SlideShare a Scribd company logo

Digital information security

Sayed Ahmad
Sayed Ahmad

Presented By Sayed Ahmad Sahim

Education
1 of 22
Download to read offline
Digital Information Security Sayed Ahmad Sahim Kandahar University sayedahmad.sahim@gmail.com May 20, 2015 Sayed Ahmad Sahim (Kandahar University) Digital Information Security May 20, 2015 1 / 21
Table of Contents 1 Introduction 2 Information vs Data 3 Three objectives of information security 4 Security Policy 5 90/10 Rule ITIC/KnowBe4 2013-14 Survey 6 Security Violation 7 Security Objectives Good Computing Practices 8 Conclusion Sayed Ahmad Sahim (Kandahar University) Digital Information Security May 20, 2015 2 / 21
introduction Security Security is a continuous process of protecting an object from attack (Rizza, 2005). Figure : Security Definition Sayed Ahmad Sahim (Kandahar University) Digital Information Security May 20, 2015 3 / 21
Information Security Information Security refers to the protection of information from unautho- rized access, use, misuse, disclosure, destruction, modification, or disrup- tion. (Afshin Rezakhani, 2011) Figure : Information Security Sayed Ahmad Sahim (Kandahar University) Digital Information Security May 20, 2015 4 / 21
Information vs Data Data is unprocessed facts and figures without any added interpretation or analysis (Dutcher, 2015). Information is data that has been interpreted so that it has meaning for the user (Dutcher, 2015). Knowledge is a combination of information, experience and insight that may benefit the individual or the organisation (Dutcher, 2015). Figure : Information vs Data Sayed Ahmad Sahim (Kandahar University) Digital Information Security May 20, 2015 5 / 21
Three objectives of information security Confidentiality Integrity Availability Sayed Ahmad Sahim (Kandahar University) Digital Information Security May 20, 2015 6 / 21
Confidentiality Confidentiality: Confidentiality is the term used to prevent the disclosure of information to unauthorized individuals or systems (Y. and hoon Kim, 2007). Figure : Confidentiality Sayed Ahmad Sahim (Kandahar University) Digital Information Security May 20, 2015 7 / 21
Integrity Integrity refers to the protection of information from unauthorized modifi- cation or destruction. Ensuring integrity is ensuring that information and information systems are accurate, complete and uncorrupted (Y. and hoon Kim, 2007). Figure : Integrity Sayed Ahmad Sahim (Kandahar University) Digital Information Security May 20, 2015 8 / 21
Availability Availability refers to the protection of information and information systems from unauthorized disruption. Ensuring availability is ensuring timely and reliable access to and use of information and information systems(Y. and hoon Kim, 2007). Figure : Availability Sayed Ahmad Sahim (Kandahar University) Digital Information Security May 20, 2015 9 / 21
CIA Figure : cia Sayed Ahmad Sahim (Kandahar University) Digital Information Security May 20, 2015 10 / 21
Security Policy Security policies are the foundation and the bottom line of information se- curity in an organization. A well written and implemented policy contains sufficient information on what must be done to protect information and people in the organization (SAAN, 2015). Security policies also establish computer usage guidelines for staff in the course of their job duties (SAAN, 2015). Information Security policy defines framework for how to use information and information systems. Sayed Ahmad Sahim (Kandahar University) Digital Information Security May 20, 2015 11 / 21
Question You may ask. Why do I need to learn about Security? ”Isn’t this just an IT Problem?” Sayed Ahmad Sahim (Kandahar University) Digital Information Security May 20, 2015 12 / 21
Question You may ask. Why do I need to learn about Security? ”Isn’t this just an IT Problem?” Good Security Standards follow the 90 / 10 Rule (University of California): 10% of security safeguards are technical. 90% of security safeguards rely on the computer user YOU to adhere to good computing practices. Sayed Ahmad Sahim (Kandahar University) Digital Information Security May 20, 2015 12 / 21
ITIC/KnowBe4 2013-14 Survey ITIC/KnowBe4 2013 - 2014 Security Deployment Trends Survey, 80 percent of companies identified ”end user carelessness” as the greatest security threat to their network and data. Link Sayed Ahmad Sahim (Kandahar University) Digital Information Security May 20, 2015 13 / 21
What are the consequences for Security violation? Risk to integrity of confidential information Risk to security of personal information Loss of valuable business information Loss of Reputation Loss of client interest Internal disciplinary action Penalties Sayed Ahmad Sahim (Kandahar University) Digital Information Security May 20, 2015 14 / 21
Security Objectives Learn and practice good computer security practices. Top 12 practices Report anything unusual If it sets off a warning in your mind, it just may be a problem! Sayed Ahmad Sahim (Kandahar University) Digital Information Security May 20, 2015 15 / 21
Good Computing Practices 1 Unique User ID or Log-In Name 2 Password Protection 3 Workstation Security Physical Security 4 Security for Workstations, Portable Devices & Laptops 5 Data Management ”backup, archive, restore, disposal” 6 Prevent the spread of viruses, Worm, Trojan and time bomb. Sayed Ahmad Sahim (Kandahar University) Digital Information Security May 20, 2015 16 / 21
Good Computing Practices 7 Secure Remote Access 8 E-Mail Security 9 Safe Internet Use 10 Reporting Security Incidents / Breaches 11 Your Responsibility to Adhere to Information Security Policies. 12 Do not use Cracked or unlicensed softwares. Sayed Ahmad Sahim (Kandahar University) Digital Information Security May 20, 2015 17 / 21
Conclusion To achieve better security: IT personnels are responsible for creating necessary security policy which include rules for end users Educating End Users End Users are required to adopt and not violate security rules Sayed Ahmad Sahim (Kandahar University) Digital Information Security May 20, 2015 18 / 21
Sayed Ahmad Sahim (Kandahar University) Digital Information Security May 20, 2015 19 / 21
Refrences N. M. Afshin Rezakhani, AbdolMajid Hajebi. Standardization of all information security management systems. March 2011. J. Dutcher. How to define data, information and knowledge. May 2015. URL http://searchdatamanagement.techtarget.com/feature/ Defining-data-information-and-knowledge. J. M. Rizza. Computer network security. In University of Tennessee-Chattanooga Chattanooga, TN, U. S.A., April 2005. S. I. I. R. R. SAAN. Security Policy Roadmap - Process for Creating Security Policies. http: //www.sans.org/reading-room/whitepapers/policyissues/ security-policy-roadmapprocess-creating-security-policies-49 2015. Accessed: 20-May-2015. S. F. Y. and P. hoon Kim. It security review: Privacy, protection, access control, assurance and system security. April 2007. Sayed Ahmad Sahim (Kandahar University) Digital Information Security May 20, 2015 20 / 21
The End Sayed Ahmad Sahim (Kandahar University) Digital Information Security May 20, 2015 21 / 21

Recommended

Automation of Information (Cyber) Security by Joe Hessmiller
Automation of Information (Cyber) Security by Joe HessmillerAutomation of Information (Cyber) Security by Joe Hessmiller
Automation of Information (Cyber) Security by Joe Hessmiller
Joe Hessmiller
 
Comprehensive risk management for a cyber secure organization
Comprehensive risk management for a cyber secure organizationComprehensive risk management for a cyber secure organization
Comprehensive risk management for a cyber secure organization
Joe Hessmiller
 
ISSE 2008 Information Security Status
ISSE 2008 Information Security StatusISSE 2008 Information Security Status
ISSE 2008 Information Security Status
Anas Tawileh
 
Project Management
Project ManagementProject Management
Project Management
Tanvirsazzad
 
2013 Data Protection Maturity Trends: How Do You Compare?
2013 Data Protection Maturity Trends: How Do You Compare?2013 Data Protection Maturity Trends: How Do You Compare?
2013 Data Protection Maturity Trends: How Do You Compare?
Lumension
 
The mobile health IT security challenge: way bigger than HIPAA?
The mobile health IT security challenge: way bigger than HIPAA?The mobile health IT security challenge: way bigger than HIPAA?
The mobile health IT security challenge: way bigger than HIPAA?
Stephen Cobb
 
Module0&1 intro-foundations-b
Module0&1 intro-foundations-bModule0&1 intro-foundations-b
Module0&1 intro-foundations-b
BbAOC
 
2014 Data Protection Maturity Survey: Results and Analysis
2014 Data Protection Maturity Survey: Results and Analysis2014 Data Protection Maturity Survey: Results and Analysis
2014 Data Protection Maturity Survey: Results and Analysis
Lumension
 

Recommended

Automation of Information (Cyber) Security by Joe Hessmiller
Automation of Information (Cyber) Security by Joe HessmillerAutomation of Information (Cyber) Security by Joe Hessmiller
Automation of Information (Cyber) Security by Joe Hessmiller
Joe Hessmiller
 
Comprehensive risk management for a cyber secure organization
Comprehensive risk management for a cyber secure organizationComprehensive risk management for a cyber secure organization
Comprehensive risk management for a cyber secure organization
Joe Hessmiller
 
ISSE 2008 Information Security Status
ISSE 2008 Information Security StatusISSE 2008 Information Security Status
ISSE 2008 Information Security Status
Anas Tawileh
 
Project Management
Project ManagementProject Management
Project Management
Tanvirsazzad
 
2013 Data Protection Maturity Trends: How Do You Compare?
2013 Data Protection Maturity Trends: How Do You Compare?2013 Data Protection Maturity Trends: How Do You Compare?
2013 Data Protection Maturity Trends: How Do You Compare?
Lumension
 
The mobile health IT security challenge: way bigger than HIPAA?
The mobile health IT security challenge: way bigger than HIPAA?The mobile health IT security challenge: way bigger than HIPAA?
The mobile health IT security challenge: way bigger than HIPAA?
Stephen Cobb
 
Module0&1 intro-foundations-b
Module0&1 intro-foundations-bModule0&1 intro-foundations-b
Module0&1 intro-foundations-b
BbAOC
 
2014 Data Protection Maturity Survey: Results and Analysis
2014 Data Protection Maturity Survey: Results and Analysis2014 Data Protection Maturity Survey: Results and Analysis
2014 Data Protection Maturity Survey: Results and Analysis
Lumension
 
Developing an Information Security Program
Developing an Information Security ProgramDeveloping an Information Security Program
Developing an Information Security Program
Shauna_Cox
 
WIRELESS SECURITY MEASUREMENT USING DATA VALUE INDEX
WIRELESS SECURITY MEASUREMENT USING DATA VALUE INDEXWIRELESS SECURITY MEASUREMENT USING DATA VALUE INDEX
WIRELESS SECURITY MEASUREMENT USING DATA VALUE INDEX
IJNSA Journal
 
Career guide on cyber security
Career guide on cyber securityCareer guide on cyber security
Career guide on cyber security
avinashkumar1912
 
Big data contains valuable information - Protect It!
Big data contains valuable information - Protect It!Big data contains valuable information - Protect It!
Big data contains valuable information - Protect It!
Praveenkumar Hosangadi
 
information security management
information security managementinformation security management
information security management
Gurpreetkaur838
 
Information Security Governance #2A
Information Security Governance #2A Information Security Governance #2A
Information Security Governance #2A
Marius FAILLOT DEVARRE
 
IRJET- Big Data Privacy and Security Challenges in Industries
IRJET- Big Data Privacy and Security Challenges in IndustriesIRJET- Big Data Privacy and Security Challenges in Industries
IRJET- Big Data Privacy and Security Challenges in Industries
IRJET Journal
 
Backup
BackupBackup
Backup
Badr MSDK
 
ISO 27001 Awareness IGN Mantra 2nd Day, 2nd Session.
ISO 27001 Awareness IGN Mantra 2nd Day, 2nd Session.ISO 27001 Awareness IGN Mantra 2nd Day, 2nd Session.
ISO 27001 Awareness IGN Mantra 2nd Day, 2nd Session.
IGN MANTRA
 
Information Security Challenges & Opportunities
Information Security Challenges & OpportunitiesInformation Security Challenges & Opportunities
Information Security Challenges & Opportunities
Muhammad Faisal Naqvi, CISSP, CISA, AMBCI, ITIL, ISMS LA n Master
 
How to Secure Your Medical Devices
How to Secure Your Medical DevicesHow to Secure Your Medical Devices
How to Secure Your Medical Devices
SecurityMetrics
 
Structure of iso 27001
Structure of iso 27001Structure of iso 27001
Structure of iso 27001
CUNIX INDIA
 
Information Security & Manufacturing
Information Security & ManufacturingInformation Security & Manufacturing
Information Security & Manufacturing
Evan Francen
 
Isms awareness training
Isms awareness trainingIsms awareness training
Isms awareness training
SAROJ BEHERA
 
Isys20261 lecture 04
Isys20261 lecture 04Isys20261 lecture 04
Isys20261 lecture 04
Wiliam Ferraciolli
 
Introduction to the management of information security
Introduction to the management of information security Introduction to the management of information security
Introduction to the management of information security
Sammer Qader
 
Whitepaper best practices for integrated physical security supporti…
Whitepaper best practices for integrated physical security supporti…Whitepaper best practices for integrated physical security supporti…
Whitepaper best practices for integrated physical security supporti…
Basavaraj Dodamani
 
Information Systems Security: Security Management, Metrics, Frameworks and Be...
Information Systems Security: Security Management, Metrics, Frameworks and Be...Information Systems Security: Security Management, Metrics, Frameworks and Be...
Information Systems Security: Security Management, Metrics, Frameworks and Be...
Wiley India Private Limited
 
ISO 27001 - Information security user awareness training presentation - part 3
ISO 27001 - Information security user awareness training presentation - part 3ISO 27001 - Information security user awareness training presentation - part 3
ISO 27001 - Information security user awareness training presentation - part 3
Tanmay Shinde
 
AN EFFECTIVE METHOD FOR INFORMATION SECURITY AWARENESS RAISING INITIATIVES
AN EFFECTIVE METHOD FOR INFORMATION SECURITY AWARENESS RAISING INITIATIVESAN EFFECTIVE METHOD FOR INFORMATION SECURITY AWARENESS RAISING INITIATIVES
AN EFFECTIVE METHOD FOR INFORMATION SECURITY AWARENESS RAISING INITIATIVES
ijcsit
 
Trends in Network and Wireless Network Security in 2020
Trends in Network and Wireless Network Security in 2020Trends in Network and Wireless Network Security in 2020
Trends in Network and Wireless Network Security in 2020
IJNSA Journal
 
Most trending articles 2020 - International Journal of Network Security & Its...
Most trending articles 2020 - International Journal of Network Security & Its...Most trending articles 2020 - International Journal of Network Security & Its...
Most trending articles 2020 - International Journal of Network Security & Its...
IJNSA Journal
 

More Related Content

What's hot

WIRELESS SECURITY MEASUREMENT USING DATA VALUE INDEX
WIRELESS SECURITY MEASUREMENT USING DATA VALUE INDEXWIRELESS SECURITY MEASUREMENT USING DATA VALUE INDEX
WIRELESS SECURITY MEASUREMENT USING DATA VALUE INDEX
IJNSA Journal
 
Whitepaper best practices for integrated physical security supporti…
Whitepaper best practices for integrated physical security supporti…Whitepaper best practices for integrated physical security supporti…
Whitepaper best practices for integrated physical security supporti…
Basavaraj Dodamani
 
Information Systems Security: Security Management, Metrics, Frameworks and Be...
Information Systems Security: Security Management, Metrics, Frameworks and Be...Information Systems Security: Security Management, Metrics, Frameworks and Be...
Information Systems Security: Security Management, Metrics, Frameworks and Be...
Wiley India Private Limited
 
AN EFFECTIVE METHOD FOR INFORMATION SECURITY AWARENESS RAISING INITIATIVES
AN EFFECTIVE METHOD FOR INFORMATION SECURITY AWARENESS RAISING INITIATIVESAN EFFECTIVE METHOD FOR INFORMATION SECURITY AWARENESS RAISING INITIATIVES
AN EFFECTIVE METHOD FOR INFORMATION SECURITY AWARENESS RAISING INITIATIVES
ijcsit
 

What's hot (20)

Developing an Information Security Program
Developing an Information Security ProgramDeveloping an Information Security Program
Developing an Information Security Program
 
WIRELESS SECURITY MEASUREMENT USING DATA VALUE INDEX
WIRELESS SECURITY MEASUREMENT USING DATA VALUE INDEXWIRELESS SECURITY MEASUREMENT USING DATA VALUE INDEX
WIRELESS SECURITY MEASUREMENT USING DATA VALUE INDEX
 
Career guide on cyber security
Career guide on cyber securityCareer guide on cyber security
Career guide on cyber security
 
Big data contains valuable information - Protect It!
Big data contains valuable information - Protect It!Big data contains valuable information - Protect It!
Big data contains valuable information - Protect It!
 
information security management
information security managementinformation security management
information security management
 
Information Security Governance #2A
Information Security Governance #2A Information Security Governance #2A
Information Security Governance #2A
 
IRJET- Big Data Privacy and Security Challenges in Industries
IRJET- Big Data Privacy and Security Challenges in IndustriesIRJET- Big Data Privacy and Security Challenges in Industries
IRJET- Big Data Privacy and Security Challenges in Industries
 
Backup
BackupBackup
Backup
 
ISO 27001 Awareness IGN Mantra 2nd Day, 2nd Session.
ISO 27001 Awareness IGN Mantra 2nd Day, 2nd Session.ISO 27001 Awareness IGN Mantra 2nd Day, 2nd Session.
ISO 27001 Awareness IGN Mantra 2nd Day, 2nd Session.
 
Information Security Challenges & Opportunities
Information Security Challenges & OpportunitiesInformation Security Challenges & Opportunities
Information Security Challenges & Opportunities
 
How to Secure Your Medical Devices
How to Secure Your Medical DevicesHow to Secure Your Medical Devices
How to Secure Your Medical Devices
 
Structure of iso 27001
Structure of iso 27001Structure of iso 27001
Structure of iso 27001
 
Information Security & Manufacturing
Information Security & ManufacturingInformation Security & Manufacturing
Information Security & Manufacturing
 
Isms awareness training
Isms awareness trainingIsms awareness training
Isms awareness training
 
Isys20261 lecture 04
Isys20261 lecture 04Isys20261 lecture 04
Isys20261 lecture 04
 
Introduction to the management of information security
Introduction to the management of information security Introduction to the management of information security
Introduction to the management of information security
 
Whitepaper best practices for integrated physical security supporti…
Whitepaper best practices for integrated physical security supporti…Whitepaper best practices for integrated physical security supporti…
Whitepaper best practices for integrated physical security supporti…
 
Information Systems Security: Security Management, Metrics, Frameworks and Be...
Information Systems Security: Security Management, Metrics, Frameworks and Be...Information Systems Security: Security Management, Metrics, Frameworks and Be...
Information Systems Security: Security Management, Metrics, Frameworks and Be...
 
ISO 27001 - Information security user awareness training presentation - part 3
ISO 27001 - Information security user awareness training presentation - part 3ISO 27001 - Information security user awareness training presentation - part 3
ISO 27001 - Information security user awareness training presentation - part 3
 
AN EFFECTIVE METHOD FOR INFORMATION SECURITY AWARENESS RAISING INITIATIVES
AN EFFECTIVE METHOD FOR INFORMATION SECURITY AWARENESS RAISING INITIATIVESAN EFFECTIVE METHOD FOR INFORMATION SECURITY AWARENESS RAISING INITIATIVES
AN EFFECTIVE METHOD FOR INFORMATION SECURITY AWARENESS RAISING INITIATIVES
 

Similar to Digital information security

A SYSTEMATIC REVIEW ON MACHINE LEARNING INSIDER THREAT DETECTION MODELS, DATA...
A SYSTEMATIC REVIEW ON MACHINE LEARNING INSIDER THREAT DETECTION MODELS, DATA...A SYSTEMATIC REVIEW ON MACHINE LEARNING INSIDER THREAT DETECTION MODELS, DATA...
A SYSTEMATIC REVIEW ON MACHINE LEARNING INSIDER THREAT DETECTION MODELS, DATA...
IJNSA Journal
 
Information security threats encountered by Malaysian public sector data cen...
Information security threats encountered by Malaysian public sector data cen...Information security threats encountered by Malaysian public sector data cen...
Information security threats encountered by Malaysian public sector data cen...
nooriasukmaningtyas
 
SYSTEM END-USER ACTIONS AS A THREAT TO INFORMATION SYSTEM SECURITY
SYSTEM END-USER ACTIONS AS A THREAT TO INFORMATION SYSTEM SECURITYSYSTEM END-USER ACTIONS AS A THREAT TO INFORMATION SYSTEM SECURITY
SYSTEM END-USER ACTIONS AS A THREAT TO INFORMATION SYSTEM SECURITY
IJNSA Journal
 
Running head MANAGEMENT INFORMATION SYSTEM1MANAGEMENT INFORM.docx
Running head MANAGEMENT INFORMATION SYSTEM1MANAGEMENT INFORM.docxRunning head MANAGEMENT INFORMATION SYSTEM1MANAGEMENT INFORM.docx
Running head MANAGEMENT INFORMATION SYSTEM1MANAGEMENT INFORM.docx
cowinhelen
 
2014 the future evolution of cybersecurity
2014 the future evolution of cybersecurity2014 the future evolution of cybersecurity
2014 the future evolution of cybersecurity
Matthew Rosenquist
 
Cyber Security Intelligence
Cyber Security IntelligenceCyber Security Intelligence
Cyber Security Intelligence
ijtsrd
 

Similar to Digital information security (20)

Trends in Network and Wireless Network Security in 2020
Trends in Network and Wireless Network Security in 2020Trends in Network and Wireless Network Security in 2020
Trends in Network and Wireless Network Security in 2020
 
Most trending articles 2020 - International Journal of Network Security & Its...
Most trending articles 2020 - International Journal of Network Security & Its...Most trending articles 2020 - International Journal of Network Security & Its...
Most trending articles 2020 - International Journal of Network Security & Its...
 
Cyber Security Awareness
Cyber Security AwarenessCyber Security Awareness
Cyber Security Awareness
 
Data security in AI systems
Data security in AI systemsData security in AI systems
Data security in AI systems
 
CS Sakerhetsdagen 2015 IBM Feb 19
CS Sakerhetsdagen 2015 IBM Feb 19CS Sakerhetsdagen 2015 IBM Feb 19
CS Sakerhetsdagen 2015 IBM Feb 19
 
Securing medical apps in the age of covid final
Securing medical apps in the age of covid finalSecuring medical apps in the age of covid final
Securing medical apps in the age of covid final
 
A SYSTEMATIC REVIEW ON MACHINE LEARNING INSIDER THREAT DETECTION MODELS, DATA...
A SYSTEMATIC REVIEW ON MACHINE LEARNING INSIDER THREAT DETECTION MODELS, DATA...A SYSTEMATIC REVIEW ON MACHINE LEARNING INSIDER THREAT DETECTION MODELS, DATA...
A SYSTEMATIC REVIEW ON MACHINE LEARNING INSIDER THREAT DETECTION MODELS, DATA...
 
Information security threats encountered by Malaysian public sector data cen...
Information security threats encountered by Malaysian public sector data cen...Information security threats encountered by Malaysian public sector data cen...
Information security threats encountered by Malaysian public sector data cen...
 
HCSCA101 Basic Concepts of Information Security.pptx
HCSCA101 Basic Concepts of Information Security.pptxHCSCA101 Basic Concepts of Information Security.pptx
HCSCA101 Basic Concepts of Information Security.pptx
 
A Comprehensive Review of Cyber Security, Threats and Cyber Attacks
A Comprehensive Review of Cyber Security, Threats and Cyber AttacksA Comprehensive Review of Cyber Security, Threats and Cyber Attacks
A Comprehensive Review of Cyber Security, Threats and Cyber Attacks
 
101 Basic concepts of information security
101 Basic concepts of information security101 Basic concepts of information security
101 Basic concepts of information security
 
The need for effective information security awareness practices.
The need for effective information security awareness practices.The need for effective information security awareness practices.
The need for effective information security awareness practices.
 
Proactive information security michael
Proactive information security michael Proactive information security michael
Proactive information security michael
 
SYSTEM END-USER ACTIONS AS A THREAT TO INFORMATION SYSTEM SECURITY
SYSTEM END-USER ACTIONS AS A THREAT TO INFORMATION SYSTEM SECURITYSYSTEM END-USER ACTIONS AS A THREAT TO INFORMATION SYSTEM SECURITY
SYSTEM END-USER ACTIONS AS A THREAT TO INFORMATION SYSTEM SECURITY
 
Chapter 3: Information Security Framework
Chapter 3: Information Security FrameworkChapter 3: Information Security Framework
Chapter 3: Information Security Framework
 
2015 Cyber security solutions vs cyber criminals @WOHIT2015 (EU eHealth week)
2015 Cyber security solutions vs cyber criminals @WOHIT2015 (EU eHealth week)2015 Cyber security solutions vs cyber criminals @WOHIT2015 (EU eHealth week)
2015 Cyber security solutions vs cyber criminals @WOHIT2015 (EU eHealth week)
 
MeHI Privacy & Security Webinar 3.18.15
MeHI Privacy & Security Webinar 3.18.15MeHI Privacy & Security Webinar 3.18.15
MeHI Privacy & Security Webinar 3.18.15
 
Running head MANAGEMENT INFORMATION SYSTEM1MANAGEMENT INFORM.docx
Running head MANAGEMENT INFORMATION SYSTEM1MANAGEMENT INFORM.docxRunning head MANAGEMENT INFORMATION SYSTEM1MANAGEMENT INFORM.docx
Running head MANAGEMENT INFORMATION SYSTEM1MANAGEMENT INFORM.docx
 
2014 the future evolution of cybersecurity
2014 the future evolution of cybersecurity2014 the future evolution of cybersecurity
2014 the future evolution of cybersecurity
 
Cyber Security Intelligence
Cyber Security IntelligenceCyber Security Intelligence
Cyber Security Intelligence
 

Recently uploaded

Recently uploaded (20)

REMIFENTANIL: An Ultra short acting opioid.pptx
REMIFENTANIL: An Ultra short acting opioid.pptxREMIFENTANIL: An Ultra short acting opioid.pptx
REMIFENTANIL: An Ultra short acting opioid.pptx
 
Sensory_Experience_and_Emotional_Resonance_in_Gabriel_Okaras_The_Piano_and_Th...
Sensory_Experience_and_Emotional_Resonance_in_Gabriel_Okaras_The_Piano_and_Th...Sensory_Experience_and_Emotional_Resonance_in_Gabriel_Okaras_The_Piano_and_Th...
Sensory_Experience_and_Emotional_Resonance_in_Gabriel_Okaras_The_Piano_and_Th...
 
Jamworks pilot and AI at Jisc (20/03/2024)
Jamworks pilot and AI at Jisc (20/03/2024)Jamworks pilot and AI at Jisc (20/03/2024)
Jamworks pilot and AI at Jisc (20/03/2024)
 
ICT role in 21st century education and it's challenges.
ICT role in 21st century education and it's challenges.ICT role in 21st century education and it's challenges.
ICT role in 21st century education and it's challenges.
 
Unit 3 Emotional Intelligence and Spiritual Intelligence.pdf
Unit 3 Emotional Intelligence and Spiritual Intelligence.pdfUnit 3 Emotional Intelligence and Spiritual Intelligence.pdf
Unit 3 Emotional Intelligence and Spiritual Intelligence.pdf
 
Single or Multiple melodic lines structure
Single or Multiple melodic lines structureSingle or Multiple melodic lines structure
Single or Multiple melodic lines structure
 
NO1 Top Black Magic Specialist In Lahore Black magic In Pakistan Kala Ilam Ex...
NO1 Top Black Magic Specialist In Lahore Black magic In Pakistan Kala Ilam Ex...NO1 Top Black Magic Specialist In Lahore Black magic In Pakistan Kala Ilam Ex...
NO1 Top Black Magic Specialist In Lahore Black magic In Pakistan Kala Ilam Ex...
 
FSB Advising Checklist - Orientation 2024
FSB Advising Checklist - Orientation 2024FSB Advising Checklist - Orientation 2024
FSB Advising Checklist - Orientation 2024
 
This PowerPoint helps students to consider the concept of infinity.
This PowerPoint helps students to consider the concept of infinity.This PowerPoint helps students to consider the concept of infinity.
This PowerPoint helps students to consider the concept of infinity.
 
On_Translating_a_Tamil_Poem_by_A_K_Ramanujan.pptx
On_Translating_a_Tamil_Poem_by_A_K_Ramanujan.pptxOn_Translating_a_Tamil_Poem_by_A_K_Ramanujan.pptx
On_Translating_a_Tamil_Poem_by_A_K_Ramanujan.pptx
 
80 ĐỀ THI THỬ TUYỂN SINH TIẾNG ANH VÀO 10 SỞ GD – ĐT THÀNH PHỐ HỒ CHÍ MINH NĂ...
80 ĐỀ THI THỬ TUYỂN SINH TIẾNG ANH VÀO 10 SỞ GD – ĐT THÀNH PHỐ HỒ CHÍ MINH NĂ...80 ĐỀ THI THỬ TUYỂN SINH TIẾNG ANH VÀO 10 SỞ GD – ĐT THÀNH PHỐ HỒ CHÍ MINH NĂ...
80 ĐỀ THI THỬ TUYỂN SINH TIẾNG ANH VÀO 10 SỞ GD – ĐT THÀNH PHỐ HỒ CHÍ MINH NĂ...
 
TỔNG ÔN TẬP THI VÀO LỚP 10 MÔN TIẾNG ANH NĂM HỌC 2023 - 2024 CÓ ĐÁP ÁN (NGỮ Â...
TỔNG ÔN TẬP THI VÀO LỚP 10 MÔN TIẾNG ANH NĂM HỌC 2023 - 2024 CÓ ĐÁP ÁN (NGỮ Â...TỔNG ÔN TẬP THI VÀO LỚP 10 MÔN TIẾNG ANH NĂM HỌC 2023 - 2024 CÓ ĐÁP ÁN (NGỮ Â...
TỔNG ÔN TẬP THI VÀO LỚP 10 MÔN TIẾNG ANH NĂM HỌC 2023 - 2024 CÓ ĐÁP ÁN (NGỮ Â...
 
General Principles of Intellectual Property: Concepts of Intellectual Proper...
General Principles of Intellectual Property: Concepts of Intellectual Proper...General Principles of Intellectual Property: Concepts of Intellectual Proper...
General Principles of Intellectual Property: Concepts of Intellectual Proper...
 
Basic Civil Engineering first year Notes- Chapter 4 Building.pptx
Basic Civil Engineering first year Notes- Chapter 4 Building.pptxBasic Civil Engineering first year Notes- Chapter 4 Building.pptx
Basic Civil Engineering first year Notes- Chapter 4 Building.pptx
 
Graduate Outcomes Presentation Slides - English
Graduate Outcomes Presentation Slides - EnglishGraduate Outcomes Presentation Slides - English
Graduate Outcomes Presentation Slides - English
 
How to Create and Manage Wizard in Odoo 17
How to Create and Manage Wizard in Odoo 17How to Create and Manage Wizard in Odoo 17
How to Create and Manage Wizard in Odoo 17
 
SOC 101 Demonstration of Learning Presentation
SOC 101 Demonstration of Learning PresentationSOC 101 Demonstration of Learning Presentation
SOC 101 Demonstration of Learning Presentation
 
HMCS Vancouver Pre-Deployment Brief - May 2024 (Web Version).pptx
HMCS Vancouver Pre-Deployment Brief - May 2024 (Web Version).pptxHMCS Vancouver Pre-Deployment Brief - May 2024 (Web Version).pptx
HMCS Vancouver Pre-Deployment Brief - May 2024 (Web Version).pptx
 
Exploring_the_Narrative_Style_of_Amitav_Ghoshs_Gun_Island.pptx
Exploring_the_Narrative_Style_of_Amitav_Ghoshs_Gun_Island.pptxExploring_the_Narrative_Style_of_Amitav_Ghoshs_Gun_Island.pptx
Exploring_the_Narrative_Style_of_Amitav_Ghoshs_Gun_Island.pptx
 
On National Teacher Day, meet the 2024-25 Kenan Fellows
On National Teacher Day, meet the 2024-25 Kenan FellowsOn National Teacher Day, meet the 2024-25 Kenan Fellows
On National Teacher Day, meet the 2024-25 Kenan Fellows
 

Digital information security

  • 1. Digital Information Security Sayed Ahmad Sahim Kandahar University sayedahmad.sahim@gmail.com May 20, 2015 Sayed Ahmad Sahim (Kandahar University) Digital Information Security May 20, 2015 1 / 21
  • 2. Table of Contents 1 Introduction 2 Information vs Data 3 Three objectives of information security 4 Security Policy 5 90/10 Rule ITIC/KnowBe4 2013-14 Survey 6 Security Violation 7 Security Objectives Good Computing Practices 8 Conclusion Sayed Ahmad Sahim (Kandahar University) Digital Information Security May 20, 2015 2 / 21
  • 3. introduction Security Security is a continuous process of protecting an object from attack (Rizza, 2005). Figure : Security Definition Sayed Ahmad Sahim (Kandahar University) Digital Information Security May 20, 2015 3 / 21
  • 4. Information Security Information Security refers to the protection of information from unautho- rized access, use, misuse, disclosure, destruction, modification, or disrup- tion. (Afshin Rezakhani, 2011) Figure : Information Security Sayed Ahmad Sahim (Kandahar University) Digital Information Security May 20, 2015 4 / 21
  • 5. Information vs Data Data is unprocessed facts and figures without any added interpretation or analysis (Dutcher, 2015). Information is data that has been interpreted so that it has meaning for the user (Dutcher, 2015). Knowledge is a combination of information, experience and insight that may benefit the individual or the organisation (Dutcher, 2015). Figure : Information vs Data Sayed Ahmad Sahim (Kandahar University) Digital Information Security May 20, 2015 5 / 21
  • 6. Three objectives of information security Confidentiality Integrity Availability Sayed Ahmad Sahim (Kandahar University) Digital Information Security May 20, 2015 6 / 21
  • 7. Confidentiality Confidentiality: Confidentiality is the term used to prevent the disclosure of information to unauthorized individuals or systems (Y. and hoon Kim, 2007). Figure : Confidentiality Sayed Ahmad Sahim (Kandahar University) Digital Information Security May 20, 2015 7 / 21
  • 8. Integrity Integrity refers to the protection of information from unauthorized modifi- cation or destruction. Ensuring integrity is ensuring that information and information systems are accurate, complete and uncorrupted (Y. and hoon Kim, 2007). Figure : Integrity Sayed Ahmad Sahim (Kandahar University) Digital Information Security May 20, 2015 8 / 21
  • 9. Availability Availability refers to the protection of information and information systems from unauthorized disruption. Ensuring availability is ensuring timely and reliable access to and use of information and information systems(Y. and hoon Kim, 2007). Figure : Availability Sayed Ahmad Sahim (Kandahar University) Digital Information Security May 20, 2015 9 / 21
  • 10. CIA Figure : cia Sayed Ahmad Sahim (Kandahar University) Digital Information Security May 20, 2015 10 / 21
  • 11. Security Policy Security policies are the foundation and the bottom line of information se- curity in an organization. A well written and implemented policy contains sufficient information on what must be done to protect information and people in the organization (SAAN, 2015). Security policies also establish computer usage guidelines for staff in the course of their job duties (SAAN, 2015). Information Security policy defines framework for how to use information and information systems. Sayed Ahmad Sahim (Kandahar University) Digital Information Security May 20, 2015 11 / 21
  • 12. Question You may ask. Why do I need to learn about Security? ”Isn’t this just an IT Problem?” Sayed Ahmad Sahim (Kandahar University) Digital Information Security May 20, 2015 12 / 21
  • 13. Question You may ask. Why do I need to learn about Security? ”Isn’t this just an IT Problem?” Good Security Standards follow the 90 / 10 Rule (University of California): 10% of security safeguards are technical. 90% of security safeguards rely on the computer user YOU to adhere to good computing practices. Sayed Ahmad Sahim (Kandahar University) Digital Information Security May 20, 2015 12 / 21
  • 14. ITIC/KnowBe4 2013-14 Survey ITIC/KnowBe4 2013 - 2014 Security Deployment Trends Survey, 80 percent of companies identified ”end user carelessness” as the greatest security threat to their network and data. Link Sayed Ahmad Sahim (Kandahar University) Digital Information Security May 20, 2015 13 / 21
  • 15. What are the consequences for Security violation? Risk to integrity of confidential information Risk to security of personal information Loss of valuable business information Loss of Reputation Loss of client interest Internal disciplinary action Penalties Sayed Ahmad Sahim (Kandahar University) Digital Information Security May 20, 2015 14 / 21
  • 16. Security Objectives Learn and practice good computer security practices. Top 12 practices Report anything unusual If it sets off a warning in your mind, it just may be a problem! Sayed Ahmad Sahim (Kandahar University) Digital Information Security May 20, 2015 15 / 21
  • 17. Good Computing Practices 1 Unique User ID or Log-In Name 2 Password Protection 3 Workstation Security Physical Security 4 Security for Workstations, Portable Devices & Laptops 5 Data Management ”backup, archive, restore, disposal” 6 Prevent the spread of viruses, Worm, Trojan and time bomb. Sayed Ahmad Sahim (Kandahar University) Digital Information Security May 20, 2015 16 / 21
  • 18. Good Computing Practices 7 Secure Remote Access 8 E-Mail Security 9 Safe Internet Use 10 Reporting Security Incidents / Breaches 11 Your Responsibility to Adhere to Information Security Policies. 12 Do not use Cracked or unlicensed softwares. Sayed Ahmad Sahim (Kandahar University) Digital Information Security May 20, 2015 17 / 21
  • 19. Conclusion To achieve better security: IT personnels are responsible for creating necessary security policy which include rules for end users Educating End Users End Users are required to adopt and not violate security rules Sayed Ahmad Sahim (Kandahar University) Digital Information Security May 20, 2015 18 / 21
  • 20. Sayed Ahmad Sahim (Kandahar University) Digital Information Security May 20, 2015 19 / 21
  • 21. Refrences N. M. Afshin Rezakhani, AbdolMajid Hajebi. Standardization of all information security management systems. March 2011. J. Dutcher. How to define data, information and knowledge. May 2015. URL http://searchdatamanagement.techtarget.com/feature/ Defining-data-information-and-knowledge. J. M. Rizza. Computer network security. In University of Tennessee-Chattanooga Chattanooga, TN, U. S.A., April 2005. S. I. I. R. R. SAAN. Security Policy Roadmap - Process for Creating Security Policies. http: //www.sans.org/reading-room/whitepapers/policyissues/ security-policy-roadmapprocess-creating-security-policies-49 2015. Accessed: 20-May-2015. S. F. Y. and P. hoon Kim. It security review: Privacy, protection, access control, assurance and system security. April 2007. Sayed Ahmad Sahim (Kandahar University) Digital Information Security May 20, 2015 20 / 21
  • 22. The End Sayed Ahmad Sahim (Kandahar University) Digital Information Security May 20, 2015 21 / 21