Submit Search
Upload
101 Basic concepts of information security
•
Download as PPTX, PDF
•
0 likes
•
1,017 views
S
SsendiSamuel
Follow
101 Basic concepts of information security
Read less
Read more
Education
Report
Share
Report
Share
1 of 32
Download now
Recommended
Basics of Information System Security
Basics of Information System Security
chauhankapil
Network Security Fundamentals
Network Security Fundamentals
Rahmat Suhatman
Application Security | Application Security Tutorial | Cyber Security Certifi...
Application Security | Application Security Tutorial | Cyber Security Certifi...
Edureka!
Cybersecurity Roadmap Development for Executives
Cybersecurity Roadmap Development for Executives
Krist Davood - Principal - CIO
Cybersecurity Frameworks | NIST Cybersecurity Framework | Cybersecurity Certi...
Cybersecurity Frameworks | NIST Cybersecurity Framework | Cybersecurity Certi...
Edureka!
Cyber security fundamentals
Cyber security fundamentals
Cloudflare
Cybersecurity Fundamental Course by Haris Chughtai.pdf
Cybersecurity Fundamental Course by Haris Chughtai.pdf
Haris Chughtai
Cyber Security Awareness
Cyber Security Awareness
Ramiro Cid
Recommended
Basics of Information System Security
Basics of Information System Security
chauhankapil
Network Security Fundamentals
Network Security Fundamentals
Rahmat Suhatman
Application Security | Application Security Tutorial | Cyber Security Certifi...
Application Security | Application Security Tutorial | Cyber Security Certifi...
Edureka!
Cybersecurity Roadmap Development for Executives
Cybersecurity Roadmap Development for Executives
Krist Davood - Principal - CIO
Cybersecurity Frameworks | NIST Cybersecurity Framework | Cybersecurity Certi...
Cybersecurity Frameworks | NIST Cybersecurity Framework | Cybersecurity Certi...
Edureka!
Cyber security fundamentals
Cyber security fundamentals
Cloudflare
Cybersecurity Fundamental Course by Haris Chughtai.pdf
Cybersecurity Fundamental Course by Haris Chughtai.pdf
Haris Chughtai
Cyber Security Awareness
Cyber Security Awareness
Ramiro Cid
Cybersecurity
Cybersecurity
Eng Hasan Shamroukh CISCO Exams Author
ISO 27001 - information security user awareness training presentation - Part 1
ISO 27001 - information security user awareness training presentation - Part 1
Tanmay Shinde
Information security
Information security
avinashbalakrishnan2
Introduction to Cybersecurity Fundamentals
Introduction to Cybersecurity Fundamentals
Toño Herrera
Security Management | System Administration
Security Management | System Administration
Lisa Dowdell, MSISTM
Introduction to security
Introduction to security
Mostafa Elgamala
The information security audit
The information security audit
Dhani Ahmad
Security Threats at OSI layers
Security Threats at OSI layers
Department of Computer Science
Information security in todays world
Information security in todays world
Sibghatullah Khattak
CISSP - Chapter 1 - Security Concepts
CISSP - Chapter 1 - Security Concepts
Karthikeyan Dhayalan
ISO 27001 - Information security user awareness training presentation - part 3
ISO 27001 - Information security user awareness training presentation - part 3
Tanmay Shinde
Cyber security
Cyber security
Shivam Yadav
Information Security
Information Security
Dr. Himanshu Gupta
Network Security Tutorial | Introduction to Network Security | Network Securi...
Network Security Tutorial | Introduction to Network Security | Network Securi...
Edureka!
Cyber Security Vulnerabilities
Cyber Security Vulnerabilities
Siemplify
Network security
Network security
Ali Kamil
Cybersecurity Attack Vectors: How to Protect Your Organization
Cybersecurity Attack Vectors: How to Protect Your Organization
TriCorps Technologies
Iso 27001 isms presentation
Iso 27001 isms presentation
Midhun Nirmal
Cyber Security 101: Training, awareness, strategies for small to medium sized...
Cyber Security 101: Training, awareness, strategies for small to medium sized...
Stephen Cobb
Domain 4 - Communications and Network Security
Domain 4 - Communications and Network Security
Maganathin Veeraragaloo
HCSCA101 Basic Concepts of Information Security.pptx
HCSCA101 Basic Concepts of Information Security.pptx
JordanKinobe1
106 Threat defense and information security development trends
106 Threat defense and information security development trends
SsendiSamuel
More Related Content
What's hot
Cybersecurity
Cybersecurity
Eng Hasan Shamroukh CISCO Exams Author
ISO 27001 - information security user awareness training presentation - Part 1
ISO 27001 - information security user awareness training presentation - Part 1
Tanmay Shinde
Information security
Information security
avinashbalakrishnan2
Introduction to Cybersecurity Fundamentals
Introduction to Cybersecurity Fundamentals
Toño Herrera
Security Management | System Administration
Security Management | System Administration
Lisa Dowdell, MSISTM
Introduction to security
Introduction to security
Mostafa Elgamala
The information security audit
The information security audit
Dhani Ahmad
Security Threats at OSI layers
Security Threats at OSI layers
Department of Computer Science
Information security in todays world
Information security in todays world
Sibghatullah Khattak
CISSP - Chapter 1 - Security Concepts
CISSP - Chapter 1 - Security Concepts
Karthikeyan Dhayalan
ISO 27001 - Information security user awareness training presentation - part 3
ISO 27001 - Information security user awareness training presentation - part 3
Tanmay Shinde
Cyber security
Cyber security
Shivam Yadav
Information Security
Information Security
Dr. Himanshu Gupta
Network Security Tutorial | Introduction to Network Security | Network Securi...
Network Security Tutorial | Introduction to Network Security | Network Securi...
Edureka!
Cyber Security Vulnerabilities
Cyber Security Vulnerabilities
Siemplify
Network security
Network security
Ali Kamil
Cybersecurity Attack Vectors: How to Protect Your Organization
Cybersecurity Attack Vectors: How to Protect Your Organization
TriCorps Technologies
Iso 27001 isms presentation
Iso 27001 isms presentation
Midhun Nirmal
Cyber Security 101: Training, awareness, strategies for small to medium sized...
Cyber Security 101: Training, awareness, strategies for small to medium sized...
Stephen Cobb
Domain 4 - Communications and Network Security
Domain 4 - Communications and Network Security
Maganathin Veeraragaloo
What's hot
(20)
Cybersecurity
Cybersecurity
ISO 27001 - information security user awareness training presentation - Part 1
ISO 27001 - information security user awareness training presentation - Part 1
Information security
Information security
Introduction to Cybersecurity Fundamentals
Introduction to Cybersecurity Fundamentals
Security Management | System Administration
Security Management | System Administration
Introduction to security
Introduction to security
The information security audit
The information security audit
Security Threats at OSI layers
Security Threats at OSI layers
Information security in todays world
Information security in todays world
CISSP - Chapter 1 - Security Concepts
CISSP - Chapter 1 - Security Concepts
ISO 27001 - Information security user awareness training presentation - part 3
ISO 27001 - Information security user awareness training presentation - part 3
Cyber security
Cyber security
Information Security
Information Security
Network Security Tutorial | Introduction to Network Security | Network Securi...
Network Security Tutorial | Introduction to Network Security | Network Securi...
Cyber Security Vulnerabilities
Cyber Security Vulnerabilities
Network security
Network security
Cybersecurity Attack Vectors: How to Protect Your Organization
Cybersecurity Attack Vectors: How to Protect Your Organization
Iso 27001 isms presentation
Iso 27001 isms presentation
Cyber Security 101: Training, awareness, strategies for small to medium sized...
Cyber Security 101: Training, awareness, strategies for small to medium sized...
Domain 4 - Communications and Network Security
Domain 4 - Communications and Network Security
Similar to 101 Basic concepts of information security
HCSCA101 Basic Concepts of Information Security.pptx
HCSCA101 Basic Concepts of Information Security.pptx
JordanKinobe1
106 Threat defense and information security development trends
106 Threat defense and information security development trends
SsendiSamuel
Aalto cyber-10.4.18
Aalto cyber-10.4.18
japijapi
L12. Digital Forensics BS.pptx
L12. Digital Forensics BS.pptx
talhajann43
Cyber Security Intelligence
Cyber Security Intelligence
ijtsrd
Maloney slides
Maloney slides
Onkar Sule
102 Information security standards and specifications
102 Information security standards and specifications
SsendiSamuel
Chapter 5
Chapter 5
Dr. Muath Asmar
Cyber Security Education Materials.pptx
Cyber Security Education Materials.pptx
bentidiane21
Breaking down the cyber security framework closing critical it security gaps
Breaking down the cyber security framework closing critical it security gaps
IBM Security
Fundamentals of Information Systems Security Chapter 2
Fundamentals of Information Systems Security Chapter 2
Dr. Ahmed Al Zaidy
Maloney Slides
Maloney Slides
ecommerce
Cybersecurity: Connectivity, Collaboration and Security Controls
Cybersecurity: Connectivity, Collaboration and Security Controls
Kristian Alisasis Pura
Securing the Digital Economy: Reinventing the Internet
Securing the Digital Economy: Reinventing the Internet
accenture
Securing the Digital Economy: Reinventing the Internet
Securing the Digital Economy: Reinventing the Internet
accenture
Class activity 4
Class activity 4
Jeewanthi Fernando
Fundamental Areas of Cyber Security on Latest Technology
Fundamental Areas of Cyber Security on Latest Technology
ijtsrd
CCA study group
CCA study group
IIBA UK Chapter
2014 the future evolution of cybersecurity
2014 the future evolution of cybersecurity
Matthew Rosenquist
Effective Cyber Security Technology Solutions for Modern Challenges
Effective Cyber Security Technology Solutions for Modern Challenges
cyberprosocial
Similar to 101 Basic concepts of information security
(20)
HCSCA101 Basic Concepts of Information Security.pptx
HCSCA101 Basic Concepts of Information Security.pptx
106 Threat defense and information security development trends
106 Threat defense and information security development trends
Aalto cyber-10.4.18
Aalto cyber-10.4.18
L12. Digital Forensics BS.pptx
L12. Digital Forensics BS.pptx
Cyber Security Intelligence
Cyber Security Intelligence
Maloney slides
Maloney slides
102 Information security standards and specifications
102 Information security standards and specifications
Chapter 5
Chapter 5
Cyber Security Education Materials.pptx
Cyber Security Education Materials.pptx
Breaking down the cyber security framework closing critical it security gaps
Breaking down the cyber security framework closing critical it security gaps
Fundamentals of Information Systems Security Chapter 2
Fundamentals of Information Systems Security Chapter 2
Maloney Slides
Maloney Slides
Cybersecurity: Connectivity, Collaboration and Security Controls
Cybersecurity: Connectivity, Collaboration and Security Controls
Securing the Digital Economy: Reinventing the Internet
Securing the Digital Economy: Reinventing the Internet
Securing the Digital Economy: Reinventing the Internet
Securing the Digital Economy: Reinventing the Internet
Class activity 4
Class activity 4
Fundamental Areas of Cyber Security on Latest Technology
Fundamental Areas of Cyber Security on Latest Technology
CCA study group
CCA study group
2014 the future evolution of cybersecurity
2014 the future evolution of cybersecurity
Effective Cyber Security Technology Solutions for Modern Challenges
Effective Cyber Security Technology Solutions for Modern Challenges
More from SsendiSamuel
105 Common information security threats
105 Common information security threats
SsendiSamuel
104 Common network devices
104 Common network devices
SsendiSamuel
103 Basic network concepts
103 Basic network concepts
SsendiSamuel
Chapter 06: cloud computing trends
Chapter 06: cloud computing trends
SsendiSamuel
Chapter 05: introduction to virtualization features
Chapter 05: introduction to virtualization features
SsendiSamuel
Chapter 04: Storage virtualization basics
Chapter 04: Storage virtualization basics
SsendiSamuel
Chapter 03: Network basics for cloud computing
Chapter 03: Network basics for cloud computing
SsendiSamuel
Chapter 01: A brief introduction to cloud computing
Chapter 01: A brief introduction to cloud computing
SsendiSamuel
Chapter 02: Introduction to compute virtualization
Chapter 02: Introduction to compute virtualization
SsendiSamuel
More from SsendiSamuel
(9)
105 Common information security threats
105 Common information security threats
104 Common network devices
104 Common network devices
103 Basic network concepts
103 Basic network concepts
Chapter 06: cloud computing trends
Chapter 06: cloud computing trends
Chapter 05: introduction to virtualization features
Chapter 05: introduction to virtualization features
Chapter 04: Storage virtualization basics
Chapter 04: Storage virtualization basics
Chapter 03: Network basics for cloud computing
Chapter 03: Network basics for cloud computing
Chapter 01: A brief introduction to cloud computing
Chapter 01: A brief introduction to cloud computing
Chapter 02: Introduction to compute virtualization
Chapter 02: Introduction to compute virtualization
Recently uploaded
Procuring digital preservation CAN be quick and painless with our new dynamic...
Procuring digital preservation CAN be quick and painless with our new dynamic...
Jisc
Types of Journalistic Writing Grade 8.pptx
Types of Journalistic Writing Grade 8.pptx
Eyham Joco
call girls in Kamla Market (DELHI) 🔝 >༒9953330565🔝 genuine Escort Service 🔝✔️✔️
call girls in Kamla Market (DELHI) 🔝 >༒9953330565🔝 genuine Escort Service 🔝✔️✔️
9953056974 Low Rate Call Girls In Saket, Delhi NCR
Meghan Sutherland In Media Res Media Component
Meghan Sutherland In Media Res Media Component
InMediaRes1
ENGLISH 7_Q4_LESSON 2_ Employing a Variety of Strategies for Effective Interp...
ENGLISH 7_Q4_LESSON 2_ Employing a Variety of Strategies for Effective Interp...
JhezDiaz1
Proudly South Africa powerpoint Thorisha.pptx
Proudly South Africa powerpoint Thorisha.pptx
thorishapillay1
OS-operating systems- ch04 (Threads) ...
OS-operating systems- ch04 (Threads) ...
Dr. Mazin Mohamed alkathiri
Earth Day Presentation wow hello nice great
Earth Day Presentation wow hello nice great
YousafMalik24
TataKelola dan KamSiber Kecerdasan Buatan v022.pdf
TataKelola dan KamSiber Kecerdasan Buatan v022.pdf
Sarwono Sutikno, Dr.Eng.,CISA,CISSP,CISM,CSX-F
9953330565 Low Rate Call Girls In Rohini Delhi NCR
9953330565 Low Rate Call Girls In Rohini Delhi NCR
9953056974 Low Rate Call Girls In Saket, Delhi NCR
Hierarchy of management that covers different levels of management
Hierarchy of management that covers different levels of management
mkooblal
MICROBIOLOGY biochemical test detailed.pptx
MICROBIOLOGY biochemical test detailed.pptx
abhijeetpadhi001
ESSENTIAL of (CS/IT/IS) class 06 (database)
ESSENTIAL of (CS/IT/IS) class 06 (database)
Dr. Mazin Mohamed alkathiri
Enzyme, Pharmaceutical Aids, Miscellaneous Last Part of Chapter no 5th.pdf
Enzyme, Pharmaceutical Aids, Miscellaneous Last Part of Chapter no 5th.pdf
Sumit Tiwari
Solving Puzzles Benefits Everyone (English).pptx
Solving Puzzles Benefits Everyone (English).pptx
OH TEIK BIN
Employee wellbeing at the workplace.pptx
Employee wellbeing at the workplace.pptx
NirmalaLoungPoorunde1
Difference Between Search & Browse Methods in Odoo 17
Difference Between Search & Browse Methods in Odoo 17
Celine George
Full Stack Web Development Course for Beginners
Full Stack Web Development Course for Beginners
Sabitha Banu
Framing an Appropriate Research Question 6b9b26d93da94caf993c038d9efcdedb.pdf
Framing an Appropriate Research Question 6b9b26d93da94caf993c038d9efcdedb.pdf
UjwalaBharambe
ECONOMIC CONTEXT - LONG FORM TV DRAMA - PPT
ECONOMIC CONTEXT - LONG FORM TV DRAMA - PPT
iammrhaywood
Recently uploaded
(20)
Procuring digital preservation CAN be quick and painless with our new dynamic...
Procuring digital preservation CAN be quick and painless with our new dynamic...
Types of Journalistic Writing Grade 8.pptx
Types of Journalistic Writing Grade 8.pptx
call girls in Kamla Market (DELHI) 🔝 >༒9953330565🔝 genuine Escort Service 🔝✔️✔️
call girls in Kamla Market (DELHI) 🔝 >༒9953330565🔝 genuine Escort Service 🔝✔️✔️
Meghan Sutherland In Media Res Media Component
Meghan Sutherland In Media Res Media Component
ENGLISH 7_Q4_LESSON 2_ Employing a Variety of Strategies for Effective Interp...
ENGLISH 7_Q4_LESSON 2_ Employing a Variety of Strategies for Effective Interp...
Proudly South Africa powerpoint Thorisha.pptx
Proudly South Africa powerpoint Thorisha.pptx
OS-operating systems- ch04 (Threads) ...
OS-operating systems- ch04 (Threads) ...
Earth Day Presentation wow hello nice great
Earth Day Presentation wow hello nice great
TataKelola dan KamSiber Kecerdasan Buatan v022.pdf
TataKelola dan KamSiber Kecerdasan Buatan v022.pdf
9953330565 Low Rate Call Girls In Rohini Delhi NCR
9953330565 Low Rate Call Girls In Rohini Delhi NCR
Hierarchy of management that covers different levels of management
Hierarchy of management that covers different levels of management
MICROBIOLOGY biochemical test detailed.pptx
MICROBIOLOGY biochemical test detailed.pptx
ESSENTIAL of (CS/IT/IS) class 06 (database)
ESSENTIAL of (CS/IT/IS) class 06 (database)
Enzyme, Pharmaceutical Aids, Miscellaneous Last Part of Chapter no 5th.pdf
Enzyme, Pharmaceutical Aids, Miscellaneous Last Part of Chapter no 5th.pdf
Solving Puzzles Benefits Everyone (English).pptx
Solving Puzzles Benefits Everyone (English).pptx
Employee wellbeing at the workplace.pptx
Employee wellbeing at the workplace.pptx
Difference Between Search & Browse Methods in Odoo 17
Difference Between Search & Browse Methods in Odoo 17
Full Stack Web Development Course for Beginners
Full Stack Web Development Course for Beginners
Framing an Appropriate Research Question 6b9b26d93da94caf993c038d9efcdedb.pdf
Framing an Appropriate Research Question 6b9b26d93da94caf993c038d9efcdedb.pdf
ECONOMIC CONTEXT - LONG FORM TV DRAMA - PPT
ECONOMIC CONTEXT - LONG FORM TV DRAMA - PPT
101 Basic concepts of information security
1.
www.huawei.com Copyright © 2018
Huawei Technologies Co., Ltd. All rights reserved. Huawei Certified ICT Associate Security v3.0 Professional Training Program
2.
www.huawei.com Copyright © 2018
Huawei Technologies Co., Ltd. All rights reserved. Huawei Certified ICT Associate Security v3.0 Instructor: Ssendi Samuel
3.
www.huawei.com Copyright © 2018
Huawei Technologies Co., Ltd. All rights reserved. Basic Concepts of Information Security
4.
Page 3 Copyright ©
2018 Huawei Technologies Co., Ltd. All rights reserved. Foreword Information security is the process of ensuring safe data communication and preventing issues such as information leakage, modification, and disruption. This document describes the basic concepts and protection measures of information security, as well as information security risks and associated assessment and avoidance methods.
5.
Page 4 Copyright ©
2018 Huawei Technologies Co., Ltd. All rights reserved. Objectives Upon completion of this course, you will be able to: Describe the definition and characteristics of information security. Explain the characteristics and differences of security models. Differentiate between security risks.
6.
Page 5 Copyright ©
2018 Huawei Technologies Co., Ltd. All rights reserved. Contents 1. Information and Information Security 2. Information Security Risks and Management
7.
Page 6 Copyright ©
2018 Huawei Technologies Co., Ltd. All rights reserved. Information information created, received, and maintained as evidence and information by an organization or person, in pursuance of legal obligations or in the transaction of business. --- ISO/IEC Guidelines for the Management of IT Security (GMITS) What is information? Books/ Letters Emails Radar signals State secrets Test questions Transaction data
8.
Page 7 Copyright ©
2018 Huawei Technologies Co., Ltd. All rights reserved. Information Security Information security refers to the preservation of the confidentiality, integrity, and availability of data through security technologies. These technologies include computer software and hardware, network, and key technologies. Organizational management measures throughout the information lifecycle (generation, transmission, exchange, processing, and storage) are also essential. The following will be affected if information assets are damaged: The aim of information security is to protect data against threats through technical means and effective management. National security System operating and continuous development Personal privacy and property
9.
Page 8 Copyright ©
2018 Huawei Technologies Co., Ltd. All rights reserved. Information Security Development Limited communication technologies and dispersedly stored data Early 1900s Communication secrecy stage Information-based security replaces traditional security 1980s Information assurance stage Post-1960s Information security stage Internet development brings new challenges and threats to information security
10.
Page 9 Copyright ©
2018 Huawei Technologies Co., Ltd. All rights reserved. Photo or Information Leakage? After the Chinese government invited bids for oil production equipment, Japanese intelligence experts used this simple photo to uncover the following secrets of the Daqing Oilfield: Located between 46N and 48N, as indicated by the clothing of Wang Jinxi Diameter of the oil well, inferred from the handle rack
11.
Page 10 Copyright ©
2018 Huawei Technologies Co., Ltd. All rights reserved. Communication Secrecy Stage In the early 1900s, communication technologies were underdeveloped, and data was stored in different locations. Information system security was limited to physical security of information and cipher- based security of communication (mainly stream cipher). As long as information was in a relatively secure place and unauthorized users were prohibited from accessing the information, data security could be generally guaranteed.
12.
Page 11 Copyright ©
2018 Huawei Technologies Co., Ltd. All rights reserved. Information Security Stage Since the 1990s, Internet technologies have developed rapidly, and information leaks have increased. As a result, in addition to confidentiality, integrity and availability, information security began to focus on more principles and objectives, such as controllability and non- repudiation. Confidentiality Integrity Availability Controllability Non- repudiation
13.
Page 12 Copyright ©
2018 Huawei Technologies Co., Ltd. All rights reserved. Information Assurance Stage Business-oriented information security assurance Different service traffic with various risks and protection methods Security system Cohesive security management and technical protection; proactive defense but not passive protection Management Talent development and system establishment for security management Business
14.
Page 13 Copyright ©
2018 Huawei Technologies Co., Ltd. All rights reserved. Case - WannaCry In 2017, the WannaCry ransomware cryptoworm, propagated through EternalBlue, infected over 100,000 computers, causing a loss of US$8 billion. Energy Government Education Transportation
15.
Page 14 Copyright ©
2018 Huawei Technologies Co., Ltd. All rights reserved. Case - OceanLotus Since April 2012, the OceanLotus group has carried out targeted penetration and attacks on important sectors of China, such as the government, scientific research institutes, maritime institutions, maritime construction, and shipping enterprises. The attacks are intended to obtain confidential information, intercept intelligence sent out by attacked computers, and enable the computers to automatically send related intelligence.
16.
Page 15 Copyright ©
2018 Huawei Technologies Co., Ltd. All rights reserved. Discussion: What Are the Causes of Such Attacks? Direct Cause Indirect Cause Virus Vulnerability Trojan horse Backdoor program DDoS attack … Information system complexity Human and environment factors
17.
Page 16 Copyright ©
2018 Huawei Technologies Co., Ltd. All rights reserved. Increasing importance • The information network has become the foundation of economic prosperity, social stability, and national development. • Informatization profoundly influences the global economic integration, national strategy adjustment, and security priorities. • Information security has transformed from a technical issue into a matter of national security worldwide. Applicable to many technical fields For example: • Command, Control, Communications, Computers and Intelligence (C4I) system • E-commerce system • Biomedical system • Intelligent Transport System (ITS) Significance of Building Information Security Importance Applicability
18.
Page 17 Copyright ©
2018 Huawei Technologies Co., Ltd. All rights reserved. Contents 1. Information and Information Security 2. Information Security Risks and Management
19.
Page 18 Copyright ©
2018 Huawei Technologies Co., Ltd. All rights reserved. Risks Involved in Information Security Risks Physical risks Other risks System risks Information risks Management risks Application risks Network risks
20.
Page 19 Copyright ©
2018 Huawei Technologies Co., Ltd. All rights reserved. Physical Risks Device theft and destruction Link aging, man-made damage, and bite from animals Network device fault Network device unavailability due to power failure Electromagnetic radiation in the equipment room
21.
Page 20 Copyright ©
2018 Huawei Technologies Co., Ltd. All rights reserved. Information Risks Storage security Transmission security Access security
22.
Page 21 Copyright ©
2018 Huawei Technologies Co., Ltd. All rights reserved. Information Transmission Security Headquarters Branch Enterprise business information Tampered information Attacker
23.
Page 22 Copyright ©
2018 Huawei Technologies Co., Ltd. All rights reserved. Information Access Security Intranet Unauthorized user Illegal login Authorized user Authentication server on the network
24.
Page 23 Copyright ©
2018 Huawei Technologies Co., Ltd. All rights reserved. System Risks Database system configuration security Security database Security of services running in the system
25.
Page 24 Copyright ©
2018 Huawei Technologies Co., Ltd. All rights reserved. Application Risks Network virus Operating system security Email application security Web service security FTP service security DNS service security Business application software security
26.
Page 25 Copyright ©
2018 Huawei Technologies Co., Ltd. All rights reserved. Network Risks Security zone
27.
Page 26 Copyright ©
2018 Huawei Technologies Co., Ltd. All rights reserved. Management Risks Determine whether the information system has management risks from the following aspects: National policy • Effective national information security regulations formulated • Specialized agency to manage information security • Security management rules and equipment room management system with clear responsibilities and rights • Enterprises can establish own security management organizations Enterprise system • Effective security policies and high-quality security management personnel • Effective supervision and inspection system, and adherence to rules and regulations Management system
28.
Page 27 Copyright ©
2018 Huawei Technologies Co., Ltd. All rights reserved. Significance of Information Security Management According to statistics, 70% of enterprise information loss is caused by negligence or intentional leakage by internal staff. Security technologies are only the means to control information security. They can only be effective with the appropriate support of management procedures. 70% Weak security awareness among employees Loose authorization rules Non- standard system operations Malicious data theft Technologies 30% Management 70%
29.
Page 28 Copyright ©
2018 Huawei Technologies Co., Ltd. All rights reserved. Current Development of Information Security Management Each country has introduced its own information security development strategy and plan. Introducing information security development strategies and plans Defining and standardizing information security work through laws is the strongest guarantee for effective implementation of security measures. Strengthening legislation to achieve unified and standardized management The era of standardized and systematized information security management began in the 1990s. ISO/IEC 27000 is the best known system. Entering the era of standardized and systematized management Information Security Management
30.
Page 29 Copyright ©
2018 Huawei Technologies Co., Ltd. All rights reserved. Quiz 1. Information security incidents frequently occur because of security attack methods, such as vulnerabilities, viruses, and backdoor programs. A. True B. False
31.
Page 30 Copyright ©
2018 Huawei Technologies Co., Ltd. All rights reserved. Summary Information security development history Basic concepts of information security
32.
Page 31 Copyright ©
2018 Huawei Technologies Co., Ltd. All rights reserved. Thank You www.huawei.com
Download now