Submit Search
Upload
Fundamentals of Information Systems Security Chapter 4
•
Download as PPTX, PDF
•
1 like
•
999 views
Dr. Ahmed Al Zaidy
Follow
Chapter 4: The Drivers of the Information Security Business
Read less
Read more
Education
Report
Share
Report
Share
1 of 27
Download now
Recommended
Fundamentals of Information Systems Security Chapter 10
Fundamentals of Information Systems Security Chapter 10
Dr. Ahmed Al Zaidy
Fundamentals of Information Systems Security Chapter 8
Fundamentals of Information Systems Security Chapter 8
Dr. Ahmed Al Zaidy
Fundamentals of Information Systems Security Chapter 5
Fundamentals of Information Systems Security Chapter 5
Dr. Ahmed Al Zaidy
Fundamentals of Information Systems Security Chapter 3
Fundamentals of Information Systems Security Chapter 3
Dr. Ahmed Al Zaidy
Fundamentals of Information Systems Security Chapter 6
Fundamentals of Information Systems Security Chapter 6
Dr. Ahmed Al Zaidy
Fundamentals of Information Systems Security Chapter 2
Fundamentals of Information Systems Security Chapter 2
Dr. Ahmed Al Zaidy
Fundamentals of Information Systems Security Chapter 9
Fundamentals of Information Systems Security Chapter 9
Dr. Ahmed Al Zaidy
Fundamentals of Information Systems Security Chapter 12
Fundamentals of Information Systems Security Chapter 12
Dr. Ahmed Al Zaidy
Recommended
Fundamentals of Information Systems Security Chapter 10
Fundamentals of Information Systems Security Chapter 10
Dr. Ahmed Al Zaidy
Fundamentals of Information Systems Security Chapter 8
Fundamentals of Information Systems Security Chapter 8
Dr. Ahmed Al Zaidy
Fundamentals of Information Systems Security Chapter 5
Fundamentals of Information Systems Security Chapter 5
Dr. Ahmed Al Zaidy
Fundamentals of Information Systems Security Chapter 3
Fundamentals of Information Systems Security Chapter 3
Dr. Ahmed Al Zaidy
Fundamentals of Information Systems Security Chapter 6
Fundamentals of Information Systems Security Chapter 6
Dr. Ahmed Al Zaidy
Fundamentals of Information Systems Security Chapter 2
Fundamentals of Information Systems Security Chapter 2
Dr. Ahmed Al Zaidy
Fundamentals of Information Systems Security Chapter 9
Fundamentals of Information Systems Security Chapter 9
Dr. Ahmed Al Zaidy
Fundamentals of Information Systems Security Chapter 12
Fundamentals of Information Systems Security Chapter 12
Dr. Ahmed Al Zaidy
Fundamentals of Information Systems Security Chapter 1
Fundamentals of Information Systems Security Chapter 1
Dr. Ahmed Al Zaidy
Fundamentals of Information Systems Security Chapter 11
Fundamentals of Information Systems Security Chapter 11
Dr. Ahmed Al Zaidy
Fundamentals of Information Systems Security Chapter 7
Fundamentals of Information Systems Security Chapter 7
Dr. Ahmed Al Zaidy
Information security
Information security
avinashbalakrishnan2
Machine Learning in Cyber Security Domain
Machine Learning in Cyber Security Domain
BGA Cyber Security
CIA Triad in Data Governance, Information Security, and Privacy: Its Role and...
CIA Triad in Data Governance, Information Security, and Privacy: Its Role and...
PECB
The Art of Cloud Auditing - ISACA ID
The Art of Cloud Auditing - ISACA ID
Eryk Budi Pratama
Isaca career paths - the highest paying certifications in the industry
Isaca career paths - the highest paying certifications in the industry
Infosec
GDPR and Security.pdf
GDPR and Security.pdf
Andrey Prozorov, CISM, CIPP/E, CDPSE. LA 27001
Guide to Risk Management Framework (RMF)
Guide to Risk Management Framework (RMF)
MetroStar
How to become a Cybersecurity Engineer? | Cybersecurity Salary | Cybersecurit...
How to become a Cybersecurity Engineer? | Cybersecurity Salary | Cybersecurit...
Edureka!
Key Data Privacy Roles Explained: Data Protection Officer, Information Securi...
Key Data Privacy Roles Explained: Data Protection Officer, Information Securi...
PECB
HOW AI CAN HELP IN CYBERSECURITY
HOW AI CAN HELP IN CYBERSECURITY
Priyanshu Ratnakar
Security & Compliance
Security & Compliance
Amazon Web Services
Cybersecurity Career Paths | Skills Required in Cybersecurity Career | Learn ...
Cybersecurity Career Paths | Skills Required in Cybersecurity Career | Learn ...
Edureka!
Cisco cybersecurity essentials chapter - 2
Cisco cybersecurity essentials chapter - 2
Mukesh Chinta
Gdpr presentation
Gdpr presentation
Sudarsan Reddy
IT Risk Management
IT Risk Management
Tudor Damian
Cybersecurity
Cybersecurity
ANGIEPAEZ304
Insider threat kill chain
Insider threat kill chain
Tarun Gupta,CRISC CISSP CISM CISA BCCE
Funsec3e ppt ch07
Funsec3e ppt ch07
Skillspire LLC
Funsec3e ppt ch06
Funsec3e ppt ch06
Skillspire LLC
More Related Content
What's hot
Fundamentals of Information Systems Security Chapter 1
Fundamentals of Information Systems Security Chapter 1
Dr. Ahmed Al Zaidy
Fundamentals of Information Systems Security Chapter 11
Fundamentals of Information Systems Security Chapter 11
Dr. Ahmed Al Zaidy
Fundamentals of Information Systems Security Chapter 7
Fundamentals of Information Systems Security Chapter 7
Dr. Ahmed Al Zaidy
Information security
Information security
avinashbalakrishnan2
Machine Learning in Cyber Security Domain
Machine Learning in Cyber Security Domain
BGA Cyber Security
CIA Triad in Data Governance, Information Security, and Privacy: Its Role and...
CIA Triad in Data Governance, Information Security, and Privacy: Its Role and...
PECB
The Art of Cloud Auditing - ISACA ID
The Art of Cloud Auditing - ISACA ID
Eryk Budi Pratama
Isaca career paths - the highest paying certifications in the industry
Isaca career paths - the highest paying certifications in the industry
Infosec
GDPR and Security.pdf
GDPR and Security.pdf
Andrey Prozorov, CISM, CIPP/E, CDPSE. LA 27001
Guide to Risk Management Framework (RMF)
Guide to Risk Management Framework (RMF)
MetroStar
How to become a Cybersecurity Engineer? | Cybersecurity Salary | Cybersecurit...
How to become a Cybersecurity Engineer? | Cybersecurity Salary | Cybersecurit...
Edureka!
Key Data Privacy Roles Explained: Data Protection Officer, Information Securi...
Key Data Privacy Roles Explained: Data Protection Officer, Information Securi...
PECB
HOW AI CAN HELP IN CYBERSECURITY
HOW AI CAN HELP IN CYBERSECURITY
Priyanshu Ratnakar
Security & Compliance
Security & Compliance
Amazon Web Services
Cybersecurity Career Paths | Skills Required in Cybersecurity Career | Learn ...
Cybersecurity Career Paths | Skills Required in Cybersecurity Career | Learn ...
Edureka!
Cisco cybersecurity essentials chapter - 2
Cisco cybersecurity essentials chapter - 2
Mukesh Chinta
Gdpr presentation
Gdpr presentation
Sudarsan Reddy
IT Risk Management
IT Risk Management
Tudor Damian
Cybersecurity
Cybersecurity
ANGIEPAEZ304
Insider threat kill chain
Insider threat kill chain
Tarun Gupta,CRISC CISSP CISM CISA BCCE
What's hot
(20)
Fundamentals of Information Systems Security Chapter 1
Fundamentals of Information Systems Security Chapter 1
Fundamentals of Information Systems Security Chapter 11
Fundamentals of Information Systems Security Chapter 11
Fundamentals of Information Systems Security Chapter 7
Fundamentals of Information Systems Security Chapter 7
Information security
Information security
Machine Learning in Cyber Security Domain
Machine Learning in Cyber Security Domain
CIA Triad in Data Governance, Information Security, and Privacy: Its Role and...
CIA Triad in Data Governance, Information Security, and Privacy: Its Role and...
The Art of Cloud Auditing - ISACA ID
The Art of Cloud Auditing - ISACA ID
Isaca career paths - the highest paying certifications in the industry
Isaca career paths - the highest paying certifications in the industry
GDPR and Security.pdf
GDPR and Security.pdf
Guide to Risk Management Framework (RMF)
Guide to Risk Management Framework (RMF)
How to become a Cybersecurity Engineer? | Cybersecurity Salary | Cybersecurit...
How to become a Cybersecurity Engineer? | Cybersecurity Salary | Cybersecurit...
Key Data Privacy Roles Explained: Data Protection Officer, Information Securi...
Key Data Privacy Roles Explained: Data Protection Officer, Information Securi...
HOW AI CAN HELP IN CYBERSECURITY
HOW AI CAN HELP IN CYBERSECURITY
Security & Compliance
Security & Compliance
Cybersecurity Career Paths | Skills Required in Cybersecurity Career | Learn ...
Cybersecurity Career Paths | Skills Required in Cybersecurity Career | Learn ...
Cisco cybersecurity essentials chapter - 2
Cisco cybersecurity essentials chapter - 2
Gdpr presentation
Gdpr presentation
IT Risk Management
IT Risk Management
Cybersecurity
Cybersecurity
Insider threat kill chain
Insider threat kill chain
Similar to Fundamentals of Information Systems Security Chapter 4
Funsec3e ppt ch07
Funsec3e ppt ch07
Skillspire LLC
Funsec3e ppt ch06
Funsec3e ppt ch06
Skillspire LLC
Dr_Kamal_ch01.pptx
Dr_Kamal_ch01.pptx
MhndHTaani
Funsec3e ppt ch03
Funsec3e ppt ch03
Skillspire LLC
Fundamentals of Information Systems Security Chapter 14
Fundamentals of Information Systems Security Chapter 14
Dr. Ahmed Al Zaidy
Funsec3e ppt ch14
Funsec3e ppt ch14
Skillspire LLC
cryptography.pptx
cryptography.pptx
MhndHTaani
Funsec3e ppt ch11
Funsec3e ppt ch11
Skillspire LLC
Proactive Risk Management and Compliance in a World of Digital Disruption
Proactive Risk Management and Compliance in a World of Digital Disruption
Mike Wons
Business Goals and Constraints.” Please respond to the following.docx
Business Goals and Constraints.” Please respond to the following.docx
felicidaddinwoodie
Fundamentals of Information Systems Security Chapter 15
Fundamentals of Information Systems Security Chapter 15
Dr. Ahmed Al Zaidy
Fundamentals of Information Systems Security Chapter 13
Fundamentals of Information Systems Security Chapter 13
Dr. Ahmed Al Zaidy
Security Policies and Implementation IssuesChapter 12Inciden.docx
Security Policies and Implementation IssuesChapter 12Inciden.docx
jeffreye3
info-sys-security3.pptx
info-sys-security3.pptx
MhndHTaani
Introduction to RESILIA and Cyber Resilience
Introduction to RESILIA and Cyber Resilience
Christian F. Nissen
Funsec3e ppt ch05
Funsec3e ppt ch05
Skillspire LLC
How Facility Controls Systems Present Cybersecurity Challenges - OSIsoft
How Facility Controls Systems Present Cybersecurity Challenges - OSIsoft
OSIsoft, LLC
Funsec3e ppt ch13
Funsec3e ppt ch13
Skillspire LLC
Forensic3e ppt ch13
Forensic3e ppt ch13
Skillspire LLC
GDPR Complaince: Don't Let SIEM BE Your Downfall
GDPR Complaince: Don't Let SIEM BE Your Downfall
Splunk
Similar to Fundamentals of Information Systems Security Chapter 4
(20)
Funsec3e ppt ch07
Funsec3e ppt ch07
Funsec3e ppt ch06
Funsec3e ppt ch06
Dr_Kamal_ch01.pptx
Dr_Kamal_ch01.pptx
Funsec3e ppt ch03
Funsec3e ppt ch03
Fundamentals of Information Systems Security Chapter 14
Fundamentals of Information Systems Security Chapter 14
Funsec3e ppt ch14
Funsec3e ppt ch14
cryptography.pptx
cryptography.pptx
Funsec3e ppt ch11
Funsec3e ppt ch11
Proactive Risk Management and Compliance in a World of Digital Disruption
Proactive Risk Management and Compliance in a World of Digital Disruption
Business Goals and Constraints.” Please respond to the following.docx
Business Goals and Constraints.” Please respond to the following.docx
Fundamentals of Information Systems Security Chapter 15
Fundamentals of Information Systems Security Chapter 15
Fundamentals of Information Systems Security Chapter 13
Fundamentals of Information Systems Security Chapter 13
Security Policies and Implementation IssuesChapter 12Inciden.docx
Security Policies and Implementation IssuesChapter 12Inciden.docx
info-sys-security3.pptx
info-sys-security3.pptx
Introduction to RESILIA and Cyber Resilience
Introduction to RESILIA and Cyber Resilience
Funsec3e ppt ch05
Funsec3e ppt ch05
How Facility Controls Systems Present Cybersecurity Challenges - OSIsoft
How Facility Controls Systems Present Cybersecurity Challenges - OSIsoft
Funsec3e ppt ch13
Funsec3e ppt ch13
Forensic3e ppt ch13
Forensic3e ppt ch13
GDPR Complaince: Don't Let SIEM BE Your Downfall
GDPR Complaince: Don't Let SIEM BE Your Downfall
More from Dr. Ahmed Al Zaidy
Chapter 14 Exploring Object-based Programming
Chapter 14 Exploring Object-based Programming
Dr. Ahmed Al Zaidy
Chapter 13 Programming for web forms
Chapter 13 Programming for web forms
Dr. Ahmed Al Zaidy
Chapter 12 Working with Document nodes and style sheets
Chapter 12 Working with Document nodes and style sheets
Dr. Ahmed Al Zaidy
Chapter 11 Working with Events and Styles
Chapter 11 Working with Events and Styles
Dr. Ahmed Al Zaidy
Chapter 10 Exploring arrays, loops, and conditional statements
Chapter 10 Exploring arrays, loops, and conditional statements
Dr. Ahmed Al Zaidy
Chapter 9 Getting Started with JavaScript
Chapter 9 Getting Started with JavaScript
Dr. Ahmed Al Zaidy
Chapter 8 Enhancing a website with multimedia
Chapter 8 Enhancing a website with multimedia
Dr. Ahmed Al Zaidy
Chapter 7 Designing a web form
Chapter 7 Designing a web form
Dr. Ahmed Al Zaidy
Chapter 6 Working with Tables and Columns
Chapter 6 Working with Tables and Columns
Dr. Ahmed Al Zaidy
Chapter 5 Designing for the mobile web
Chapter 5 Designing for the mobile web
Dr. Ahmed Al Zaidy
Chapter 4 Graphic Design with CSS
Chapter 4 Graphic Design with CSS
Dr. Ahmed Al Zaidy
Chapter 3 Designing a Page Layout
Chapter 3 Designing a Page Layout
Dr. Ahmed Al Zaidy
Chapter 2 Getting Started with CSS
Chapter 2 Getting Started with CSS
Dr. Ahmed Al Zaidy
Chapter 1 Getting Started with HTML5
Chapter 1 Getting Started with HTML5
Dr. Ahmed Al Zaidy
Integer overflows
Integer overflows
Dr. Ahmed Al Zaidy
testing throughout-the-software-life-cycle-section-2
testing throughout-the-software-life-cycle-section-2
Dr. Ahmed Al Zaidy
Fundamental of testing
Fundamental of testing
Dr. Ahmed Al Zaidy
Chapter 15 Risk Mitigation
Chapter 15 Risk Mitigation
Dr. Ahmed Al Zaidy
Chapter 14 Business Continuity
Chapter 14 Business Continuity
Dr. Ahmed Al Zaidy
Chapter 13 Vulnerability Assessment and Data Security
Chapter 13 Vulnerability Assessment and Data Security
Dr. Ahmed Al Zaidy
More from Dr. Ahmed Al Zaidy
(20)
Chapter 14 Exploring Object-based Programming
Chapter 14 Exploring Object-based Programming
Chapter 13 Programming for web forms
Chapter 13 Programming for web forms
Chapter 12 Working with Document nodes and style sheets
Chapter 12 Working with Document nodes and style sheets
Chapter 11 Working with Events and Styles
Chapter 11 Working with Events and Styles
Chapter 10 Exploring arrays, loops, and conditional statements
Chapter 10 Exploring arrays, loops, and conditional statements
Chapter 9 Getting Started with JavaScript
Chapter 9 Getting Started with JavaScript
Chapter 8 Enhancing a website with multimedia
Chapter 8 Enhancing a website with multimedia
Chapter 7 Designing a web form
Chapter 7 Designing a web form
Chapter 6 Working with Tables and Columns
Chapter 6 Working with Tables and Columns
Chapter 5 Designing for the mobile web
Chapter 5 Designing for the mobile web
Chapter 4 Graphic Design with CSS
Chapter 4 Graphic Design with CSS
Chapter 3 Designing a Page Layout
Chapter 3 Designing a Page Layout
Chapter 2 Getting Started with CSS
Chapter 2 Getting Started with CSS
Chapter 1 Getting Started with HTML5
Chapter 1 Getting Started with HTML5
Integer overflows
Integer overflows
testing throughout-the-software-life-cycle-section-2
testing throughout-the-software-life-cycle-section-2
Fundamental of testing
Fundamental of testing
Chapter 15 Risk Mitigation
Chapter 15 Risk Mitigation
Chapter 14 Business Continuity
Chapter 14 Business Continuity
Chapter 13 Vulnerability Assessment and Data Security
Chapter 13 Vulnerability Assessment and Data Security
Recently uploaded
Presiding Officer Training module 2024 lok sabha elections
Presiding Officer Training module 2024 lok sabha elections
anshu789521
OS-operating systems- ch04 (Threads) ...
OS-operating systems- ch04 (Threads) ...
Dr. Mazin Mohamed alkathiri
Enzyme, Pharmaceutical Aids, Miscellaneous Last Part of Chapter no 5th.pdf
Enzyme, Pharmaceutical Aids, Miscellaneous Last Part of Chapter no 5th.pdf
Sumit Tiwari
ECONOMIC CONTEXT - PAPER 1 Q3: NEWSPAPERS.pptx
ECONOMIC CONTEXT - PAPER 1 Q3: NEWSPAPERS.pptx
iammrhaywood
How to Make a Pirate ship Primary Education.pptx
How to Make a Pirate ship Primary Education.pptx
manuelaromero2013
What is Model Inheritance in Odoo 17 ERP
What is Model Inheritance in Odoo 17 ERP
Celine George
“Oh GOSH! Reflecting on Hackteria's Collaborative Practices in a Global Do-It...
“Oh GOSH! Reflecting on Hackteria's Collaborative Practices in a Global Do-It...
Marc Dusseiller Dusjagr
Introduction to AI in Higher Education_draft.pptx
Introduction to AI in Higher Education_draft.pptx
pboyjonauth
9953330565 Low Rate Call Girls In Rohini Delhi NCR
9953330565 Low Rate Call Girls In Rohini Delhi NCR
9953056974 Low Rate Call Girls In Saket, Delhi NCR
Final demo Grade 9 for demo Plan dessert.pptx
Final demo Grade 9 for demo Plan dessert.pptx
AvyJaneVismanos
ECONOMIC CONTEXT - LONG FORM TV DRAMA - PPT
ECONOMIC CONTEXT - LONG FORM TV DRAMA - PPT
iammrhaywood
18-04-UA_REPORT_MEDIALITERAСY_INDEX-DM_23-1-final-eng.pdf
18-04-UA_REPORT_MEDIALITERAСY_INDEX-DM_23-1-final-eng.pdf
ssuser54595a
How to Configure Email Server in Odoo 17
How to Configure Email Server in Odoo 17
Celine George
Blooming Together_ Growing a Community Garden Worksheet.docx
Blooming Together_ Growing a Community Garden Worksheet.docx
UnboundStockton
Difference Between Search & Browse Methods in Odoo 17
Difference Between Search & Browse Methods in Odoo 17
Celine George
Procuring digital preservation CAN be quick and painless with our new dynamic...
Procuring digital preservation CAN be quick and painless with our new dynamic...
Jisc
ENGLISH 7_Q4_LESSON 2_ Employing a Variety of Strategies for Effective Interp...
ENGLISH 7_Q4_LESSON 2_ Employing a Variety of Strategies for Effective Interp...
JhezDiaz1
call girls in Kamla Market (DELHI) 🔝 >༒9953330565🔝 genuine Escort Service 🔝✔️✔️
call girls in Kamla Market (DELHI) 🔝 >༒9953330565🔝 genuine Escort Service 🔝✔️✔️
9953056974 Low Rate Call Girls In Saket, Delhi NCR
Full Stack Web Development Course for Beginners
Full Stack Web Development Course for Beginners
Sabitha Banu
Computed Fields and api Depends in the Odoo 17
Computed Fields and api Depends in the Odoo 17
Celine George
Recently uploaded
(20)
Presiding Officer Training module 2024 lok sabha elections
Presiding Officer Training module 2024 lok sabha elections
OS-operating systems- ch04 (Threads) ...
OS-operating systems- ch04 (Threads) ...
Enzyme, Pharmaceutical Aids, Miscellaneous Last Part of Chapter no 5th.pdf
Enzyme, Pharmaceutical Aids, Miscellaneous Last Part of Chapter no 5th.pdf
ECONOMIC CONTEXT - PAPER 1 Q3: NEWSPAPERS.pptx
ECONOMIC CONTEXT - PAPER 1 Q3: NEWSPAPERS.pptx
How to Make a Pirate ship Primary Education.pptx
How to Make a Pirate ship Primary Education.pptx
What is Model Inheritance in Odoo 17 ERP
What is Model Inheritance in Odoo 17 ERP
“Oh GOSH! Reflecting on Hackteria's Collaborative Practices in a Global Do-It...
“Oh GOSH! Reflecting on Hackteria's Collaborative Practices in a Global Do-It...
Introduction to AI in Higher Education_draft.pptx
Introduction to AI in Higher Education_draft.pptx
9953330565 Low Rate Call Girls In Rohini Delhi NCR
9953330565 Low Rate Call Girls In Rohini Delhi NCR
Final demo Grade 9 for demo Plan dessert.pptx
Final demo Grade 9 for demo Plan dessert.pptx
ECONOMIC CONTEXT - LONG FORM TV DRAMA - PPT
ECONOMIC CONTEXT - LONG FORM TV DRAMA - PPT
18-04-UA_REPORT_MEDIALITERAСY_INDEX-DM_23-1-final-eng.pdf
18-04-UA_REPORT_MEDIALITERAСY_INDEX-DM_23-1-final-eng.pdf
How to Configure Email Server in Odoo 17
How to Configure Email Server in Odoo 17
Blooming Together_ Growing a Community Garden Worksheet.docx
Blooming Together_ Growing a Community Garden Worksheet.docx
Difference Between Search & Browse Methods in Odoo 17
Difference Between Search & Browse Methods in Odoo 17
Procuring digital preservation CAN be quick and painless with our new dynamic...
Procuring digital preservation CAN be quick and painless with our new dynamic...
ENGLISH 7_Q4_LESSON 2_ Employing a Variety of Strategies for Effective Interp...
ENGLISH 7_Q4_LESSON 2_ Employing a Variety of Strategies for Effective Interp...
call girls in Kamla Market (DELHI) 🔝 >༒9953330565🔝 genuine Escort Service 🔝✔️✔️
call girls in Kamla Market (DELHI) 🔝 >༒9953330565🔝 genuine Escort Service 🔝✔️✔️
Full Stack Web Development Course for Beginners
Full Stack Web Development Course for Beginners
Computed Fields and api Depends in the Odoo 17
Computed Fields and api Depends in the Odoo 17
Fundamentals of Information Systems Security Chapter 4
1.
© 2018 Jones
and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Fundamentals of Information Systems Security Lesson 4 The Drivers of the Information Security Business
2.
Page 2Fundamentals of
Information Systems Security © 2018 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Page 2Fundamentals of Information Systems Security © 2018 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Learning Objective(s) Explain information systems security and its effect on people and businesses.
3.
Page 3Fundamentals of
Information Systems Security © 2018 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Page 3Fundamentals of Information Systems Security © 2018 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Key Concepts Risk management and approaches Business impact analysis (BIA), business continuity plan (BCP), and disaster recovery plan (DRP) Impact of risks, threats, and vulnerabilities on the IT infrastructure Adhering to compliance laws and governance Managing and mitigating risk
4.
Page 4Fundamentals of
Information Systems Security © 2018 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Page 4Fundamentals of Information Systems Security © 2018 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Business Drivers Elements in an organization that support business objectives People Information Conditions
5.
Page 5Fundamentals of
Information Systems Security © 2018 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Page 5Fundamentals of Information Systems Security © 2018 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Defining Risk Management Process of identifying, assessing, prioritizing, and addressing risks Ensures you have planned for risks that may affect your organization
6.
Page 6Fundamentals of
Information Systems Security © 2018 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Page 6Fundamentals of Information Systems Security © 2018 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Risks, Threats, and Vulnerabilities
7.
Page 7Fundamentals of
Information Systems Security © 2018 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Page 7Fundamentals of Information Systems Security © 2018 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Defining Risk Management A description of how you will manage risk Risk methodology A list of identified risks Risk register
8.
Page 8Fundamentals of
Information Systems Security © 2018 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Page 8Fundamentals of Information Systems Security © 2018 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Implementing a BIA, a BCP, and a DRP Protecting an organization’s IT resources and ensuring that events do not interrupt normal business functions Business impact analysis (BIA) Business continuity plan (BCP) Disaster recovery plan (DRP)
9.
Page 9Fundamentals of
Information Systems Security © 2018 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Page 9Fundamentals of Information Systems Security © 2018 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Business Impact Analysis (BIA) An analysis of an organization’s functions and activities that classifies them as critical or noncritical Identifies the impact to the business if one or more IT functions fails Identifies the priority of different critical systems
10.
Page 10Fundamentals of
Information Systems Security © 2018 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Page 10Fundamentals of Information Systems Security © 2018 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. BIA Recovery Goals and Requirements Recovery point objective (RPO) Recovery time objective (RTO) Business recovery requirements Technical recovery requirements
11.
Page 11Fundamentals of
Information Systems Security © 2018 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Page 11Fundamentals of Information Systems Security © 2018 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Business Continuity Plan (BCP) A written plan for a structured response to any events that result in an interruption to critical business activities or functions Order of priorities: 1. Safety and well-being of people 2. Continuity of critical business functions and operations 3. Continuity of IT infrastructure components within the seven domains of an IT infrastructure
12.
Page 12Fundamentals of
Information Systems Security © 2018 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Page 12Fundamentals of Information Systems Security © 2018 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Elements of a Complete BCP Policy statement defining the policy, standards, procedures, and guidelines for deployment Project team members with defined roles, responsibilities, and accountabilities Emergency response procedures and protection of life, safety, and infrastructure Situation and damage assessment Resource salvage and recovery Alternate facilities or triage for short-term or long-term emergency mode of operations and business recovery
13.
Page 13Fundamentals of
Information Systems Security © 2018 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Page 13Fundamentals of Information Systems Security © 2018 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Disaster Recovery Plan (DRP) Disaster • Is an event that affects multiple business processes for an extended period • Causes substantial resource damage you must address before you can resolve business process interruption DRP • Includes specific steps and procedures to recover from a disaster • Is part of a BCP • Extends and supports the BCP
14.
Page 14Fundamentals of
Information Systems Security © 2018 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Page 14Fundamentals of Information Systems Security © 2018 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Disaster Recovery Plan (DRP) Threat analysis Impact scenarios Recovery requirement documentation Disaster recovery
15.
Page 15Fundamentals of
Information Systems Security © 2018 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Page 15Fundamentals of Information Systems Security © 2018 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Disaster Recovery Plan (DRP) • Has environmental utilities, hardware, software, and data like original data center Hot site • Has environmental utilities and basic computer hardwareWarm site • Has basic environmental utilities but no infrastructure componentsCold site • Trailer with necessary environmental utilities, can operate as warm or cold site Mobile site
16.
Page 16Fundamentals of
Information Systems Security © 2018 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Page 16Fundamentals of Information Systems Security © 2018 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Assessing Risks, Threats, and Vulnerabilities Risk Management Guide for Information Technology Systems (NIST SP800-30) CCTA Risk Analysis and Management Method (CRAMM) Operationally Critical Threat, Asset, and Vulnerability Evaluation (OCTAVE) ISO/IEC 27005 “Information Security Risk Management”
17.
Page 17Fundamentals of
Information Systems Security © 2018 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Page 17Fundamentals of Information Systems Security © 2018 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Closing the Information Security Gap Security gap Difference between the security controls in place and controls you need to address vulnerabilities Gap analysis Comparison of the security controls in place and the controls you need to address all identified threats
18.
Page 18Fundamentals of
Information Systems Security © 2018 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Page 18Fundamentals of Information Systems Security © 2018 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Steps for Conducting a Gap Analysis Identify applicable elements of security policy and other standards Assemble policy, standard, procedure, and guideline documents Review and assess implementation of policies, standards, procedures, and guidelines Collect hardware and software inventory information
19.
Page 19Fundamentals of
Information Systems Security © 2018 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Page 19Fundamentals of Information Systems Security © 2018 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Steps for Conducting a Gap Analysis (cont.) Interview users to assess knowledge of and compliance with policies Compare current security environment with policies Prioritize identified gaps for resolution Document and implement remedies to conform to policies
20.
Page 20Fundamentals of
Information Systems Security © 2018 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Page 20Fundamentals of Information Systems Security © 2018 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Adhering to Compliance Laws Sarbanes-Oxley Act (SOX) Health Insurance Portability and Accountability Act (HIPAA) Gramm-Leach-Bliley Act (GLBA) Payment Card Industry Data Security Standard (PCI DSS) Federal Information Security Modernization Act (FISMA) Government Information Security Reform Act (Security Reform Act) of 2000
21.
Page 21Fundamentals of
Information Systems Security © 2018 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Page 21Fundamentals of Information Systems Security © 2018 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Keeping Private Data Confidential Ensuring availability and integrity is important You cannot undo a confidentiality violation
22.
Page 22Fundamentals of
Information Systems Security © 2018 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Page 22Fundamentals of Information Systems Security © 2018 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. The Three Tenets of Information Security
23.
Page 23Fundamentals of
Information Systems Security © 2018 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Page 23Fundamentals of Information Systems Security © 2018 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Keeping Private Data Confidential Authentication controls Authorization controls Passwords and PINs Authentication server rules and permissions Smart cards/ tokens Access control lists Biometric devices Intrusion detection/ prevention Digital certificates Physical access control Challenge-response handshakes Connection/access policy filters Kerberos authentication Network traffic filters One-time passwords
24.
Page 24Fundamentals of
Information Systems Security © 2018 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Page 24Fundamentals of Information Systems Security © 2018 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Mobile Workers and Use of Personally Owned Devices Mobility • Allows remote workers and employees to be connected to the IT infrastructure in almost real time Bring Your Own Device (BYOD) • Employees using their personally owned devices for business and personal use
25.
Page 25Fundamentals of
Information Systems Security © 2018 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Page 25Fundamentals of Information Systems Security © 2018 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. BYOD Concerns/Policy Definition Data ownership Antivirus management Support ownership Privacy User acceptance Legal concerns
26.
Page 26Fundamentals of
Information Systems Security © 2018 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Page 26Fundamentals of Information Systems Security © 2018 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Endpoint and Device Security Full device encryption Remote wiping Global positioning system (GPS) Asset tracking Device access control Removable storage
27.
Page 27Fundamentals of
Information Systems Security © 2018 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Page 27Fundamentals of Information Systems Security © 2018 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Summary Risk management and approaches Business impact analysis (BIA), business continuity plan (BCP), and disaster recovery plan (DRP) Impact of risks, threats, and vulnerabilities on the IT infrastructure Adhering to compliance laws and governance Managing and mitigating risk
Download now