SlideShare a Scribd company logo
1 of 22
Download to read offline
Information Technology
Security
A Brief Overview
Maze & Associates
Instructor:
Donald E. Hester
Objectives of IT Security
♦ The Confidentiality of Electronic Data
♦ The Integrity of Electronic Data
♦ The Availability of Electronic Data
C.I.A.
Part 1: Basic Security Triad
As more and more
information
becomes available
electronically, IT security
will become more and more
important.
1. Confidentiality
♦ For Secret or Private Information
♦ Confidentiality is the concept that
information is unavailable to those who are
unauthorized to access it.
♦ The concept of allowing access to
information or resources only to those who
need it is called access control.
Confidentiality continued
♦ The privacy of customer and
employee information is becoming
more and more important, if not the
business to the customer or
employee.
♦ Legislation does mandate due
diligence.
♦ We should ensure that only the
proper people have access to the
information needed to perform
their job or that they have been
authorized to access it
♦ Is often the last concern because it
can impede business productivity.
2. Integrity
♦ For Accuracy and Authenticity
♦ Integrity ensures that information cannot be
modified in unexpected ways.
♦ Loss of integrity could result from human
error, intentional tampering, or even
catastrophic events.
♦ The consequences of using inaccurate
information be disastrous or even
dangerous.
Integrity continued
♦ For information to have
any value and in order to
produce quality product,
the data must by
protected against
unauthorized or
inadvertent modification.
♦ If the authenticity of the
information is in doubt or
compromised, the
integrity is jeopardized.
3. Availability
♦ For Utility and Recovery
♦ Availability prevents resources from being
deleted or becoming inaccessible.
♦ This applies not only to information, but
also to network machines and other aspects
of the technology infrastructure
♦ The inability to access required resources is
called “denial of service” or D.O.S.
Availability continued
♦ Information must be
available and usable when
needed.
♦ What is the cost of
unavailability
(Downtime)?
♦ What good is information
if you can’t get it?
♦ Redundancy, regular
backups and limiting
physical access helps to
increase availability
Business Model
♦ Each business model requires emphasis on
different security objectives.
♦ A national defense system will place the
greatest emphasis on confidentiality.
♦ A bank has a greater need for integrity.
♦ An emergency medical system will
emphasize availability.
Part 2: Areas of Security
Here are the five general
Areas in Information
Systems or Information
Technologies security
1. Users
♦ Users need to be
aware of security
issues
♦ Users must be trained
insecurity procedures
♦ Users need to follow
guidelines (like not
writing down
passwords)
2. Application
♦ The application has its
own independent
access control beyond
the network access
control.
♦ An example would be
module control in a
financial application.
3. OS Operating System
♦ Every computer has an
operating system that
controls access to that
computers resources.
♦ Example would be
sharing a folder or
printer.
♦ The OS also controls
file system security
(Like NTFS)
4. NOS Network Operating
System
♦ The NOS controls access
to network resources and
authenticates users
♦ Internet access, server
access, remote access and
access to other networks
are examples of controls
implemented by the NOS
♦ Examples of NOS:
Windows NT 4, Windows
2000, Novell Netware,
Lantastic & UNIX
5. Physical
♦ Physical Control of
any electronic device
♦ A server room controls
physical access to
servers
♦ Watching your laptop
♦ Keeping zip disk
secure
Who Controls the Access Control
♦ Who assigns permissions?
♦ Typically it is the IT department that
assigns access controls for all 5 levels.
♦ This can cause problems because it only
takes one person to grant access to all
electronic information.
♦ How can we fix that?
Distributed Access Control
♦ Distributed Access Control is having
different departments or people assigning
permission by level.
Finance Director
Network Administrator
Distributed Access Control 2
♦ By having the Finance Director assign
permissions to the financial software and
the Network Administrator assign
permissions to the network or server you
have distributed the Access Control
♦ To give a User access to the financial
software it requires two separate people or
departments to work together, in order to
give that User access.
Distributed Access Control
Example
♦ The IS department or
Network Administrator
opens the first door and
gives access to the
Network.
♦ Then the Finance Director
opens the next door the
the financial application.
♦ This works if the Network
Administrator does not
have keys to the next
door.
Checks and Balances
♦ By having distributed
access control
effectively adds a
layer of checks and
balances.
♦ The finance director
cannot open the
second door for a user
if the first door isn’t
opened.
Limiting Control
♦ More importantly the
Network administrator
does not have
unlimited, unchecked
control on assigning
permissions.

More Related Content

What's hot

Securing information system
Securing information systemSecuring information system
Securing information systemTanjim Rasul
 
Information security
Information security Information security
Information security razendar79
 
Chapter2 the need to security
Chapter2 the need to securityChapter2 the need to security
Chapter2 the need to securityDhani Ahmad
 
Basics of Information System Security
Basics of Information System SecurityBasics of Information System Security
Basics of Information System Securitychauhankapil
 
Introduction to security
Introduction to securityIntroduction to security
Introduction to securityMukesh Chinta
 
SECURITY & CONTROL OF INFORMATION SYSTEM (Management Information System)
SECURITY & CONTROL OF INFORMATION SYSTEM (Management Information System)SECURITY & CONTROL OF INFORMATION SYSTEM (Management Information System)
SECURITY & CONTROL OF INFORMATION SYSTEM (Management Information System)Biswajit Bhattacharjee
 
Introduction to information security
Introduction to information securityIntroduction to information security
Introduction to information securityjayashri kolekar
 
System Security Threats and Risks)
System Security Threats and Risks)System Security Threats and Risks)
System Security Threats and Risks)BPalmer13
 
Security & control in management information system
Security & control in management information systemSecurity & control in management information system
Security & control in management information systemOnline
 
8 - Securing Info Systems
8 - Securing Info Systems8 - Securing Info Systems
8 - Securing Info SystemsHemant Nagwekar
 
Information security in todays world
Information security in todays worldInformation security in todays world
Information security in todays worldSibghatullah Khattak
 
Information security and other issues
Information security and other issuesInformation security and other issues
Information security and other issuesHaseeb Ahmed Awan
 
Information Security : Is it an Art or a Science
Information Security : Is it an Art or a ScienceInformation Security : Is it an Art or a Science
Information Security : Is it an Art or a SciencePankaj Rane
 
Information Security Background
Information Security BackgroundInformation Security Background
Information Security BackgroundNicholas Davis
 
1. security management practices
1. security management practices1. security management practices
1. security management practices7wounders
 
Information security for dummies
Information security for dummiesInformation security for dummies
Information security for dummiesIvo Depoorter
 
Security and ethical issues - Arber Hoxhallari
Security and ethical issues - Arber HoxhallariSecurity and ethical issues - Arber Hoxhallari
Security and ethical issues - Arber HoxhallariArber Hoxhallari
 
IT Security and Risk Mitigation
IT Security and Risk MitigationIT Security and Risk Mitigation
IT Security and Risk MitigationMukalele Rogers
 

What's hot (20)

Securing information system
Securing information systemSecuring information system
Securing information system
 
Information security
Information security Information security
Information security
 
Chapter2 the need to security
Chapter2 the need to securityChapter2 the need to security
Chapter2 the need to security
 
Basics of Information System Security
Basics of Information System SecurityBasics of Information System Security
Basics of Information System Security
 
Introduction to security
Introduction to securityIntroduction to security
Introduction to security
 
SECURITY & CONTROL OF INFORMATION SYSTEM (Management Information System)
SECURITY & CONTROL OF INFORMATION SYSTEM (Management Information System)SECURITY & CONTROL OF INFORMATION SYSTEM (Management Information System)
SECURITY & CONTROL OF INFORMATION SYSTEM (Management Information System)
 
Introduction to information security
Introduction to information securityIntroduction to information security
Introduction to information security
 
System Security Threats and Risks)
System Security Threats and Risks)System Security Threats and Risks)
System Security Threats and Risks)
 
Security & control in management information system
Security & control in management information systemSecurity & control in management information system
Security & control in management information system
 
8 - Securing Info Systems
8 - Securing Info Systems8 - Securing Info Systems
8 - Securing Info Systems
 
Information security in todays world
Information security in todays worldInformation security in todays world
Information security in todays world
 
Information security and other issues
Information security and other issuesInformation security and other issues
Information security and other issues
 
Information Security : Is it an Art or a Science
Information Security : Is it an Art or a ScienceInformation Security : Is it an Art or a Science
Information Security : Is it an Art or a Science
 
Information security
Information securityInformation security
Information security
 
386sum08ch8
386sum08ch8386sum08ch8
386sum08ch8
 
Information Security Background
Information Security BackgroundInformation Security Background
Information Security Background
 
1. security management practices
1. security management practices1. security management practices
1. security management practices
 
Information security for dummies
Information security for dummiesInformation security for dummies
Information security for dummies
 
Security and ethical issues - Arber Hoxhallari
Security and ethical issues - Arber HoxhallariSecurity and ethical issues - Arber Hoxhallari
Security and ethical issues - Arber Hoxhallari
 
IT Security and Risk Mitigation
IT Security and Risk MitigationIT Security and Risk Mitigation
IT Security and Risk Mitigation
 

Similar to Information Technology Security A Brief Overview 2001

SECURITY AND CONTROL
SECURITY AND CONTROLSECURITY AND CONTROL
SECURITY AND CONTROLshinydey
 
Information Assurance And Security - Chapter 2 - Lesson 2
Information Assurance And Security - Chapter 2 - Lesson 2Information Assurance And Security - Chapter 2 - Lesson 2
Information Assurance And Security - Chapter 2 - Lesson 2MLG College of Learning, Inc
 
Computer security concepts
Computer security conceptsComputer security concepts
Computer security conceptsG Prachi
 
Chapter 2 - Lesson 2.pptx
Chapter 2 - Lesson 2.pptxChapter 2 - Lesson 2.pptx
Chapter 2 - Lesson 2.pptxJhaiJhai6
 
SegurançA Da InformaçãO Faat V1 4
SegurançA Da InformaçãO Faat V1 4SegurançA Da InformaçãO Faat V1 4
SegurançA Da InformaçãO Faat V1 4Rodrigo Piovesana
 
Medical facility network design
Medical facility network designMedical facility network design
Medical facility network designnephtalie
 
Basic concepts in computer security
Basic concepts in computer securityBasic concepts in computer security
Basic concepts in computer securityArzath Areeff
 
Computer Security Chapter 1
Computer Security Chapter 1Computer Security Chapter 1
Computer Security Chapter 1Temesgen Berhanu
 
Information Technology Security Basics
Information Technology Security BasicsInformation Technology Security Basics
Information Technology Security BasicsMohan Jadhav
 
Chapter 13
Chapter 13Chapter 13
Chapter 13bodo-con
 
How to Build and Implement your Company's Information Security Program
How to Build and Implement your Company's Information Security ProgramHow to Build and Implement your Company's Information Security Program
How to Build and Implement your Company's Information Security ProgramFinancial Poise
 
Hem infotech company profile
Hem infotech  company profileHem infotech  company profile
Hem infotech company profileHem Infotech
 
Lecture 01- What is Information Security.ppt
Lecture 01- What is Information Security.pptLecture 01- What is Information Security.ppt
Lecture 01- What is Information Security.pptshahadd2021
 
information security (network security methods)
information security (network security methods)information security (network security methods)
information security (network security methods)Zara Nawaz
 
Information security ist lecture
Information security ist lectureInformation security ist lecture
Information security ist lectureZara Nawaz
 

Similar to Information Technology Security A Brief Overview 2001 (20)

SECURITY AND CONTROL
SECURITY AND CONTROLSECURITY AND CONTROL
SECURITY AND CONTROL
 
Information Assurance And Security - Chapter 2 - Lesson 2
Information Assurance And Security - Chapter 2 - Lesson 2Information Assurance And Security - Chapter 2 - Lesson 2
Information Assurance And Security - Chapter 2 - Lesson 2
 
Lesson 2
Lesson 2Lesson 2
Lesson 2
 
Computer security concepts
Computer security conceptsComputer security concepts
Computer security concepts
 
Chapter 2 - Lesson 2.pptx
Chapter 2 - Lesson 2.pptxChapter 2 - Lesson 2.pptx
Chapter 2 - Lesson 2.pptx
 
SegurançA Da InformaçãO Faat V1 4
SegurançA Da InformaçãO Faat V1 4SegurançA Da InformaçãO Faat V1 4
SegurançA Da InformaçãO Faat V1 4
 
Medical facility network design
Medical facility network designMedical facility network design
Medical facility network design
 
Basic concepts in computer security
Basic concepts in computer securityBasic concepts in computer security
Basic concepts in computer security
 
Computer Security Chapter 1
Computer Security Chapter 1Computer Security Chapter 1
Computer Security Chapter 1
 
Information Technology Security Basics
Information Technology Security BasicsInformation Technology Security Basics
Information Technology Security Basics
 
Chapter 13
Chapter 13Chapter 13
Chapter 13
 
How to Build and Implement your Company's Information Security Program
How to Build and Implement your Company's Information Security ProgramHow to Build and Implement your Company's Information Security Program
How to Build and Implement your Company's Information Security Program
 
Intro to Security
Intro to SecurityIntro to Security
Intro to Security
 
Aspects of Network Security
Aspects of Network SecurityAspects of Network Security
Aspects of Network Security
 
unit-1-is1.pptx
unit-1-is1.pptxunit-1-is1.pptx
unit-1-is1.pptx
 
Hem infotech company profile
Hem infotech  company profileHem infotech  company profile
Hem infotech company profile
 
Data security
Data securityData security
Data security
 
Lecture 01- What is Information Security.ppt
Lecture 01- What is Information Security.pptLecture 01- What is Information Security.ppt
Lecture 01- What is Information Security.ppt
 
information security (network security methods)
information security (network security methods)information security (network security methods)
information security (network security methods)
 
Information security ist lecture
Information security ist lectureInformation security ist lecture
Information security ist lecture
 

More from Donald E. Hester

Cybersecurity for Local Gov for SAMFOG
Cybersecurity for Local Gov for SAMFOGCybersecurity for Local Gov for SAMFOG
Cybersecurity for Local Gov for SAMFOGDonald E. Hester
 
2017 IT Control Environment for Local Gov
2017 IT Control Environment for Local Gov2017 IT Control Environment for Local Gov
2017 IT Control Environment for Local GovDonald E. Hester
 
What you Need To Know About Ransomware
What you Need To Know About RansomwareWhat you Need To Know About Ransomware
What you Need To Know About RansomwareDonald E. Hester
 
CNT 54 Administering Windows Client
CNT 54 Administering Windows ClientCNT 54 Administering Windows Client
CNT 54 Administering Windows ClientDonald E. Hester
 
2016 Maze Live Fraud Environment
2016 Maze Live Fraud Environment2016 Maze Live Fraud Environment
2016 Maze Live Fraud EnvironmentDonald E. Hester
 
2016 Maze Live Changes in Grant Management and How to Prepare for the Single ...
2016 Maze Live Changes in Grant Management and How to Prepare for the Single ...2016 Maze Live Changes in Grant Management and How to Prepare for the Single ...
2016 Maze Live Changes in Grant Management and How to Prepare for the Single ...Donald E. Hester
 
2016 Maze Live Cyber-security for Local Governments
2016 Maze Live Cyber-security for Local Governments2016 Maze Live Cyber-security for Local Governments
2016 Maze Live Cyber-security for Local GovernmentsDonald E. Hester
 
GASB 68 and 71 Planning for the Second Year
GASB 68 and 71 Planning for the Second YearGASB 68 and 71 Planning for the Second Year
GASB 68 and 71 Planning for the Second YearDonald E. Hester
 
Implementing GASB 72: Fair Value Measurement and Application
Implementing GASB 72: Fair Value Measurement and ApplicationImplementing GASB 72: Fair Value Measurement and Application
Implementing GASB 72: Fair Value Measurement and ApplicationDonald E. Hester
 
2016 Maze Live 1 GASB update
2016 Maze Live 1 GASB update2016 Maze Live 1 GASB update
2016 Maze Live 1 GASB updateDonald E. Hester
 
Cyber Security for Local Gov SAMFOG
Cyber Security for Local Gov SAMFOGCyber Security for Local Gov SAMFOG
Cyber Security for Local Gov SAMFOGDonald E. Hester
 
Annual Maze Live Event 2016 – GASB Updates & Best Practices
Annual Maze Live Event 2016 – GASB Updates & Best Practices Annual Maze Live Event 2016 – GASB Updates & Best Practices
Annual Maze Live Event 2016 – GASB Updates & Best Practices Donald E. Hester
 
Payment Card Cashiering for Local Governments 2016
Payment Card Cashiering for Local Governments 2016Payment Card Cashiering for Local Governments 2016
Payment Card Cashiering for Local Governments 2016Donald E. Hester
 
Understanding the Risk Management Framework & (ISC)2 CAP Module 10: Authorize
Understanding the Risk Management Framework & (ISC)2 CAP Module 10: Authorize Understanding the Risk Management Framework & (ISC)2 CAP Module 10: Authorize
Understanding the Risk Management Framework & (ISC)2 CAP Module 10: Authorize Donald E. Hester
 
Understanding the Risk Management Framework & (ISC)2 CAP Module 15: Incident ...
Understanding the Risk Management Framework & (ISC)2 CAP Module 15: Incident ...Understanding the Risk Management Framework & (ISC)2 CAP Module 15: Incident ...
Understanding the Risk Management Framework & (ISC)2 CAP Module 15: Incident ...Donald E. Hester
 
Understanding the Risk Management Framework & (ISC)2 CAP Module 14: Security ...
Understanding the Risk Management Framework & (ISC)2 CAP Module 14: Security ...Understanding the Risk Management Framework & (ISC)2 CAP Module 14: Security ...
Understanding the Risk Management Framework & (ISC)2 CAP Module 14: Security ...Donald E. Hester
 
Understanding the Risk Management Framework & (ISC)2 CAP Module 13: Contingen...
Understanding the Risk Management Framework & (ISC)2 CAP Module 13: Contingen...Understanding the Risk Management Framework & (ISC)2 CAP Module 13: Contingen...
Understanding the Risk Management Framework & (ISC)2 CAP Module 13: Contingen...Donald E. Hester
 
Understanding the Risk Management Framework & (ISC)2 CAP Module 11: Monitor
Understanding the Risk Management Framework & (ISC)2 CAP Module 11: MonitorUnderstanding the Risk Management Framework & (ISC)2 CAP Module 11: Monitor
Understanding the Risk Management Framework & (ISC)2 CAP Module 11: MonitorDonald E. Hester
 
Understanding the Risk Management Framework & (ISC)2 CAP Module 12: Cloud Com...
Understanding the Risk Management Framework & (ISC)2 CAP Module 12: Cloud Com...Understanding the Risk Management Framework & (ISC)2 CAP Module 12: Cloud Com...
Understanding the Risk Management Framework & (ISC)2 CAP Module 12: Cloud Com...Donald E. Hester
 
Understanding the Risk Management Framework & (ISC)2 CAP Module 8: Implement ...
Understanding the Risk Management Framework & (ISC)2 CAP Module 8: Implement ...Understanding the Risk Management Framework & (ISC)2 CAP Module 8: Implement ...
Understanding the Risk Management Framework & (ISC)2 CAP Module 8: Implement ...Donald E. Hester
 

More from Donald E. Hester (20)

Cybersecurity for Local Gov for SAMFOG
Cybersecurity for Local Gov for SAMFOGCybersecurity for Local Gov for SAMFOG
Cybersecurity for Local Gov for SAMFOG
 
2017 IT Control Environment for Local Gov
2017 IT Control Environment for Local Gov2017 IT Control Environment for Local Gov
2017 IT Control Environment for Local Gov
 
What you Need To Know About Ransomware
What you Need To Know About RansomwareWhat you Need To Know About Ransomware
What you Need To Know About Ransomware
 
CNT 54 Administering Windows Client
CNT 54 Administering Windows ClientCNT 54 Administering Windows Client
CNT 54 Administering Windows Client
 
2016 Maze Live Fraud Environment
2016 Maze Live Fraud Environment2016 Maze Live Fraud Environment
2016 Maze Live Fraud Environment
 
2016 Maze Live Changes in Grant Management and How to Prepare for the Single ...
2016 Maze Live Changes in Grant Management and How to Prepare for the Single ...2016 Maze Live Changes in Grant Management and How to Prepare for the Single ...
2016 Maze Live Changes in Grant Management and How to Prepare for the Single ...
 
2016 Maze Live Cyber-security for Local Governments
2016 Maze Live Cyber-security for Local Governments2016 Maze Live Cyber-security for Local Governments
2016 Maze Live Cyber-security for Local Governments
 
GASB 68 and 71 Planning for the Second Year
GASB 68 and 71 Planning for the Second YearGASB 68 and 71 Planning for the Second Year
GASB 68 and 71 Planning for the Second Year
 
Implementing GASB 72: Fair Value Measurement and Application
Implementing GASB 72: Fair Value Measurement and ApplicationImplementing GASB 72: Fair Value Measurement and Application
Implementing GASB 72: Fair Value Measurement and Application
 
2016 Maze Live 1 GASB update
2016 Maze Live 1 GASB update2016 Maze Live 1 GASB update
2016 Maze Live 1 GASB update
 
Cyber Security for Local Gov SAMFOG
Cyber Security for Local Gov SAMFOGCyber Security for Local Gov SAMFOG
Cyber Security for Local Gov SAMFOG
 
Annual Maze Live Event 2016 – GASB Updates & Best Practices
Annual Maze Live Event 2016 – GASB Updates & Best Practices Annual Maze Live Event 2016 – GASB Updates & Best Practices
Annual Maze Live Event 2016 – GASB Updates & Best Practices
 
Payment Card Cashiering for Local Governments 2016
Payment Card Cashiering for Local Governments 2016Payment Card Cashiering for Local Governments 2016
Payment Card Cashiering for Local Governments 2016
 
Understanding the Risk Management Framework & (ISC)2 CAP Module 10: Authorize
Understanding the Risk Management Framework & (ISC)2 CAP Module 10: Authorize Understanding the Risk Management Framework & (ISC)2 CAP Module 10: Authorize
Understanding the Risk Management Framework & (ISC)2 CAP Module 10: Authorize
 
Understanding the Risk Management Framework & (ISC)2 CAP Module 15: Incident ...
Understanding the Risk Management Framework & (ISC)2 CAP Module 15: Incident ...Understanding the Risk Management Framework & (ISC)2 CAP Module 15: Incident ...
Understanding the Risk Management Framework & (ISC)2 CAP Module 15: Incident ...
 
Understanding the Risk Management Framework & (ISC)2 CAP Module 14: Security ...
Understanding the Risk Management Framework & (ISC)2 CAP Module 14: Security ...Understanding the Risk Management Framework & (ISC)2 CAP Module 14: Security ...
Understanding the Risk Management Framework & (ISC)2 CAP Module 14: Security ...
 
Understanding the Risk Management Framework & (ISC)2 CAP Module 13: Contingen...
Understanding the Risk Management Framework & (ISC)2 CAP Module 13: Contingen...Understanding the Risk Management Framework & (ISC)2 CAP Module 13: Contingen...
Understanding the Risk Management Framework & (ISC)2 CAP Module 13: Contingen...
 
Understanding the Risk Management Framework & (ISC)2 CAP Module 11: Monitor
Understanding the Risk Management Framework & (ISC)2 CAP Module 11: MonitorUnderstanding the Risk Management Framework & (ISC)2 CAP Module 11: Monitor
Understanding the Risk Management Framework & (ISC)2 CAP Module 11: Monitor
 
Understanding the Risk Management Framework & (ISC)2 CAP Module 12: Cloud Com...
Understanding the Risk Management Framework & (ISC)2 CAP Module 12: Cloud Com...Understanding the Risk Management Framework & (ISC)2 CAP Module 12: Cloud Com...
Understanding the Risk Management Framework & (ISC)2 CAP Module 12: Cloud Com...
 
Understanding the Risk Management Framework & (ISC)2 CAP Module 8: Implement ...
Understanding the Risk Management Framework & (ISC)2 CAP Module 8: Implement ...Understanding the Risk Management Framework & (ISC)2 CAP Module 8: Implement ...
Understanding the Risk Management Framework & (ISC)2 CAP Module 8: Implement ...
 

Recently uploaded

IaC & GitOps in a Nutshell - a FridayInANuthshell Episode.pdf
IaC & GitOps in a Nutshell - a FridayInANuthshell Episode.pdfIaC & GitOps in a Nutshell - a FridayInANuthshell Episode.pdf
IaC & GitOps in a Nutshell - a FridayInANuthshell Episode.pdfDaniel Santiago Silva Capera
 
activity_diagram_combine_v4_20190827.pdfactivity_diagram_combine_v4_20190827.pdf
activity_diagram_combine_v4_20190827.pdfactivity_diagram_combine_v4_20190827.pdfactivity_diagram_combine_v4_20190827.pdfactivity_diagram_combine_v4_20190827.pdf
activity_diagram_combine_v4_20190827.pdfactivity_diagram_combine_v4_20190827.pdfJamie (Taka) Wang
 
ADOPTING WEB 3 FOR YOUR BUSINESS: A STEP-BY-STEP GUIDE
ADOPTING WEB 3 FOR YOUR BUSINESS: A STEP-BY-STEP GUIDEADOPTING WEB 3 FOR YOUR BUSINESS: A STEP-BY-STEP GUIDE
ADOPTING WEB 3 FOR YOUR BUSINESS: A STEP-BY-STEP GUIDELiveplex
 
Salesforce Miami User Group Event - 1st Quarter 2024
Salesforce Miami User Group Event - 1st Quarter 2024Salesforce Miami User Group Event - 1st Quarter 2024
Salesforce Miami User Group Event - 1st Quarter 2024SkyPlanner
 
Introduction to Matsuo Laboratory (ENG).pptx
Introduction to Matsuo Laboratory (ENG).pptxIntroduction to Matsuo Laboratory (ENG).pptx
Introduction to Matsuo Laboratory (ENG).pptxMatsuo Lab
 
Nanopower In Semiconductor Industry.pdf
Nanopower  In Semiconductor Industry.pdfNanopower  In Semiconductor Industry.pdf
Nanopower In Semiconductor Industry.pdfPedro Manuel
 
UiPath Solutions Management Preview - Northern CA Chapter - March 22.pdf
UiPath Solutions Management Preview - Northern CA Chapter - March 22.pdfUiPath Solutions Management Preview - Northern CA Chapter - March 22.pdf
UiPath Solutions Management Preview - Northern CA Chapter - March 22.pdfDianaGray10
 
Empowering Africa's Next Generation: The AI Leadership Blueprint
Empowering Africa's Next Generation: The AI Leadership BlueprintEmpowering Africa's Next Generation: The AI Leadership Blueprint
Empowering Africa's Next Generation: The AI Leadership BlueprintMahmoud Rabie
 
Cybersecurity Workshop #1.pptx
Cybersecurity Workshop #1.pptxCybersecurity Workshop #1.pptx
Cybersecurity Workshop #1.pptxGDSC PJATK
 
COMPUTER 10: Lesson 7 - File Storage and Online Collaboration
COMPUTER 10: Lesson 7 - File Storage and Online CollaborationCOMPUTER 10: Lesson 7 - File Storage and Online Collaboration
COMPUTER 10: Lesson 7 - File Storage and Online Collaborationbruanjhuli
 
How Accurate are Carbon Emissions Projections?
How Accurate are Carbon Emissions Projections?How Accurate are Carbon Emissions Projections?
How Accurate are Carbon Emissions Projections?IES VE
 
UiPath Platform: The Backend Engine Powering Your Automation - Session 1
UiPath Platform: The Backend Engine Powering Your Automation - Session 1UiPath Platform: The Backend Engine Powering Your Automation - Session 1
UiPath Platform: The Backend Engine Powering Your Automation - Session 1DianaGray10
 
9 Steps For Building Winning Founding Team
9 Steps For Building Winning Founding Team9 Steps For Building Winning Founding Team
9 Steps For Building Winning Founding TeamAdam Moalla
 
Building Your Own AI Instance (TBLC AI )
Building Your Own AI Instance (TBLC AI )Building Your Own AI Instance (TBLC AI )
Building Your Own AI Instance (TBLC AI )Brian Pichman
 
UiPath Community: AI for UiPath Automation Developers
UiPath Community: AI for UiPath Automation DevelopersUiPath Community: AI for UiPath Automation Developers
UiPath Community: AI for UiPath Automation DevelopersUiPathCommunity
 
Igniting Next Level Productivity with AI-Infused Data Integration Workflows
Igniting Next Level Productivity with AI-Infused Data Integration WorkflowsIgniting Next Level Productivity with AI-Infused Data Integration Workflows
Igniting Next Level Productivity with AI-Infused Data Integration WorkflowsSafe Software
 
AI You Can Trust - Ensuring Success with Data Integrity Webinar
AI You Can Trust - Ensuring Success with Data Integrity WebinarAI You Can Trust - Ensuring Success with Data Integrity Webinar
AI You Can Trust - Ensuring Success with Data Integrity WebinarPrecisely
 
Bird eye's view on Camunda open source ecosystem
Bird eye's view on Camunda open source ecosystemBird eye's view on Camunda open source ecosystem
Bird eye's view on Camunda open source ecosystemAsko Soukka
 
Machine Learning Model Validation (Aijun Zhang 2024).pdf
Machine Learning Model Validation (Aijun Zhang 2024).pdfMachine Learning Model Validation (Aijun Zhang 2024).pdf
Machine Learning Model Validation (Aijun Zhang 2024).pdfAijun Zhang
 

Recently uploaded (20)

IaC & GitOps in a Nutshell - a FridayInANuthshell Episode.pdf
IaC & GitOps in a Nutshell - a FridayInANuthshell Episode.pdfIaC & GitOps in a Nutshell - a FridayInANuthshell Episode.pdf
IaC & GitOps in a Nutshell - a FridayInANuthshell Episode.pdf
 
20150722 - AGV
20150722 - AGV20150722 - AGV
20150722 - AGV
 
activity_diagram_combine_v4_20190827.pdfactivity_diagram_combine_v4_20190827.pdf
activity_diagram_combine_v4_20190827.pdfactivity_diagram_combine_v4_20190827.pdfactivity_diagram_combine_v4_20190827.pdfactivity_diagram_combine_v4_20190827.pdf
activity_diagram_combine_v4_20190827.pdfactivity_diagram_combine_v4_20190827.pdf
 
ADOPTING WEB 3 FOR YOUR BUSINESS: A STEP-BY-STEP GUIDE
ADOPTING WEB 3 FOR YOUR BUSINESS: A STEP-BY-STEP GUIDEADOPTING WEB 3 FOR YOUR BUSINESS: A STEP-BY-STEP GUIDE
ADOPTING WEB 3 FOR YOUR BUSINESS: A STEP-BY-STEP GUIDE
 
Salesforce Miami User Group Event - 1st Quarter 2024
Salesforce Miami User Group Event - 1st Quarter 2024Salesforce Miami User Group Event - 1st Quarter 2024
Salesforce Miami User Group Event - 1st Quarter 2024
 
Introduction to Matsuo Laboratory (ENG).pptx
Introduction to Matsuo Laboratory (ENG).pptxIntroduction to Matsuo Laboratory (ENG).pptx
Introduction to Matsuo Laboratory (ENG).pptx
 
Nanopower In Semiconductor Industry.pdf
Nanopower  In Semiconductor Industry.pdfNanopower  In Semiconductor Industry.pdf
Nanopower In Semiconductor Industry.pdf
 
UiPath Solutions Management Preview - Northern CA Chapter - March 22.pdf
UiPath Solutions Management Preview - Northern CA Chapter - March 22.pdfUiPath Solutions Management Preview - Northern CA Chapter - March 22.pdf
UiPath Solutions Management Preview - Northern CA Chapter - March 22.pdf
 
Empowering Africa's Next Generation: The AI Leadership Blueprint
Empowering Africa's Next Generation: The AI Leadership BlueprintEmpowering Africa's Next Generation: The AI Leadership Blueprint
Empowering Africa's Next Generation: The AI Leadership Blueprint
 
Cybersecurity Workshop #1.pptx
Cybersecurity Workshop #1.pptxCybersecurity Workshop #1.pptx
Cybersecurity Workshop #1.pptx
 
COMPUTER 10: Lesson 7 - File Storage and Online Collaboration
COMPUTER 10: Lesson 7 - File Storage and Online CollaborationCOMPUTER 10: Lesson 7 - File Storage and Online Collaboration
COMPUTER 10: Lesson 7 - File Storage and Online Collaboration
 
How Accurate are Carbon Emissions Projections?
How Accurate are Carbon Emissions Projections?How Accurate are Carbon Emissions Projections?
How Accurate are Carbon Emissions Projections?
 
UiPath Platform: The Backend Engine Powering Your Automation - Session 1
UiPath Platform: The Backend Engine Powering Your Automation - Session 1UiPath Platform: The Backend Engine Powering Your Automation - Session 1
UiPath Platform: The Backend Engine Powering Your Automation - Session 1
 
9 Steps For Building Winning Founding Team
9 Steps For Building Winning Founding Team9 Steps For Building Winning Founding Team
9 Steps For Building Winning Founding Team
 
Building Your Own AI Instance (TBLC AI )
Building Your Own AI Instance (TBLC AI )Building Your Own AI Instance (TBLC AI )
Building Your Own AI Instance (TBLC AI )
 
UiPath Community: AI for UiPath Automation Developers
UiPath Community: AI for UiPath Automation DevelopersUiPath Community: AI for UiPath Automation Developers
UiPath Community: AI for UiPath Automation Developers
 
Igniting Next Level Productivity with AI-Infused Data Integration Workflows
Igniting Next Level Productivity with AI-Infused Data Integration WorkflowsIgniting Next Level Productivity with AI-Infused Data Integration Workflows
Igniting Next Level Productivity with AI-Infused Data Integration Workflows
 
AI You Can Trust - Ensuring Success with Data Integrity Webinar
AI You Can Trust - Ensuring Success with Data Integrity WebinarAI You Can Trust - Ensuring Success with Data Integrity Webinar
AI You Can Trust - Ensuring Success with Data Integrity Webinar
 
Bird eye's view on Camunda open source ecosystem
Bird eye's view on Camunda open source ecosystemBird eye's view on Camunda open source ecosystem
Bird eye's view on Camunda open source ecosystem
 
Machine Learning Model Validation (Aijun Zhang 2024).pdf
Machine Learning Model Validation (Aijun Zhang 2024).pdfMachine Learning Model Validation (Aijun Zhang 2024).pdf
Machine Learning Model Validation (Aijun Zhang 2024).pdf
 

Information Technology Security A Brief Overview 2001

  • 1. Information Technology Security A Brief Overview Maze & Associates Instructor: Donald E. Hester
  • 2. Objectives of IT Security ♦ The Confidentiality of Electronic Data ♦ The Integrity of Electronic Data ♦ The Availability of Electronic Data C.I.A.
  • 3. Part 1: Basic Security Triad As more and more information becomes available electronically, IT security will become more and more important.
  • 4. 1. Confidentiality ♦ For Secret or Private Information ♦ Confidentiality is the concept that information is unavailable to those who are unauthorized to access it. ♦ The concept of allowing access to information or resources only to those who need it is called access control.
  • 5. Confidentiality continued ♦ The privacy of customer and employee information is becoming more and more important, if not the business to the customer or employee. ♦ Legislation does mandate due diligence. ♦ We should ensure that only the proper people have access to the information needed to perform their job or that they have been authorized to access it ♦ Is often the last concern because it can impede business productivity.
  • 6. 2. Integrity ♦ For Accuracy and Authenticity ♦ Integrity ensures that information cannot be modified in unexpected ways. ♦ Loss of integrity could result from human error, intentional tampering, or even catastrophic events. ♦ The consequences of using inaccurate information be disastrous or even dangerous.
  • 7. Integrity continued ♦ For information to have any value and in order to produce quality product, the data must by protected against unauthorized or inadvertent modification. ♦ If the authenticity of the information is in doubt or compromised, the integrity is jeopardized.
  • 8. 3. Availability ♦ For Utility and Recovery ♦ Availability prevents resources from being deleted or becoming inaccessible. ♦ This applies not only to information, but also to network machines and other aspects of the technology infrastructure ♦ The inability to access required resources is called “denial of service” or D.O.S.
  • 9. Availability continued ♦ Information must be available and usable when needed. ♦ What is the cost of unavailability (Downtime)? ♦ What good is information if you can’t get it? ♦ Redundancy, regular backups and limiting physical access helps to increase availability
  • 10. Business Model ♦ Each business model requires emphasis on different security objectives. ♦ A national defense system will place the greatest emphasis on confidentiality. ♦ A bank has a greater need for integrity. ♦ An emergency medical system will emphasize availability.
  • 11. Part 2: Areas of Security Here are the five general Areas in Information Systems or Information Technologies security
  • 12. 1. Users ♦ Users need to be aware of security issues ♦ Users must be trained insecurity procedures ♦ Users need to follow guidelines (like not writing down passwords)
  • 13. 2. Application ♦ The application has its own independent access control beyond the network access control. ♦ An example would be module control in a financial application.
  • 14. 3. OS Operating System ♦ Every computer has an operating system that controls access to that computers resources. ♦ Example would be sharing a folder or printer. ♦ The OS also controls file system security (Like NTFS)
  • 15. 4. NOS Network Operating System ♦ The NOS controls access to network resources and authenticates users ♦ Internet access, server access, remote access and access to other networks are examples of controls implemented by the NOS ♦ Examples of NOS: Windows NT 4, Windows 2000, Novell Netware, Lantastic & UNIX
  • 16. 5. Physical ♦ Physical Control of any electronic device ♦ A server room controls physical access to servers ♦ Watching your laptop ♦ Keeping zip disk secure
  • 17. Who Controls the Access Control ♦ Who assigns permissions? ♦ Typically it is the IT department that assigns access controls for all 5 levels. ♦ This can cause problems because it only takes one person to grant access to all electronic information. ♦ How can we fix that?
  • 18. Distributed Access Control ♦ Distributed Access Control is having different departments or people assigning permission by level. Finance Director Network Administrator
  • 19. Distributed Access Control 2 ♦ By having the Finance Director assign permissions to the financial software and the Network Administrator assign permissions to the network or server you have distributed the Access Control ♦ To give a User access to the financial software it requires two separate people or departments to work together, in order to give that User access.
  • 20. Distributed Access Control Example ♦ The IS department or Network Administrator opens the first door and gives access to the Network. ♦ Then the Finance Director opens the next door the the financial application. ♦ This works if the Network Administrator does not have keys to the next door.
  • 21. Checks and Balances ♦ By having distributed access control effectively adds a layer of checks and balances. ♦ The finance director cannot open the second door for a user if the first door isn’t opened.
  • 22. Limiting Control ♦ More importantly the Network administrator does not have unlimited, unchecked control on assigning permissions.