2. Objectives
What is information security?
Security goal CIA trial
Security vulnerabilities threats and attacks
Challenges to InfoSec
How do we overcome to these problem
Consequence of security Breach
Q&A
Importance of Security
Security vs safety
Key Takeaways
3. Information systems security, more commonly referred to as
INFOSEC, by definition It is a set of business processes that
protects information assets regardless of how the information is
formatted or whether it is being processed, is in transit or is being
stored.
.
What is information security?
4. Security goal CIA trial
The purpose of computer security is to devise ways to prevent the
weaknesses from being exploited. To understand what preventive
measures make the most sense, we consider what we mean when
we say that a system is “secure.”
Talking About security goal , we are addressing three important
aspects of any computer- related system:
• Confidentiality
• Integrity
• Availability
5. Security goal CIA trial
• Confidentiality
Ensures that computer related assets are accessed only by
authorized parties.
• Integrity
Safeguard , the accuracy and completeness of information and
processing methods.
• Availability
Ensuring that authorized users have access to associated assets
when required.
7. Security Vulnerabilities, Threats and Attacks
Computer-based system has three separate but valuable
components: hardware, software and data. Each of these
assets offers value to different members of the community
affected by the system . we identify weaknesses in the system.
• Vulnerability, anything that leaves information
exposed to threat .
8. • Attack an action taken against a target with the intention
of doing harm ; it attempts to destroy , alert , disable ,
steal or gain authorized access to or make authorized use
of an asset.
• Threat is a set of circumstances that has the potential
to cause loss or harm.
Security Vulnerabilities, Threats and Attacks
9. Challenges of security
A number of trends illustrate why security is becoming increasingly
difficult:
Speed of attacks
Sophistication of attacks
Faster detection of weaknesses
Distributed attacks
Difficulties of patching
10. Important of security
• The internet allows an attacker to attack from anywhere on the
planet.
• Risk caused by poor security knowledge and practice:
Identity theft
Monetary theft
Legal Ramifications ( staff and companies)
Termination if organization policies are not followed.
• According to www.SANS.org , the top vulnerabilities available
for cyber criminal are :
Web browser
IM clients
Web application
Excessive User Rights
11. Security vs Safety
• Security: We must protect our
computers and data in the
same way that we secure the
doors to our homes.
• Safety: We must behave in
ways that protect us against
risks and threats that come
with technology.
12. • Most of the practices are from the National
Institute of Standards and Technology
• Must use the practices at home and at work to
keep safe and secure (Security awareness).
• Employers should have policies and procedures
regarding secure practices. Be sure to understand
them and adhere to them. It will protect you, your
employer and your customers.
How do we overcome to these problems
13. Consequence of security Breach
Information security is “organizational problem “rather than
“IT problem “and the Consequence of security breach leads to:
Reputation loss
Financial loss
Intellectual property loss
loss Legislation
Loss of customers confidence
Loss of customers confidence
Eventually Loss of good will ……..
14. Key Takeaways:
• Objective of InfoSec is Confidentiality,
Integrity and Availability protect your systems
and your data
• Security should be applied in layers
• Security Awareness at all levels must be
maintained
• Failure to Secure is an Opportunity to Fail