In this content we discuss about Information Security, Data and Information Classification, Information Security in Human Factor i uploaded this as a reference for my Youtube Channel
https://youtu.be/sDOSamjNL_A
2. WHAT IS INFORMATION SECURITY?
Information security, sometimes shortened to infosec, is the practice of protecting INFORMATION by
mitigating information risks. It is part of INFORMATION RISK MANAGEMENT. It typically involves
preventing or reducing the probability of unauthorized/inappropriate access to DATA, or the unlawful
use, disclosure, disruption, deletion, corruption, modification, inspection, recording, or devaluation of
information
~WikiPedia
3. INFORMATION SECURITY – OSI LAYER
Every layer in OSI Layer shall have Security
Controls should include TRADITIONAL SECURITY
CONTROL & IMPROVE SECURITY CONTROL
DETECT
PREVENT
https://community.fs.com/blog/tcpip-vs-osi-whats-the-difference-between-the-two-models.html
5. INFORMATION SECURITY - OVERVIEW
End-user Web Application Server Database
Internet Internal Network
• Operating Systems
• Applications
• Software’s
• Personal
Information
• Banking
information’s
• Private Information
• Service Running
• Interface use to collect
information from the
user
• Display information of
the user
• Display functions to
perform transactions
• Process the information
Provided by the end-
user
• Send the information
to Server (Back-End)
• Operating Systems
• Running Application
• Running Services to
cater the Front-end to
perform its task
• Store the information
to database server
• System administrator
accounts
• Operating Systems
• Database server
• Client Information
• Database and system
Administrator accounts
6. BASIC CLASSIFICATION SCHEME
Commercial Classification
o Public – Information that me be
disclosed to anyone
o Proprietary – Organizational Processes
o Private – Customers, Partners
information
o Confidential – Vendors, Partners
contract, employee information
o Sensitive – Company Intellectual
Property
Government Classification
o Unclassified – Data that may be publicly
released with authorization
o Sensitive Unclassified – Data tagged
“For Official Use Only”
o Confidential – Data indicating strength
of ground forces
o Secret – select military plans
o Top Secret – cryptographic and
communications intelligence
Source: https://blog.netwrix.com/2020/09/02/data-classification/
7. HUMAN FACTORS
Visitor Access Communication
with strangers
Images from: https://www.e-sec.com/en-us/products/posters
you can buy posters to them for your security awareness campaign
Clean desk Public
Conversation
BYOD Presentation with
sensitive content
Classification of
Information
Leaving the
Office
8. DATA CLASSIFICATION PROCESS
Define the purpose
of data classification
Define the scope of
the data environment
Discover All in-scope
data
Define sensitivity
levels and classify the
data
Develop data
handling guidelines
Source: https://blog.netwrix.com/2020/09/02/data-classification/
9. WHAT IS THE BENEFITS?
1. You will able to identify the criticality of your systems
2. You will able to classify your information and to implement
proper security controls
3. It will help you manage your investment, you will know
what is your priority to secure
4. Build you cybersecurity enablement roadmap
5. Reduce the impact of any breach
10. THANK YOU!
IF YOU HAVE QUESTIONS,
PLEASE LEAVE YOUR QUESTIONS ON THE COMMENT SECTION, I WILL
ANSWER IT THE BEST AS I CAN