Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

2 Security And Internet Security


Published on

Published in: Technology
  • Dating for everyone is here: ❶❶❶ ❶❶❶
    Are you sure you want to  Yes  No
    Your message goes here
  • Dating direct: ♥♥♥ ♥♥♥
    Are you sure you want to  Yes  No
    Your message goes here
  • various kinds of security information helps to protect oneself and make awareness to all. great demonstration about internet security helps a lot..Thanks for your slide share.
    Are you sure you want to  Yes  No
    Your message goes here

2 Security And Internet Security

  1. 1. Security and Internet security Jasmina Trajkovski [email_address] ELSA Conference Strumica, 27.11.2008
  2. 2. Topics covered <ul><li>What is Security and Information Security? </li></ul><ul><li>Culture of Security </li></ul><ul><li>Global Information Security Trends </li></ul><ul><li>Security and Internet security </li></ul><ul><li>Best practices for senior managers </li></ul>
  3. 3. What is Security and Information Security?
  4. 4. What is Security? <ul><li>“ The quality or state of being secure—to be free from danger” </li></ul><ul><li>A successful organization should have multiple layers of security in place: </li></ul><ul><ul><li>Physical security </li></ul></ul><ul><ul><li>Personal security </li></ul></ul><ul><ul><li>Operations security </li></ul></ul><ul><ul><li>Communications security </li></ul></ul><ul><ul><li>Network security </li></ul></ul><ul><ul><li>Information security </li></ul></ul>
  5. 5. What is Information Security? <ul><li>The protection of information and its critical elements, including systems and hardware that use, store, and transmit that information </li></ul><ul><li>Necessary tools: policy, awareness, training, education, technology </li></ul><ul><li>C.I.A. triangle was standard based on confidentiality, integrity, and availability </li></ul><ul><li>C.I.A. triangle now expanded into list of critical characteristics of information </li></ul>
  6. 6.
  7. 7. Critical Characteristics of Information <ul><li>The value of information comes from the characteristics it possesses: </li></ul><ul><ul><li>Availability </li></ul></ul><ul><ul><li>Accuracy </li></ul></ul><ul><ul><li>Authenticity </li></ul></ul><ul><ul><li>Confidentiality </li></ul></ul><ul><ul><li>Integrity </li></ul></ul><ul><ul><li>Utility </li></ul></ul><ul><ul><li>Possession </li></ul></ul>
  8. 8. Figure 1-4 – NSTISSC Security Model NSTISSC Security Model
  9. 9. Culture of security
  10. 10. History <ul><li>OECD Guidelines for the Security </li></ul><ul><li>of Information Systems and Networks: </li></ul><ul><li>Towards a Culture of Security </li></ul><ul><li>ORGANISATION FOR ECONOMIC CO-OPERATION AND DEVELOPMENT </li></ul><ul><li>adopted as a Recommendation of the OECD Council at its 1037th Session on 25 July 2002 . </li></ul>
  11. 11. Principles part 1 <ul><li>Awareness </li></ul><ul><li>Participants should be aware of the need for security of information systems and networks and what they can do to enhance security. </li></ul><ul><li>Responsibility </li></ul><ul><li>All participants are responsible for the security of information systems and networks. </li></ul><ul><li>Response </li></ul><ul><li>Participants should act in a timely and co-operative manner to prevent, detect and respond to security incidents. </li></ul>
  12. 12. Principles part 2 <ul><li>Ethics </li></ul><ul><li>Participants should respect the legitimate interests of others. </li></ul><ul><li>Democracy </li></ul><ul><li>The security of information systems and networks should be compatible with essential values of a democratic society. </li></ul><ul><li>Risk assessment </li></ul><ul><li>Participants should conduct risk assessments. </li></ul>
  13. 13. Principles part 3 <ul><li>Security design and implementation </li></ul><ul><li>Participants should incorporate security as an essential element of information systems and networks. </li></ul><ul><li>Security management </li></ul><ul><li>Participants should adopt a comprehensive approach to security management. </li></ul><ul><li>Reassessment </li></ul><ul><li>Participants should review and reassess the security of information systems and networks, and make appropriate modifications to security policies, practices, measures and procedures. </li></ul>
  14. 14. Global Information Security Trends
  15. 15. Global information security survey 2008 – Ernst & Young 1/2 <ul><li>Meeting business objectives is a growing focus of information security. </li></ul><ul><li>Information security is now more integrated into overall risk management . </li></ul><ul><li>Information security remains isolated from executive management and the strategic decision making process. </li></ul><ul><li>Improving IT and operational efficiency are emerging as important objectives. </li></ul><ul><li>Compliance continues to be primary driver of information security improvements. </li></ul>
  16. 16. Global information security survey 2008 – Ernst & Young 2/2 <ul><li>Privacy and data protection have become increasingly important drivers of information security. </li></ul><ul><li>Organisations rely on audits and self-assessments to evaluate the effectiveness of their information security programs. </li></ul><ul><li>Organisations are demanding more from vendors and business partners in managing third-party relationships. </li></ul><ul><li>The greatest challenge to delivering information security projects continues to be the availability of experienced IT and information security resources . </li></ul>
  17. 17. Internet security
  18. 18. What is internet security <ul><li>Internet security involves the protection of a computer's internet account and files from intrusion of an outside user </li></ul><ul><li>Why is it important? </li></ul>
  19. 19. Our life on the internet <ul><li>electronic mail (e-mail) </li></ul><ul><li>Instant messaging: Skype, Gtalk, MSN messenger, Yahoo! messenger </li></ul><ul><li>Web 2.0 aplications: Facebook, Hi5, Myspace </li></ul><ul><li>e-commerce, e-banking, stock exchanges, </li></ul><ul><li>Collaborative workspaces </li></ul><ul><li>Educational portal and Student Information Systems </li></ul><ul><li>Official website of corporations, government </li></ul>
  20. 20. Aspects that need security on the internet <ul><li>Identity – who we are </li></ul><ul><ul><li>Internet personality </li></ul></ul><ul><ul><li>Profiles, user names, accounts </li></ul></ul><ul><li>Possessions – what we own </li></ul><ul><ul><li>Information on resources: money, grades, property </li></ul></ul><ul><li>Information flow – what we “say” </li></ul><ul><ul><li>Money transfers, sent e-mails, instant messages, submitted documents </li></ul></ul><ul><li>IT assets – what we utilize for our life on the net </li></ul><ul><ul><li>PCs, notebooks, flash drives, mobile phones,… </li></ul></ul>
  21. 21. Attach sophistication vs. Intruders knowledge
  22. 22. Best practices for information security for senior managers
  23. 23. Best practices – part 1 <ul><li>General management: Managers throughout the organization consider information security a normal part of their responsibility and the responsibility of every employee. </li></ul><ul><li>Policy: Develop, deploy, review, and enforce security policies that satisfy business objectives. </li></ul><ul><li>One of the tests of leadership is the ability to </li></ul><ul><li>recognize a problem before it becomes an emergency. </li></ul><ul><li>Arnold Glasgow (1908-1970) </li></ul>
  24. 24. Best practices – part 2 <ul><li>Risk Management: Periodically conduct an information security risk evaluation that identifies critical information assets, threats to critical assets, asset vulnerabilities, and risks. </li></ul><ul><li>In cases of defense ‘tis best to weigh the enemy </li></ul><ul><li>more mighty than he seems. </li></ul><ul><li>William Shakespeare(1564-1616) </li></ul>
  25. 25. Best practices – part 3 <ul><li>Security Architecture & Design: Generate, implement, and maintain an enterprise- (or site-) wide security architecture, based on satisfying business objectives and protecting the most critical information assets. </li></ul><ul><li>User Issues - Accountability and Training, and Adequate Expertise: Establish accountability for user actions, train for accountability and enforce it, as reflected in organizational policies and procedures. Ensure that there is adequate in-house expertise or explicitly outsourced expertise for all supported technologies, including the secure operation of those technologies. </li></ul>
  26. 26. <ul><li>There is one safeguard known generally to the wise, which is an advantage and security to all...What is it? Distrust. </li></ul><ul><li>Demosthenes (c. 384-322 B.C.) </li></ul>