SlideShare a Scribd company logo

chapter 1. Introduction to Information Security

Download as ppt, pdf
E
elmuhammadmuhammad

This training creates the awareness of the security threats facing individuals, business owner’s, and corporations in today’s society and induces a’ plan-protection’ attitude. It enriches individuals, students’, business owners’ and workers’ approach to handling these threats and responding appropriately when these threats occur.

1 of 44
Downloaded 79 times
SQUARE NORTH TECHNOLOGIES Information Security Training Chapter 1 Introduction to Information Security Muhammad Lawal Chief Executive Officer elmuhammadm@gmail.com 08124350304
Learning Objectives  Understand what information security is and how it came to mean what it does today.  Comprehend the history of computer security and how it evolved into information security.  Understand the key terms and critical concepts of information security as presented in the chapter.  Outline the phases of the security systems development life cycle.  Understand the role professionals involved in information security in an organizational structure.  Understand the business need for information security.  Understand a successful information security program is the responsibility of an organization‘s general management and I T management.  Understand the some threats posed to information security and the more common attacks associated with those threats.
Introduction  Some hundreds of years ago, we would have been making living on agriculture.  Say a hundred years ago you were likely to be making a living working in a factory.  Today, we live in the information age where everyone has a job somehow connected to information stored in digital form on a network.
The History Of Information Security Computer security began immediately after the first mainframes were developed Physical controls were needed to limit access to authorized personnel to sensitive military locations Only rudimentary controls were available to defend against physical theft, espionage, and sabotage
The 1960s • Department of Defense’s Advanced Research Project Agency (ARPA) began examining the feasibility of a redundant networked communi cations
chapter 1. Introduction to Information Security
The 1970s and 80s • ARPANET grew in popularity as did its potential for misuse • Fundamental problems with ARPANET security were identified – No safety procedures for dial-up connections to the ARPANET – User identification and authorization to the system were non-existent • In the late 1970s the microprocessor expanded computing capabilities and security threats
R-609 – The Start of the Study of Computer Security • Information Security began with Rand Report R-609 • The scope of computer security grew from physical security to include: – Safety of the data – Limiting unauthorized access to that data – Involvement of personnel from multiple levels of the organization
The 1990s • Networks of computers became more common, so too did the need to interconnect the networks • Resulted in the Internet, the first manifestation of a global network of networks • In early Internet deployments, security was treated as a low priority
The Present • The Internet has brought millions of computer networks into communication with each other – many of them unsecured • Ability to secure each now influenced by the security on every computer to which it is connected
What is Security?  The quality or state of being secure—to be fre e from danger  A successful organization should have multipl e layers of security in place: • Physical security • Personal security • Operations security • Communications security • Network security • Information security
Critical Characteristics of Information • The value of information comes from the char acteristics it possesses: – Availability – Accuracy – Authenticity – Confidentiality – Integrity – Utility – Possession
Components of an Information System • Information system (IS) is the entire set of software, hardware, data, people, procedures, and networks necessary to use information as a resource in the organisation
Bottom Up Approach • Security from a grass-roots effort - systems administrators attempt to improve the security of their systems • Key advantage - technical expertise of the individual administrators • Seldom works, as it lacks a number of critical features: – participant support – organizational staying power
Top-down Approach • Initiated by upper management: – issue policy, procedures, and processes – dictate the goals and expected outcomes of the project – determine who is accountable for each of the required actions • This approach has strong upper management support, a dedicated champion, dedicated funding, clear planning, and the chance to influence organizational culture • May also involve a formal development strategy referred to as a systems development life cycle – Most successful top-down approach
chapter 1. Introduction to Information Security
The Systems Development Life Cycle • Information security must be managed in a manner similar to any other major system implemented in the organization • Using a methodology – ensures a rigorous process – avoids missing steps • The goal is creating a comprehensive security posture/program
The Security Systems Development Life Cycle • The same phases used in traditional SDLC may be adapte d to support specialized implementation of an IS project • Investigation • Analysis • Logical design • Physical design • Implementation • Maintenance & change • Identification of specific threats and creating controls to counter them • SecSDLC is a coherent program rather than a seri es of random, seemingly unconnected actions
chapter 1. Introduction to Information Security
Investigation • Identifies process, outcomes, goals, and const raints of the project • Begins with enterprise information security po licy • Organizational feasibility analysis is performed
Analysis • Documents from investigation phase are studied • Analyzes existing security policies or programs, a long with documented current threats and assoc iated controls • Includes analysis of relevant legal issues that co uld impact design of the security solution • The risk management task begins
Logical Design • Creates and develops blueprints for information secu rity • Incident response actions planned: – Continuity planning – Incident response – Disaster recovery • Feasibility analysis to determine whether project sho uld continue or be outsourced
Physical Design • Needed security technology is evaluated, alternatives generated, and final design selected • At end of phase, feasibility study determines readiness of organization for project
Implementation • Security solutions are acquired, tested, implemented, and tested again • Personnel issues evaluated; specific training and education programs conducted • Entire tested package is presented to management for final approval
Maintenance and Change • Perhaps the most important phase, given the ever-changing threat environment • Often, reparation and restoration of information is a constant duel with an unseen adversary • Information security profile of an organization requires constant adaptation as new threats emerge and old threats evolve
Professionals involved in information security within an organization Senior Management  Chief Information Officer (CIO) • Senior technology officer • Primarily responsible for advising senior executives on strategic planning  Chief Information Security Officer (CISO) • Primarily responsible for assessment, management, an d implementation of IS in the organization • Usually reports directly to the CIO
Information Security Project Team  A number of individuals who are experienced in one or more facets of required technical an d nontechnical areas: • Champion • Team leader • Security policy developers • Risk assessment specialists • Security professionals • Systems administrators • End users
Data Ownership • Data owner: responsible for the security and u se of a particular set of information • Data custodian: responsible for storage, maint enance, and protection of information • Data users: end users who work with informat ion to perform their daily jobs supporting the mission of the organization
What is Information Security? • “The concepts, techniques, technical measures, and adminis trative measures used to protect information assets from deli berate or inadvertent unauthorised acquisition, damage, discl osure, manipulation, modification, loss, or use is information security.” or • means protecting information and information systems from unauthorised access, use, disclosure, modification or destructi on. or • Implementing suitable controls - policies, practices, procedur es, organisational structures, software, etc, to secure informa tion for any information user.
• The protection of information and its critical e lements, including systems and hardware that use, store, and transmit that information • Necessary tools: policy, awareness, training, e ducation, technology • C.I.A. triangle was standard based on confiden tiality, integrity, and availability • C.I.A. triangle now expanded into list of critica l characteristics of information
How Can Information Security Be Achieved Access to network resource will be granted through a unique user ID and password Passwords will be 8 characters long Passwords should include one non-alpha and not found in dictionary Information Security is achieved by implementing a suitable set of controls, which could be: These controls need to be established in order to ensure that the specific security objectives of the organization are met.
Information Security Goals  Confidentiality - making sure that those who should not see the information can not see it.  Integrity - making sure the information has not been changed from how it was intended to be.  Availability – making sure the information is available for use when needed.
Confidentiality Integrity Availability Security Goals
Securing Components • Computer can be subject of an attack and/or the obj ect of an attack – When the subject of an attack, computer is used as an active tool to conduct attack – When the object of an attack, computer is the entity b eing attacked
chapter 1. Introduction to Information Security
Balancing Information Security and Access • Impossible to obtain perfect security—it is a p rocess, not an absolute • Security should be considered balance betwee n protection and availability • To achieve balance, level of security must allo w reasonable access, yet protect against threa ts
Balancing security and access
The Need for Information Security Business Needs First Technology Needs Last Information security performs three important functions for an organization: • Protects the organization‘s ability to function – Communities of interest must argue for information security in ter ms of impact and cost • Enables the safe operation of applications implemented on the organization‘s IT systems – Organizations must create integrated, efficient, and capable applic ations – Organization need environments that safeguard applications
• Protects the data the organization collects and uses – One of the most valuable assets is data – Without data, an organization loses its record of trans actions and/or its ability to deliver value to its custom ers – An effective information security program is essential to the protection of the integrity and value of the orga nization‘s data Technology Needs • Safeguards the technological assets in use at the organi zation • Organizations must have secure infrastructure services b ased on the size and scope of the enterprise
Areas of Information System Security  Data security  Computer security  LAN or Network security  Internet security
Major Threats & Issues Basic Threats  Theft of password  E-mail based threats  E-mail based extortion  Launch of malicious codes (trojans)
Corporate threats • Web defacement • Corporate espionage • Website based launch of malicious code cheating and fraud • Exchange of criminal ideas and tools • Cyber harassment • Forge websites Online threats • E-mail spamming • Theft of software and electronic records • Cyber stalking • E-mail bombing • Denial of service attacks
Protecting your computer and network  Physical security  Securing desktop computers  Securing laptops/notebooks/handheld computers  Securing network security  Software security  Protect against internet intruders with firewall s and IDS  Protect against viruses and other malware  Protect against spyware and adware  Protect against unwanted email
General spam protection practices  Do not give out your email address indiscriminately  Leave your email signature line blank if you post to a newsgroup  Do not reply to junk messages  Do not open obvious spam mails  Report to appropriate person – systems administrator
Ad

Recommended

Introduction to Information Security
Introduction to Information SecurityIntroduction to Information Security
Introduction to Information Security
Dr. Loganathan R
 
Information Security Lecture #1 ppt
Information Security Lecture #1 pptInformation Security Lecture #1 ppt
Information Security Lecture #1 ppt
vasanthimuniasamy
 
Information Security
Information SecurityInformation Security
Information Security
Dhilsath Fathima
 
Information security
Information security Information security
Information security
razendar79
 
Information security management
Information security managementInformation security management
Information security management
UMaine
 
60304756 whitman-ch01-1
60304756 whitman-ch01-160304756 whitman-ch01-1
60304756 whitman-ch01-1
UDCNTT
 
Basics of Information System Security
Basics of Information System SecurityBasics of Information System Security
Basics of Information System Security
chauhankapil
 
Introduction to information security
Introduction to information securityIntroduction to information security
Introduction to information security
jayashri kolekar
 
Information security and Attacks
Information security and AttacksInformation security and Attacks
Information security and Attacks
Sachin Darekar
 
System security
System securitySystem security
System security
sommerville-videos
 
Computer security overview
Computer security overviewComputer security overview
Computer security overview
CAS
 
Security Policies and Standards
Security Policies and StandardsSecurity Policies and Standards
Security Policies and Standards
primeteacher32
 
Network defenses
Network defensesNetwork defenses
Network defenses
G Prachi
 
Computer Security Presentation
Computer Security PresentationComputer Security Presentation
Computer Security Presentation
PraphullaShrestha1
 
Security policies
Security policiesSecurity policies
Security policies
Nishant Pahad
 
Introduction to Information Security
Introduction to Information Security Introduction to Information Security
Introduction to Information Security
Shreedevi Tharanidharan
 
Information security
Information securityInformation security
Information security
avinashbalakrishnan2
 
Network security
Network security Network security
Network security
Madhumithah Ilango
 
Information Security- Threats and Attacks presentation by DHEERAJ KATARIA
Information Security- Threats and Attacks presentation by DHEERAJ KATARIAInformation Security- Threats and Attacks presentation by DHEERAJ KATARIA
Information Security- Threats and Attacks presentation by DHEERAJ KATARIA
Dheeraj Kataria
 
Network Security Fundamentals
Network Security FundamentalsNetwork Security Fundamentals
Network Security Fundamentals
Rahmat Suhatman
 
Security Audit View
Security Audit ViewSecurity Audit View
Security Audit View
PLN9 Security Services Pvt. Ltd.
 
Information Assurance And Security - Chapter 1 - Lesson 2
Information Assurance And Security - Chapter 1 - Lesson 2Information Assurance And Security - Chapter 1 - Lesson 2
Information Assurance And Security - Chapter 1 - Lesson 2
MLG College of Learning, Inc
 
Cybersecurity Attack Vectors: How to Protect Your Organization
Cybersecurity Attack Vectors: How to Protect Your OrganizationCybersecurity Attack Vectors: How to Protect Your Organization
Cybersecurity Attack Vectors: How to Protect Your Organization
TriCorps Technologies
 
Access Control Presentation
Access Control PresentationAccess Control Presentation
Access Control Presentation
Wajahat Rajab
 
Human resources security
Human resources securityHuman resources security
Human resources security
CAS
 
Introduction to information security
Introduction to information securityIntroduction to information security
Introduction to information security
Kumawat Dharmpal
 
Network security
Network securityNetwork security
Network security
Simranpreet Singh
 
Chapter 9: Access Control Management
Chapter 9: Access Control ManagementChapter 9: Access Control Management
Chapter 9: Access Control Management
Nada G.Youssef
 
Introduction-to-Information-Security.pptx
Introduction-to-Information-Security.pptxIntroduction-to-Information-Security.pptx
Introduction-to-Information-Security.pptx
SittieAmaniAlonto
 
01Introduction to Information Security.ppt
01Introduction to Information Security.ppt01Introduction to Information Security.ppt
01Introduction to Information Security.ppt
it160320737038
 
Ad

More Related Content

What's hot (20)

Information security and Attacks
Information security and AttacksInformation security and Attacks
Information security and Attacks
Sachin Darekar
 
System security
System securitySystem security
System security
sommerville-videos
 
Computer security overview
Computer security overviewComputer security overview
Computer security overview
CAS
 
Security Policies and Standards
Security Policies and StandardsSecurity Policies and Standards
Security Policies and Standards
primeteacher32
 
Network defenses
Network defensesNetwork defenses
Network defenses
G Prachi
 
Computer Security Presentation
Computer Security PresentationComputer Security Presentation
Computer Security Presentation
PraphullaShrestha1
 
Security policies
Security policiesSecurity policies
Security policies
Nishant Pahad
 
Introduction to Information Security
Introduction to Information Security Introduction to Information Security
Introduction to Information Security
Shreedevi Tharanidharan
 
Information security
Information securityInformation security
Information security
avinashbalakrishnan2
 
Network security
Network security Network security
Network security
Madhumithah Ilango
 
Information Security- Threats and Attacks presentation by DHEERAJ KATARIA
Information Security- Threats and Attacks presentation by DHEERAJ KATARIAInformation Security- Threats and Attacks presentation by DHEERAJ KATARIA
Information Security- Threats and Attacks presentation by DHEERAJ KATARIA
Dheeraj Kataria
 
Network Security Fundamentals
Network Security FundamentalsNetwork Security Fundamentals
Network Security Fundamentals
Rahmat Suhatman
 
Security Audit View
Security Audit ViewSecurity Audit View
Security Audit View
PLN9 Security Services Pvt. Ltd.
 
Information Assurance And Security - Chapter 1 - Lesson 2
Information Assurance And Security - Chapter 1 - Lesson 2Information Assurance And Security - Chapter 1 - Lesson 2
Information Assurance And Security - Chapter 1 - Lesson 2
MLG College of Learning, Inc
 
Cybersecurity Attack Vectors: How to Protect Your Organization
Cybersecurity Attack Vectors: How to Protect Your OrganizationCybersecurity Attack Vectors: How to Protect Your Organization
Cybersecurity Attack Vectors: How to Protect Your Organization
TriCorps Technologies
 
Access Control Presentation
Access Control PresentationAccess Control Presentation
Access Control Presentation
Wajahat Rajab
 
Human resources security
Human resources securityHuman resources security
Human resources security
CAS
 
Introduction to information security
Introduction to information securityIntroduction to information security
Introduction to information security
Kumawat Dharmpal
 
Network security
Network securityNetwork security
Network security
Simranpreet Singh
 
Chapter 9: Access Control Management
Chapter 9: Access Control ManagementChapter 9: Access Control Management
Chapter 9: Access Control Management
Nada G.Youssef
 
Information security and Attacks
Information security and AttacksInformation security and Attacks
Information security and Attacks
Sachin Darekar
 
System security
System securitySystem security
System security
sommerville-videos
 
Computer security overview
Computer security overviewComputer security overview
Computer security overview
CAS
 
Security Policies and Standards
Security Policies and StandardsSecurity Policies and Standards
Security Policies and Standards
primeteacher32
 
Network defenses
Network defensesNetwork defenses
Network defenses
G Prachi
 
Computer Security Presentation
Computer Security PresentationComputer Security Presentation
Computer Security Presentation
PraphullaShrestha1
 
Security policies
Security policiesSecurity policies
Security policies
Nishant Pahad
 
Introduction to Information Security
Introduction to Information Security Introduction to Information Security
Introduction to Information Security
Shreedevi Tharanidharan
 
Information security
Information securityInformation security
Information security
avinashbalakrishnan2
 
Network security
Network security Network security
Network security
Madhumithah Ilango
 
Information Security- Threats and Attacks presentation by DHEERAJ KATARIA
Information Security- Threats and Attacks presentation by DHEERAJ KATARIAInformation Security- Threats and Attacks presentation by DHEERAJ KATARIA
Information Security- Threats and Attacks presentation by DHEERAJ KATARIA
Dheeraj Kataria
 
Network Security Fundamentals
Network Security FundamentalsNetwork Security Fundamentals
Network Security Fundamentals
Rahmat Suhatman
 
Security Audit View
Security Audit ViewSecurity Audit View
Security Audit View
PLN9 Security Services Pvt. Ltd.
 
Information Assurance And Security - Chapter 1 - Lesson 2
Information Assurance And Security - Chapter 1 - Lesson 2Information Assurance And Security - Chapter 1 - Lesson 2
Information Assurance And Security - Chapter 1 - Lesson 2
MLG College of Learning, Inc
 
Cybersecurity Attack Vectors: How to Protect Your Organization
Cybersecurity Attack Vectors: How to Protect Your OrganizationCybersecurity Attack Vectors: How to Protect Your Organization
Cybersecurity Attack Vectors: How to Protect Your Organization
TriCorps Technologies
 
Access Control Presentation
Access Control PresentationAccess Control Presentation
Access Control Presentation
Wajahat Rajab
 
Human resources security
Human resources securityHuman resources security
Human resources security
CAS
 
Introduction to information security
Introduction to information securityIntroduction to information security
Introduction to information security
Kumawat Dharmpal
 
Network security
Network securityNetwork security
Network security
Simranpreet Singh
 
Chapter 9: Access Control Management
Chapter 9: Access Control ManagementChapter 9: Access Control Management
Chapter 9: Access Control Management
Nada G.Youssef
 

Similar to chapter 1. Introduction to Information Security (20)

Introduction-to-Information-Security.pptx
Introduction-to-Information-Security.pptxIntroduction-to-Information-Security.pptx
Introduction-to-Information-Security.pptx
SittieAmaniAlonto
 
01Introduction to Information Security.ppt
01Introduction to Information Security.ppt01Introduction to Information Security.ppt
01Introduction to Information Security.ppt
it160320737038
 
is_1_Introduction to Information Security
is_1_Introduction to Information Securityis_1_Introduction to Information Security
is_1_Introduction to Information Security
SARJERAO Sarju
 
Introduction to information security
Introduction to information securityIntroduction to information security
Introduction to information security
KATHEESKUMAR S
 
Unit 1&2.pdf
Unit 1&2.pdfUnit 1&2.pdf
Unit 1&2.pdf
Ndheh
 
Introduction to information security - by Ivan Nganda
Introduction to information security - by Ivan NgandaIntroduction to information security - by Ivan Nganda
Introduction to information security - by Ivan Nganda
See You Rise Holdings
 
Ch2 Introduction to Information Security (3).pdf
Ch2 Introduction to Information Security (3).pdfCh2 Introduction to Information Security (3).pdf
Ch2 Introduction to Information Security (3).pdf
mominabotayea1997
 
IT8073 _Information Security _UNIT I Full notes
IT8073 _Information Security _UNIT I Full notesIT8073 _Information Security _UNIT I Full notes
IT8073 _Information Security _UNIT I Full notes
Guru Nanak Technical Institutions
 
IT8073_Information Security_UNIT I _.pdf
IT8073_Information Security_UNIT I _.pdfIT8073_Information Security_UNIT I _.pdf
IT8073_Information Security_UNIT I _.pdf
Guru Nanak Technical Institutions
 
Chapter 1 introduction to-information_security
Chapter 1 introduction to-information_securityChapter 1 introduction to-information_security
Chapter 1 introduction to-information_security
Syaiful Ahdan
 
Instructor_manual_for_principles_of_information_security_7th_edition.
Instructor_manual_for_principles_of_information_security_7th_edition.Instructor_manual_for_principles_of_information_security_7th_edition.
Instructor_manual_for_principles_of_information_security_7th_edition.
lecthupper
 
Chap01
Chap01Chap01
Chap01
KASSAWMAR AYALEW
 
Princinples of information security Lecture_1_Information_Security.pptx
Princinples of information security Lecture_1_Information_Security.pptxPrincinples of information security Lecture_1_Information_Security.pptx
Princinples of information security Lecture_1_Information_Security.pptx
MuhammadUsmanNasir5
 
IS Chap 1 by whitman chapter 1 pptx.pptx
IS Chap 1 by whitman chapter 1 pptx.pptxIS Chap 1 by whitman chapter 1 pptx.pptx
IS Chap 1 by whitman chapter 1 pptx.pptx
sania82678
 
IT8073 INFORMATION SECURITY FOR FINAL YEAR COMPUTER SCIENCE ENGINEERING
IT8073 INFORMATION SECURITY FOR FINAL YEAR COMPUTER SCIENCE ENGINEERINGIT8073 INFORMATION SECURITY FOR FINAL YEAR COMPUTER SCIENCE ENGINEERING
IT8073 INFORMATION SECURITY FOR FINAL YEAR COMPUTER SCIENCE ENGINEERING
ThumilvannanSambanda
 
Jb ia
Jb iaJb ia
Jb ia
Deepal Samaraweera
 
Introduction to Information security ppt
Introduction to Information security pptIntroduction to Information security ppt
Introduction to Information security ppt
krishkiran2408
 
Introduction to Information security ppt
Introduction to Information security pptIntroduction to Information security ppt
Introduction to Information security ppt
krishkiran2408
 
Introduction to information security
Introduction to information securityIntroduction to information security
Introduction to information security
Elumalai Vasan
 
Information security: importance of having defined policy & process
Information security: importance of having defined policy & processInformation security: importance of having defined policy & process
Information security: importance of having defined policy & process
Information Technology Society Nepal
 
Introduction-to-Information-Security.pptx
Introduction-to-Information-Security.pptxIntroduction-to-Information-Security.pptx
Introduction-to-Information-Security.pptx
SittieAmaniAlonto
 
01Introduction to Information Security.ppt
01Introduction to Information Security.ppt01Introduction to Information Security.ppt
01Introduction to Information Security.ppt
it160320737038
 
is_1_Introduction to Information Security
is_1_Introduction to Information Securityis_1_Introduction to Information Security
is_1_Introduction to Information Security
SARJERAO Sarju
 
Introduction to information security
Introduction to information securityIntroduction to information security
Introduction to information security
KATHEESKUMAR S
 
Unit 1&2.pdf
Unit 1&2.pdfUnit 1&2.pdf
Unit 1&2.pdf
Ndheh
 
Introduction to information security - by Ivan Nganda
Introduction to information security - by Ivan NgandaIntroduction to information security - by Ivan Nganda
Introduction to information security - by Ivan Nganda
See You Rise Holdings
 
Ch2 Introduction to Information Security (3).pdf
Ch2 Introduction to Information Security (3).pdfCh2 Introduction to Information Security (3).pdf
Ch2 Introduction to Information Security (3).pdf
mominabotayea1997
 
IT8073 _Information Security _UNIT I Full notes
IT8073 _Information Security _UNIT I Full notesIT8073 _Information Security _UNIT I Full notes
IT8073 _Information Security _UNIT I Full notes
Guru Nanak Technical Institutions
 
IT8073_Information Security_UNIT I _.pdf
IT8073_Information Security_UNIT I _.pdfIT8073_Information Security_UNIT I _.pdf
IT8073_Information Security_UNIT I _.pdf
Guru Nanak Technical Institutions
 
Chapter 1 introduction to-information_security
Chapter 1 introduction to-information_securityChapter 1 introduction to-information_security
Chapter 1 introduction to-information_security
Syaiful Ahdan
 
Instructor_manual_for_principles_of_information_security_7th_edition.
Instructor_manual_for_principles_of_information_security_7th_edition.Instructor_manual_for_principles_of_information_security_7th_edition.
Instructor_manual_for_principles_of_information_security_7th_edition.
lecthupper
 
Chap01
Chap01Chap01
Chap01
KASSAWMAR AYALEW
 
Princinples of information security Lecture_1_Information_Security.pptx
Princinples of information security Lecture_1_Information_Security.pptxPrincinples of information security Lecture_1_Information_Security.pptx
Princinples of information security Lecture_1_Information_Security.pptx
MuhammadUsmanNasir5
 
IS Chap 1 by whitman chapter 1 pptx.pptx
IS Chap 1 by whitman chapter 1 pptx.pptxIS Chap 1 by whitman chapter 1 pptx.pptx
IS Chap 1 by whitman chapter 1 pptx.pptx
sania82678
 
IT8073 INFORMATION SECURITY FOR FINAL YEAR COMPUTER SCIENCE ENGINEERING
IT8073 INFORMATION SECURITY FOR FINAL YEAR COMPUTER SCIENCE ENGINEERINGIT8073 INFORMATION SECURITY FOR FINAL YEAR COMPUTER SCIENCE ENGINEERING
IT8073 INFORMATION SECURITY FOR FINAL YEAR COMPUTER SCIENCE ENGINEERING
ThumilvannanSambanda
 
Jb ia
Jb iaJb ia
Jb ia
Deepal Samaraweera
 
Introduction to Information security ppt
Introduction to Information security pptIntroduction to Information security ppt
Introduction to Information security ppt
krishkiran2408
 
Introduction to Information security ppt
Introduction to Information security pptIntroduction to Information security ppt
Introduction to Information security ppt
krishkiran2408
 
Introduction to information security
Introduction to information securityIntroduction to information security
Introduction to information security
Elumalai Vasan
 
Information security: importance of having defined policy & process
Information security: importance of having defined policy & processInformation security: importance of having defined policy & process
Information security: importance of having defined policy & process
Information Technology Society Nepal
 
Ad

Recently uploaded (20)

Slack like a pro: strategies for 10x engineering teams
Slack like a pro: strategies for 10x engineering teamsSlack like a pro: strategies for 10x engineering teams
Slack like a pro: strategies for 10x engineering teams
Nacho Cougil
 
Mastering Testing in the Modern F&B Landscape
Mastering Testing in the Modern F&B LandscapeMastering Testing in the Modern F&B Landscape
Mastering Testing in the Modern F&B Landscape
marketing943205
 
AI needs Hybrid Cloud - TEC conference 2025.pptx
AI needs Hybrid Cloud - TEC conference 2025.pptxAI needs Hybrid Cloud - TEC conference 2025.pptx
AI needs Hybrid Cloud - TEC conference 2025.pptx
Shikha Srivastava
 
Design pattern talk by Kaya Weers - 2025 (v2)
Design pattern talk by Kaya Weers - 2025 (v2)Design pattern talk by Kaya Weers - 2025 (v2)
Design pattern talk by Kaya Weers - 2025 (v2)
Kaya Weers
 
MULTI-STAKEHOLDER CONSULTATION PROGRAM On Implementation of DNF 2.0 and Way F...
MULTI-STAKEHOLDER CONSULTATION PROGRAM On Implementation of DNF 2.0 and Way F...MULTI-STAKEHOLDER CONSULTATION PROGRAM On Implementation of DNF 2.0 and Way F...
MULTI-STAKEHOLDER CONSULTATION PROGRAM On Implementation of DNF 2.0 and Way F...
ICT Frame Magazine Pvt. Ltd.
 
Who's choice? Making decisions with and about Artificial Intelligence, Keele ...
Who's choice? Making decisions with and about Artificial Intelligence, Keele ...Who's choice? Making decisions with and about Artificial Intelligence, Keele ...
Who's choice? Making decisions with and about Artificial Intelligence, Keele ...
Alan Dix
 
論文紹介:"InfLoRA: Interference-Free Low-Rank Adaptation for Continual Learning" ...
論文紹介:"InfLoRA: Interference-Free Low-Rank Adaptation for Continual Learning" ...論文紹介:"InfLoRA: Interference-Free Low-Rank Adaptation for Continual Learning" ...
論文紹介:"InfLoRA: Interference-Free Low-Rank Adaptation for Continual Learning" ...
Toru Tamaki
 
OpenAI Just Announced Codex: A cloud engineering agent that excels in handlin...
OpenAI Just Announced Codex: A cloud engineering agent that excels in handlin...OpenAI Just Announced Codex: A cloud engineering agent that excels in handlin...
OpenAI Just Announced Codex: A cloud engineering agent that excels in handlin...
SOFTTECHHUB
 
RFID in Supply chain management and logistics.pdf
RFID in Supply chain management and logistics.pdfRFID in Supply chain management and logistics.pdf
RFID in Supply chain management and logistics.pdf
EnCStore Private Limited
 
How Top Companies Benefit from Outsourcing
How Top Companies Benefit from OutsourcingHow Top Companies Benefit from Outsourcing
How Top Companies Benefit from Outsourcing
Nascenture
 
Secondary Storage for a microcontroller system
Secondary Storage for a microcontroller systemSecondary Storage for a microcontroller system
Secondary Storage for a microcontroller system
fizarcse
 
Building the Customer Identity Community, Together.pdf
Building the Customer Identity Community, Together.pdfBuilding the Customer Identity Community, Together.pdf
Building the Customer Identity Community, Together.pdf
Cheryl Hung
 
Multi-Agent AI Systems: Architectures & Communication (MCP and A2A)
Multi-Agent AI Systems: Architectures & Communication (MCP and A2A)Multi-Agent AI Systems: Architectures & Communication (MCP and A2A)
Multi-Agent AI Systems: Architectures & Communication (MCP and A2A)
HusseinMalikMammadli
 
Breaking it Down: Microservices Architecture for PHP Developers
Breaking it Down: Microservices Architecture for PHP DevelopersBreaking it Down: Microservices Architecture for PHP Developers
Breaking it Down: Microservices Architecture for PHP Developers
pmeth1
 
Accommodating Neurodiverse Users Online (Global Accessibility Awareness Day 2...
Accommodating Neurodiverse Users Online (Global Accessibility Awareness Day 2...Accommodating Neurodiverse Users Online (Global Accessibility Awareness Day 2...
Accommodating Neurodiverse Users Online (Global Accessibility Awareness Day 2...
User Vision
 
UiPath AgentHack - Build the AI agents of tomorrow_Enablement 1.pptx
UiPath AgentHack - Build the AI agents of tomorrow_Enablement 1.pptxUiPath AgentHack - Build the AI agents of tomorrow_Enablement 1.pptx
UiPath AgentHack - Build the AI agents of tomorrow_Enablement 1.pptx
anabulhac
 
ICDCC 2025: Securing Agentic AI - Eryk Budi Pratama.pdf
ICDCC 2025: Securing Agentic AI - Eryk Budi Pratama.pdfICDCC 2025: Securing Agentic AI - Eryk Budi Pratama.pdf
ICDCC 2025: Securing Agentic AI - Eryk Budi Pratama.pdf
Eryk Budi Pratama
 
machines-for-woodworking-shops-en-compressed.pdf
machines-for-woodworking-shops-en-compressed.pdfmachines-for-woodworking-shops-en-compressed.pdf
machines-for-woodworking-shops-en-compressed.pdf
AmirStern2
 
UX for Data Engineers and Analysts-Designing User-Friendly Dashboards for Non...
UX for Data Engineers and Analysts-Designing User-Friendly Dashboards for Non...UX for Data Engineers and Analysts-Designing User-Friendly Dashboards for Non...
UX for Data Engineers and Analysts-Designing User-Friendly Dashboards for Non...
UXPA Boston
 
In-App Guidance_ Save Enterprises Millions in Training & IT Costs.pptx
In-App Guidance_ Save Enterprises Millions in Training & IT Costs.pptxIn-App Guidance_ Save Enterprises Millions in Training & IT Costs.pptx
In-App Guidance_ Save Enterprises Millions in Training & IT Costs.pptx
aptyai
 
Slack like a pro: strategies for 10x engineering teams
Slack like a pro: strategies for 10x engineering teamsSlack like a pro: strategies for 10x engineering teams
Slack like a pro: strategies for 10x engineering teams
Nacho Cougil
 
Mastering Testing in the Modern F&B Landscape
Mastering Testing in the Modern F&B LandscapeMastering Testing in the Modern F&B Landscape
Mastering Testing in the Modern F&B Landscape
marketing943205
 
AI needs Hybrid Cloud - TEC conference 2025.pptx
AI needs Hybrid Cloud - TEC conference 2025.pptxAI needs Hybrid Cloud - TEC conference 2025.pptx
AI needs Hybrid Cloud - TEC conference 2025.pptx
Shikha Srivastava
 
Design pattern talk by Kaya Weers - 2025 (v2)
Design pattern talk by Kaya Weers - 2025 (v2)Design pattern talk by Kaya Weers - 2025 (v2)
Design pattern talk by Kaya Weers - 2025 (v2)
Kaya Weers
 
MULTI-STAKEHOLDER CONSULTATION PROGRAM On Implementation of DNF 2.0 and Way F...
MULTI-STAKEHOLDER CONSULTATION PROGRAM On Implementation of DNF 2.0 and Way F...MULTI-STAKEHOLDER CONSULTATION PROGRAM On Implementation of DNF 2.0 and Way F...
MULTI-STAKEHOLDER CONSULTATION PROGRAM On Implementation of DNF 2.0 and Way F...
ICT Frame Magazine Pvt. Ltd.
 
Who's choice? Making decisions with and about Artificial Intelligence, Keele ...
Who's choice? Making decisions with and about Artificial Intelligence, Keele ...Who's choice? Making decisions with and about Artificial Intelligence, Keele ...
Who's choice? Making decisions with and about Artificial Intelligence, Keele ...
Alan Dix
 
論文紹介:"InfLoRA: Interference-Free Low-Rank Adaptation for Continual Learning" ...
論文紹介:"InfLoRA: Interference-Free Low-Rank Adaptation for Continual Learning" ...論文紹介:"InfLoRA: Interference-Free Low-Rank Adaptation for Continual Learning" ...
論文紹介:"InfLoRA: Interference-Free Low-Rank Adaptation for Continual Learning" ...
Toru Tamaki
 
OpenAI Just Announced Codex: A cloud engineering agent that excels in handlin...
OpenAI Just Announced Codex: A cloud engineering agent that excels in handlin...OpenAI Just Announced Codex: A cloud engineering agent that excels in handlin...
OpenAI Just Announced Codex: A cloud engineering agent that excels in handlin...
SOFTTECHHUB
 
RFID in Supply chain management and logistics.pdf
RFID in Supply chain management and logistics.pdfRFID in Supply chain management and logistics.pdf
RFID in Supply chain management and logistics.pdf
EnCStore Private Limited
 
How Top Companies Benefit from Outsourcing
How Top Companies Benefit from OutsourcingHow Top Companies Benefit from Outsourcing
How Top Companies Benefit from Outsourcing
Nascenture
 
Secondary Storage for a microcontroller system
Secondary Storage for a microcontroller systemSecondary Storage for a microcontroller system
Secondary Storage for a microcontroller system
fizarcse
 
Building the Customer Identity Community, Together.pdf
Building the Customer Identity Community, Together.pdfBuilding the Customer Identity Community, Together.pdf
Building the Customer Identity Community, Together.pdf
Cheryl Hung
 
Multi-Agent AI Systems: Architectures & Communication (MCP and A2A)
Multi-Agent AI Systems: Architectures & Communication (MCP and A2A)Multi-Agent AI Systems: Architectures & Communication (MCP and A2A)
Multi-Agent AI Systems: Architectures & Communication (MCP and A2A)
HusseinMalikMammadli
 
Breaking it Down: Microservices Architecture for PHP Developers
Breaking it Down: Microservices Architecture for PHP DevelopersBreaking it Down: Microservices Architecture for PHP Developers
Breaking it Down: Microservices Architecture for PHP Developers
pmeth1
 
Accommodating Neurodiverse Users Online (Global Accessibility Awareness Day 2...
Accommodating Neurodiverse Users Online (Global Accessibility Awareness Day 2...Accommodating Neurodiverse Users Online (Global Accessibility Awareness Day 2...
Accommodating Neurodiverse Users Online (Global Accessibility Awareness Day 2...
User Vision
 
UiPath AgentHack - Build the AI agents of tomorrow_Enablement 1.pptx
UiPath AgentHack - Build the AI agents of tomorrow_Enablement 1.pptxUiPath AgentHack - Build the AI agents of tomorrow_Enablement 1.pptx
UiPath AgentHack - Build the AI agents of tomorrow_Enablement 1.pptx
anabulhac
 
ICDCC 2025: Securing Agentic AI - Eryk Budi Pratama.pdf
ICDCC 2025: Securing Agentic AI - Eryk Budi Pratama.pdfICDCC 2025: Securing Agentic AI - Eryk Budi Pratama.pdf
ICDCC 2025: Securing Agentic AI - Eryk Budi Pratama.pdf
Eryk Budi Pratama
 
machines-for-woodworking-shops-en-compressed.pdf
machines-for-woodworking-shops-en-compressed.pdfmachines-for-woodworking-shops-en-compressed.pdf
machines-for-woodworking-shops-en-compressed.pdf
AmirStern2
 
UX for Data Engineers and Analysts-Designing User-Friendly Dashboards for Non...
UX for Data Engineers and Analysts-Designing User-Friendly Dashboards for Non...UX for Data Engineers and Analysts-Designing User-Friendly Dashboards for Non...
UX for Data Engineers and Analysts-Designing User-Friendly Dashboards for Non...
UXPA Boston
 
In-App Guidance_ Save Enterprises Millions in Training & IT Costs.pptx
In-App Guidance_ Save Enterprises Millions in Training & IT Costs.pptxIn-App Guidance_ Save Enterprises Millions in Training & IT Costs.pptx
In-App Guidance_ Save Enterprises Millions in Training & IT Costs.pptx
aptyai
 
Ad

chapter 1. Introduction to Information Security

  • 1. SQUARE NORTH TECHNOLOGIES Information Security Training Chapter 1 Introduction to Information Security Muhammad Lawal Chief Executive Officer elmuhammadm@gmail.com 08124350304
  • 2. Learning Objectives  Understand what information security is and how it came to mean what it does today.  Comprehend the history of computer security and how it evolved into information security.  Understand the key terms and critical concepts of information security as presented in the chapter.  Outline the phases of the security systems development life cycle.  Understand the role professionals involved in information security in an organizational structure.  Understand the business need for information security.  Understand a successful information security program is the responsibility of an organization‘s general management and I T management.  Understand the some threats posed to information security and the more common attacks associated with those threats.
  • 3. Introduction  Some hundreds of years ago, we would have been making living on agriculture.  Say a hundred years ago you were likely to be making a living working in a factory.  Today, we live in the information age where everyone has a job somehow connected to information stored in digital form on a network.
  • 4. The History Of Information Security Computer security began immediately after the first mainframes were developed Physical controls were needed to limit access to authorized personnel to sensitive military locations Only rudimentary controls were available to defend against physical theft, espionage, and sabotage
  • 5. The 1960s • Department of Defense’s Advanced Research Project Agency (ARPA) began examining the feasibility of a redundant networked communi cations
  • 7. The 1970s and 80s • ARPANET grew in popularity as did its potential for misuse • Fundamental problems with ARPANET security were identified – No safety procedures for dial-up connections to the ARPANET – User identification and authorization to the system were non-existent • In the late 1970s the microprocessor expanded computing capabilities and security threats
  • 8. R-609 – The Start of the Study of Computer Security • Information Security began with Rand Report R-609 • The scope of computer security grew from physical security to include: – Safety of the data – Limiting unauthorized access to that data – Involvement of personnel from multiple levels of the organization
  • 9. The 1990s • Networks of computers became more common, so too did the need to interconnect the networks • Resulted in the Internet, the first manifestation of a global network of networks • In early Internet deployments, security was treated as a low priority
  • 10. The Present • The Internet has brought millions of computer networks into communication with each other – many of them unsecured • Ability to secure each now influenced by the security on every computer to which it is connected
  • 11. What is Security?  The quality or state of being secure—to be fre e from danger  A successful organization should have multipl e layers of security in place: • Physical security • Personal security • Operations security • Communications security • Network security • Information security
  • 12. Critical Characteristics of Information • The value of information comes from the char acteristics it possesses: – Availability – Accuracy – Authenticity – Confidentiality – Integrity – Utility – Possession
  • 13. Components of an Information System • Information system (IS) is the entire set of software, hardware, data, people, procedures, and networks necessary to use information as a resource in the organisation
  • 14. Bottom Up Approach • Security from a grass-roots effort - systems administrators attempt to improve the security of their systems • Key advantage - technical expertise of the individual administrators • Seldom works, as it lacks a number of critical features: – participant support – organizational staying power
  • 15. Top-down Approach • Initiated by upper management: – issue policy, procedures, and processes – dictate the goals and expected outcomes of the project – determine who is accountable for each of the required actions • This approach has strong upper management support, a dedicated champion, dedicated funding, clear planning, and the chance to influence organizational culture • May also involve a formal development strategy referred to as a systems development life cycle – Most successful top-down approach
  • 17. The Systems Development Life Cycle • Information security must be managed in a manner similar to any other major system implemented in the organization • Using a methodology – ensures a rigorous process – avoids missing steps • The goal is creating a comprehensive security posture/program
  • 18. The Security Systems Development Life Cycle • The same phases used in traditional SDLC may be adapte d to support specialized implementation of an IS project • Investigation • Analysis • Logical design • Physical design • Implementation • Maintenance & change • Identification of specific threats and creating controls to counter them • SecSDLC is a coherent program rather than a seri es of random, seemingly unconnected actions
  • 20. Investigation • Identifies process, outcomes, goals, and const raints of the project • Begins with enterprise information security po licy • Organizational feasibility analysis is performed
  • 21. Analysis • Documents from investigation phase are studied • Analyzes existing security policies or programs, a long with documented current threats and assoc iated controls • Includes analysis of relevant legal issues that co uld impact design of the security solution • The risk management task begins
  • 22. Logical Design • Creates and develops blueprints for information secu rity • Incident response actions planned: – Continuity planning – Incident response – Disaster recovery • Feasibility analysis to determine whether project sho uld continue or be outsourced
  • 23. Physical Design • Needed security technology is evaluated, alternatives generated, and final design selected • At end of phase, feasibility study determines readiness of organization for project
  • 24. Implementation • Security solutions are acquired, tested, implemented, and tested again • Personnel issues evaluated; specific training and education programs conducted • Entire tested package is presented to management for final approval
  • 25. Maintenance and Change • Perhaps the most important phase, given the ever-changing threat environment • Often, reparation and restoration of information is a constant duel with an unseen adversary • Information security profile of an organization requires constant adaptation as new threats emerge and old threats evolve
  • 26. Professionals involved in information security within an organization Senior Management  Chief Information Officer (CIO) • Senior technology officer • Primarily responsible for advising senior executives on strategic planning  Chief Information Security Officer (CISO) • Primarily responsible for assessment, management, an d implementation of IS in the organization • Usually reports directly to the CIO
  • 27. Information Security Project Team  A number of individuals who are experienced in one or more facets of required technical an d nontechnical areas: • Champion • Team leader • Security policy developers • Risk assessment specialists • Security professionals • Systems administrators • End users
  • 28. Data Ownership • Data owner: responsible for the security and u se of a particular set of information • Data custodian: responsible for storage, maint enance, and protection of information • Data users: end users who work with informat ion to perform their daily jobs supporting the mission of the organization
  • 29. What is Information Security? • “The concepts, techniques, technical measures, and adminis trative measures used to protect information assets from deli berate or inadvertent unauthorised acquisition, damage, discl osure, manipulation, modification, loss, or use is information security.” or • means protecting information and information systems from unauthorised access, use, disclosure, modification or destructi on. or • Implementing suitable controls - policies, practices, procedur es, organisational structures, software, etc, to secure informa tion for any information user.
  • 30. • The protection of information and its critical e lements, including systems and hardware that use, store, and transmit that information • Necessary tools: policy, awareness, training, e ducation, technology • C.I.A. triangle was standard based on confiden tiality, integrity, and availability • C.I.A. triangle now expanded into list of critica l characteristics of information
  • 31. How Can Information Security Be Achieved Access to network resource will be granted through a unique user ID and password Passwords will be 8 characters long Passwords should include one non-alpha and not found in dictionary Information Security is achieved by implementing a suitable set of controls, which could be: These controls need to be established in order to ensure that the specific security objectives of the organization are met.
  • 32. Information Security Goals  Confidentiality - making sure that those who should not see the information can not see it.  Integrity - making sure the information has not been changed from how it was intended to be.  Availability – making sure the information is available for use when needed.
  • 34. Securing Components • Computer can be subject of an attack and/or the obj ect of an attack – When the subject of an attack, computer is used as an active tool to conduct attack – When the object of an attack, computer is the entity b eing attacked
  • 36. Balancing Information Security and Access • Impossible to obtain perfect security—it is a p rocess, not an absolute • Security should be considered balance betwee n protection and availability • To achieve balance, level of security must allo w reasonable access, yet protect against threa ts
  • 38. The Need for Information Security Business Needs First Technology Needs Last Information security performs three important functions for an organization: • Protects the organization‘s ability to function – Communities of interest must argue for information security in ter ms of impact and cost • Enables the safe operation of applications implemented on the organization‘s IT systems – Organizations must create integrated, efficient, and capable applic ations – Organization need environments that safeguard applications
  • 39. • Protects the data the organization collects and uses – One of the most valuable assets is data – Without data, an organization loses its record of trans actions and/or its ability to deliver value to its custom ers – An effective information security program is essential to the protection of the integrity and value of the orga nization‘s data Technology Needs • Safeguards the technological assets in use at the organi zation • Organizations must have secure infrastructure services b ased on the size and scope of the enterprise
  • 40. Areas of Information System Security  Data security  Computer security  LAN or Network security  Internet security
  • 41. Major Threats & Issues Basic Threats  Theft of password  E-mail based threats  E-mail based extortion  Launch of malicious codes (trojans)
  • 42. Corporate threats • Web defacement • Corporate espionage • Website based launch of malicious code cheating and fraud • Exchange of criminal ideas and tools • Cyber harassment • Forge websites Online threats • E-mail spamming • Theft of software and electronic records • Cyber stalking • E-mail bombing • Denial of service attacks
  • 43. Protecting your computer and network  Physical security  Securing desktop computers  Securing laptops/notebooks/handheld computers  Securing network security  Software security  Protect against internet intruders with firewall s and IDS  Protect against viruses and other malware  Protect against spyware and adware  Protect against unwanted email
  • 44. General spam protection practices  Do not give out your email address indiscriminately  Leave your email signature line blank if you post to a newsgroup  Do not reply to junk messages  Do not open obvious spam mails  Report to appropriate person – systems administrator

Editor's Notes

  翻译: