SlideShare a Scribd company logo
1 of 44
Download to read offline
SQUARE NORTH TECHNOLOGIES
Information Security Training
Chapter 1
Introduction to Information Security
Muhammad Lawal
Chief Executive Officer
elmuhammadm@gmail.com
08124350304
Learning Objectives
 Understand what information security is and how it came to
mean what it does today.
 Comprehend the history of computer security and how it
evolved into information security.
 Understand the key terms and critical concepts of information
security as presented in the chapter.
 Outline the phases of the security systems development life
cycle.
 Understand the role professionals involved in information
security in an organizational structure.
 Understand the business need for information security.
 Understand a successful information security program is the
responsibility of an organization‘s general management and I
T management.
 Understand the some threats posed to information security
and the more common attacks associated with those threats.
Introduction
 Some hundreds of years ago, we would have been
making living on agriculture.
 Say a hundred years ago you were likely to be
making a living working in a factory.
 Today, we live in the information age where
everyone has a job somehow connected to
information stored in digital form on a network.
The History Of Information
Security
Computer security began immediately after the
first mainframes were developed
Physical controls were needed to limit access to
authorized personnel to sensitive military
locations
Only rudimentary controls were available to
defend against physical theft, espionage, and
sabotage
The 1960s
• Department of Defense’s Advanced Research
Project Agency (ARPA) began examining the
feasibility of a redundant networked communi
cations
chapter 1. Introduction to Information Security
The 1970s and 80s
• ARPANET grew in popularity as did its potential
for misuse
• Fundamental problems with ARPANET security
were identified
– No safety procedures for dial-up connections
to the ARPANET
– User identification and authorization to the
system were non-existent
• In the late 1970s the microprocessor expanded
computing capabilities and security threats
R-609 – The Start of the Study of
Computer Security
• Information Security began with Rand Report
R-609
• The scope of computer security grew from
physical security to include:
– Safety of the data
– Limiting unauthorized access to that data
– Involvement of personnel from multiple levels of
the organization
The 1990s
• Networks of computers became more
common, so too did the need to interconnect
the networks
• Resulted in the Internet, the first
manifestation of a global network of networks
• In early Internet deployments, security was
treated as a low priority
The Present
• The Internet has brought millions of computer
networks into communication with each
other – many of them unsecured
• Ability to secure each now influenced by the
security on every computer to which it is
connected
What is Security?
 The quality or state of being secure—to be fre
e from danger
 A successful organization should have multipl
e layers of security in place:
• Physical security
• Personal security
• Operations security
• Communications security
• Network security
• Information security
Critical Characteristics of Information
• The value of information comes from the char
acteristics it possesses:
– Availability
– Accuracy
– Authenticity
– Confidentiality
– Integrity
– Utility
– Possession
Components of an Information System
• Information system (IS) is the entire set of
software, hardware, data, people, procedures,
and networks necessary to use information as
a resource in the organisation
Bottom Up Approach
• Security from a grass-roots effort - systems
administrators attempt to improve the security
of their systems
• Key advantage - technical expertise of the
individual administrators
• Seldom works, as it lacks a number of critical
features:
– participant support
– organizational staying power
Top-down Approach
• Initiated by upper management:
– issue policy, procedures, and processes
– dictate the goals and expected outcomes of the
project
– determine who is accountable for each of the
required actions
• This approach has strong upper management support,
a dedicated champion, dedicated funding, clear
planning, and the chance to influence organizational
culture
• May also involve a formal development strategy
referred to as a systems development life cycle
– Most successful top-down approach
chapter 1. Introduction to Information Security
The Systems Development Life
Cycle
• Information security must be managed in a
manner similar to any other major system
implemented in the organization
• Using a methodology
– ensures a rigorous process
– avoids missing steps
• The goal is creating a comprehensive security
posture/program
The Security Systems Development Life Cycle
• The same phases used in traditional SDLC may be adapte
d to support specialized implementation of an IS project
• Investigation
• Analysis
• Logical design
• Physical design
• Implementation
• Maintenance & change
• Identification of specific threats and creating controls to
counter them
• SecSDLC is a coherent program rather than a seri
es of random, seemingly unconnected actions
chapter 1. Introduction to Information Security
Investigation
• Identifies process, outcomes, goals, and const
raints of the project
• Begins with enterprise information security po
licy
• Organizational feasibility analysis is performed
Analysis
• Documents from investigation phase are studied
• Analyzes existing security policies or programs, a
long with documented current threats and assoc
iated controls
• Includes analysis of relevant legal issues that co
uld impact design of the security solution
• The risk management task begins
Logical Design
• Creates and develops blueprints for information secu
rity
• Incident response actions planned:
– Continuity planning
– Incident response
– Disaster recovery
• Feasibility analysis to determine whether project sho
uld continue or be outsourced
Physical Design
• Needed security technology is evaluated,
alternatives generated, and final design
selected
• At end of phase, feasibility study determines
readiness of organization for project
Implementation
• Security solutions are acquired, tested,
implemented, and tested again
• Personnel issues evaluated; specific training
and education programs conducted
• Entire tested package is presented to
management for final approval
Maintenance and Change
• Perhaps the most important phase, given the
ever-changing threat environment
• Often, reparation and restoration of information
is a constant duel with an unseen adversary
• Information security profile of an organization
requires constant adaptation as new threats
emerge and old threats evolve
Professionals involved in information security
within an organization
Senior Management
 Chief Information Officer (CIO)
• Senior technology officer
• Primarily responsible for advising senior executives on
strategic planning
 Chief Information Security Officer (CISO)
• Primarily responsible for assessment, management, an
d implementation of IS in the organization
• Usually reports directly to the CIO
Information Security Project Team
 A number of individuals who are experienced
in one or more facets of required technical an
d nontechnical areas:
• Champion
• Team leader
• Security policy developers
• Risk assessment specialists
• Security professionals
• Systems administrators
• End users
Data Ownership
• Data owner: responsible for the security and u
se of a particular set of information
• Data custodian: responsible for storage, maint
enance, and protection of information
• Data users: end users who work with informat
ion to perform their daily jobs supporting the
mission of the organization
What is Information Security?
• “The concepts, techniques, technical measures, and adminis
trative measures used to protect information assets from deli
berate or inadvertent unauthorised acquisition, damage, discl
osure, manipulation, modification, loss, or use is information
security.”
or
• means protecting information and information systems from
unauthorised access, use, disclosure, modification or destructi
on.
or
• Implementing suitable controls - policies, practices, procedur
es, organisational structures, software, etc, to secure informa
tion for any information user.
• The protection of information and its critical e
lements, including systems and hardware that
use, store, and transmit that information
• Necessary tools: policy, awareness, training, e
ducation, technology
• C.I.A. triangle was standard based on confiden
tiality, integrity, and availability
• C.I.A. triangle now expanded into list of critica
l characteristics of information
How Can Information Security Be Achieved
Access to
network resource
will be granted
through a unique
user ID and
password
Passwords
will be 8
characters
long
Passwords
should include
one non-alpha
and not found
in dictionary
Information Security is achieved by implementing a suitable set of controls, which
could be:
These controls need to be established in order to ensure that the specific security
objectives of the organization are met.
Information Security Goals
 Confidentiality - making sure that those who should
not see the information can not see it.
 Integrity - making sure the information has not been
changed from how it was intended to be.
 Availability – making sure the information is available
for use when needed.
Confidentiality
Integrity Availability
Security Goals
Securing Components
• Computer can be subject of an attack and/or the obj
ect of an attack
– When the subject of an attack, computer is used as an
active tool to conduct attack
– When the object of an attack, computer is the entity b
eing attacked
chapter 1. Introduction to Information Security
Balancing Information Security and Access
• Impossible to obtain perfect security—it is a p
rocess, not an absolute
• Security should be considered balance betwee
n protection and availability
• To achieve balance, level of security must allo
w reasonable access, yet protect against threa
ts
Balancing security and access
The Need for Information Security
Business Needs First
Technology Needs Last
Information security performs three important functions
for an organization:
• Protects the organization‘s ability to function
– Communities of interest must argue for information security in ter
ms of impact and cost
• Enables the safe operation of applications implemented on
the organization‘s IT systems
– Organizations must create integrated, efficient, and capable applic
ations
– Organization need environments that safeguard applications
• Protects the data the organization collects and
uses
– One of the most valuable assets is data
– Without data, an organization loses its record of trans
actions and/or its ability to deliver value to its custom
ers
– An effective information security program is essential
to the protection of the integrity and value of the orga
nization‘s data
Technology Needs
• Safeguards the technological assets in use at the organi
zation
• Organizations must have secure infrastructure services b
ased on the size and scope of the enterprise
Areas of Information System Security
 Data security
 Computer security
 LAN or Network security
 Internet security
Major Threats & Issues
Basic Threats
 Theft of password
 E-mail based threats
 E-mail based extortion
 Launch of malicious codes (trojans)
Corporate threats
• Web defacement
• Corporate espionage
• Website based launch of malicious code cheating and fraud
• Exchange of criminal ideas and tools
• Cyber harassment
• Forge websites
Online threats
• E-mail spamming
• Theft of software and electronic records
• Cyber stalking
• E-mail bombing
• Denial of service attacks
Protecting your computer and network
 Physical security
 Securing desktop computers
 Securing laptops/notebooks/handheld computers
 Securing network security
 Software security
 Protect against internet intruders with firewall
s and IDS
 Protect against viruses and other malware
 Protect against spyware and adware
 Protect against unwanted email
General spam protection practices
 Do not give out your email address indiscriminately
 Leave your email signature line blank if you post to a
newsgroup
 Do not reply to junk messages
 Do not open obvious spam mails
 Report to appropriate person – systems administrator

More Related Content

What's hot

INFORMATION SECURITY
INFORMATION SECURITYINFORMATION SECURITY
INFORMATION SECURITYAhmed Moussa
 
Information Assurance And Security - Chapter 1 - Lesson 2
Information Assurance And Security - Chapter 1 - Lesson 2Information Assurance And Security - Chapter 1 - Lesson 2
Information Assurance And Security - Chapter 1 - Lesson 2MLG College of Learning, Inc
 
Information Security Lecture #1 ppt
Information Security Lecture #1 pptInformation Security Lecture #1 ppt
Information Security Lecture #1 pptvasanthimuniasamy
 
Basics of Information System Security
Basics of Information System SecurityBasics of Information System Security
Basics of Information System Securitychauhankapil
 
Information Security- Threats and Attacks presentation by DHEERAJ KATARIA
Information Security- Threats and Attacks presentation by DHEERAJ KATARIAInformation Security- Threats and Attacks presentation by DHEERAJ KATARIA
Information Security- Threats and Attacks presentation by DHEERAJ KATARIADheeraj Kataria
 
Security risk management
Security risk managementSecurity risk management
Security risk managementG Prachi
 
Introduction to Cyber Security
Introduction to Cyber SecurityIntroduction to Cyber Security
Introduction to Cyber SecurityStephen Lahanas
 
Information security management
Information security managementInformation security management
Information security managementUMaine
 
Information security
Information security Information security
Information security razendar79
 
1. introduction to cyber security
1. introduction to cyber security1. introduction to cyber security
1. introduction to cyber securityAnimesh Roy
 
Information Security Lecture Notes
Information Security Lecture NotesInformation Security Lecture Notes
Information Security Lecture NotesFellowBuddy.com
 
Security management concepts and principles
Security management concepts and principlesSecurity management concepts and principles
Security management concepts and principlesDivya Tiwari
 
Computer Security Presentation
Computer Security PresentationComputer Security Presentation
Computer Security PresentationPraphullaShrestha1
 
Information Security Risk Management
Information Security Risk Management Information Security Risk Management
Information Security Risk Management Ersoy AKSOY
 
Introduction to security
Introduction to securityIntroduction to security
Introduction to securityMukesh Chinta
 

What's hot (20)

Information security
Information securityInformation security
Information security
 
INFORMATION SECURITY
INFORMATION SECURITYINFORMATION SECURITY
INFORMATION SECURITY
 
Ethics in-information-security
Ethics in-information-securityEthics in-information-security
Ethics in-information-security
 
Information Assurance And Security - Chapter 1 - Lesson 2
Information Assurance And Security - Chapter 1 - Lesson 2Information Assurance And Security - Chapter 1 - Lesson 2
Information Assurance And Security - Chapter 1 - Lesson 2
 
Information Security Lecture #1 ppt
Information Security Lecture #1 pptInformation Security Lecture #1 ppt
Information Security Lecture #1 ppt
 
Basics of Information System Security
Basics of Information System SecurityBasics of Information System Security
Basics of Information System Security
 
Information Security- Threats and Attacks presentation by DHEERAJ KATARIA
Information Security- Threats and Attacks presentation by DHEERAJ KATARIAInformation Security- Threats and Attacks presentation by DHEERAJ KATARIA
Information Security- Threats and Attacks presentation by DHEERAJ KATARIA
 
Security risk management
Security risk managementSecurity risk management
Security risk management
 
Introduction to Cyber Security
Introduction to Cyber SecurityIntroduction to Cyber Security
Introduction to Cyber Security
 
Information security management
Information security managementInformation security management
Information security management
 
Domain 1 - Security and Risk Management
Domain 1 - Security and Risk ManagementDomain 1 - Security and Risk Management
Domain 1 - Security and Risk Management
 
Network security
Network securityNetwork security
Network security
 
Cybersecurity
CybersecurityCybersecurity
Cybersecurity
 
Information security
Information security Information security
Information security
 
1. introduction to cyber security
1. introduction to cyber security1. introduction to cyber security
1. introduction to cyber security
 
Information Security Lecture Notes
Information Security Lecture NotesInformation Security Lecture Notes
Information Security Lecture Notes
 
Security management concepts and principles
Security management concepts and principlesSecurity management concepts and principles
Security management concepts and principles
 
Computer Security Presentation
Computer Security PresentationComputer Security Presentation
Computer Security Presentation
 
Information Security Risk Management
Information Security Risk Management Information Security Risk Management
Information Security Risk Management
 
Introduction to security
Introduction to securityIntroduction to security
Introduction to security
 

Similar to chapter 1. Introduction to Information Security

Introduction to information security
Introduction to information securityIntroduction to information security
Introduction to information securityKumawat Dharmpal
 
Introduction to Cybersecurity.pdf
Introduction to Cybersecurity.pdfIntroduction to Cybersecurity.pdf
Introduction to Cybersecurity.pdfssuserf98dd4
 
Introduction to information security
Introduction to information securityIntroduction to information security
Introduction to information securityKATHEESKUMAR S
 
is_1_Introduction to Information Security
is_1_Introduction to Information Securityis_1_Introduction to Information Security
is_1_Introduction to Information SecuritySARJERAO Sarju
 
Human Factors_MODULE_2.pptx
Human Factors_MODULE_2.pptxHuman Factors_MODULE_2.pptx
Human Factors_MODULE_2.pptxShreeveni
 
Chapter 1 introduction(web security)
Chapter 1 introduction(web security)Chapter 1 introduction(web security)
Chapter 1 introduction(web security)Kirti Ahirrao
 
SECURITY AND CONTROL
SECURITY AND CONTROLSECURITY AND CONTROL
SECURITY AND CONTROLshinydey
 
IT8073 INFORMATION SECURITY FOR FINAL YEAR COMPUTER SCIENCE ENGINEERING
IT8073 INFORMATION SECURITY FOR FINAL YEAR COMPUTER SCIENCE ENGINEERINGIT8073 INFORMATION SECURITY FOR FINAL YEAR COMPUTER SCIENCE ENGINEERING
IT8073 INFORMATION SECURITY FOR FINAL YEAR COMPUTER SCIENCE ENGINEERINGThumilvannanSambanda
 
Unit 1&2.pdf
Unit 1&2.pdfUnit 1&2.pdf
Unit 1&2.pdfNdheh
 
Information security
Information securityInformation security
Information securityPraveen Minz
 
information security management
information security managementinformation security management
information security managementGurpreetkaur838
 
Cervone uof t - nist framework (1)
Cervone   uof t - nist framework (1)Cervone   uof t - nist framework (1)
Cervone uof t - nist framework (1)Stephen Abram
 
Fundamentals of-information-security
Fundamentals of-information-security Fundamentals of-information-security
Fundamentals of-information-security madunix
 
IT Security Architecture & Leadership, 03 - 06 March 2019 Dubai, UAE
IT Security Architecture & Leadership, 03 - 06 March 2019 Dubai, UAEIT Security Architecture & Leadership, 03 - 06 March 2019 Dubai, UAE
IT Security Architecture & Leadership, 03 - 06 March 2019 Dubai, UAE360 BSI
 
Cyber-Security-Unit-1.pptx
Cyber-Security-Unit-1.pptxCyber-Security-Unit-1.pptx
Cyber-Security-Unit-1.pptxTikdiPatel
 
Introduction to information security - by Ivan Nganda
Introduction to information security - by Ivan NgandaIntroduction to information security - by Ivan Nganda
Introduction to information security - by Ivan NgandaSee You Rise Holdings
 
Cybersecurity Management: Preventing Data Breaches in the Age of Big Data, 25...
Cybersecurity Management: Preventing Data Breaches in the Age of Big Data, 25...Cybersecurity Management: Preventing Data Breaches in the Age of Big Data, 25...
Cybersecurity Management: Preventing Data Breaches in the Age of Big Data, 25...360 BSI
 
Secure Your High Risk Data
 Secure Your High Risk Data  Secure Your High Risk Data
Secure Your High Risk Data Naveed Ahmed
 

Similar to chapter 1. Introduction to Information Security (20)

Introduction to information security
Introduction to information securityIntroduction to information security
Introduction to information security
 
Introduction to Cybersecurity.pdf
Introduction to Cybersecurity.pdfIntroduction to Cybersecurity.pdf
Introduction to Cybersecurity.pdf
 
Introduction to information security
Introduction to information securityIntroduction to information security
Introduction to information security
 
is_1_Introduction to Information Security
is_1_Introduction to Information Securityis_1_Introduction to Information Security
is_1_Introduction to Information Security
 
Human Factors_MODULE_2.pptx
Human Factors_MODULE_2.pptxHuman Factors_MODULE_2.pptx
Human Factors_MODULE_2.pptx
 
Chapter 1 introduction(web security)
Chapter 1 introduction(web security)Chapter 1 introduction(web security)
Chapter 1 introduction(web security)
 
SECURITY AND CONTROL
SECURITY AND CONTROLSECURITY AND CONTROL
SECURITY AND CONTROL
 
IT8073 INFORMATION SECURITY FOR FINAL YEAR COMPUTER SCIENCE ENGINEERING
IT8073 INFORMATION SECURITY FOR FINAL YEAR COMPUTER SCIENCE ENGINEERINGIT8073 INFORMATION SECURITY FOR FINAL YEAR COMPUTER SCIENCE ENGINEERING
IT8073 INFORMATION SECURITY FOR FINAL YEAR COMPUTER SCIENCE ENGINEERING
 
Unit 1&2.pdf
Unit 1&2.pdfUnit 1&2.pdf
Unit 1&2.pdf
 
Information security
Information securityInformation security
Information security
 
information security management
information security managementinformation security management
information security management
 
Cervone uof t - nist framework (1)
Cervone   uof t - nist framework (1)Cervone   uof t - nist framework (1)
Cervone uof t - nist framework (1)
 
Fundamentals of-information-security
Fundamentals of-information-security Fundamentals of-information-security
Fundamentals of-information-security
 
IT Security Architecture & Leadership, 03 - 06 March 2019 Dubai, UAE
IT Security Architecture & Leadership, 03 - 06 March 2019 Dubai, UAEIT Security Architecture & Leadership, 03 - 06 March 2019 Dubai, UAE
IT Security Architecture & Leadership, 03 - 06 March 2019 Dubai, UAE
 
Cyber-Security-Unit-1.pptx
Cyber-Security-Unit-1.pptxCyber-Security-Unit-1.pptx
Cyber-Security-Unit-1.pptx
 
internet security and cyber lawUnit1
internet security and  cyber lawUnit1internet security and  cyber lawUnit1
internet security and cyber lawUnit1
 
Introduction to information security - by Ivan Nganda
Introduction to information security - by Ivan NgandaIntroduction to information security - by Ivan Nganda
Introduction to information security - by Ivan Nganda
 
Information security.pptx
Information security.pptxInformation security.pptx
Information security.pptx
 
Cybersecurity Management: Preventing Data Breaches in the Age of Big Data, 25...
Cybersecurity Management: Preventing Data Breaches in the Age of Big Data, 25...Cybersecurity Management: Preventing Data Breaches in the Age of Big Data, 25...
Cybersecurity Management: Preventing Data Breaches in the Age of Big Data, 25...
 
Secure Your High Risk Data
 Secure Your High Risk Data  Secure Your High Risk Data
Secure Your High Risk Data
 

Recently uploaded

Valere | Digital Solutions & AI Transformation Portfolio | 2024
Valere | Digital Solutions & AI Transformation Portfolio | 2024Valere | Digital Solutions & AI Transformation Portfolio | 2024
Valere | Digital Solutions & AI Transformation Portfolio | 2024Alexander Turgeon
 
Videogame localization & technology_ how to enhance the power of translation.pdf
Videogame localization & technology_ how to enhance the power of translation.pdfVideogame localization & technology_ how to enhance the power of translation.pdf
Videogame localization & technology_ how to enhance the power of translation.pdfinfogdgmi
 
Bird eye's view on Camunda open source ecosystem
Bird eye's view on Camunda open source ecosystemBird eye's view on Camunda open source ecosystem
Bird eye's view on Camunda open source ecosystemAsko Soukka
 
ADOPTING WEB 3 FOR YOUR BUSINESS: A STEP-BY-STEP GUIDE
ADOPTING WEB 3 FOR YOUR BUSINESS: A STEP-BY-STEP GUIDEADOPTING WEB 3 FOR YOUR BUSINESS: A STEP-BY-STEP GUIDE
ADOPTING WEB 3 FOR YOUR BUSINESS: A STEP-BY-STEP GUIDELiveplex
 
Using IESVE for Loads, Sizing and Heat Pump Modeling to Achieve Decarbonization
Using IESVE for Loads, Sizing and Heat Pump Modeling to Achieve DecarbonizationUsing IESVE for Loads, Sizing and Heat Pump Modeling to Achieve Decarbonization
Using IESVE for Loads, Sizing and Heat Pump Modeling to Achieve DecarbonizationIES VE
 
activity_diagram_combine_v4_20190827.pdfactivity_diagram_combine_v4_20190827.pdf
activity_diagram_combine_v4_20190827.pdfactivity_diagram_combine_v4_20190827.pdfactivity_diagram_combine_v4_20190827.pdfactivity_diagram_combine_v4_20190827.pdf
activity_diagram_combine_v4_20190827.pdfactivity_diagram_combine_v4_20190827.pdfJamie (Taka) Wang
 
How Accurate are Carbon Emissions Projections?
How Accurate are Carbon Emissions Projections?How Accurate are Carbon Emissions Projections?
How Accurate are Carbon Emissions Projections?IES VE
 
COMPUTER 10: Lesson 7 - File Storage and Online Collaboration
COMPUTER 10: Lesson 7 - File Storage and Online CollaborationCOMPUTER 10: Lesson 7 - File Storage and Online Collaboration
COMPUTER 10: Lesson 7 - File Storage and Online Collaborationbruanjhuli
 
Empowering Africa's Next Generation: The AI Leadership Blueprint
Empowering Africa's Next Generation: The AI Leadership BlueprintEmpowering Africa's Next Generation: The AI Leadership Blueprint
Empowering Africa's Next Generation: The AI Leadership BlueprintMahmoud Rabie
 
UiPath Community: AI for UiPath Automation Developers
UiPath Community: AI for UiPath Automation DevelopersUiPath Community: AI for UiPath Automation Developers
UiPath Community: AI for UiPath Automation DevelopersUiPathCommunity
 
UiPath Studio Web workshop series - Day 8
UiPath Studio Web workshop series - Day 8UiPath Studio Web workshop series - Day 8
UiPath Studio Web workshop series - Day 8DianaGray10
 
The Data Metaverse: Unpacking the Roles, Use Cases, and Tech Trends in Data a...
The Data Metaverse: Unpacking the Roles, Use Cases, and Tech Trends in Data a...The Data Metaverse: Unpacking the Roles, Use Cases, and Tech Trends in Data a...
The Data Metaverse: Unpacking the Roles, Use Cases, and Tech Trends in Data a...Aggregage
 
Anypoint Code Builder , Google Pub sub connector and MuleSoft RPA
Anypoint Code Builder , Google Pub sub connector and MuleSoft RPAAnypoint Code Builder , Google Pub sub connector and MuleSoft RPA
Anypoint Code Builder , Google Pub sub connector and MuleSoft RPAshyamraj55
 
Machine Learning Model Validation (Aijun Zhang 2024).pdf
Machine Learning Model Validation (Aijun Zhang 2024).pdfMachine Learning Model Validation (Aijun Zhang 2024).pdf
Machine Learning Model Validation (Aijun Zhang 2024).pdfAijun Zhang
 
The Kubernetes Gateway API and its role in Cloud Native API Management
The Kubernetes Gateway API and its role in Cloud Native API ManagementThe Kubernetes Gateway API and its role in Cloud Native API Management
The Kubernetes Gateway API and its role in Cloud Native API ManagementNuwan Dias
 
Cybersecurity Workshop #1.pptx
Cybersecurity Workshop #1.pptxCybersecurity Workshop #1.pptx
Cybersecurity Workshop #1.pptxGDSC PJATK
 
KubeConEU24-Monitoring Kubernetes and Cloud Spend with OpenCost
KubeConEU24-Monitoring Kubernetes and Cloud Spend with OpenCostKubeConEU24-Monitoring Kubernetes and Cloud Spend with OpenCost
KubeConEU24-Monitoring Kubernetes and Cloud Spend with OpenCostMatt Ray
 
VoIP Service and Marketing using Odoo and Asterisk PBX
VoIP Service and Marketing using Odoo and Asterisk PBXVoIP Service and Marketing using Odoo and Asterisk PBX
VoIP Service and Marketing using Odoo and Asterisk PBXTarek Kalaji
 
COMPUTER 10 Lesson 8 - Building a Website
COMPUTER 10 Lesson 8 - Building a WebsiteCOMPUTER 10 Lesson 8 - Building a Website
COMPUTER 10 Lesson 8 - Building a Websitedgelyza
 
Governance in SharePoint Premium:What's in the box?
Governance in SharePoint Premium:What's in the box?Governance in SharePoint Premium:What's in the box?
Governance in SharePoint Premium:What's in the box?Juan Carlos Gonzalez
 

Recently uploaded (20)

Valere | Digital Solutions & AI Transformation Portfolio | 2024
Valere | Digital Solutions & AI Transformation Portfolio | 2024Valere | Digital Solutions & AI Transformation Portfolio | 2024
Valere | Digital Solutions & AI Transformation Portfolio | 2024
 
Videogame localization & technology_ how to enhance the power of translation.pdf
Videogame localization & technology_ how to enhance the power of translation.pdfVideogame localization & technology_ how to enhance the power of translation.pdf
Videogame localization & technology_ how to enhance the power of translation.pdf
 
Bird eye's view on Camunda open source ecosystem
Bird eye's view on Camunda open source ecosystemBird eye's view on Camunda open source ecosystem
Bird eye's view on Camunda open source ecosystem
 
ADOPTING WEB 3 FOR YOUR BUSINESS: A STEP-BY-STEP GUIDE
ADOPTING WEB 3 FOR YOUR BUSINESS: A STEP-BY-STEP GUIDEADOPTING WEB 3 FOR YOUR BUSINESS: A STEP-BY-STEP GUIDE
ADOPTING WEB 3 FOR YOUR BUSINESS: A STEP-BY-STEP GUIDE
 
Using IESVE for Loads, Sizing and Heat Pump Modeling to Achieve Decarbonization
Using IESVE for Loads, Sizing and Heat Pump Modeling to Achieve DecarbonizationUsing IESVE for Loads, Sizing and Heat Pump Modeling to Achieve Decarbonization
Using IESVE for Loads, Sizing and Heat Pump Modeling to Achieve Decarbonization
 
activity_diagram_combine_v4_20190827.pdfactivity_diagram_combine_v4_20190827.pdf
activity_diagram_combine_v4_20190827.pdfactivity_diagram_combine_v4_20190827.pdfactivity_diagram_combine_v4_20190827.pdfactivity_diagram_combine_v4_20190827.pdf
activity_diagram_combine_v4_20190827.pdfactivity_diagram_combine_v4_20190827.pdf
 
How Accurate are Carbon Emissions Projections?
How Accurate are Carbon Emissions Projections?How Accurate are Carbon Emissions Projections?
How Accurate are Carbon Emissions Projections?
 
COMPUTER 10: Lesson 7 - File Storage and Online Collaboration
COMPUTER 10: Lesson 7 - File Storage and Online CollaborationCOMPUTER 10: Lesson 7 - File Storage and Online Collaboration
COMPUTER 10: Lesson 7 - File Storage and Online Collaboration
 
Empowering Africa's Next Generation: The AI Leadership Blueprint
Empowering Africa's Next Generation: The AI Leadership BlueprintEmpowering Africa's Next Generation: The AI Leadership Blueprint
Empowering Africa's Next Generation: The AI Leadership Blueprint
 
UiPath Community: AI for UiPath Automation Developers
UiPath Community: AI for UiPath Automation DevelopersUiPath Community: AI for UiPath Automation Developers
UiPath Community: AI for UiPath Automation Developers
 
UiPath Studio Web workshop series - Day 8
UiPath Studio Web workshop series - Day 8UiPath Studio Web workshop series - Day 8
UiPath Studio Web workshop series - Day 8
 
The Data Metaverse: Unpacking the Roles, Use Cases, and Tech Trends in Data a...
The Data Metaverse: Unpacking the Roles, Use Cases, and Tech Trends in Data a...The Data Metaverse: Unpacking the Roles, Use Cases, and Tech Trends in Data a...
The Data Metaverse: Unpacking the Roles, Use Cases, and Tech Trends in Data a...
 
Anypoint Code Builder , Google Pub sub connector and MuleSoft RPA
Anypoint Code Builder , Google Pub sub connector and MuleSoft RPAAnypoint Code Builder , Google Pub sub connector and MuleSoft RPA
Anypoint Code Builder , Google Pub sub connector and MuleSoft RPA
 
Machine Learning Model Validation (Aijun Zhang 2024).pdf
Machine Learning Model Validation (Aijun Zhang 2024).pdfMachine Learning Model Validation (Aijun Zhang 2024).pdf
Machine Learning Model Validation (Aijun Zhang 2024).pdf
 
The Kubernetes Gateway API and its role in Cloud Native API Management
The Kubernetes Gateway API and its role in Cloud Native API ManagementThe Kubernetes Gateway API and its role in Cloud Native API Management
The Kubernetes Gateway API and its role in Cloud Native API Management
 
Cybersecurity Workshop #1.pptx
Cybersecurity Workshop #1.pptxCybersecurity Workshop #1.pptx
Cybersecurity Workshop #1.pptx
 
KubeConEU24-Monitoring Kubernetes and Cloud Spend with OpenCost
KubeConEU24-Monitoring Kubernetes and Cloud Spend with OpenCostKubeConEU24-Monitoring Kubernetes and Cloud Spend with OpenCost
KubeConEU24-Monitoring Kubernetes and Cloud Spend with OpenCost
 
VoIP Service and Marketing using Odoo and Asterisk PBX
VoIP Service and Marketing using Odoo and Asterisk PBXVoIP Service and Marketing using Odoo and Asterisk PBX
VoIP Service and Marketing using Odoo and Asterisk PBX
 
COMPUTER 10 Lesson 8 - Building a Website
COMPUTER 10 Lesson 8 - Building a WebsiteCOMPUTER 10 Lesson 8 - Building a Website
COMPUTER 10 Lesson 8 - Building a Website
 
Governance in SharePoint Premium:What's in the box?
Governance in SharePoint Premium:What's in the box?Governance in SharePoint Premium:What's in the box?
Governance in SharePoint Premium:What's in the box?
 

chapter 1. Introduction to Information Security

  • 1. SQUARE NORTH TECHNOLOGIES Information Security Training Chapter 1 Introduction to Information Security Muhammad Lawal Chief Executive Officer elmuhammadm@gmail.com 08124350304
  • 2. Learning Objectives  Understand what information security is and how it came to mean what it does today.  Comprehend the history of computer security and how it evolved into information security.  Understand the key terms and critical concepts of information security as presented in the chapter.  Outline the phases of the security systems development life cycle.  Understand the role professionals involved in information security in an organizational structure.  Understand the business need for information security.  Understand a successful information security program is the responsibility of an organization‘s general management and I T management.  Understand the some threats posed to information security and the more common attacks associated with those threats.
  • 3. Introduction  Some hundreds of years ago, we would have been making living on agriculture.  Say a hundred years ago you were likely to be making a living working in a factory.  Today, we live in the information age where everyone has a job somehow connected to information stored in digital form on a network.
  • 4. The History Of Information Security Computer security began immediately after the first mainframes were developed Physical controls were needed to limit access to authorized personnel to sensitive military locations Only rudimentary controls were available to defend against physical theft, espionage, and sabotage
  • 5. The 1960s • Department of Defense’s Advanced Research Project Agency (ARPA) began examining the feasibility of a redundant networked communi cations
  • 7. The 1970s and 80s • ARPANET grew in popularity as did its potential for misuse • Fundamental problems with ARPANET security were identified – No safety procedures for dial-up connections to the ARPANET – User identification and authorization to the system were non-existent • In the late 1970s the microprocessor expanded computing capabilities and security threats
  • 8. R-609 – The Start of the Study of Computer Security • Information Security began with Rand Report R-609 • The scope of computer security grew from physical security to include: – Safety of the data – Limiting unauthorized access to that data – Involvement of personnel from multiple levels of the organization
  • 9. The 1990s • Networks of computers became more common, so too did the need to interconnect the networks • Resulted in the Internet, the first manifestation of a global network of networks • In early Internet deployments, security was treated as a low priority
  • 10. The Present • The Internet has brought millions of computer networks into communication with each other – many of them unsecured • Ability to secure each now influenced by the security on every computer to which it is connected
  • 11. What is Security?  The quality or state of being secure—to be fre e from danger  A successful organization should have multipl e layers of security in place: • Physical security • Personal security • Operations security • Communications security • Network security • Information security
  • 12. Critical Characteristics of Information • The value of information comes from the char acteristics it possesses: – Availability – Accuracy – Authenticity – Confidentiality – Integrity – Utility – Possession
  • 13. Components of an Information System • Information system (IS) is the entire set of software, hardware, data, people, procedures, and networks necessary to use information as a resource in the organisation
  • 14. Bottom Up Approach • Security from a grass-roots effort - systems administrators attempt to improve the security of their systems • Key advantage - technical expertise of the individual administrators • Seldom works, as it lacks a number of critical features: – participant support – organizational staying power
  • 15. Top-down Approach • Initiated by upper management: – issue policy, procedures, and processes – dictate the goals and expected outcomes of the project – determine who is accountable for each of the required actions • This approach has strong upper management support, a dedicated champion, dedicated funding, clear planning, and the chance to influence organizational culture • May also involve a formal development strategy referred to as a systems development life cycle – Most successful top-down approach
  • 17. The Systems Development Life Cycle • Information security must be managed in a manner similar to any other major system implemented in the organization • Using a methodology – ensures a rigorous process – avoids missing steps • The goal is creating a comprehensive security posture/program
  • 18. The Security Systems Development Life Cycle • The same phases used in traditional SDLC may be adapte d to support specialized implementation of an IS project • Investigation • Analysis • Logical design • Physical design • Implementation • Maintenance & change • Identification of specific threats and creating controls to counter them • SecSDLC is a coherent program rather than a seri es of random, seemingly unconnected actions
  • 20. Investigation • Identifies process, outcomes, goals, and const raints of the project • Begins with enterprise information security po licy • Organizational feasibility analysis is performed
  • 21. Analysis • Documents from investigation phase are studied • Analyzes existing security policies or programs, a long with documented current threats and assoc iated controls • Includes analysis of relevant legal issues that co uld impact design of the security solution • The risk management task begins
  • 22. Logical Design • Creates and develops blueprints for information secu rity • Incident response actions planned: – Continuity planning – Incident response – Disaster recovery • Feasibility analysis to determine whether project sho uld continue or be outsourced
  • 23. Physical Design • Needed security technology is evaluated, alternatives generated, and final design selected • At end of phase, feasibility study determines readiness of organization for project
  • 24. Implementation • Security solutions are acquired, tested, implemented, and tested again • Personnel issues evaluated; specific training and education programs conducted • Entire tested package is presented to management for final approval
  • 25. Maintenance and Change • Perhaps the most important phase, given the ever-changing threat environment • Often, reparation and restoration of information is a constant duel with an unseen adversary • Information security profile of an organization requires constant adaptation as new threats emerge and old threats evolve
  • 26. Professionals involved in information security within an organization Senior Management  Chief Information Officer (CIO) • Senior technology officer • Primarily responsible for advising senior executives on strategic planning  Chief Information Security Officer (CISO) • Primarily responsible for assessment, management, an d implementation of IS in the organization • Usually reports directly to the CIO
  • 27. Information Security Project Team  A number of individuals who are experienced in one or more facets of required technical an d nontechnical areas: • Champion • Team leader • Security policy developers • Risk assessment specialists • Security professionals • Systems administrators • End users
  • 28. Data Ownership • Data owner: responsible for the security and u se of a particular set of information • Data custodian: responsible for storage, maint enance, and protection of information • Data users: end users who work with informat ion to perform their daily jobs supporting the mission of the organization
  • 29. What is Information Security? • “The concepts, techniques, technical measures, and adminis trative measures used to protect information assets from deli berate or inadvertent unauthorised acquisition, damage, discl osure, manipulation, modification, loss, or use is information security.” or • means protecting information and information systems from unauthorised access, use, disclosure, modification or destructi on. or • Implementing suitable controls - policies, practices, procedur es, organisational structures, software, etc, to secure informa tion for any information user.
  • 30. • The protection of information and its critical e lements, including systems and hardware that use, store, and transmit that information • Necessary tools: policy, awareness, training, e ducation, technology • C.I.A. triangle was standard based on confiden tiality, integrity, and availability • C.I.A. triangle now expanded into list of critica l characteristics of information
  • 31. How Can Information Security Be Achieved Access to network resource will be granted through a unique user ID and password Passwords will be 8 characters long Passwords should include one non-alpha and not found in dictionary Information Security is achieved by implementing a suitable set of controls, which could be: These controls need to be established in order to ensure that the specific security objectives of the organization are met.
  • 32. Information Security Goals  Confidentiality - making sure that those who should not see the information can not see it.  Integrity - making sure the information has not been changed from how it was intended to be.  Availability – making sure the information is available for use when needed.
  • 34. Securing Components • Computer can be subject of an attack and/or the obj ect of an attack – When the subject of an attack, computer is used as an active tool to conduct attack – When the object of an attack, computer is the entity b eing attacked
  • 36. Balancing Information Security and Access • Impossible to obtain perfect security—it is a p rocess, not an absolute • Security should be considered balance betwee n protection and availability • To achieve balance, level of security must allo w reasonable access, yet protect against threa ts
  • 38. The Need for Information Security Business Needs First Technology Needs Last Information security performs three important functions for an organization: • Protects the organization‘s ability to function – Communities of interest must argue for information security in ter ms of impact and cost • Enables the safe operation of applications implemented on the organization‘s IT systems – Organizations must create integrated, efficient, and capable applic ations – Organization need environments that safeguard applications
  • 39. • Protects the data the organization collects and uses – One of the most valuable assets is data – Without data, an organization loses its record of trans actions and/or its ability to deliver value to its custom ers – An effective information security program is essential to the protection of the integrity and value of the orga nization‘s data Technology Needs • Safeguards the technological assets in use at the organi zation • Organizations must have secure infrastructure services b ased on the size and scope of the enterprise
  • 40. Areas of Information System Security  Data security  Computer security  LAN or Network security  Internet security
  • 41. Major Threats & Issues Basic Threats  Theft of password  E-mail based threats  E-mail based extortion  Launch of malicious codes (trojans)
  • 42. Corporate threats • Web defacement • Corporate espionage • Website based launch of malicious code cheating and fraud • Exchange of criminal ideas and tools • Cyber harassment • Forge websites Online threats • E-mail spamming • Theft of software and electronic records • Cyber stalking • E-mail bombing • Denial of service attacks
  • 43. Protecting your computer and network  Physical security  Securing desktop computers  Securing laptops/notebooks/handheld computers  Securing network security  Software security  Protect against internet intruders with firewall s and IDS  Protect against viruses and other malware  Protect against spyware and adware  Protect against unwanted email
  • 44. General spam protection practices  Do not give out your email address indiscriminately  Leave your email signature line blank if you post to a newsgroup  Do not reply to junk messages  Do not open obvious spam mails  Report to appropriate person – systems administrator

Editor's Notes

  1. 3