Submit Search
Upload
Dr_Kamal_ch01.pptx
•
Download as PPTX, PDF
•
0 likes
•
9 views
M
MhndHTaani
Follow
information system security
Read less
Read more
Technology
Report
Share
Report
Share
1 of 33
Download now
Recommended
Fundamentals of Information Systems Security Chapter 1
Fundamentals of Information Systems Security Chapter 1
Dr. Ahmed Al Zaidy
Funsec3e ppt ch03
Funsec3e ppt ch03
Skillspire LLC
Fundamentals of Information Systems Security Chapter 6
Fundamentals of Information Systems Security Chapter 6
Dr. Ahmed Al Zaidy
Funsec3e ppt ch06
Funsec3e ppt ch06
Skillspire LLC
Fundamentals of Information Systems Security Chapter 3
Fundamentals of Information Systems Security Chapter 3
Dr. Ahmed Al Zaidy
Funsec3e ppt ch07
Funsec3e ppt ch07
Skillspire LLC
cryptography.pptx
cryptography.pptx
MhndHTaani
Fundamentals of Information Systems Security Chapter 11
Fundamentals of Information Systems Security Chapter 11
Dr. Ahmed Al Zaidy
Recommended
Fundamentals of Information Systems Security Chapter 1
Fundamentals of Information Systems Security Chapter 1
Dr. Ahmed Al Zaidy
Funsec3e ppt ch03
Funsec3e ppt ch03
Skillspire LLC
Fundamentals of Information Systems Security Chapter 6
Fundamentals of Information Systems Security Chapter 6
Dr. Ahmed Al Zaidy
Funsec3e ppt ch06
Funsec3e ppt ch06
Skillspire LLC
Fundamentals of Information Systems Security Chapter 3
Fundamentals of Information Systems Security Chapter 3
Dr. Ahmed Al Zaidy
Funsec3e ppt ch07
Funsec3e ppt ch07
Skillspire LLC
cryptography.pptx
cryptography.pptx
MhndHTaani
Fundamentals of Information Systems Security Chapter 11
Fundamentals of Information Systems Security Chapter 11
Dr. Ahmed Al Zaidy
Fundamentals of Information Systems Security Chapter 7
Fundamentals of Information Systems Security Chapter 7
Dr. Ahmed Al Zaidy
Fundamentals of Information Systems Security Chapter 15
Fundamentals of Information Systems Security Chapter 15
Dr. Ahmed Al Zaidy
Fundamentals of Information Systems Security Chapter 4
Fundamentals of Information Systems Security Chapter 4
Dr. Ahmed Al Zaidy
Funsec3e ppt ch11
Funsec3e ppt ch11
Skillspire LLC
info-sys-security3.pptx
info-sys-security3.pptx
MhndHTaani
Fundamentals of Information Systems Security Chapter 2
Fundamentals of Information Systems Security Chapter 2
Dr. Ahmed Al Zaidy
Fundamentals of Information Systems Security Chapter 5
Fundamentals of Information Systems Security Chapter 5
Dr. Ahmed Al Zaidy
info-sys-security.pptx
info-sys-security.pptx
MhndHTaani
Fundamentals of Information Systems Security Chapter 9
Fundamentals of Information Systems Security Chapter 9
Dr. Ahmed Al Zaidy
Funsec3e ppt ch05
Funsec3e ppt ch05
Skillspire LLC
Fundamentals of Information Systems Security Lesson 3Malic.docx
Fundamentals of Information Systems Security Lesson 3Malic.docx
shericehewat
Fundamentals of Information Systems Security Chapter 8
Fundamentals of Information Systems Security Chapter 8
Dr. Ahmed Al Zaidy
Fundamentals of Information Systems Security Chapter 13
Fundamentals of Information Systems Security Chapter 13
Dr. Ahmed Al Zaidy
Funsec3e ppt ch14
Funsec3e ppt ch14
Skillspire LLC
Fundamentals of Information Systems Security Chapter 14
Fundamentals of Information Systems Security Chapter 14
Dr. Ahmed Al Zaidy
Fundamentals of Information Systems Security Chapter 12
Fundamentals of Information Systems Security Chapter 12
Dr. Ahmed Al Zaidy
Funsec3e ppt ch13
Funsec3e ppt ch13
Skillspire LLC
Fundamentals of Information Systems Security Lesson 2The I.docx
Fundamentals of Information Systems Security Lesson 2The I.docx
shericehewat
Understanding Federal IT Compliance in Three Steps - SharePoint Fest DC
Understanding Federal IT Compliance in Three Steps - SharePoint Fest DC
Adam Levithan
Proactive Risk Management and Compliance in a World of Digital Disruption
Proactive Risk Management and Compliance in a World of Digital Disruption
Mike Wons
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire business
panagenda
CNIC Information System with Pakdata Cf In Pakistan
CNIC Information System with Pakdata Cf In Pakistan
danishmna97
More Related Content
Similar to Dr_Kamal_ch01.pptx
Fundamentals of Information Systems Security Chapter 7
Fundamentals of Information Systems Security Chapter 7
Dr. Ahmed Al Zaidy
Fundamentals of Information Systems Security Chapter 15
Fundamentals of Information Systems Security Chapter 15
Dr. Ahmed Al Zaidy
Fundamentals of Information Systems Security Chapter 4
Fundamentals of Information Systems Security Chapter 4
Dr. Ahmed Al Zaidy
Funsec3e ppt ch11
Funsec3e ppt ch11
Skillspire LLC
info-sys-security3.pptx
info-sys-security3.pptx
MhndHTaani
Fundamentals of Information Systems Security Chapter 2
Fundamentals of Information Systems Security Chapter 2
Dr. Ahmed Al Zaidy
Fundamentals of Information Systems Security Chapter 5
Fundamentals of Information Systems Security Chapter 5
Dr. Ahmed Al Zaidy
info-sys-security.pptx
info-sys-security.pptx
MhndHTaani
Fundamentals of Information Systems Security Chapter 9
Fundamentals of Information Systems Security Chapter 9
Dr. Ahmed Al Zaidy
Funsec3e ppt ch05
Funsec3e ppt ch05
Skillspire LLC
Fundamentals of Information Systems Security Lesson 3Malic.docx
Fundamentals of Information Systems Security Lesson 3Malic.docx
shericehewat
Fundamentals of Information Systems Security Chapter 8
Fundamentals of Information Systems Security Chapter 8
Dr. Ahmed Al Zaidy
Fundamentals of Information Systems Security Chapter 13
Fundamentals of Information Systems Security Chapter 13
Dr. Ahmed Al Zaidy
Funsec3e ppt ch14
Funsec3e ppt ch14
Skillspire LLC
Fundamentals of Information Systems Security Chapter 14
Fundamentals of Information Systems Security Chapter 14
Dr. Ahmed Al Zaidy
Fundamentals of Information Systems Security Chapter 12
Fundamentals of Information Systems Security Chapter 12
Dr. Ahmed Al Zaidy
Funsec3e ppt ch13
Funsec3e ppt ch13
Skillspire LLC
Fundamentals of Information Systems Security Lesson 2The I.docx
Fundamentals of Information Systems Security Lesson 2The I.docx
shericehewat
Understanding Federal IT Compliance in Three Steps - SharePoint Fest DC
Understanding Federal IT Compliance in Three Steps - SharePoint Fest DC
Adam Levithan
Proactive Risk Management and Compliance in a World of Digital Disruption
Proactive Risk Management and Compliance in a World of Digital Disruption
Mike Wons
Similar to Dr_Kamal_ch01.pptx
(20)
Fundamentals of Information Systems Security Chapter 7
Fundamentals of Information Systems Security Chapter 7
Fundamentals of Information Systems Security Chapter 15
Fundamentals of Information Systems Security Chapter 15
Fundamentals of Information Systems Security Chapter 4
Fundamentals of Information Systems Security Chapter 4
Funsec3e ppt ch11
Funsec3e ppt ch11
info-sys-security3.pptx
info-sys-security3.pptx
Fundamentals of Information Systems Security Chapter 2
Fundamentals of Information Systems Security Chapter 2
Fundamentals of Information Systems Security Chapter 5
Fundamentals of Information Systems Security Chapter 5
info-sys-security.pptx
info-sys-security.pptx
Fundamentals of Information Systems Security Chapter 9
Fundamentals of Information Systems Security Chapter 9
Funsec3e ppt ch05
Funsec3e ppt ch05
Fundamentals of Information Systems Security Lesson 3Malic.docx
Fundamentals of Information Systems Security Lesson 3Malic.docx
Fundamentals of Information Systems Security Chapter 8
Fundamentals of Information Systems Security Chapter 8
Fundamentals of Information Systems Security Chapter 13
Fundamentals of Information Systems Security Chapter 13
Funsec3e ppt ch14
Funsec3e ppt ch14
Fundamentals of Information Systems Security Chapter 14
Fundamentals of Information Systems Security Chapter 14
Fundamentals of Information Systems Security Chapter 12
Fundamentals of Information Systems Security Chapter 12
Funsec3e ppt ch13
Funsec3e ppt ch13
Fundamentals of Information Systems Security Lesson 2The I.docx
Fundamentals of Information Systems Security Lesson 2The I.docx
Understanding Federal IT Compliance in Three Steps - SharePoint Fest DC
Understanding Federal IT Compliance in Three Steps - SharePoint Fest DC
Proactive Risk Management and Compliance in a World of Digital Disruption
Proactive Risk Management and Compliance in a World of Digital Disruption
Recently uploaded
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire business
panagenda
CNIC Information System with Pakdata Cf In Pakistan
CNIC Information System with Pakdata Cf In Pakistan
danishmna97
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
DianaGray10
[BuildWithAI] Introduction to Gemini.pdf
[BuildWithAI] Introduction to Gemini.pdf
Sandro Moreira
MS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectors
Nanddeep Nachan
WSO2's API Vision: Unifying Control, Empowering Developers
WSO2's API Vision: Unifying Control, Empowering Developers
WSO2
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
apidays
DBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor Presentation
Dropbox
FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024
The Digital Insurer
Architecting Cloud Native Applications
Architecting Cloud Native Applications
WSO2
Vector Search -An Introduction in Oracle Database 23ai.pptx
Vector Search -An Introduction in Oracle Database 23ai.pptx
Remote DBA Services
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Angeliki Cooney
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Edi Saputra
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Victor Rentea
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
?#DUbAI#??##{{(☎️+971_581248768%)**%*]'#abortion pills for sale in dubai@
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
Zilliz
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Victor Rentea
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
apidays
Platformless Horizons for Digital Adaptability
Platformless Horizons for Digital Adaptability
WSO2
Elevate Developer Efficiency & build GenAI Application with Amazon Q
Elevate Developer Efficiency & build GenAI Application with Amazon Q
Bhuvaneswari Subramani
Recently uploaded
(20)
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire business
CNIC Information System with Pakdata Cf In Pakistan
CNIC Information System with Pakdata Cf In Pakistan
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
[BuildWithAI] Introduction to Gemini.pdf
[BuildWithAI] Introduction to Gemini.pdf
MS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectors
WSO2's API Vision: Unifying Control, Empowering Developers
WSO2's API Vision: Unifying Control, Empowering Developers
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
DBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor Presentation
FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024
Architecting Cloud Native Applications
Architecting Cloud Native Applications
Vector Search -An Introduction in Oracle Database 23ai.pptx
Vector Search -An Introduction in Oracle Database 23ai.pptx
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
Platformless Horizons for Digital Adaptability
Platformless Horizons for Digital Adaptability
Elevate Developer Efficiency & build GenAI Application with Amazon Q
Elevate Developer Efficiency & build GenAI Application with Amazon Q
Dr_Kamal_ch01.pptx
1.
© 2018 Jones
and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Fundamentals of Information Systems Security Lesson 1 Information Systems Security
2.
Learning Objective(s) © 2018
Jones and Bartlett Learning, LLC, an Ascend Learning Company Page 2Fundamentals of Information Systems Security www.jblearning.com All rights reserved. © 2018 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Fundamentals of Information Systems Security Page 2 Explain information systems security and its effect on people and businesses.
3.
Key Concepts © 2018
Jones and Bartlett Learning, LLC, an Ascend Learning Company Page 2Fundamentals of Information Systems Security www.jblearning.com All rights reserved. © 2018 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Fundamentals of Information Systems Security Page 3 Information systems security concepts Confidentiality, integrity, and availability (CIA) The seven domains of an IT infrastructure The weakest link in the security of an IT infrastructure IT security policy framework and data classification standard
4.
Information Systems Security Internet •
Is a worldwide network with more than 2 billion users • Includes governments, businesses, and organizations • Links communication networks to one another World Wide Web • A system that defines how documents and resources are related across network machines © 2018 Jones and Bartlett Learning, LLC, an Ascend Learning Company Page 2Fundamentals of Information Systems Security www.jblearning.com All rights reserved. © 2018 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Fundamentals of Information Systems Security Page 4
5.
Recent Data Breaches:
Examples Adobe Systems Incorporated, 2013 • Hackers published data for 150 million accounts • Stole encrypted customer credit card data • Compromised login credentials U.S. Office of Personnel Management, 2015 • Data breach impacted 22 million people • Stole SSNs, names, places of birth, addresses • Millions must be monitored for identity theft for years © 2018 Jones and Bartlett Learning, LLC, an Ascend Learning Company Page 2Fundamentals of Information Systems Security www.jblearning.com All rights reserved. © 2018 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Fundamentals of Information Systems Security Page 5
6.
Cyberspace: The New
Frontier © 2018 Jones and Bartlett Learning, LLC, an Ascend Learning Company Page 2Fundamentals of Information Systems Security www.jblearning.com All rights reserved. © 2018 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Fundamentals of Information Systems Security Page 6
7.
Internet of Things
(IoT) © 2018 Jones and Bartlett Learning, LLC, an Ascend Learning Company Page 2Fundamentals of Information Systems Security www.jblearning.com All rights reserved. © 2018 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Fundamentals of Information Systems Security Page 7
8.
Risks, Threats, and
Vulnerabilities Likelihood that something bad will happen to an asset Risk Any action that could damage an asset Threat A weakness that allows a threat to be realized or to have an effect on an asset Vulnerability © 2018 Jones and Bartlett Learning, LLC, an Ascend Learning Company Page 2Fundamentals of Information Systems Security www.jblearning.com All rights reserved. © 2018 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Fundamentals of Information Systems Security Page 8
9.
What Is Information
Systems Security? Hardware, operating system, and application software that work together to collect, process, and store data for individuals and organizations Information system The collection of activities that protect the information system and the data stored in it. Information system security © 2018 Jones and Bartlett Learning, LLC, an Ascend Learning Company Page 2Fundamentals of Information Systems Security www.jblearning.com All rights reserved. © 2018 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Fundamentals of Information Systems Security Page 9
10.
U.S. Compliance Laws
Drive Need for Information Systems Security © 2018 Jones and Bartlett Learning, LLC, an Ascend Learning Company Page 2Fundamentals of Information Systems Security www.jblearning.com All rights reserved. © 2018 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Fundamentals of Information Systems Security Page 10
11.
Tenets of Information
Systems Security © 2018 Jones and Bartlett Learning, LLC, an Ascend Learning Company Page 2Fundamentals of Information Systems Security www.jblearning.com All rights reserved. © 2018 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Fundamentals of Information Systems Security Page 11
12.
Tenets of Information
Systems Security © 2018 Jones and Bartlett Learning, LLC, an Ascend Learning Company Page 2Fundamentals of Information Systems Security www.jblearning.com All rights reserved. © 2018 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Fundamentals of Information Systems Security Page 12 Confidentiality: Only authorized users can view information. Integrity: Only authorized users can change information. Availability: Information is accessible by authorized users whenever they request the information.
13.
Confidentiality Private data of individuals Intellectual property of businesses National security
for countries and government © 2018 Jones and Bartlett Learning, LLC, an Ascend Learning Company Page 2Fundamentals of Information Systems Security www.jblearning.com All rights reserved. © 2018 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Fundamentals of Information Systems Security Page 13
14.
Confidentiality (cont.) Practice of
hiding data and keeping it away from unauthorized users Cryptography The process of transforming data from cleartext into ciphertext Encryption The scrambled data that are the result of encrypting cleartext Ciphertext © 2018 Jones and Bartlett Learning, LLC, an Ascend Learning Company Page 2Fundamentals of Information Systems Security www.jblearning.com All rights reserved. © 2018 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Fundamentals of Information Systems Security Page 14
15.
Encryption of Cleartext
into Ciphertext © 2018 Jones and Bartlett Learning, LLC, an Ascend Learning Company Page 2Fundamentals of Information Systems Security www.jblearning.com All rights reserved. © 2018 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Fundamentals of Information Systems Security Page 15
16.
Integrity Maintain valid, uncorrupted,
and accurate information © 2018 Jones and Bartlett Learning, LLC, an Ascend Learning Company Page 2Fundamentals of Information Systems Security www.jblearning.com All rights reserved. © 2018 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Fundamentals of Information Systems Security Page 16
17.
Availability © 2018 Jones
and Bartlett Learning, LLC, an Ascend Learning Company Page 2Fundamentals of Information Systems Security www.jblearning.com All rights reserved. © 2018 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Fundamentals of Information Systems Security Page 17 In the context of information security • The amount of time users can use a system, application, and data
18.
Availability Time Measurements Uptime Downtime Availability
[A = (Total Uptime)/(Total Uptime + Total Downtime)] Mean time to failure (MTTF) Mean time to repair (MTTR) Mean time between failures (MTBF) Recovery time objective (RTO) © 2018 Jones and Bartlett Learning, LLC, an Ascend Learning Company Page 2Fundamentals of Information Systems Security www.jblearning.com All rights reserved. © 2018 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Fundamentals of Information Systems Security Page 18
19.
Seven Domains of
a Typical IT Infrastructure © 2018 Jones and Bartlett Learning, LLC, an Ascend Learning Company Page 2Fundamentals of Information Systems Security www.jblearning.com All rights reserved. © 2018 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Fundamentals of Information Systems Security Page 19
20.
Seven Domains of
a Typical IT Infrastructure © 2018 Jones and Bartlett Learning, LLC, an Ascend Learning Company Page 2Fundamentals of Information Systems Security www.jblearning.com All rights reserved. © 2018 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Fundamentals of Information Systems Security Page 20 1. User Domain: Defines the people who access an organization’s information systems 2. Workstation Domain: Includes desktop computers, laptop computers, special-purpose terminals, or any other device that connects to the network 3. LAN Domain: A collection of computers connected to one another or to a common connection medium 4. LAN-to-WAN Domain: Where the IT infrastructure links to a wide area network and the Internet 5. WAN Domain: Connects remote locations 6. Remote Access Domain: Connects remote users to an organization’s IT infrastructure 7. System/Application Domain: Holds all mission-critical systems, applications, and data
21.
User Domain Roles and
tasks • Users can access systems, applications, and data depending upon their defined access rights. Responsibilities • Employees are responsible for their use of IT assets. Accountability • HR department is accountable for implementing proper employee background checks. © 2018 Jones and Bartlett Learning, LLC, an Ascend Learning Company Page 2Fundamentals of Information Systems Security www.jblearning.com All rights reserved. © 2018 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Fundamentals of Information Systems Security Page 21
22.
Common Threats in
the User Domain © 2018 Jones and Bartlett Learning, LLC, an Ascend Learning Company Page 2Fundamentals of Information Systems Security www.jblearning.com All rights reserved. © 2018 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Fundamentals of Information Systems Security Page 22 Lack of user awareness User apathy toward policies User violating security policy User inserting CD/USB with personal files User downloading photos, music, or videos User destructing systems, applications, and data Disgruntled employee attacking organization or committing sabotage Employee blackmail or extortion
23.
Workstation Domain Roles and
tasks • Configure hardware, harden systems, and verify antivirus files. Responsibilities • Ensure the integrity of user workstations and data. Accountability • Director of IT security is generally in charge of ensuring that the Workstation Domain conforms to policy. © 2018 Jones and Bartlett Learning, LLC, an Ascend Learning Company Page 2Fundamentals of Information Systems Security www.jblearning.com All rights reserved. © 2018 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Fundamentals of Information Systems Security Page 23
24.
Common Threats in
the Workstation Domain © 2018 Jones and Bartlett Learning, LLC, an Ascend Learning Company Page 2Fundamentals of Information Systems Security www.jblearning.com All rights reserved. © 2018 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Fundamentals of Information Systems Security Page 24 Unauthorized workstation access Unauthorized access to systems, applications, and data Desktop or laptop operating system vulnerabilities Desktop or laptop application software vulnerabilities or patches Viruses, malicious code, and other malware User inserting CD/DVD/USB with personal files User downloading photos, music, or videos
25.
LAN Domain Roles and
tasks • Includes both physical network components and logical configuration of services for users. Responsibilities • LAN support group is in charge of physical components and logical elements. Accountability • LAN manager’s duty is to maximize use and integrity of data within the LAN Domain. © 2018 Jones and Bartlett Learning, LLC, an Ascend Learning Company Page 2Fundamentals of Information Systems Security www.jblearning.com All rights reserved. © 2018 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Fundamentals of Information Systems Security Page 25
26.
Common Threats in
the LAN Domain © 2018 Jones and Bartlett Learning, LLC, an Ascend Learning Company Page 2Fundamentals of Information Systems Security www.jblearning.com All rights reserved. © 2018 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Fundamentals of Information Systems Security Page 26 Unauthorized physical access to LAN Unauthorized access to systems, applications, and data LAN server operating system vulnerabilities LAN server application software vulnerabilities and software patch updates Rogue users on WLANs Confidentiality of data on WLANs LAN server configuration guidelines and standards
27.
Weakest Link in
the Security of an IT Infrastructure User is weakest link in security Strategies for reducing risk • Check background of job candidates carefully. • Evaluate staff regularly. • Rotate access to sensitive systems, applications, and data among staff positions. • Test applications and software and review for quality • Regularly review security plans. • Perform annual security control audits. © 2018 Jones and Bartlett Learning, LLC, an Ascend Learning Company Page 2Fundamentals of Information Systems Security www.jblearning.com All rights reserved. © 2018 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Fundamentals of Information Systems Security Page 27
28.
Ethics and the
Internet © 2018 Jones and Bartlett Learning, LLC, an Ascend Learning Company Page 2Fundamentals of Information Systems Security www.jblearning.com All rights reserved. © 2018 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Fundamentals of Information Systems Security Page 28 Human behavior online is often less mature than in normal social settings Demand for systems security professionals is growing so rapidly U.S. government and Internet Architecture Board (IAB) defined a policy regarding acceptable use of Internet geared toward U.S. citizens • Policy is not a law or mandated
29.
IT Security Policy
Framework Policy • A short written statement that defines a course of action that applies to entire organization Standard • A detailed written definition of how software and hardware are to be used Procedures • Written instructions for how to use policies and standards Guidelines • Suggested course of action for using policy, standard, or procedure © 2018 Jones and Bartlett Learning, LLC, an Ascend Learning Company Page 2Fundamentals of Information Systems Security www.jblearning.com All rights reserved. © 2018 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Fundamentals of Information Systems Security Page 29
30.
Hierarchical IT Security
Policy Framework © 2018 Jones and Bartlett Learning, LLC, an Ascend Learning Company Page 2Fundamentals of Information Systems Security www.jblearning.com All rights reserved. © 2018 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Fundamentals of Information Systems Security Page 30
31.
Foundational IT Security
Policies © 2018 Jones and Bartlett Learning, LLC, an Ascend Learning Company Page 2Fundamentals of Information Systems Security www.jblearning.com All rights reserved. © 2018 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Fundamentals of Information Systems Security Page 31 Acceptable use policy (AUP) Security awareness policy Asset classification policy Asset protection policy Asset management policy Vulnerability assessment/management Threat assessment and monitoring
32.
Data about people
that must be kept private Private data Information or data owned by the organization Confidential Information or data shared internally by an organization Information or data shared with the public Internal use only Public domain data © 2018 Jones and Bartlett Learning, LLC, an Ascend Learning Company Page 2Fundamentals of Information Systems Security www.jblearning.com All rights reserved. © 2018 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Fundamentals of Information Systems Security Page 32 Data Classification Standards
33.
Summary © 2018 Jones
and Bartlett Learning, LLC, an Ascend Learning Company Page 2Fundamentals of Information Systems Security www.jblearning.com All rights reserved. © 2018 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Fundamentals of Information Systems Security Page 33 Information systems security concepts Confidentiality, integrity, and availability (CIA) The seven domains of an IT infrastructure The weakest link in the security of an IT infrastructure IT security policy framework and data classification standard
Download now