information security
•Download as PPTX, PDF•
0 likes•487 views
Attaullah shigri from Federal urdu University of Arts Science and Technology
Recommended
More Related Content
What's hot
What's hot (20)
Similar to information security
Similar to information security (20)
Recently uploaded
Recently uploaded (20)
information security
- 2. What Is Security? “The quality or state of being secure--to be free from danger” To be protected from adversaries A successful organization should have multiple layers of security in place: Physical security Personal security Operations security Communications security Network security
- 3. Information security The protection of information and its elements including systems, hardware that use, store and transmit that information…..
- 4. Critical Characteristics Of Information The value of information comes from the characteristics it possesses. Availability Accuracy Authenticity Confidentiality Integrity Utility Possession
- 5. Information can be Created Stored Destroyed Processed Transmitted Used – (For proper & improper purposes) Lost Stolen
- 6. Printed or written on paper Stored electronically Transmitted by post or using electronics means Shown on corporate videos Displayed / published on web Verbal – spoken in conversations
- 7. Data TYPES Public Private / Internal Confidential Secret
- 8. PUBLIC Data is shown to all the end users
- 9. PRIVATE / INTERNAL A group of company peoples only know, but outside peoples should not know like Personal Identification Number (PIN)
- 10. CONFIDENTIAL Data is used by limited number of private users, and should not be known to the majority of workers
- 11. SECRET Data is known by the very high authority persons only. Lose of this data may cause critical damage to the company.
- 12. SECURITY TYPES Physical Security Personal Security Operations Security Communications Security Network Security Information Security .
- 13. PHYISCAL SECURITY To protect Physical items, objects or areas
- 14. PERSONAL SECURITY To protect the individual or group of individuals who are authorized
- 15. OPERATION SECURITY To protect the details of a particular operation or activities
- 16. COMMUNICATION SECURITY To protect communication media, technology and content
- 17. NETWORK SECURITY To protect networking components, connections and contents
- 19. Tools for security policy, awareness Training education and technology are necessary
- 20. Security Model
- 21. – Confidentiality Ensuring that information is accessible only to those authorized to have access – Integrity Safeguarding the accuracy and completeness of information and processing methods – Availability Ensuring that authorized users have access to information and associated assets when required INFORMATION ATTRIBUTES
- 22. • Information Security is “Organizational Problem” rather than “IT Problem” • More than 70% of Threats are Internal • More than 60% culprits are First Time fraudsters • Biggest Risk : People • Biggest Asset : People • Social Engineering is major threat
- 23. What is Risk? Risk: A possibility that a threat exploits a vulnerability in an asset and causes damage or loss to the asset. Threat: Something that can potentially cause damage to the organization, IT Systems or network. Vulnerability: A weakness in the organization, IT Systems, or network that can be exploited by a threat.
- 24. Threat Identification Elements of threats Agent : The catalyst that performs the threat. Human Machine Nature
- 25. High User Knowledge of IT Systems Theft, Sabotage, Misuse Virus Attacks Systems & Network Failure Lack Of Documentation Lapse in Physical Security Natural Calamities & Fire RiskandThreats