Information Security Lesson 1 - Eric Vanderburg

308 views

Published on

Information Security Lesson 1 - Eric Vanderburg

Published in: Technology, News & Politics
  • Be the first to comment

Information Security Lesson 1 - Eric Vanderburg

  1. 1. Information Security Chapter 1 Information Security © 2006 Eric Vanderburg
  2. 2. Security Challenges • • • • Day Zero Exploits Distributed Attacks Patch Management Difficulties Reported Security Incidents 1988 1992 1996 2000 2003 6 773 2,573 21,756 137,529 Information Security © 2006 Eric Vanderburg
  3. 3. Terms • Information Security – Protecting Information – Stored Information (Hardware & Software) – Transmitted Information (Medium & Method) • Asset – something with value (customer list) • Threat – something that can negatively effect an asset (steal customer emails) • Threat agent – person carrying out a threat • Vulnerability – security weakness (plain text) • Exploit – taking advantage of a vulnerability Information Security © 2006 Eric Vanderburg
  4. 4. • Information components we protect (CIA) – Confidentiality – Integrity – Availability Information Security © 2006 Eric Vanderburg
  5. 5. General Threats • Data Theft – Causes huge financial loss ($170 M) – Loss of goodwill if known by public – Loss of privacy • Identity Theft – 3.4% of Americans – Largest group between 18 and 29 • Attacks reduce productivity • Cyberterrorism against gov’t or infrastructure Information Security © 2006 Eric Vanderburg
  6. 6. Security Legislation • HIPPA (Health Insurance Portability and Accountability Act) – Medical Info privacy • Sarbanes-Oxley Act – Financial reporting • GLBA (Gramm-Leach-Bliley Act) – Financial organizations must notify of changed policies • Patriot Act – Increased surveillance of law enforcement, more information can be requested • California Database Breach Act – Residents must be informed in 48 hrs of a loss of personal info (applies to those who do business in California) • COPPA (Children's Online Privacy Act) – Cannot collect personal info without parental consent if under the age of 13 Information Security © 2006 Eric Vanderburg
  7. 7. Security+ • CompTIA (Computing Technology Industry Association) • Vendor Neutral • Security Concepts Tested • 100 Questions • 90 minutes • Passing Score: 764 out of 900 • Exam: SY0-101 • Recommended prerequisite: Network+ • http://www.comptia.org/certification/Security/prepare.aspx Information Security © 2006 Eric Vanderburg
  8. 8. Acronyms • CIA (Confidentiality, Integrity, Availability) • HIPPA (Health Insurance Portability and Accountability Act) • GLBA (Gramm-Leach-Bliley Act) • COPPA (Children's Online Privacy Act) *Act Acronyms will not be tested Information Security © 2006 Eric Vanderburg

×