Information Assurance And Security - Chapter 2 - Lesson 1
โขDownload as PPT, PDFโข
0 likesโข930 views
The document discusses the need for information security in organizations. It states that the primary mission of an information security program is to ensure information assets remain safe and useful. It then outlines four important functions of information security for organizations: protecting the organization's ability to function, protecting the data and information it collects and uses, enabling the safe operation of applications, and safeguarding technology assets. Finally, it emphasizes that implementing information security is as much about management as it is about technology.
Report
Share
Report
Share
Recommended
Information Assurance And Security - Chapter 2 - Lesson 2
The document discusses various threats to information security that organizations must be aware of and protect against. It describes threats such as malware infections, system penetrations by outsiders, software piracy breaching intellectual property, internet service disruptions, power outages, espionage, hacking, human error, social engineering, information extortion, and sabotage/vandalism. Management is responsible for being informed of these threats and implementing appropriate security controls and contingency plans to address them.
Information Assurance And Security - Chapter 1 - Lesson 4
This document discusses principles of software design for information security. It summarizes key software design principles identified by Saltzer and Schroeder, including least privilege and separation of duties. It also outlines the National Institute of Standards and Technology's (NIST) approach to securing the software development lifecycle (SDLC), which involves integrating security early and conducting activities like risk assessments and testing at each phase. Finally, it describes various security roles in an organization, including the chief information security officer, security project team, data owners and custodians, and communities of interest.
Information Assurance And Security - Chapter 1 - Lesson 2
This document discusses the critical characteristics of information from a textbook on information security. It identifies seven key characteristics that provide value to information: availability, accuracy, authenticity, confidentiality, integrity, utility, and possession. Each characteristic is then defined in one or two paragraphs. The document also discusses components of an information system, balancing information security and access, and top-down and bottom-up approaches to implementing information security.
Information Assurance And Security - Chapter 1 - Lesson 1
This document summarizes the history and evolution of information security from its origins during World War II to the present day. It describes how computer security began with early mainframes and military applications, then expanded to include networking and the internet. Key developments included the ARPANET, identification of security issues in the 1970s/80s, growth of hacking conferences in the 1990s, and increased threats of cyber attacks in modern times. The document also defines core information security concepts.
Information Assurance And Security - Chapter 1 - Lesson 3
The document discusses the phases of the security systems development life cycle (SecSDLC). It describes the traditional SDLC phases of investigation, analysis, logical design, physical design, implementation, and maintenance/change. These same phases are then adapted for SecSDLC, with each phase focusing on identifying threats and creating controls. Additionally, the document introduces the concept of software assurance, which aims to include security planning across the entire SDLC process to develop more secure systems.
Chapter 5 Planning for Security-students.ppt
Management plays a key role in developing information security policies, standards, and practices that form the foundation of an organization's security program. These include enterprise policies that set strategic direction, issue-specific policies that address technology areas, and system-specific policies that provide technical guidance. Policies must be properly disseminated, understood, agreed to, and uniformly enforced. They also require ongoing management through regular reviews and updates to remain effective as an organization's needs change over time.
The need for security
This document discusses the need for information security. It covers threats to information security like human error, hackers, malware attacks, and natural disasters. The document is from an Illinois Institute of Technology course on information security and outlines objectives, threats, and examples of common threats like software attacks, intellectual property theft, and power outages. It aims to explain the business need for security and describe common information security threats.
Information Assurance And Security - Chapter 3 - Lesson 2
This document discusses identity theft and provides information on what to do if someone suspects they are a victim. It also discusses several US laws related to information security and ethics, such as the Identity Theft and Assumption Deterrence Act, Sarbanes-Oxley Act, and various cybercrime laws. Additionally, it covers some international laws and agreements around intellectual property and privacy, including the Agreement on Trade-Related Aspects of Intellectual Property Rights and the Digital Millennium Copyright Act.
Recommended
Information Assurance And Security - Chapter 2 - Lesson 2
The document discusses various threats to information security that organizations must be aware of and protect against. It describes threats such as malware infections, system penetrations by outsiders, software piracy breaching intellectual property, internet service disruptions, power outages, espionage, hacking, human error, social engineering, information extortion, and sabotage/vandalism. Management is responsible for being informed of these threats and implementing appropriate security controls and contingency plans to address them.
Information Assurance And Security - Chapter 1 - Lesson 4
This document discusses principles of software design for information security. It summarizes key software design principles identified by Saltzer and Schroeder, including least privilege and separation of duties. It also outlines the National Institute of Standards and Technology's (NIST) approach to securing the software development lifecycle (SDLC), which involves integrating security early and conducting activities like risk assessments and testing at each phase. Finally, it describes various security roles in an organization, including the chief information security officer, security project team, data owners and custodians, and communities of interest.
Information Assurance And Security - Chapter 1 - Lesson 2
This document discusses the critical characteristics of information from a textbook on information security. It identifies seven key characteristics that provide value to information: availability, accuracy, authenticity, confidentiality, integrity, utility, and possession. Each characteristic is then defined in one or two paragraphs. The document also discusses components of an information system, balancing information security and access, and top-down and bottom-up approaches to implementing information security.
Information Assurance And Security - Chapter 1 - Lesson 1
This document summarizes the history and evolution of information security from its origins during World War II to the present day. It describes how computer security began with early mainframes and military applications, then expanded to include networking and the internet. Key developments included the ARPANET, identification of security issues in the 1970s/80s, growth of hacking conferences in the 1990s, and increased threats of cyber attacks in modern times. The document also defines core information security concepts.
Information Assurance And Security - Chapter 1 - Lesson 3
The document discusses the phases of the security systems development life cycle (SecSDLC). It describes the traditional SDLC phases of investigation, analysis, logical design, physical design, implementation, and maintenance/change. These same phases are then adapted for SecSDLC, with each phase focusing on identifying threats and creating controls. Additionally, the document introduces the concept of software assurance, which aims to include security planning across the entire SDLC process to develop more secure systems.
Chapter 5 Planning for Security-students.ppt
Management plays a key role in developing information security policies, standards, and practices that form the foundation of an organization's security program. These include enterprise policies that set strategic direction, issue-specific policies that address technology areas, and system-specific policies that provide technical guidance. Policies must be properly disseminated, understood, agreed to, and uniformly enforced. They also require ongoing management through regular reviews and updates to remain effective as an organization's needs change over time.
The need for security
This document discusses the need for information security. It covers threats to information security like human error, hackers, malware attacks, and natural disasters. The document is from an Illinois Institute of Technology course on information security and outlines objectives, threats, and examples of common threats like software attacks, intellectual property theft, and power outages. It aims to explain the business need for security and describe common information security threats.
Information Assurance And Security - Chapter 3 - Lesson 2
This document discusses identity theft and provides information on what to do if someone suspects they are a victim. It also discusses several US laws related to information security and ethics, such as the Identity Theft and Assumption Deterrence Act, Sarbanes-Oxley Act, and various cybercrime laws. Additionally, it covers some international laws and agreements around intellectual property and privacy, including the Agreement on Trade-Related Aspects of Intellectual Property Rights and the Digital Millennium Copyright Act.
Chapter 3: Information Security Framework
The document discusses information security frameworks and principles. It introduces the CIA triad of confidentiality, integrity, and availability as key principles of information security. It also outlines standards from NIST and ISO, such as ISO 27002, that define best practices for information security management across various domains.
IT Security management and risk assessment
Terminology
Security Risk Assessment
Detailed Risk Analysis Process
Asset Identification / System Characterizations
Threat Identification
Vulnerability Identification
Analyze Risks / Control Analysis
Likelihood Determination
Impact analysis / Consequence determination
Risk determination
Control Recommendation & Result Documentation
Information Assurance And Security - Chapter 2 - Lesson 3
The document discusses software attacks against information systems. It defines software attacks as those carried out through malicious software designed to overwhelm or gain unauthorized access to systems. Several types of software attacks are listed, including viruses, worms, Trojan horses, and active web scripts that can destroy or steal information. Other attack types covered are denial-of-service attacks, distributed denial-of-service attacks, spoofing, man-in-the-middle attacks, and pharming. The document provides details on each type of attack and how they threaten information security.
Information Assurance And Security - Chapter 3 - Lesson 3
The document discusses principles of information security including legal, ethical and professional issues. It covers major national laws affecting information security practice, deterring unethical behavior, codes of ethics from various professional organizations, and key US federal agencies involved in information security and their roles. Major laws discussed include the Computer Fraud and Abuse Act, National Information Infrastructure Protection Act, and USA PATRIOT Act. Professional organizations like ACM, (ISC)2, and ISACA are covered along with their codes of ethics.
Chapter2 the need to security
The document discusses information security threats and attacks. It provides examples of different types of threats including human error, intellectual property theft, espionage, service disruptions, natural disasters, hardware and software failures, and obsolescence. It also describes different categories of attacks such as malware, password cracking, denial of service, and how multi-vector worms can use various techniques like IP scanning, web browsing, file shares, and email to replicate. The document emphasizes that management must understand security threats in order to implement proper controls and safeguard the organization's data, systems, and ability to operate.
INFORMATION SECURITY
This document provides an overview of information security. It defines information and discusses its lifecycle and types. It then defines information security and its key components - people, processes, and technology. It discusses threats to information security and introduces ISO 27001, the international standard for information security management. The document outlines ISO 27001's history, features, PDCA process, domains, and some key control clauses around information security policy, organization of information security, asset management, and human resources security.
Introduction to information security
This document is a slide presentation for an introduction to information security course at Illinois Institute of Technology. It begins with an overview of the course objectives and policies. It then provides a history of information security, defining key terms. It discusses approaches to implementing security through a systems development life cycle and the roles of security professionals.
Access Controls
This document discusses access controls and various access control models. It defines access control as granting or denying approval to use specific resources. It describes common access control models like discretionary access control (DAC), mandatory access control (MAC), and role-based access control (RBAC). It also discusses access control terminology, technical processes, and best practices for implementing access controls.
Information security for dummies
The document provides an overview of information security concepts including definitions of security attributes like confidentiality, integrity and availability. It discusses why security is important for compliance, protecting assets and reputation. The document recommends a layered security approach using best practices and standards like ISO 27002. Key security terms are defined such as threats, damages, risks, and authentication. It emphasizes the importance of managing risks and notes that personnel are often the weakest link for attackers who start with information gathering.
System Security-Chapter 1
The document introduces system security, defining it as protecting information system resources to preserve integrity, availability, and confidentiality. It discusses the CIA security triad of confidentiality, integrity, and availability, along with additional aspects of authenticity and accountability for complete security. The document defines key security terminology from RFC 2828 and covers security threats like interception, interruption, and modification. It also examines hardware, software, and data vulnerabilities that can threaten system security.
Lesson 3
The document discusses principles of information security including legal, ethical and professional issues. It covers major national laws affecting information security practice, deterring unethical behavior, codes of ethics from professional organizations like ACM, (ISC)2, SANS, ISACA and ISSA. It also discusses key US federal agencies that deal with cybersecurity and their roles, including DHS, Secret Service, FBI and NSA.
Presentation on Information Privacy
This document discusses information privacy and its technical, organizational, and social implications. It begins by defining information privacy and the relationship between data collection, technology, public expectations of privacy, and legal issues. It then covers topics like personally identifiable information, the types of data collected online, and technical tools and devices related to privacy. The document also addresses the costs of information privacy for governments, companies, and consumers. It discusses perspectives on privacy from different generations and countries. Finally, it covers organizational privacy policies and standards, as well as some high-profile data breach cases and the importance of information security.
ch02_2.ppt
This chapter discusses the need for information security in organizations. It explains that information security has four main functions: protecting organizational functionality, enabling safe application operations, protecting collected data, and safeguarding technology assets. The chapter also identifies common threats like malware, hacking, and human error that can compromise information security. It emphasizes that effective security requires identifying threats, implementing appropriate controls, and developing secure software.
Information Security Risk Management
This document provides an overview of information security risk management. It defines risk management as identifying risks, their owners, probability, impact, suitable mitigations, and contingency plans. The objectives of information security risk management are ensuring risks to confidentiality, integrity, availability, and traceability of information are effectively managed. Common problems with risk management include poor risk descriptions, ineffective mitigation actions, and a reactive rather than proactive approach. The document outlines identifying risks from sources like cloud computing and third parties, recording risks in a risk register, assigning owners, and monitoring mitigation progress.
Information security management
This document discusses various threats to information security and safeguards organizations can implement. The three main sources of threats are human error, malicious human activity, and natural disasters. Some key threats include hacking, viruses, unauthorized data disclosure through actions like phishing. Technical safeguards include identification & authentication like passwords, encryption, firewalls, malware protection. Human safeguards involve policies, training, account management and monitoring. Senior management must establish security policies, assess risks, and ensure all necessary safeguards are in place to protect the organization's information systems and data. The organization should also have an incident response plan to deal with security breaches when they do occur.
Introduction to information security
This document discusses basics of information security including data security, network security, and information security. It defines information systems and explains the need for and importance of securing information. Reasons for information classification are provided along with criteria and levels of classification. The document also covers security basics such as confidentiality, integrity, availability, and authentication. Techniques for data obfuscation and event classification are described.
Chapter 11 laws and ethic information security
This document provides an overview of key concepts regarding law and ethics in information security. It discusses the differences between laws and ethics, and how policies function similarly to laws within an organization. Several major US laws are outlined, including those covering general computer crimes, privacy, identity theft, export and espionage, copyright, and financial reporting. International agreements and professional organizations relevant to information security ethics are also mentioned. The document aims to help readers understand the legal and ethical responsibilities for information security practitioners.
Information security
This slide provide various details regarding Information security. The Database its Advantage, Regarding DBMS, RDBMS, IS Design conderations. Various Cyber crime Techniques. Element of Information i.e Integrity, Availability , Classification of Threats. Information Security Risk Assessment. Four Stages of Risk Management. NIST Definition. Risk Assessment Methodologies. Security Risk Assessment Approach. Risk Mitigation Options. Categories of controls. Technical Controls etc.
Lesson 1- Risk Managment
This document discusses risk management and risk identification from the fifth edition of the textbook "Principles of Information Security". It outlines the learning objectives which are to define key risk management terms, describe how to identify and assess risk, explain how to document risk assessments, and discuss risk mitigation strategies. It then covers introducing risk management concepts, providing an overview of the risk management process, and detailing the steps involved in risk identification which include planning, inventorying and categorizing assets, and classifying information assets.
Whitman_Ch02.pptx
This document summarizes key points from Chapter 2 of the textbook "Principles of Information Security". The chapter discusses the need for information security in organizations. It states that information security programs aim to keep information assets safe and useful by addressing threats from attacks. The responsibilities of information security are discussed, including protecting business functions, data, applications, and technology assets. Common threats like malware, phishing attacks, and data breaches are outlined. Internal and external threats are rated based on a survey of organizations. The chapter objectives are to understand the need for security programs and the threats faced.
Ch04_MoIS5e_v02.pptx business business business business business business bu...
business business business business business business business business business business business business business business business business business business business business business business business business business business business business business business business business business business business business business business business business business
Lesson 1
This document discusses information security planning and policy development. It describes management's role in developing, maintaining, and enforcing security policies, standards, procedures and guidelines. It explains that an information security blueprint identifies major components that support the security program. It also discusses how organizations institutionalize policies through education, training and awareness programs. Contingency planning relates to incident response, disaster recovery and business continuity plans. The document provides details on developing an enterprise security policy and issue-specific security policies. It emphasizes that policies must direct acceptable behavior and technologies and never contradict laws.
More Related Content
What's hot
Chapter 3: Information Security Framework
The document discusses information security frameworks and principles. It introduces the CIA triad of confidentiality, integrity, and availability as key principles of information security. It also outlines standards from NIST and ISO, such as ISO 27002, that define best practices for information security management across various domains.
IT Security management and risk assessment
Terminology
Security Risk Assessment
Detailed Risk Analysis Process
Asset Identification / System Characterizations
Threat Identification
Vulnerability Identification
Analyze Risks / Control Analysis
Likelihood Determination
Impact analysis / Consequence determination
Risk determination
Control Recommendation & Result Documentation
Information Assurance And Security - Chapter 2 - Lesson 3
The document discusses software attacks against information systems. It defines software attacks as those carried out through malicious software designed to overwhelm or gain unauthorized access to systems. Several types of software attacks are listed, including viruses, worms, Trojan horses, and active web scripts that can destroy or steal information. Other attack types covered are denial-of-service attacks, distributed denial-of-service attacks, spoofing, man-in-the-middle attacks, and pharming. The document provides details on each type of attack and how they threaten information security.
Information Assurance And Security - Chapter 3 - Lesson 3
The document discusses principles of information security including legal, ethical and professional issues. It covers major national laws affecting information security practice, deterring unethical behavior, codes of ethics from various professional organizations, and key US federal agencies involved in information security and their roles. Major laws discussed include the Computer Fraud and Abuse Act, National Information Infrastructure Protection Act, and USA PATRIOT Act. Professional organizations like ACM, (ISC)2, and ISACA are covered along with their codes of ethics.
Chapter2 the need to security
The document discusses information security threats and attacks. It provides examples of different types of threats including human error, intellectual property theft, espionage, service disruptions, natural disasters, hardware and software failures, and obsolescence. It also describes different categories of attacks such as malware, password cracking, denial of service, and how multi-vector worms can use various techniques like IP scanning, web browsing, file shares, and email to replicate. The document emphasizes that management must understand security threats in order to implement proper controls and safeguard the organization's data, systems, and ability to operate.
INFORMATION SECURITY
This document provides an overview of information security. It defines information and discusses its lifecycle and types. It then defines information security and its key components - people, processes, and technology. It discusses threats to information security and introduces ISO 27001, the international standard for information security management. The document outlines ISO 27001's history, features, PDCA process, domains, and some key control clauses around information security policy, organization of information security, asset management, and human resources security.
Introduction to information security
This document is a slide presentation for an introduction to information security course at Illinois Institute of Technology. It begins with an overview of the course objectives and policies. It then provides a history of information security, defining key terms. It discusses approaches to implementing security through a systems development life cycle and the roles of security professionals.
Access Controls
This document discusses access controls and various access control models. It defines access control as granting or denying approval to use specific resources. It describes common access control models like discretionary access control (DAC), mandatory access control (MAC), and role-based access control (RBAC). It also discusses access control terminology, technical processes, and best practices for implementing access controls.
Information security for dummies
The document provides an overview of information security concepts including definitions of security attributes like confidentiality, integrity and availability. It discusses why security is important for compliance, protecting assets and reputation. The document recommends a layered security approach using best practices and standards like ISO 27002. Key security terms are defined such as threats, damages, risks, and authentication. It emphasizes the importance of managing risks and notes that personnel are often the weakest link for attackers who start with information gathering.
System Security-Chapter 1
The document introduces system security, defining it as protecting information system resources to preserve integrity, availability, and confidentiality. It discusses the CIA security triad of confidentiality, integrity, and availability, along with additional aspects of authenticity and accountability for complete security. The document defines key security terminology from RFC 2828 and covers security threats like interception, interruption, and modification. It also examines hardware, software, and data vulnerabilities that can threaten system security.
Lesson 3
The document discusses principles of information security including legal, ethical and professional issues. It covers major national laws affecting information security practice, deterring unethical behavior, codes of ethics from professional organizations like ACM, (ISC)2, SANS, ISACA and ISSA. It also discusses key US federal agencies that deal with cybersecurity and their roles, including DHS, Secret Service, FBI and NSA.
Presentation on Information Privacy
This document discusses information privacy and its technical, organizational, and social implications. It begins by defining information privacy and the relationship between data collection, technology, public expectations of privacy, and legal issues. It then covers topics like personally identifiable information, the types of data collected online, and technical tools and devices related to privacy. The document also addresses the costs of information privacy for governments, companies, and consumers. It discusses perspectives on privacy from different generations and countries. Finally, it covers organizational privacy policies and standards, as well as some high-profile data breach cases and the importance of information security.
ch02_2.ppt
This chapter discusses the need for information security in organizations. It explains that information security has four main functions: protecting organizational functionality, enabling safe application operations, protecting collected data, and safeguarding technology assets. The chapter also identifies common threats like malware, hacking, and human error that can compromise information security. It emphasizes that effective security requires identifying threats, implementing appropriate controls, and developing secure software.
Information Security Risk Management
This document provides an overview of information security risk management. It defines risk management as identifying risks, their owners, probability, impact, suitable mitigations, and contingency plans. The objectives of information security risk management are ensuring risks to confidentiality, integrity, availability, and traceability of information are effectively managed. Common problems with risk management include poor risk descriptions, ineffective mitigation actions, and a reactive rather than proactive approach. The document outlines identifying risks from sources like cloud computing and third parties, recording risks in a risk register, assigning owners, and monitoring mitigation progress.
Information security management
This document discusses various threats to information security and safeguards organizations can implement. The three main sources of threats are human error, malicious human activity, and natural disasters. Some key threats include hacking, viruses, unauthorized data disclosure through actions like phishing. Technical safeguards include identification & authentication like passwords, encryption, firewalls, malware protection. Human safeguards involve policies, training, account management and monitoring. Senior management must establish security policies, assess risks, and ensure all necessary safeguards are in place to protect the organization's information systems and data. The organization should also have an incident response plan to deal with security breaches when they do occur.
Introduction to information security
This document discusses basics of information security including data security, network security, and information security. It defines information systems and explains the need for and importance of securing information. Reasons for information classification are provided along with criteria and levels of classification. The document also covers security basics such as confidentiality, integrity, availability, and authentication. Techniques for data obfuscation and event classification are described.
Chapter 11 laws and ethic information security
This document provides an overview of key concepts regarding law and ethics in information security. It discusses the differences between laws and ethics, and how policies function similarly to laws within an organization. Several major US laws are outlined, including those covering general computer crimes, privacy, identity theft, export and espionage, copyright, and financial reporting. International agreements and professional organizations relevant to information security ethics are also mentioned. The document aims to help readers understand the legal and ethical responsibilities for information security practitioners.
Information security
This slide provide various details regarding Information security. The Database its Advantage, Regarding DBMS, RDBMS, IS Design conderations. Various Cyber crime Techniques. Element of Information i.e Integrity, Availability , Classification of Threats. Information Security Risk Assessment. Four Stages of Risk Management. NIST Definition. Risk Assessment Methodologies. Security Risk Assessment Approach. Risk Mitigation Options. Categories of controls. Technical Controls etc.
Lesson 1- Risk Managment
This document discusses risk management and risk identification from the fifth edition of the textbook "Principles of Information Security". It outlines the learning objectives which are to define key risk management terms, describe how to identify and assess risk, explain how to document risk assessments, and discuss risk mitigation strategies. It then covers introducing risk management concepts, providing an overview of the risk management process, and detailing the steps involved in risk identification which include planning, inventorying and categorizing assets, and classifying information assets.
Whitman_Ch02.pptx
This document summarizes key points from Chapter 2 of the textbook "Principles of Information Security". The chapter discusses the need for information security in organizations. It states that information security programs aim to keep information assets safe and useful by addressing threats from attacks. The responsibilities of information security are discussed, including protecting business functions, data, applications, and technology assets. Common threats like malware, phishing attacks, and data breaches are outlined. Internal and external threats are rated based on a survey of organizations. The chapter objectives are to understand the need for security programs and the threats faced.
What's hot (20)
Information Assurance And Security - Chapter 2 - Lesson 3
Information Assurance And Security - Chapter 2 - Lesson 3
ย
Information Assurance And Security - Chapter 3 - Lesson 3
Information Assurance And Security - Chapter 3 - Lesson 3
ย
Similar to Information Assurance And Security - Chapter 2 - Lesson 1
Ch04_MoIS5e_v02.pptx business business business business business business bu...
business business business business business business business business business business business business business business business business business business business business business business business business business business business business business business business business business business business business business business business business business
Lesson 1
This document discusses information security planning and policy development. It describes management's role in developing, maintaining, and enforcing security policies, standards, procedures and guidelines. It explains that an information security blueprint identifies major components that support the security program. It also discusses how organizations institutionalize policies through education, training and awareness programs. Contingency planning relates to incident response, disaster recovery and business continuity plans. The document provides details on developing an enterprise security policy and issue-specific security policies. It emphasizes that policies must direct acceptable behavior and technologies and never contradict laws.
Information security
This document discusses information security (IS), including its objectives to ensure availability, confidentiality, and integrity of information. It outlines principles of IS such as accountability, awareness, integration, and being cost-effective. Implementation of IS involves developing security policies, defining roles and responsibilities, designing security measures, educating employees, implementation, and monitoring. Threats can come from internal or external sources, and security measures are needed to prevent hacking, viruses, and computer fraud.
Introduction to information security - by Ivan Nganda
get an insiders look into the information security phenomena as i demystify the loops in the subject
chapter 1. Introduction to Information Security
This training creates the awareness of the security threats facing individuals, business ownerโs, and corporations in todayโs society and induces aโ plan-protectionโ attitude. It enriches individuals, studentsโ, business ownersโ and workersโ approach to handling these threats and responding appropriately when these threats occur.
Security Architecture
The document outlines the key components of an information security architecture, including confidentiality, integrity, availability, the five components of an information security architecture (security organization/infrastructure, policies/standards/procedures, risk assessments, awareness/training, compliance), and examples of physical, administrative, and technical controls. It then provides a sample strategic information technology plan table of contents as an example of how to structure an IT plan.
Lesson 1
This document discusses risk management and outlines the key steps in the risk identification process. It describes defining risk management, risk identification, and risk control. The risk identification process involves planning the process, inventorying and categorizing assets, identifying people, procedures, data, hardware, software and network assets, and classifying and prioritizing assets. Communities of interest must work together to evaluate risk controls and ensure controls remain effective. The goal is to reduce residual risk to a level within the organization's risk appetite.
Improve Information Security Practices in the Small Enterprise
Over 80% of small-medium sized business consider themselves non-targets for cyber-attacks. However, 60% of all targeted attacks are towards small-medium sized organizations. The capabilities of hackers have risen dramatically in the last two years. Organizations of all sizes need a security plan. Security by obscurity is no longer a viable option. Adopt a proven strategy to protect vital corporate assets.
Introduction to information security
Information security aims to balance information risks and controls. It began with early computer security focused on physical threats. A successful security approach uses multiple layers including physical, personal, operations, communications, network, and information security. Managing information security requires a structured methodology similar to implementing a major system, such as the Security Systems Development Life Cycle.
01Introduction to Information Security.ppt
A distributed system is a collection of computer programs that utilize computational resources across multiple, separate computation nodes to achieve a common, shared goal. Distributed systems aim to remove bottlenecks or central points of failure from a system.
Lesson 3
This document discusses the design of security architecture and contingency planning. It covers spheres of security and levels of controls that make up a security framework. Defense in depth through multiple layers of controls is described. The importance of security education, training, and awareness programs is emphasized to reduce accidental breaches and build security knowledge. Contingency plans like incident response, disaster recovery, and business continuity plans aim to restore operations during and after incidents. The contingency planning process involves impact analysis, preventive controls, recovery strategies, plan development, testing and more.
ISO 27001 Awareness IGN Mantra 2nd Day, 2nd Session.
ISO 27001:2013 Awareness, Seminar & Workshop Indonesia Honeynet Project IHP, Badan Siber dan Sandi Negara BSSN, Universitas Syiah Kuala Unsyiah, 23-24 Oktober 2018
Ch01_MoIS5e_v02.pptx business business business business
business business business business business business v
DR PANKAJ SIR (1).pptx
The document discusses information security management, which describes policies and controls that organizations implement to protect information assets from threats. It defines information security management and notes that many organizations develop a formal Information Security Management System (ISMS) to manage information security. Responsibility for information security may fall to a Chief Security Officer or IT manager. The objectives of information security management are to ensure confidentiality, integrity, and availability of data.
Lesson 3
The document discusses information security system implementation and certification. It explains how an organization's security blueprint becomes a project plan, addressing organizational considerations. A project manager plays a key role in successfully implementing complex security projects using technical strategies and models. Organizations face nontechnical challenges when implementing rapid security changes and must certify systems through processes like NIST and ISO to verify security controls meet requirements.
Secure Your High Risk Data
Info-Tech Research Group is a global leader in providing IT research and advice. The document discusses developing a comprehensive data security plan and outlines Info-Tech's three-phase methodology for securing high-risk data. The methodology involves reviewing data security methodologies, developing a data security roadmap, and implementing the roadmap through technical and process-based controls.
Lesson 4
This document discusses incident response planning, which includes identifying, classifying, and responding to incidents. It describes the key components of an incident response policy and planning process. This includes establishing an incident response team, creating an incident response plan, detecting incidents, containing incidents, and recovering from incidents. It also discusses related areas like disaster recovery planning, business continuity planning, and crisis management. The goal is to have comprehensive contingency plans that outline the organizational response to various security incidents and disasters.
Governance and management of IT.pptx
The document provides an overview of frameworks related to IT governance, management and digital transformation in India. It discusses CoBIT, ISO 27000 and ISO 38500 frameworks. It then summarizes key Indian policies, acts and programs like the IT Act, Aadhar Act, Digital India, National eGovernance Plan and its mission mode projects.
Information security.pptx
The document discusses the history and evolution of information security. It begins with physical security controls for early mainframe computers and the need for security on the ARPANET network. Information security expanded to include data security and limiting unauthorized access. With the growth of networks and the internet, security became more complex as many interconnected systems needed to be secured. The document outlines key information security concepts and professionals involved in information security governance.
Chap01
This document provides an introduction to information security. It discusses the history of computer security and how it evolved into information security. Key topics covered include the definition of information security, the critical characteristics of information, components of an information system, approaches to implementing security (bottom-up vs top-down), and the security systems development life cycle. It also outlines the various security professionals and their roles in an organizational structure.
Similar to Information Assurance And Security - Chapter 2 - Lesson 1 (20)
Ch04_MoIS5e_v02.pptx business business business business business business bu...
Ch04_MoIS5e_v02.pptx business business business business business business bu...
ย
Introduction to information security - by Ivan Nganda
Introduction to information security - by Ivan Nganda
ย
Improve Information Security Practices in the Small Enterprise
Improve Information Security Practices in the Small Enterprise
ย
ISO 27001 Awareness IGN Mantra 2nd Day, 2nd Session.
ISO 27001 Awareness IGN Mantra 2nd Day, 2nd Session.
ย
Ch01_MoIS5e_v02.pptx business business business business
Ch01_MoIS5e_v02.pptx business business business business
ย
More from MLG College of Learning, Inc
PC111.Lesson2
This document discusses configuring and managing Cisco switches. It covers basic switch configuration including the boot sequence, recovering from crashes using the boot loader, and switch LED indicators. It also discusses configuring switch ports including setting duplex and speed, the auto-MDIX feature, and verifying port settings. Additionally, it addresses network access layer issues and troubleshooting media and interface-related problems.
PC111.Lesson1
This document provides an introduction to switched networks and describes different types of network switches. It explains that switched networks support small to medium-sized businesses by converging data, voice, and video. There are two main categories of switches: modular switches that provide flexibility through expansion modules, and fixed-configuration switches that include unmanaged, managed, and smart switches. Managed switches offer the most comprehensive features and scalability. Key factors to consider when choosing a switch include speed, port count, Power over Ethernet support, and stackability.
PC111-lesson1.pptx
This document introduces switched networks and how they support small to medium-sized businesses. It explains how switched networks converge data, voice, and video and describes what a switched network looks like in this environment. The document also discusses how layer 2 switches forward data frames in a small to medium LAN and compares collision domains to broadcast domains in a switched network.
PC LEESOON 6.pptx
The document discusses configuring basic settings on a Cisco switch, including:
- Setting the boot system to define the IOS image loaded during startup.
- Configuring switch management access by assigning an IP address, subnet mask, and default gateway to the management VLAN.
- Configuring physical switch ports by setting the duplex and speed settings to match connected devices and troubleshooting common layer 1 and 2 issues.
- Securing remote access using SSH instead of Telnet by generating RSA key pairs, configuring user authentication, and enabling SSH version 2.
- Implementing port security to restrict which MAC addresses can transmit on switch ports and limit them to the configured number.
PC 106 PPT-09.pptx
This document discusses the configuration and installation of UTP cables. It describes the standard arrangement of wires in a UTP cable, with the wires being twisted to cancel out noise and crosstalk. It also lists the tools and materials needed for installing UTP cables, such as wire cutters, strippers, crimp tools, RJ45 connectors, and testers. Finally, it outlines the 8 steps to properly crimp a UTP cable, which includes stripping the cable, placing the wires in the connector, and crimping to complete the connection.
PC 106 PPT-07
This document discusses network protocols. It begins by defining what a protocol is and provides some common examples used at different layers, such as TCP, UDP, IP, and HTTP. It then explains that protocols break large processes into smaller tasks and functions that must cooperate across network levels. Protocols are created according to industry standards. The document categorizes protocols for communication, network management, and security. It provides examples for each category and concludes with descriptions of some frequently used protocols like HTTP, SSH, and SMS.
PC 106 PPT-01
This document provides an overview of the history and development of computer networks and the internet. It discusses the early development of packet switching in the 1960s by researchers at MIT, RAND, and the UK. It also describes the creation of ARPANET in the late 1960s and early 1970s and its growth. Subsequent sections discuss the proliferation of networks in the 1980s and 1990s driven by NSFNET and the development of the World Wide Web. The document concludes by outlining some of the key hardware components of networks and benefits and disadvantages of computer networks.
PC 106 PPT-06
The document discusses the OSI model, which defines 7 layers for network communication: Physical, Data Link, Network, Transport, Session, Presentation, and Application. It was developed by ISO to standardize network architectures and allow components from different vendors to communicate. Each layer has a set of well-defined functions and builds upon the layers below it, with standards developed independently for easier introduction and less effect of changes on other layers. This model divides network communication into simpler components and encourages standardization.
PC 106 PPT-05
There are several common network topologies for LANs and WANs. Common LAN topologies include bus, star, ring, switched, daisy chain, and hierarchical topologies. Bus topology is easy to implement but has limited cable length. Star topology is easy to manage and scale but a failure of the central device takes down the whole network. Ring topology provides better performance than bus but a single failure affects the whole network. WAN topologies include peer-to-peer, ring, star, full mesh, partial mesh, multi-tiered, and hybrid configurations with different tradeoffs around cost, performance, redundancy, and scalability.
PC 106 Slide 04
Network media refers to the communication channels used to connect nodes on a computer network. Common network media include copper cables like twisted pair and coaxial, optical fiber cables, and wireless transmission using radio waves. Key factors in choosing network media include the network topology, size, required transmission speed and distance, environment, and cost. A network interface card installed in each computer enables it to connect to the chosen network media type.
PC 106 Slide no.02
A computer network is composed of end devices, network media, and intermediary devices connected together. The number of computers that can be connected depends on the type of network, which is classified by geographical size as a personal area network (PAN), local area network (LAN), campus area network (CAN), metropolitan area network (MAN), wide area network (WAN), wireless local area network (WLAN), or peer-to-peer network. In a client/server network, servers provide centralized services and resources to client devices, while in a peer-to-peer network all devices can act as both clients and servers sharing resources directly.
pc-106-slide-3
Network hardware includes end devices like servers, computers, VoIP phones, security cameras, and mobile devices. It also includes intermediary devices like hubs, switches, wireless access points, repeaters, bridges, and routers. Servers store files and applications for sharing. Switches provide connections and send information directly to the correct location. Wireless access points allow Wi-Fi devices to connect to wired networks. Routers select the best path to route messages between networks. Network interface cards provide the physical connection between computers and the network.
PC 106 Slide 2
The document discusses different types of computer networks classified by their geographical size, including personal area networks (PANs), local area networks (LANs), campus area networks (CANs), metropolitan area networks (MANs), wide area networks (WANs), and wireless local area networks (WLANs). It provides details on each type of network, such as LANs connecting computers close together within the same building, MANs connecting LANs within a city that are too far for a direct connection, and WANs spanning large geographic areas like cities or countries. The document also illustrates a basic computer network and reviews common network acronyms.
PC 106 Slide 1.pptx
A computer network connects multiple computers together to allow them to communicate and share resources. The basic building blocks of a network include computers equipped with network ports, cables to connect the computers, and a network switch for them to plug into. Larger networks may include additional components like routers or repeaters. Computer networks provide benefits such as hardware and data sharing between connected devices, enhanced real-time communication, collaborative work environments, access to shared programs stored on servers, and increased storage capacity from network-attached devices. However, networks also pose security threats from hacking or data theft, single point of failures if the main server crashes, and potential virus or malware spread throughout the connected systems. Proper technical skills are required to administer large computer networks
Db2 characteristics of db ms
This document discusses the fundamentals of database systems. It outlines four key characteristics: the self-describing nature of databases through metadata stored in the DBMS catalog; insulation between programs and data through program-data independence; support of multiple views of data through user-specific subsets or views; and sharing of data and multiuser transaction processing through concurrency control in a multiuser environment.
Db1 introduction
This document defines key terms related to database systems and provides an overview of database fundamentals. It defines data, information, and databases. A database management system (DBMS) is introduced as a collection of programs that enables users to create and maintain a database by defining, constructing, manipulating, and sharing the data. A DBMS also protects the database and maintains it over time. Examples of database systems that store student and course information are provided to illustrate database concepts. Characteristics of the DBMS approach are compared to the traditional file system approach.
Lesson 3.2
A flowchart is a graphical representation of a process or system. This document provides flowcharts for troubleshooting various hardware issues, including hard drive boot problems, CPU/RAM/motherboard performance issues, video adapter/GPU/monitor problems, peripheral device failures, SCSI/SAS drive errors, and DVD/CD/Blu-ray recording issues. The flowcharts help diagnose common problems and their potential solutions.
Lesson 3.1
This document discusses common computer errors, including hardware errors like blank monitors, hard drive failures, and faulty keyboards or mice. It also covers software errors such as access denied, file not found, and out of memory issues. Specific error types like disk read errors, boot failures, freezing, and the blue screen of death are explained in more detail. The document emphasizes the importance of properly diagnosing errors to identify whether the issue is hardware or software related.
Lesson 1.6
Bootable media contains software that allows a computer to boot from a removable device like a USB flash drive. When booting, the computer performs self-checks, loads the BIOS which finds the boot loader on the hard drive, and then loads the operating system along with hardware drivers and any startup programs. Bootable USB flash drives provide an easy way to install operating systems without discs by creating a portable boot device.
Lesson 3.2
Computer troubleshooting is a systematic process used to locate the cause of faults in computer systems and resolve hardware and software issues. It involves following a logical process with steps like identifying the problem, establishing a probable cause, testing theories to determine the cause, developing a solution plan, verifying the system works, and documenting findings. Troubleshooting skills are developed over time through experience solving different problems. Common computer issues include failures of storage devices, motherboards, power supplies, CPUs, memory, displays, and more. Solutions may involve checking connections, updating drivers or BIOS, replacing faulty components, and ensuring proper cooling and power.
More from MLG College of Learning, Inc (20)
Recently uploaded
Philippine Edukasyong Pantahanan at Pangkabuhayan (EPP) Curriculum
(๐๐๐ ๐๐๐) (๐๐๐ฌ๐ฌ๐จ๐ง ๐)-๐๐ซ๐๐ฅ๐ข๐ฆ๐ฌ
๐๐ข๐ฌ๐๐ฎ๐ฌ๐ฌ ๐ญ๐ก๐ ๐๐๐ ๐๐ฎ๐ซ๐ซ๐ข๐๐ฎ๐ฅ๐ฎ๐ฆ ๐ข๐ง ๐ญ๐ก๐ ๐๐ก๐ข๐ฅ๐ข๐ฉ๐ฉ๐ข๐ง๐๐ฌ:
- Understand the goals and objectives of the Edukasyong Pantahanan at Pangkabuhayan (EPP) curriculum, recognizing its importance in fostering practical life skills and values among students. Students will also be able to identify the key components and subjects covered, such as agriculture, home economics, industrial arts, and information and communication technology.
๐๐ฑ๐ฉ๐ฅ๐๐ข๐ง ๐ญ๐ก๐ ๐๐๐ญ๐ฎ๐ซ๐ ๐๐ง๐ ๐๐๐จ๐ฉ๐ ๐จ๐ ๐๐ง ๐๐ง๐ญ๐ซ๐๐ฉ๐ซ๐๐ง๐๐ฎ๐ซ:
-Define entrepreneurship, distinguishing it from general business activities by emphasizing its focus on innovation, risk-taking, and value creation. Students will describe the characteristics and traits of successful entrepreneurs, including their roles and responsibilities, and discuss the broader economic and social impacts of entrepreneurial activities on both local and global scales.
Bossa Nโ Roll Records by Ismael Vazquez.
Bossa N Roll Records presentation by Izzy Vazquez for Music Retail and Distribution class at Full Sail University
Benner "Expanding Pathways to Publishing Careers"
Benner "Expanding Pathways to Publishing Careers"National Information Standards Organization (NISO)
This presentation was provided by Rebecca Benner, Ph.D., of the American Society of Anesthesiologists, for the second session of NISO's 2024 Training Series "DEIA in the Scholarly Landscape." Session Two: 'Expanding Pathways to Publishing Careers,' was held June 13, 2024.ย
Temple of Asclepius in Thrace. Excavation results
The temple and the sanctuary around were dedicated to Asklepios Zmidrenus. This name has been known since 1875 when an inscription dedicated to him was discovered in Rome. The inscription is dated in 227 AD and was left by soldiers originating from the city of Philippopolis (modern Plovdiv).
How Barcodes Can Be Leveraged Within Odoo 17
In this presentation, we will explore how barcodes can be leveraged within Odoo 17 to streamline our manufacturing processes. We will cover the configuration steps, how to utilize barcodes in different manufacturing scenarios, and the overall benefits of implementing this technology.
Elevate Your Nonprofit's Online Presence_ A Guide to Effective SEO Strategies...
Whether you're new to SEO or looking to refine your existing strategies, this webinar will provide you with actionable insights and practical tips to elevate your nonprofit's online presence.
What is Digital Literacy? A guest blog from Andy McLaughlin, University of Ab...
What is Digital Literacy? A guest blog from Andy McLaughlin, University of Aberdeen
Educational Technology in the Health Sciences
Plenary presentation at the NTTC Inter-university Workshop, 18 June 2024, Manila Prince Hotel.
Chapter wise All Notes of First year Basic Civil Engineering.pptx
Chapter wise All Notes of First year Basic Civil Engineering
Syllabus
Chapter-1
Introduction to objective, scope and outcome the subject
Chapter 2
Introduction: Scope and Specialization of Civil Engineering, Role of civil Engineer in Society, Impact of infrastructural development on economy of country.
Chapter 3
Surveying: Object Principles & Types of Surveying; Site Plans, Plans & Maps; Scales & Unit of different Measurements.
Linear Measurements: Instruments used. Linear Measurement by Tape, Ranging out Survey Lines and overcoming Obstructions; Measurements on sloping ground; Tape corrections, conventional symbols. Angular Measurements: Instruments used; Introduction to Compass Surveying, Bearings and Longitude & Latitude of a Line, Introduction to total station.
Levelling: Instrument used Object of levelling, Methods of levelling in brief, and Contour maps.
Chapter 4
Buildings: Selection of site for Buildings, Layout of Building Plan, Types of buildings, Plinth area, carpet area, floor space index, Introduction to building byelaws, concept of sun light & ventilation. Components of Buildings & their functions, Basic concept of R.C.C., Introduction to types of foundation
Chapter 5
Transportation: Introduction to Transportation Engineering; Traffic and Road Safety: Types and Characteristics of Various Modes of Transportation; Various Road Traffic Signs, Causes of Accidents and Road Safety Measures.
Chapter 6
Environmental Engineering: Environmental Pollution, Environmental Acts and Regulations, Functional Concepts of Ecology, Basics of Species, Biodiversity, Ecosystem, Hydrological Cycle; Chemical Cycles: Carbon, Nitrogen & Phosphorus; Energy Flow in Ecosystems.
Water Pollution: Water Quality standards, Introduction to Treatment & Disposal of Waste Water. Reuse and Saving of Water, Rain Water Harvesting. Solid Waste Management: Classification of Solid Waste, Collection, Transportation and Disposal of Solid. Recycling of Solid Waste: Energy Recovery, Sanitary Landfill, On-Site Sanitation. Air & Noise Pollution: Primary and Secondary air pollutants, Harmful effects of Air Pollution, Control of Air Pollution. . Noise Pollution Harmful Effects of noise pollution, control of noise pollution, Global warming & Climate Change, Ozone depletion, Greenhouse effect
Text Books:
1. Palancharmy, Basic Civil Engineering, McGraw Hill publishers.
2. Satheesh Gopi, Basic Civil Engineering, Pearson Publishers.
3. Ketki Rangwala Dalal, Essentials of Civil Engineering, Charotar Publishing House.
4. BCP, Surveying volume 1
Wound healing PPT
This document provides an overview of wound healing, its functions, stages, mechanisms, factors affecting it, and complications.
A wound is a break in the integrity of the skin or tissues, which may be associated with disruption of the structure and function.
Healing is the bodyโs response to injury in an attempt to restore normal structure and functions.
Healing can occur in two ways: Regeneration and Repair
There are 4 phases of wound healing: hemostasis, inflammation, proliferation, and remodeling. This document also describes the mechanism of wound healing. Factors that affect healing include infection, uncontrolled diabetes, poor nutrition, age, anemia, the presence of foreign bodies, etc.
Complications of wound healing like infection, hyperpigmentation of scar, contractures, and keloid formation.
A Visual Guide to 1 Samuel | A Tale of Two Hearts
These slides walk through the story of 1 Samuel. Samuel is the last judge of Israel. The people reject God and want a king. Saul is anointed as the first king, but he is not a good king. David, the shepherd boy is anointed and Saul is envious of him. David shows honor while Saul continues to self destruct.
THE SACRIFICE HOW PRO-PALESTINE PROTESTS STUDENTS ARE SACRIFICING TO CHANGE T...
The recent surge in pro-Palestine student activism has prompted significant responses from universities, ranging from negotiations and divestment commitments to increased transparency about investments in companies supporting the war on Gaza. This activism has led to the cessation of student encampments but also highlighted the substantial sacrifices made by students, including academic disruptions and personal risks. The primary drivers of these protests are poor university administration, lack of transparency, and inadequate communication between officials and students. This study examines the profound emotional, psychological, and professional impacts on students engaged in pro-Palestine protests, focusing on Generation Z's (Gen-Z) activism dynamics. This paper explores the significant sacrifices made by these students and even the professors supporting the pro-Palestine movement, with a focus on recent global movements. Through an in-depth analysis of printed and electronic media, the study examines the impacts of these sacrifices on the academic and personal lives of those involved. The paper highlights examples from various universities, demonstrating student activism's long-term and short-term effects, including disciplinary actions, social backlash, and career implications. The researchers also explore the broader implications of student sacrifices. The findings reveal that these sacrifices are driven by a profound commitment to justice and human rights, and are influenced by the increasing availability of information, peer interactions, and personal convictions. The study also discusses the broader implications of this activism, comparing it to historical precedents and assessing its potential to influence policy and public opinion. The emotional and psychological toll on student activists is significant, but their sense of purpose and community support mitigates some of these challenges. However, the researchers call for acknowledging the broader Impact of these sacrifices on the future global movement of FreePalestine.
Beyond Degrees - Empowering the Workforce in the Context of Skills-First.pptx
Ivรกn Bornacelly, Policy Analyst at the OECD Centre for Skills, OECD, presents at the webinar 'Tackling job market gaps with a skills-first approach' on 12 June 2024
Traditional Musical Instruments of Arunachal Pradesh and Uttar Pradesh - RAYH...
Traditional Musical Instruments of Arunachal Pradesh and Uttar Pradesh
Recently uploaded (20)
Philippine Edukasyong Pantahanan at Pangkabuhayan (EPP) Curriculum
Philippine Edukasyong Pantahanan at Pangkabuhayan (EPP) Curriculum
ย
Elevate Your Nonprofit's Online Presence_ A Guide to Effective SEO Strategies...
Elevate Your Nonprofit's Online Presence_ A Guide to Effective SEO Strategies...
ย
What is Digital Literacy? A guest blog from Andy McLaughlin, University of Ab...
What is Digital Literacy? A guest blog from Andy McLaughlin, University of Ab...
ย
SWOT analysis in the project Keeping the Memory @live.pptx
SWOT analysis in the project Keeping the Memory @live.pptx
ย
Chapter wise All Notes of First year Basic Civil Engineering.pptx
Chapter wise All Notes of First year Basic Civil Engineering.pptx
ย
REASIGNACION 2024 UGEL CHUPACA 2024 UGEL CHUPACA.pdf
REASIGNACION 2024 UGEL CHUPACA 2024 UGEL CHUPACA.pdf
ย
THE SACRIFICE HOW PRO-PALESTINE PROTESTS STUDENTS ARE SACRIFICING TO CHANGE T...
THE SACRIFICE HOW PRO-PALESTINE PROTESTS STUDENTS ARE SACRIFICING TO CHANGE T...
ย
Beyond Degrees - Empowering the Workforce in the Context of Skills-First.pptx
Beyond Degrees - Empowering the Workforce in the Context of Skills-First.pptx
ย
Traditional Musical Instruments of Arunachal Pradesh and Uttar Pradesh - RAYH...
Traditional Musical Instruments of Arunachal Pradesh and Uttar Pradesh - RAYH...
ย
Information Assurance And Security - Chapter 2 - Lesson 1
- 1. Principles of Information Security, Fifth Edition Chapter 2 The Need for Security Lesson 1 - Introduction
- 2. Learning Objectives โข Upon completion of this material, you should be able to: โ Discuss the organizational business need for information security Principles of Information Security, Fifth Edition 2
- 3. Introduction โข The primary mission of an information security program is to ensure information assetsโ information and the systems that house themโ remain safe and useful. โข If no threats existed, resources could be used exclusively to improve systems that contain, use, and transmit information. โข Threat of attacks on information systems is a constant concern. Principles of Information Security, Fifth Edition 3
- 4. Business Needs First โข Information security performs four important functions for an organization: โ Protecting the organizationโs ability to function โ Protecting the data and information the organization collects and uses โ Enabling the safe operation of applications running on the organizationโs IT systems โ Safeguarding the organizationโs technology assets Principles of Information Security, Fifth Edition 4
- 5. Protecting the Functionality of an Organization โข Management (general and IT) is responsible for facilitating security program. โข Implementing information security has more to do with management than technology. โข Communities of interest should address information security in terms of business impact and cost of business interruption. Principles of Information Security, Fifth Edition 5
- 6. Protecting Data That Organizations Collect and Use โข Without data, an organization loses its record of transactions and ability to deliver value to customers. โข Protecting data in transmission, in processing, and at rest (storage) is a critical aspect of information security. Principles of Information Security, Fifth Edition 6
- 7. Enabling the Safe Operation of Applications โข Organization needs environments that safeguard applications using IT systems. โข Management must continue to oversee infrastructure once in placeโnot relegate to IT department. Principles of Information Security, Fifth Edition 7
- 8. Safeguarding Technology Assets in Organizations โข Organizations must employ secure infrastructure hardware appropriate to the size and scope of the enterprise. โข Additional security services may be needed as the organization grows. โข More robust solutions should replace security programs the organization has outgrown. Principles of Information Security, Fifth Edition 8