domain: roles and tasks; responsibilities; accountability.
look at table 1-2.
3. LAN domain: NIC; Ethernet LAN; Unshielded twisted pair cabling;
LAN switch; file server and print server; wireless access point
(WAP).
LAN domain roles and tasks; responsibilities; accountability
look at table 1-3.
4. LAN-to-WAN domain: port 80; port 20; port 69; port 23; port 22.
LAN-to-WAN domain roles and tasks; responsibilities;
accountability;
look at table 1-4
Bina Nusantara
The seven domain of a typical IT
Infrastructure (cont)
5. WAN domain: Nationwide optical backbones; end-to-end IP
transport; multi-site WAN cloud services; etc.
WAN domain roles and tasks; responsibilities; accountability;
look at table 1-5 and table 1-6.
6. Remote Access domain: mobile worker depends on some factors.
Remote Access domain roles; responsibilities; accountability;
7. System/Application domain: the applications that may require
second-level checks includes …
System/Application domain roles; responsibilities; accountability;
Bina Nusantara
Table 1.1
Bina Nusantara University
17
Table 1.2
Bina Nusantara University
18
Table 1.3
Bina Nusantara University
19
Table 1.4
Bina Nusantara University
20
Table 1.5
Bina Nusantara University
21
Table 1.6
Bina Nusantara University
22
IT Security Policy Framework
• Definitions of Policy, Standard, Procedures and
Guidelines
• Data classification standard:
# Private data
# Confidential
# Internal use only
# Public domain data
Bina Nusantara
Figure 1.5
Bina Nusantara
Download