PACE-IT, Security+2.9: Goals of Security Controls
•Download as PPTX, PDF•
1 like•385 views
CompTIA exam study guide presentations by instructor Brian Ferrill, PACE-IT (Progressive, Accelerated Certifications for Employment in Information Technology) "Funded by the Department of Labor, Employment and Training Administration, Grant #TC-23745-12-60-A-53" Learn more about the PACE-IT Online program: www.edcc.edu/pace-it
Recommended
Recommended
More Related Content
What's hot
What's hot (20)
Viewers also liked
Viewers also liked (20)
Similar to PACE-IT, Security+2.9: Goals of Security Controls
Similar to PACE-IT, Security+2.9: Goals of Security Controls (20)
Recently uploaded
Recently uploaded (20)
PACE-IT, Security+2.9: Goals of Security Controls
- 2. Page 2 Instructor, PACE-IT Program – Edmonds Community College Areas of Expertise Industry Certifications PC Hardware Network Administration IT Project Management Network Design User Training IT Troubleshooting Qualifications Summary Education M.B.A., IT Management, Western Governor’s University B.S., IT Security, Western Governor’s University Entrepreneur, executive leader, and proven manger with 10+ years of experience turning complex issues into efficient and effective solutions. Strengths include developing and mentoring diverse workforces, improving processes, analyzing business needs and creating the solutions required— with a focus on technology.
- 3. Page 3 PACE-IT. – Confidentiality, integrity, and availability controls. – Safety controls.
- 4. Page 4 Goals of security controls.
- 5. Page 5 No matter how a security control is implemented, it always has a goal—to keep systems and data or personnel and facilities safe. In some cases, these end goals can be combined; however, in most cases, they are deployed separately to achieve the goal. It is not uncommon for the categories to work together to increase the overall security of the data and systems. When the focus is on systems and data, the security control can be placed into one of three categories. The categories are: confidentiality, integrity, and availability (CIA). Goals of security controls.
- 6. Page 6 Goals of security controls. – Confidentiality. » Using technological controls to ensure that only authorized personnel can gain access to the information. • Access control/permissions: explicitly establishing who can access the information; the person requesting access must have explicit permission to be able to do so. • Encryption: using an algorithm to make data unreadable unless the appropriate security key is present; encryption can be placed at multiple levels (e.g., file level, storage level, or the communication channel level). • Steganography: concealing data (e.g., a text file) within a graphic file; the person receiving the graphic file must use steganography software to read the secured data. » In many cases, access control/permissions and encryption are used together to increase the confidentiality of data or systems.
- 7. Page 7 Goals of security controls. – Integrity. » Using technological controls to ensure that, when data is sent from a source, exactly the same data is received at the destination—in short, authenticating the data. • Hashing: using a mathematical algorithm to verify that no change has occurred to the data in transit; once received, the hashed value of the data is used to ensure that integrity has been maintained. • Certificates: a cryptographic means of transporting or exchanging security keys. Ensures the integrity of the security keys. • Digital signatures: using a combination of certificates and security keys to authenticate the sender of a message or data—in short, ensuring the integrity of the source. » Integrity controls are often used in conjunction with confidentiality controls.
- 8. Page 8 Goals of security controls. – Availability. » Using various control types to ensure that data and systems are always available when required. • Fault tolerance: ensuring that that even in the case of a failure, data is available; can be achieved through multiple methods (e.g., RAID or server clustering). • Redundancy: ensuring that systems are always available by using multiple units (e.g., using a partial mesh topology to guard against the failure of a network switch). • Backups: ensuring that data can be recovered in the case of loss or corruption. • Patching: ensuring that systems and data are available by keeping operating systems and configuration files up to date—a safeguard against common system attacks.
- 9. Page 9 Goals of security controls.
- 10. Page 10 Security controls should also be put in place to ensure the safety of personnel and facilities. Often, the responsibility for securing systems and data are separated from the responsibility to secure personnel and facilities (but not always). Without the people and facilities, the systems and data will not do much good. Some security goals should be put in place with this in mind. These controls should cover disasters (e.g., fire or earthquake), personal safety (e.g., all parking lots have adequate lighting), and outside threats (e.g., controlling access to the facility). The controls also need to be tested on a periodic basis to ensure that all people know and understand them. Goals of security controls.
- 11. Page 11 Goals of security controls. When implementing security controls for systems and data, the controls can usually be broken down into one of three categories: confidentiality, integrity, or availability (CIA). Confidentiality: uses controls to ensure that only authorized personnel can gain access to the information. Integrity: uses controls to ensure that when data is sent from a source that exactly the same data is received at the destination. Availability: uses controls to ensure that data and systems are always available when required. Topic Confidentiality, integrity, and availability controls. Summary Security controls should also be put in place to ensure the safety of personnel and facilities. The responsibility for personnel and facility security is often separated from the responsibility for systems and data security (but not always). Security controls should be put in place to cover disasters, personal safety, and to guard against outside threats. All safety controls should be periodically tested. Safety controls.
- 13. This workforce solution was 100 percent funded by a $3 million grant awarded by the U.S. Department of Labor's Employment and Training Administration. The solution was created by the grantee and does not necessarily reflect the official position of the U.S. Department of Labor. The Department of Labor makes no guarantees, warranties, or assurances of any kind, express or implied, with respect to such information, including any information on linked sites and including, but not limited to, accuracy of the information or its completeness, timeliness, usefulness, adequacy, continued availability or ownership. Funded by the Department of Labor, Employment and Training Administration, Grant #TC-23745-12-60-A-53. PACE-IT is an equal opportunity employer/program and auxiliary aids and services are available upon request to individuals with disabilities. For those that are hearing impaired, a video phone is available at the Services for Students with Disabilities (SSD) office in Mountlake Terrace Hall 159. Check www.edcc.edu/ssd for office hours. Call 425.354.3113 on a video phone for more information about the PACE-IT program. For any additional special accommodations needed, call the SSD office at 425.640.1814. Edmonds Community College does not discriminate on the basis of race; color; religion; national origin; sex; disability; sexual orientation; age; citizenship, marital, or veteran status; or genetic information in its programs and activities.