Model Information Security Planning By Mohammed Ashfaq Ahmed • Adopt multilayered security model Follow defense-in-depth strategy Defense-in-depth: design from inside out but tested from the outside in, Information lies at core and most reliable protection element lie close to it Penetration of attackers occurs from outside in Seven layer security model… It covers both the security of information as well as the security of the information system The layers of the model are Information at the core Cryptographic method layer Verification and authentication layer OS hardening layer Information system architecture and design Web services layer The 8 ps of security layer Benefits of this model.. vigorously protects information Will slow down perpetrators as they attempt any attack Discourage attackers Assist in identification of hackers Low cost and effective 1. Information at the core.. Information reside at the core of the model Why information at the core why not information system Reason.. The information system is too vast and cannot be narrowed sufficiently Information has many properties like disguise, protect, authenticate, test.. The most important and interesting quality of information is changing state and still retaining all of its semantic value These factors allows us to effectively manage the information 2. Cryptographic method layer.. It is the second layer and actually the most important from a security countermeasure point It represents a formidable barrier that coats and protects information It uses the properties of information Advantages.. Cryptography disguises information Cryptographic methods are extremely complex and require significant time and cost to break it provides an elegant linkage to the authentication and verification layer Cryptographic layers are many and varied 3.Authentication and verification layer.. 1. 2. It is closely related to cryptographic layer It has two distinct parts The inner authentication and verification which pertains to the information exclusively Ex. Digital signatures, code signing, etc. The outer half which provides an authentication and verification for the information system Ex. Password, access controls, etc Authentication is the process of determining if the information presented is real or fake 1. 2. Authentication techniques usually take advantage of any of the following four factors to authenticate access to information Possession factor: something you have that grant access to information ex: smartcard, token etc. Biometric factor: something that you are that identifies you uniquely ex: finger print, face print, DNA etc. 3. Knowledge factor: something you know that is secret Ex. Password, username etc. 4. Integrity factor: something that allows the authentication routines to authenticate your actions after you are admitted access Ex. Message authentication code( mac’s) Authentication techniques can be used either directly with information or as a part of information system Verification is the one-to-one process of matching the user by name against an authentication template, maintained by trusted third party and provide the authentication status My Question……? Answer The model is design from the inside out and tested from outside in. It mean that information is at the core to the model ant the most reliable protection elements of the plan are placed closest to it. penetration by attackers occurs from outside in, this concept is known as defense in depth.