SlideShare a Scribd company logo

Cyber security vs information assurance

Download as PPT, PDF
Vaughan Olufemi ACIB, AICEN, ANIM
Vaughan Olufemi ACIB, AICEN, ANIM

Cyber security refers to the ability to defend against cyber-attacks, protect resources, and prevent cyber-attacks while information assurance is to ensure the confidentiality, possession or control, integrity, authenticity, availability and utility of information and information systems.

Technology
1 of 22
Distance Education for Africa / Enseignement á Distance Pour L’Afrique WWW.DEAFRICA.COM Cyber Security VS Information Assurance Olufemi Vaughan CISA, ITIL Instructor, DeAfrica July, 2015
Distance Education for Africa / Enseignement á Distance Pour L’Afrique WWW.DEAFRICA.COM Table of Contents: Cyber Security vs Information Assurance: What is the difference? Introduction to Cyber Security and Information Assurance: What is the difference? Careers in Cyber security: challenges and issues and how to prepare for them
Distance Education for Africa / Enseignement á Distance Pour L’Afrique WWW.DEAFRICA.COM Introduction  Richard Clarke was famously heard to say, "If you spend more on coffee than on IT security, then you will be hacked. What's more, you deserve to be hacked.”  The growing number of attacks on our cyber networks has become, in President Obama’s words, “one of the most serious economic and national security threats our nation faces.”
Distance Education for Africa / Enseignement á Distance Pour L’Afrique WWW.DEAFRICA.COM What is Cyber Security?  Cyber security is the process of applying security measures to ensure confidentiality, integrity, and availability of data. Cyber security attempts to assure the protection of assets, which includes data, desktops, servers, buildings, and most importantly, humans. The goal of cyber security is to protect data both in transit and at rest.
Distance Education for Africa / Enseignement á Distance Pour L’Afrique WWW.DEAFRICA.COM Who and What is at Risk?  Economy  Defense  Transportation  Medical  Government  Telecommunications  Energy Sector  Critical Infrastructure  Computers/Cable TV/Phones/MP3/Games
Distance Education for Africa / Enseignement á Distance Pour L’Afrique WWW.DEAFRICA.COM What is Information Assurance? Information assurance is the process of adding business benefit through the use of Information Risk Management which increases the utility of information to authorized users, and reduces the utility of information to those unauthorized. It is strongly related to the field of information security, and also with business continuity.
Distance Education for Africa / Enseignement á Distance Pour L’Afrique WWW.DEAFRICA.COM Fundamental Concept of Information Assurance  Confidentiality (privacy)  Integrity (quality, accuracy, relevance)  Availability (accessibility)
Distance Education for Africa / Enseignement á Distance Pour L’Afrique WWW.DEAFRICA.COM Information Assurance Process The information assurance process typically begins with the enumeration and classification of the information assets to be protected. Next, the IA practitioner will perform a risk assessment for those assets. Vulnerabilities in the information assets are determined in order to enumerate the threats capable of exploiting the assets.
Distance Education for Africa / Enseignement á Distance Pour L’Afrique WWW.DEAFRICA.COM Information Assurance Process The assessment then considers both the probability and impact of a threat exploiting a vulnerability in an asset, with impact usually measured in terms of cost to the asset's stakeholders. The sum of the products of the threats' impact and the probability of their occurring is the total risk to the information asset.
Distance Education for Africa / Enseignement á Distance Pour L’Afrique WWW.DEAFRICA.COM Information Assurance Process With the risk assessment complete, the IA practitioner then develops a risk management plan. This plan proposes countermeasures that involve mitigating, eliminating, accepting, or transferring the risks, and considers prevention, detection, and response to threats. A framework published by a standards organization, such as Risk IT, CobiT, PCI DSS or ISO/IEC 27002, may guide development.
Distance Education for Africa / Enseignement á Distance Pour L’Afrique WWW.DEAFRICA.COM Information Assurance Process After the risk management plan is implemented, it is tested and evaluated, often by means of formal audits. The IA process is an iterative one, in that the risk assessment and risk management plan are meant to be periodically revised and improved based on data gathered about their completeness and effectiveness.
Distance Education for Africa / Enseignement á Distance Pour L’Afrique WWW.DEAFRICA.COM Concept of Information Security Physical Security: This is a significant part of any security system and cannot be ignored as it is an important line of defense for most organizations. Hardware Security can be primarily considered under Physical Security, even though some of the components of the hardware can be considered under other securities such as Network Security. TCP/IP is the underlying protocol for computer communication that facilitates distributed connectivity and communication facilities for sharing data between two computers present at different locations. TCP/IP is the underlying protocol that resulted in the invention of the Internet and the World Wide Web (WWW).
Distance Education for Africa / Enseignement á Distance Pour L’Afrique WWW.DEAFRICA.COM Concept of Information Security Network Security: This is extremely essential to protect the data that is being transmitted and guarantee that the data is not tampered with during the transmission. Communications Security, that is, securing communications through the use of various mechanisms, can be considered broadly as a part of Network Security. Secure routing mechanisms, secure session mechanisms, and secure encryption mechanisms may be considered as part of Communications Security. Software Security, which broadly deals with the Operating System Security, the Application Security, and the security of software utilities/tools, including the security of tools used to provide information security. Operating systems provide many of the functionalities required for the servers and computers to work effectively, including communication capabilities with other systems, processing of information, and effective functioning of applications.
Distance Education for Africa / Enseignement á Distance Pour L’Afrique WWW.DEAFRICA.COM Human or personnel security is another important layer. Keeping personnel motivated, making them aware of the information security risks, and involving them in the implementation of the same is an important aspect of information security which cannot be forgotten at any cost. Employees (permanent or temporary), contractors, and suppliers are all significant in this regard.
Distance Education for Africa / Enseignement á Distance Pour L’Afrique WWW.DEAFRICA.COM Internet Usage  In 1995, 16 million users (0.4%)  In 2010, 1.6 billion users (23.5%)  In 2015, 3 billion users (47%)  Unable to treat physical and cyber security separately, they are intertwined.
Distance Education for Africa / Enseignement á Distance Pour L’Afrique WWW.DEAFRICA.COM
Distance Education for Africa / Enseignement á Distance Pour L’Afrique WWW.DEAFRICA.COM  A threat is any potential danger to information and systems  3 levels of cyber threats  Unstructured  Structured  Highly structured  Two types of threats: Internal and External Security Threats
Distance Education for Africa / Enseignement á Distance Pour L’Afrique WWW.DEAFRICA.COM External Threats
Distance Education for Africa / Enseignement á Distance Pour L’Afrique WWW.DEAFRICA.COM Internal Threat Internal threats originate from within the organization. The primary contributors to internal threats are employees, contractors, or suppliers to whom work is outsourced. The major threats are frauds, misuse of information, and/or destruction of information. Many internal threats primarily originate for the following reasons:
Distance Education for Africa / Enseignement á Distance Pour L’Afrique WWW.DEAFRICA.COM Internal Threat Weak Security Policy Weak Security Administration Lack of User Security Awareness Layered Security and Defense In-depth Security
Distance Education for Africa / Enseignement á Distance Pour L’Afrique WWW.DEAFRICA.COM Layered Approach to Security
Distance Education for Africa / Enseignement á Distance Pour L’Afrique WWW.DEAFRICA.COM Questions? For more information, please visit www.deafrica.org or email info@deafrica.org

Recommended

Introduction to Cyber Security
Introduction to Cyber SecurityIntroduction to Cyber Security
Introduction to Cyber Security
Stephen Lahanas
 
cyber security
cyber securitycyber security
cyber security
BasineniUdaykumar
 
Cyber security
Cyber securityCyber security
Cyber security
Samsil Arefin
 
Cyber Security 03
Cyber Security 03Cyber Security 03
Cyber Security 03
Home
 
Cyber security
Cyber security Cyber security
Cyber security
Sachith Lekamge
 
Mobile security
Mobile securityMobile security
Mobile security
dilipdubey5
 
Computer Security Presentation
Computer Security PresentationComputer Security Presentation
Computer Security Presentation
PraphullaShrestha1
 
Cyber Security Awareness
Cyber Security AwarenessCyber Security Awareness
Cyber Security Awareness
Ramiro Cid
 

Recommended

Introduction to Cyber Security
Introduction to Cyber SecurityIntroduction to Cyber Security
Introduction to Cyber Security
Stephen Lahanas
 
cyber security
cyber securitycyber security
cyber security
BasineniUdaykumar
 
Cyber security
Cyber securityCyber security
Cyber security
Samsil Arefin
 
Cyber Security 03
Cyber Security 03Cyber Security 03
Cyber Security 03
Home
 
Cyber security
Cyber security Cyber security
Cyber security
Sachith Lekamge
 
Mobile security
Mobile securityMobile security
Mobile security
dilipdubey5
 
Computer Security Presentation
Computer Security PresentationComputer Security Presentation
Computer Security Presentation
PraphullaShrestha1
 
Cyber Security Awareness
Cyber Security AwarenessCyber Security Awareness
Cyber Security Awareness
Ramiro Cid
 
Cyber Security
Cyber SecurityCyber Security
Cyber Security
Vivek Agarwal
 
Career in cyber security
Career in cyber securityCareer in cyber security
Career in cyber security
Manjushree Mashal
 
Cybersecurity 140713064844-phpapp01 (1)-converted
Cybersecurity 140713064844-phpapp01 (1)-convertedCybersecurity 140713064844-phpapp01 (1)-converted
Cybersecurity 140713064844-phpapp01 (1)-converted
Prof .Pragati Khade
 
Introduction to Network Security
Introduction to Network SecurityIntroduction to Network Security
Introduction to Network Security
John Ely Masculino
 
Security Awareness Training
Security Awareness TrainingSecurity Awareness Training
Security Awareness Training
William Mann
 
Introduction to cyber security amos
Introduction to cyber security amosIntroduction to cyber security amos
Introduction to cyber security amos
Amos Oyoo
 
End-User Security Awareness
End-User Security AwarenessEnd-User Security Awareness
End-User Security Awareness
Surya Bathulapalli
 
Cyber Security Presentation
Cyber Security PresentationCyber Security Presentation
Cyber Security Presentation
HaniyaMaha
 
Cybercrime and Security
Cybercrime and SecurityCybercrime and Security
Cybercrime and Security
Noushad Hasan
 
1. introduction to cyber security
1. introduction to cyber security1. introduction to cyber security
1. introduction to cyber security
Animesh Roy
 
Cyber-Security-.ppt
Cyber-Security-.pptCyber-Security-.ppt
Cyber-Security-.ppt
mabiratu
 
Cybersecurity Awareness Training
Cybersecurity Awareness TrainingCybersecurity Awareness Training
Cybersecurity Awareness Training
Dave Monahan
 
Basics of Cyber Security
Basics of Cyber SecurityBasics of Cyber Security
Basics of Cyber Security
Nikunj Thakkar
 
Basic concepts in computer security
Basic concepts in computer securityBasic concepts in computer security
Basic concepts in computer security
Arzath Areeff
 
Cyber security ppt
Cyber security pptCyber security ppt
Cyber security ppt
CH Asim Zubair
 
Mobile security
Mobile securityMobile security
Mobile security
Tapan Khilar
 
Cyber crime and security
Cyber crime and securityCyber crime and security
Cyber crime and security
Sharath Raj
 
Information security awareness - 101
Information security awareness - 101Information security awareness - 101
Information security awareness - 101
mateenzero
 
Pranavi verma-cyber-security-ppt
Pranavi verma-cyber-security-pptPranavi verma-cyber-security-ppt
Pranavi verma-cyber-security-ppt
PranaviVerma
 
Cyber kill chain
Cyber kill chainCyber kill chain
Cyber kill chain
Ankita Ganguly
 
Theories of Gender Development
Theories of Gender DevelopmentTheories of Gender Development
Theories of Gender Development
Sektor Pengurusan Akademik JPN Pahang
 
Gender and development
Gender and developmentGender and development
Gender and development
Emerson Rey Giendel Avila
 

More Related Content

What's hot

Introduction to Network Security
Introduction to Network SecurityIntroduction to Network Security
Introduction to Network Security
John Ely Masculino
 
Cyber crime and security
Cyber crime and securityCyber crime and security
Cyber crime and security
Sharath Raj
 

What's hot (20)

Cyber Security
Cyber SecurityCyber Security
Cyber Security
 
Career in cyber security
Career in cyber securityCareer in cyber security
Career in cyber security
 
Cybersecurity 140713064844-phpapp01 (1)-converted
Cybersecurity 140713064844-phpapp01 (1)-convertedCybersecurity 140713064844-phpapp01 (1)-converted
Cybersecurity 140713064844-phpapp01 (1)-converted
 
Introduction to Network Security
Introduction to Network SecurityIntroduction to Network Security
Introduction to Network Security
 
Security Awareness Training
Security Awareness TrainingSecurity Awareness Training
Security Awareness Training
 
Introduction to cyber security amos
Introduction to cyber security amosIntroduction to cyber security amos
Introduction to cyber security amos
 
End-User Security Awareness
End-User Security AwarenessEnd-User Security Awareness
End-User Security Awareness
 
Cyber Security Presentation
Cyber Security PresentationCyber Security Presentation
Cyber Security Presentation
 
Cybercrime and Security
Cybercrime and SecurityCybercrime and Security
Cybercrime and Security
 
1. introduction to cyber security
1. introduction to cyber security1. introduction to cyber security
1. introduction to cyber security
 
Cyber-Security-.ppt
Cyber-Security-.pptCyber-Security-.ppt
Cyber-Security-.ppt
 
Cybersecurity Awareness Training
Cybersecurity Awareness TrainingCybersecurity Awareness Training
Cybersecurity Awareness Training
 
Basics of Cyber Security
Basics of Cyber SecurityBasics of Cyber Security
Basics of Cyber Security
 
Basic concepts in computer security
Basic concepts in computer securityBasic concepts in computer security
Basic concepts in computer security
 
Cyber security ppt
Cyber security pptCyber security ppt
Cyber security ppt
 
Mobile security
Mobile securityMobile security
Mobile security
 
Cyber crime and security
Cyber crime and securityCyber crime and security
Cyber crime and security
 
Information security awareness - 101
Information security awareness - 101Information security awareness - 101
Information security awareness - 101
 
Pranavi verma-cyber-security-ppt
Pranavi verma-cyber-security-pptPranavi verma-cyber-security-ppt
Pranavi verma-cyber-security-ppt
 
Cyber kill chain
Cyber kill chainCyber kill chain
Cyber kill chain
 

Viewers also liked

GENDER DIFFERENCES POWERPOINT
GENDER DIFFERENCES POWERPOINT GENDER DIFFERENCES POWERPOINT
GENDER DIFFERENCES POWERPOINT
Andrew Schwartz
 

Viewers also liked (6)

Theories of Gender Development
Theories of Gender DevelopmentTheories of Gender Development
Theories of Gender Development
 
Gender and development
Gender and developmentGender and development
Gender and development
 
Gender issues
Gender issuesGender issues
Gender issues
 
INFORMATION SECURITY
INFORMATION SECURITYINFORMATION SECURITY
INFORMATION SECURITY
 
GENDER DIFFERENCES POWERPOINT
GENDER DIFFERENCES POWERPOINT GENDER DIFFERENCES POWERPOINT
GENDER DIFFERENCES POWERPOINT
 
gender and development
gender and developmentgender and development
gender and development
 

Similar to Cyber security vs information assurance

Noah Maina: Computer Emergency Response Team (CERT)
Noah Maina: Computer Emergency Response Team (CERT)Noah Maina: Computer Emergency Response Team (CERT)
Noah Maina: Computer Emergency Response Team (CERT)
Hamisi Kibonde
 
Building Cybersecurity Ecosystems in Africa: A Prescription for Resilience
Building Cybersecurity Ecosystems in Africa: A Prescription for ResilienceBuilding Cybersecurity Ecosystems in Africa: A Prescription for Resilience
Building Cybersecurity Ecosystems in Africa: A Prescription for Resilience
Moses Kemibaro
 
Navigating Safely in Cyberspace_ A Guide to Internet Safety and Cybersecurity...
Navigating Safely in Cyberspace_ A Guide to Internet Safety and Cybersecurity...Navigating Safely in Cyberspace_ A Guide to Internet Safety and Cybersecurity...
Navigating Safely in Cyberspace_ A Guide to Internet Safety and Cybersecurity...
Assignment Help
 
what is cybersecurity.pdf
what is cybersecurity.pdfwhat is cybersecurity.pdf
what is cybersecurity.pdf
publicchats
 

Similar to Cyber security vs information assurance (20)

Bright future ahead in Cybersecurity
Bright future ahead in CybersecurityBright future ahead in Cybersecurity
Bright future ahead in Cybersecurity
 
Chapter 6 Security of Information and Cyber Security(FASS)
Chapter 6 Security of Information and Cyber Security(FASS)Chapter 6 Security of Information and Cyber Security(FASS)
Chapter 6 Security of Information and Cyber Security(FASS)
 
Cyber security standards
Cyber security standardsCyber security standards
Cyber security standards
 
Importance Of Cybersecurity In Education System | SOCVault
Importance Of Cybersecurity In Education System | SOCVaultImportance Of Cybersecurity In Education System | SOCVault
Importance Of Cybersecurity In Education System | SOCVault
 
Concept Of Cyber Security.pdf
Concept Of Cyber Security.pdfConcept Of Cyber Security.pdf
Concept Of Cyber Security.pdf
 
Combating cyber crimes chinatu
Combating cyber crimes chinatuCombating cyber crimes chinatu
Combating cyber crimes chinatu
 
Noah Maina: Computer Emergency Response Team (CERT)
Noah Maina: Computer Emergency Response Team (CERT)Noah Maina: Computer Emergency Response Team (CERT)
Noah Maina: Computer Emergency Response Team (CERT)
 
Case Study.pdf
Case Study.pdfCase Study.pdf
Case Study.pdf
 
Cyber security and critical information infrastructure protection from a sout...
Cyber security and critical information infrastructure protection from a sout...Cyber security and critical information infrastructure protection from a sout...
Cyber security and critical information infrastructure protection from a sout...
 
Cybersecurity Interview Questions and Answers.pdf
Cybersecurity Interview Questions and Answers.pdfCybersecurity Interview Questions and Answers.pdf
Cybersecurity Interview Questions and Answers.pdf
 
Building Cybersecurity Ecosystems in Africa: A Prescription for Resilience
Building Cybersecurity Ecosystems in Africa: A Prescription for ResilienceBuilding Cybersecurity Ecosystems in Africa: A Prescription for Resilience
Building Cybersecurity Ecosystems in Africa: A Prescription for Resilience
 
Navigating Safely in Cyberspace_ A Guide to Internet Safety and Cybersecurity...
Navigating Safely in Cyberspace_ A Guide to Internet Safety and Cybersecurity...Navigating Safely in Cyberspace_ A Guide to Internet Safety and Cybersecurity...
Navigating Safely in Cyberspace_ A Guide to Internet Safety and Cybersecurity...
 
All About Network Security & its Essentials.pptx
All About Network Security & its Essentials.pptxAll About Network Security & its Essentials.pptx
All About Network Security & its Essentials.pptx
 
what is cybersecurity.pdf
what is cybersecurity.pdfwhat is cybersecurity.pdf
what is cybersecurity.pdf
 
Secure your network to secure your reputation and your income
Secure your network to secure your reputation and your incomeSecure your network to secure your reputation and your income
Secure your network to secure your reputation and your income
 
Cybersecurity Vs Information Security.pptx
Cybersecurity Vs Information Security.pptxCybersecurity Vs Information Security.pptx
Cybersecurity Vs Information Security.pptx
 
Cyber-Security-Unit-1.pptx
Cyber-Security-Unit-1.pptxCyber-Security-Unit-1.pptx
Cyber-Security-Unit-1.pptx
 
The Cost Of Preventing Breaches Educause Nat Conf Denver Nov 09
The Cost Of Preventing Breaches Educause Nat Conf Denver Nov 09The Cost Of Preventing Breaches Educause Nat Conf Denver Nov 09
The Cost Of Preventing Breaches Educause Nat Conf Denver Nov 09
 
security in it (data and cyber security)
security in it (data and cyber security)security in it (data and cyber security)
security in it (data and cyber security)
 
Cyber Security.pptx
Cyber Security.pptxCyber Security.pptx
Cyber Security.pptx
 

Recently uploaded

TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc
 
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
?#DUbAI#??##{{(☎️+971_581248768%)**%*]'#abortion pills for sale in dubai@
 
Top 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live StreamsTop 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live Streams
Roshan Dwivedi
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Miguel Araújo
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
sammart93
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?
Igalia
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
UK Journal
 

Recently uploaded (20)

HTML Injection Attacks: Impact and Mitigation Strategies
HTML Injection Attacks: Impact and Mitigation StrategiesHTML Injection Attacks: Impact and Mitigation Strategies
HTML Injection Attacks: Impact and Mitigation Strategies
 
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of Terraform
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
 
GenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdfGenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdf
 
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
 
Top 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live StreamsTop 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live Streams
 
Manulife - Insurer Innovation Award 2024
Manulife - Insurer Innovation Award 2024Manulife - Insurer Innovation Award 2024
Manulife - Insurer Innovation Award 2024
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?
 
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
 
Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CVReal Time Object Detection Using Open CV
Real Time Object Detection Using Open CV
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a Fresher
 

Cyber security vs information assurance

  • 1. Distance Education for Africa / Enseignement á Distance Pour L’Afrique WWW.DEAFRICA.COM Cyber Security VS Information Assurance Olufemi Vaughan CISA, ITIL Instructor, DeAfrica July, 2015
  • 2. Distance Education for Africa / Enseignement á Distance Pour L’Afrique WWW.DEAFRICA.COM Table of Contents: Cyber Security vs Information Assurance: What is the difference? Introduction to Cyber Security and Information Assurance: What is the difference? Careers in Cyber security: challenges and issues and how to prepare for them
  • 3. Distance Education for Africa / Enseignement á Distance Pour L’Afrique WWW.DEAFRICA.COM Introduction  Richard Clarke was famously heard to say, "If you spend more on coffee than on IT security, then you will be hacked. What's more, you deserve to be hacked.”  The growing number of attacks on our cyber networks has become, in President Obama’s words, “one of the most serious economic and national security threats our nation faces.”
  • 4. Distance Education for Africa / Enseignement á Distance Pour L’Afrique WWW.DEAFRICA.COM What is Cyber Security?  Cyber security is the process of applying security measures to ensure confidentiality, integrity, and availability of data. Cyber security attempts to assure the protection of assets, which includes data, desktops, servers, buildings, and most importantly, humans. The goal of cyber security is to protect data both in transit and at rest.
  • 5. Distance Education for Africa / Enseignement á Distance Pour L’Afrique WWW.DEAFRICA.COM Who and What is at Risk?  Economy  Defense  Transportation  Medical  Government  Telecommunications  Energy Sector  Critical Infrastructure  Computers/Cable TV/Phones/MP3/Games
  • 6. Distance Education for Africa / Enseignement á Distance Pour L’Afrique WWW.DEAFRICA.COM What is Information Assurance? Information assurance is the process of adding business benefit through the use of Information Risk Management which increases the utility of information to authorized users, and reduces the utility of information to those unauthorized. It is strongly related to the field of information security, and also with business continuity.
  • 7. Distance Education for Africa / Enseignement á Distance Pour L’Afrique WWW.DEAFRICA.COM Fundamental Concept of Information Assurance  Confidentiality (privacy)  Integrity (quality, accuracy, relevance)  Availability (accessibility)
  • 8. Distance Education for Africa / Enseignement á Distance Pour L’Afrique WWW.DEAFRICA.COM Information Assurance Process The information assurance process typically begins with the enumeration and classification of the information assets to be protected. Next, the IA practitioner will perform a risk assessment for those assets. Vulnerabilities in the information assets are determined in order to enumerate the threats capable of exploiting the assets.
  • 9. Distance Education for Africa / Enseignement á Distance Pour L’Afrique WWW.DEAFRICA.COM Information Assurance Process The assessment then considers both the probability and impact of a threat exploiting a vulnerability in an asset, with impact usually measured in terms of cost to the asset's stakeholders. The sum of the products of the threats' impact and the probability of their occurring is the total risk to the information asset.
  • 10. Distance Education for Africa / Enseignement á Distance Pour L’Afrique WWW.DEAFRICA.COM Information Assurance Process With the risk assessment complete, the IA practitioner then develops a risk management plan. This plan proposes countermeasures that involve mitigating, eliminating, accepting, or transferring the risks, and considers prevention, detection, and response to threats. A framework published by a standards organization, such as Risk IT, CobiT, PCI DSS or ISO/IEC 27002, may guide development.
  • 11. Distance Education for Africa / Enseignement á Distance Pour L’Afrique WWW.DEAFRICA.COM Information Assurance Process After the risk management plan is implemented, it is tested and evaluated, often by means of formal audits. The IA process is an iterative one, in that the risk assessment and risk management plan are meant to be periodically revised and improved based on data gathered about their completeness and effectiveness.
  • 12. Distance Education for Africa / Enseignement á Distance Pour L’Afrique WWW.DEAFRICA.COM Concept of Information Security Physical Security: This is a significant part of any security system and cannot be ignored as it is an important line of defense for most organizations. Hardware Security can be primarily considered under Physical Security, even though some of the components of the hardware can be considered under other securities such as Network Security. TCP/IP is the underlying protocol for computer communication that facilitates distributed connectivity and communication facilities for sharing data between two computers present at different locations. TCP/IP is the underlying protocol that resulted in the invention of the Internet and the World Wide Web (WWW).
  • 13. Distance Education for Africa / Enseignement á Distance Pour L’Afrique WWW.DEAFRICA.COM Concept of Information Security Network Security: This is extremely essential to protect the data that is being transmitted and guarantee that the data is not tampered with during the transmission. Communications Security, that is, securing communications through the use of various mechanisms, can be considered broadly as a part of Network Security. Secure routing mechanisms, secure session mechanisms, and secure encryption mechanisms may be considered as part of Communications Security. Software Security, which broadly deals with the Operating System Security, the Application Security, and the security of software utilities/tools, including the security of tools used to provide information security. Operating systems provide many of the functionalities required for the servers and computers to work effectively, including communication capabilities with other systems, processing of information, and effective functioning of applications.
  • 14. Distance Education for Africa / Enseignement á Distance Pour L’Afrique WWW.DEAFRICA.COM Human or personnel security is another important layer. Keeping personnel motivated, making them aware of the information security risks, and involving them in the implementation of the same is an important aspect of information security which cannot be forgotten at any cost. Employees (permanent or temporary), contractors, and suppliers are all significant in this regard.
  • 15. Distance Education for Africa / Enseignement á Distance Pour L’Afrique WWW.DEAFRICA.COM Internet Usage  In 1995, 16 million users (0.4%)  In 2010, 1.6 billion users (23.5%)  In 2015, 3 billion users (47%)  Unable to treat physical and cyber security separately, they are intertwined.
  • 16. Distance Education for Africa / Enseignement á Distance Pour L’Afrique WWW.DEAFRICA.COM
  • 17. Distance Education for Africa / Enseignement á Distance Pour L’Afrique WWW.DEAFRICA.COM  A threat is any potential danger to information and systems  3 levels of cyber threats  Unstructured  Structured  Highly structured  Two types of threats: Internal and External Security Threats
  • 18. Distance Education for Africa / Enseignement á Distance Pour L’Afrique WWW.DEAFRICA.COM External Threats
  • 19. Distance Education for Africa / Enseignement á Distance Pour L’Afrique WWW.DEAFRICA.COM Internal Threat Internal threats originate from within the organization. The primary contributors to internal threats are employees, contractors, or suppliers to whom work is outsourced. The major threats are frauds, misuse of information, and/or destruction of information. Many internal threats primarily originate for the following reasons:
  • 20. Distance Education for Africa / Enseignement á Distance Pour L’Afrique WWW.DEAFRICA.COM Internal Threat Weak Security Policy Weak Security Administration Lack of User Security Awareness Layered Security and Defense In-depth Security
  • 21. Distance Education for Africa / Enseignement á Distance Pour L’Afrique WWW.DEAFRICA.COM Layered Approach to Security
  • 22. Distance Education for Africa / Enseignement á Distance Pour L’Afrique WWW.DEAFRICA.COM Questions? For more information, please visit www.deafrica.org or email info@deafrica.org