Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

3

Share

Download to read offline

Cyber security vs information assurance

Download to read offline

Cyber security refers to the ability to defend against cyber-attacks, protect resources, and prevent cyber-attacks while information assurance is to ensure the confidentiality, possession or control, integrity, authenticity, availability and utility of information and information systems.

Related Books

Free with a 30 day trial from Scribd

See all

Related Audiobooks

Free with a 30 day trial from Scribd

See all

Cyber security vs information assurance

  1. 1. Distance Education for Africa / Enseignement á Distance Pour L’Afrique WWW.DEAFRICA.COM Cyber Security VS Information Assurance Olufemi Vaughan CISA, ITIL Instructor, DeAfrica July, 2015
  2. 2. Distance Education for Africa / Enseignement á Distance Pour L’Afrique WWW.DEAFRICA.COM Table of Contents: Cyber Security vs Information Assurance: What is the difference? Introduction to Cyber Security and Information Assurance: What is the difference? Careers in Cyber security: challenges and issues and how to prepare for them
  3. 3. Distance Education for Africa / Enseignement á Distance Pour L’Afrique WWW.DEAFRICA.COM Introduction  Richard Clarke was famously heard to say, "If you spend more on coffee than on IT security, then you will be hacked. What's more, you deserve to be hacked.”  The growing number of attacks on our cyber networks has become, in President Obama’s words, “one of the most serious economic and national security threats our nation faces.”
  4. 4. Distance Education for Africa / Enseignement á Distance Pour L’Afrique WWW.DEAFRICA.COM What is Cyber Security?  Cyber security is the process of applying security measures to ensure confidentiality, integrity, and availability of data. Cyber security attempts to assure the protection of assets, which includes data, desktops, servers, buildings, and most importantly, humans. The goal of cyber security is to protect data both in transit and at rest.
  5. 5. Distance Education for Africa / Enseignement á Distance Pour L’Afrique WWW.DEAFRICA.COM Who and What is at Risk?  Economy  Defense  Transportation  Medical  Government  Telecommunications  Energy Sector  Critical Infrastructure  Computers/Cable TV/Phones/MP3/Games
  6. 6. Distance Education for Africa / Enseignement á Distance Pour L’Afrique WWW.DEAFRICA.COM What is Information Assurance? Information assurance is the process of adding business benefit through the use of Information Risk Management which increases the utility of information to authorized users, and reduces the utility of information to those unauthorized. It is strongly related to the field of information security, and also with business continuity.
  7. 7. Distance Education for Africa / Enseignement á Distance Pour L’Afrique WWW.DEAFRICA.COM Fundamental Concept of Information Assurance  Confidentiality (privacy)  Integrity (quality, accuracy, relevance)  Availability (accessibility)
  8. 8. Distance Education for Africa / Enseignement á Distance Pour L’Afrique WWW.DEAFRICA.COM Information Assurance Process The information assurance process typically begins with the enumeration and classification of the information assets to be protected. Next, the IA practitioner will perform a risk assessment for those assets. Vulnerabilities in the information assets are determined in order to enumerate the threats capable of exploiting the assets.
  9. 9. Distance Education for Africa / Enseignement á Distance Pour L’Afrique WWW.DEAFRICA.COM Information Assurance Process The assessment then considers both the probability and impact of a threat exploiting a vulnerability in an asset, with impact usually measured in terms of cost to the asset's stakeholders. The sum of the products of the threats' impact and the probability of their occurring is the total risk to the information asset.
  10. 10. Distance Education for Africa / Enseignement á Distance Pour L’Afrique WWW.DEAFRICA.COM Information Assurance Process With the risk assessment complete, the IA practitioner then develops a risk management plan. This plan proposes countermeasures that involve mitigating, eliminating, accepting, or transferring the risks, and considers prevention, detection, and response to threats. A framework published by a standards organization, such as Risk IT, CobiT, PCI DSS or ISO/IEC 27002, may guide development.
  11. 11. Distance Education for Africa / Enseignement á Distance Pour L’Afrique WWW.DEAFRICA.COM Information Assurance Process After the risk management plan is implemented, it is tested and evaluated, often by means of formal audits. The IA process is an iterative one, in that the risk assessment and risk management plan are meant to be periodically revised and improved based on data gathered about their completeness and effectiveness.
  12. 12. Distance Education for Africa / Enseignement á Distance Pour L’Afrique WWW.DEAFRICA.COM Concept of Information Security Physical Security: This is a significant part of any security system and cannot be ignored as it is an important line of defense for most organizations. Hardware Security can be primarily considered under Physical Security, even though some of the components of the hardware can be considered under other securities such as Network Security. TCP/IP is the underlying protocol for computer communication that facilitates distributed connectivity and communication facilities for sharing data between two computers present at different locations. TCP/IP is the underlying protocol that resulted in the invention of the Internet and the World Wide Web (WWW).
  13. 13. Distance Education for Africa / Enseignement á Distance Pour L’Afrique WWW.DEAFRICA.COM Concept of Information Security Network Security: This is extremely essential to protect the data that is being transmitted and guarantee that the data is not tampered with during the transmission. Communications Security, that is, securing communications through the use of various mechanisms, can be considered broadly as a part of Network Security. Secure routing mechanisms, secure session mechanisms, and secure encryption mechanisms may be considered as part of Communications Security. Software Security, which broadly deals with the Operating System Security, the Application Security, and the security of software utilities/tools, including the security of tools used to provide information security. Operating systems provide many of the functionalities required for the servers and computers to work effectively, including communication capabilities with other systems, processing of information, and effective functioning of applications.
  14. 14. Distance Education for Africa / Enseignement á Distance Pour L’Afrique WWW.DEAFRICA.COM Human or personnel security is another important layer. Keeping personnel motivated, making them aware of the information security risks, and involving them in the implementation of the same is an important aspect of information security which cannot be forgotten at any cost. Employees (permanent or temporary), contractors, and suppliers are all significant in this regard.
  15. 15. Distance Education for Africa / Enseignement á Distance Pour L’Afrique WWW.DEAFRICA.COM Internet Usage  In 1995, 16 million users (0.4%)  In 2010, 1.6 billion users (23.5%)  In 2015, 3 billion users (47%)  Unable to treat physical and cyber security separately, they are intertwined.
  16. 16. Distance Education for Africa / Enseignement á Distance Pour L’Afrique WWW.DEAFRICA.COM
  17. 17. Distance Education for Africa / Enseignement á Distance Pour L’Afrique WWW.DEAFRICA.COM  A threat is any potential danger to information and systems  3 levels of cyber threats  Unstructured  Structured  Highly structured  Two types of threats: Internal and External Security Threats
  18. 18. Distance Education for Africa / Enseignement á Distance Pour L’Afrique WWW.DEAFRICA.COM External Threats
  19. 19. Distance Education for Africa / Enseignement á Distance Pour L’Afrique WWW.DEAFRICA.COM Internal Threat Internal threats originate from within the organization. The primary contributors to internal threats are employees, contractors, or suppliers to whom work is outsourced. The major threats are frauds, misuse of information, and/or destruction of information. Many internal threats primarily originate for the following reasons:
  20. 20. Distance Education for Africa / Enseignement á Distance Pour L’Afrique WWW.DEAFRICA.COM Internal Threat Weak Security Policy Weak Security Administration Lack of User Security Awareness Layered Security and Defense In-depth Security
  21. 21. Distance Education for Africa / Enseignement á Distance Pour L’Afrique WWW.DEAFRICA.COM Layered Approach to Security
  22. 22. Distance Education for Africa / Enseignement á Distance Pour L’Afrique WWW.DEAFRICA.COM Questions? For more information, please visit www.deafrica.org or email info@deafrica.org
  • ShizMakita

    Sep. 27, 2019
  • CeliaLee13

    Feb. 20, 2017
  • prachibankoti

    May. 31, 2016

Cyber security refers to the ability to defend against cyber-attacks, protect resources, and prevent cyber-attacks while information assurance is to ensure the confidentiality, possession or control, integrity, authenticity, availability and utility of information and information systems.

Views

Total views

2,060

On Slideshare

0

From embeds

0

Number of embeds

7

Actions

Downloads

105

Shares

0

Comments

0

Likes

3

×