2 Security And Internet Security


Published on

Published in: Technology
1 Comment
1 Like
  • various kinds of security information helps to protect oneself and make awareness to all. great demonstration about internet security helps a lot..Thanks for your slide share.
    Are you sure you want to  Yes  No
    Your message goes here
No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide
  • What Is Security? In general, security is “the quality or state of being secure--to be free from danger.” It means to be protected from adversaries--from those who would do harm, intentionally or otherwise. What Is Security? A successful organization should have the following multiple layers of security in place for the protection of its operations: Physical security - to protect the physical items, objects, or areas of an organization from unauthorized access and misuse. Personal security – to protect the individual or group of individuals who are authorized to access the organization and its operations. Operations security – to protect the details of a particular operation or series of activities. Communications security – to protect an organization’s communications media, technology, and content. Network security – to protect networking components, connections, and contents.
  • What Is Information Security? Information security, therefore, is the protection of information and its critical elements, including the systems and hardware that use, store, and transmit that information. But to protect the information and its related systems from danger, tools, such as policy, awareness, training, education, and technology are necessary. The C.I.A. triangle has been considered the industry standard for computer security since the development of the mainframe. It was solely based on three characteristics that described the utility of information: confidentiality, integrity, and availability. The C.I.A. triangle has expanded into a list of critical characteristics of information.
  • Critical Characteristics Of Information The value of information comes from the characteristics it possesses. Availability - enables users who need to access information to do so without interference or obstruction and in the required format. The information is said to be available to an authorized user when and where needed and in the correct format. Accuracy- free from mistake or error and having the value that the end-user expects. If information contains a value different from the user’s expectations due to the intentional or unintentional modification of its content, it is no longer accurate. Authenticity - the quality or state of being genuine or original, rather than a reproduction or fabrication. Information is authentic when it is the information that was originally created, placed, stored, or transferred. Confidentiality - the quality or state of preventing disclosure or exposure to unauthorized individuals or systems. Integrity - the quality or state of being whole, complete, and uncorrupted. The integrity of information is threatened when the information is exposed to corruption, damage, destruction, or other disruption of its authentic state. Utility - the quality or state of having value for some purpose or end. Information has value when it serves a particular purpose. This means that if information is available, but not in a format meaningful to the end-user, it is not useful. Possession - the quality or state of having ownership or control of some object or item. Information is said to be in possession if one obtains it, independent of format or other characteristic. While a breach of confidentiality always results in a breach of possession, a breach of possession does not always result in a breach of confidentiality.
  • This graphic informs the fundamental approach of the chapter and can be used to illustrate the intersection of information states (x-axis), key objectives of C.I.A. (y-axis) and the three primary means to implement (policy, education and technology).
  • 2 Security And Internet Security

    1. 1. Security and Internet security Jasmina Trajkovski [email_address] ELSA Conference Strumica, 27.11.2008
    2. 2. Topics covered <ul><li>What is Security and Information Security? </li></ul><ul><li>Culture of Security </li></ul><ul><li>Global Information Security Trends </li></ul><ul><li>Security and Internet security </li></ul><ul><li>Best practices for senior managers </li></ul>
    3. 3. What is Security and Information Security?
    4. 4. What is Security? <ul><li>“ The quality or state of being secure—to be free from danger” </li></ul><ul><li>A successful organization should have multiple layers of security in place: </li></ul><ul><ul><li>Physical security </li></ul></ul><ul><ul><li>Personal security </li></ul></ul><ul><ul><li>Operations security </li></ul></ul><ul><ul><li>Communications security </li></ul></ul><ul><ul><li>Network security </li></ul></ul><ul><ul><li>Information security </li></ul></ul>
    5. 5. What is Information Security? <ul><li>The protection of information and its critical elements, including systems and hardware that use, store, and transmit that information </li></ul><ul><li>Necessary tools: policy, awareness, training, education, technology </li></ul><ul><li>C.I.A. triangle was standard based on confidentiality, integrity, and availability </li></ul><ul><li>C.I.A. triangle now expanded into list of critical characteristics of information </li></ul>
    6. 6.
    7. 7. Critical Characteristics of Information <ul><li>The value of information comes from the characteristics it possesses: </li></ul><ul><ul><li>Availability </li></ul></ul><ul><ul><li>Accuracy </li></ul></ul><ul><ul><li>Authenticity </li></ul></ul><ul><ul><li>Confidentiality </li></ul></ul><ul><ul><li>Integrity </li></ul></ul><ul><ul><li>Utility </li></ul></ul><ul><ul><li>Possession </li></ul></ul>
    8. 8. Figure 1-4 – NSTISSC Security Model NSTISSC Security Model
    9. 9. Culture of security
    10. 10. History <ul><li>OECD Guidelines for the Security </li></ul><ul><li>of Information Systems and Networks: </li></ul><ul><li>Towards a Culture of Security </li></ul><ul><li>ORGANISATION FOR ECONOMIC CO-OPERATION AND DEVELOPMENT </li></ul><ul><li>adopted as a Recommendation of the OECD Council at its 1037th Session on 25 July 2002 . </li></ul>
    11. 11. Principles part 1 <ul><li>Awareness </li></ul><ul><li>Participants should be aware of the need for security of information systems and networks and what they can do to enhance security. </li></ul><ul><li>Responsibility </li></ul><ul><li>All participants are responsible for the security of information systems and networks. </li></ul><ul><li>Response </li></ul><ul><li>Participants should act in a timely and co-operative manner to prevent, detect and respond to security incidents. </li></ul>
    12. 12. Principles part 2 <ul><li>Ethics </li></ul><ul><li>Participants should respect the legitimate interests of others. </li></ul><ul><li>Democracy </li></ul><ul><li>The security of information systems and networks should be compatible with essential values of a democratic society. </li></ul><ul><li>Risk assessment </li></ul><ul><li>Participants should conduct risk assessments. </li></ul>
    13. 13. Principles part 3 <ul><li>Security design and implementation </li></ul><ul><li>Participants should incorporate security as an essential element of information systems and networks. </li></ul><ul><li>Security management </li></ul><ul><li>Participants should adopt a comprehensive approach to security management. </li></ul><ul><li>Reassessment </li></ul><ul><li>Participants should review and reassess the security of information systems and networks, and make appropriate modifications to security policies, practices, measures and procedures. </li></ul>
    14. 14. Global Information Security Trends
    15. 15. Global information security survey 2008 – Ernst & Young 1/2 <ul><li>Meeting business objectives is a growing focus of information security. </li></ul><ul><li>Information security is now more integrated into overall risk management . </li></ul><ul><li>Information security remains isolated from executive management and the strategic decision making process. </li></ul><ul><li>Improving IT and operational efficiency are emerging as important objectives. </li></ul><ul><li>Compliance continues to be primary driver of information security improvements. </li></ul>
    16. 16. Global information security survey 2008 – Ernst & Young 2/2 <ul><li>Privacy and data protection have become increasingly important drivers of information security. </li></ul><ul><li>Organisations rely on audits and self-assessments to evaluate the effectiveness of their information security programs. </li></ul><ul><li>Organisations are demanding more from vendors and business partners in managing third-party relationships. </li></ul><ul><li>The greatest challenge to delivering information security projects continues to be the availability of experienced IT and information security resources . </li></ul>
    17. 17. Internet security
    18. 18. What is internet security <ul><li>Internet security involves the protection of a computer's internet account and files from intrusion of an outside user </li></ul><ul><li>Why is it important? </li></ul>
    19. 19. Our life on the internet <ul><li>electronic mail (e-mail) </li></ul><ul><li>Instant messaging: Skype, Gtalk, MSN messenger, Yahoo! messenger </li></ul><ul><li>Web 2.0 aplications: Facebook, Hi5, Myspace </li></ul><ul><li>e-commerce, e-banking, stock exchanges, </li></ul><ul><li>Collaborative workspaces </li></ul><ul><li>Educational portal and Student Information Systems </li></ul><ul><li>Official website of corporations, government </li></ul>
    20. 20. Aspects that need security on the internet <ul><li>Identity – who we are </li></ul><ul><ul><li>Internet personality </li></ul></ul><ul><ul><li>Profiles, user names, accounts </li></ul></ul><ul><li>Possessions – what we own </li></ul><ul><ul><li>Information on resources: money, grades, property </li></ul></ul><ul><li>Information flow – what we “say” </li></ul><ul><ul><li>Money transfers, sent e-mails, instant messages, submitted documents </li></ul></ul><ul><li>IT assets – what we utilize for our life on the net </li></ul><ul><ul><li>PCs, notebooks, flash drives, mobile phones,… </li></ul></ul>
    21. 21. Attach sophistication vs. Intruders knowledge
    22. 22. Best practices for information security for senior managers
    23. 23. Best practices – part 1 <ul><li>General management: Managers throughout the organization consider information security a normal part of their responsibility and the responsibility of every employee. </li></ul><ul><li>Policy: Develop, deploy, review, and enforce security policies that satisfy business objectives. </li></ul><ul><li>One of the tests of leadership is the ability to </li></ul><ul><li>recognize a problem before it becomes an emergency. </li></ul><ul><li>Arnold Glasgow (1908-1970) </li></ul>
    24. 24. Best practices – part 2 <ul><li>Risk Management: Periodically conduct an information security risk evaluation that identifies critical information assets, threats to critical assets, asset vulnerabilities, and risks. </li></ul><ul><li>In cases of defense ‘tis best to weigh the enemy </li></ul><ul><li>more mighty than he seems. </li></ul><ul><li>William Shakespeare(1564-1616) </li></ul>
    25. 25. Best practices – part 3 <ul><li>Security Architecture & Design: Generate, implement, and maintain an enterprise- (or site-) wide security architecture, based on satisfying business objectives and protecting the most critical information assets. </li></ul><ul><li>User Issues - Accountability and Training, and Adequate Expertise: Establish accountability for user actions, train for accountability and enforce it, as reflected in organizational policies and procedures. Ensure that there is adequate in-house expertise or explicitly outsourced expertise for all supported technologies, including the secure operation of those technologies. </li></ul>
    26. 26. <ul><li>There is one safeguard known generally to the wise, which is an advantage and security to all...What is it? Distrust. </li></ul><ul><li>Demosthenes (c. 384-322 B.C.) </li></ul>