SlideShare a Scribd company logo

Sec 270 02 sect 01v1

Download as PPTX, PDF
wchend
wchend
EducationBusinessTechnology
1 of 18
SECURITY OF COMPUTERS AND THEIR DATA, SEC 207-02 M, W 4:15 PM – 5:30 PM (6th Period) DEPARTMENT OF SECURITY, FIRE AND EMERGENCY MANAGEMENT John Jay College of Criminal Justice © 2012
Course Description: • Introductory / overview of the landscape for Information Security and Information Risk Management. • The “Human Factors” influencing the perpetration of security incidents • Overview of the existing legal and regulatory issues relating to “computer crime” • Steps followed an incident • Security Standards and Policies • Technique to secure computer, network, and data storage will be reviewed. • Disasters disaster recovery and business continuity will be discussed. John Jay College of Criminal Justice © 2012
Your Professor Chief Information Security Officer and Assistant Commissioner, with extensive experience in Risk Assessment, Technology Security Research, IT Governance and Compliance. Served as executive capacity in the areas of IT Security as it related to computer applications programming, system programming, computer systems development, data telecommunications, database administration, and supervision of staff. Commanded cross-functional teams to complete major security initiatives. Experience with business continuity planning, auditing, and risk management with strong working knowledge of pertinent law and the law enforcement community. Skilled at articulating and communicating technical information to Senior Management and Business Stakeholders. Solid background in information technology, served in following industries: Media, Financial Services, and Utility Industries with over 10 years of experience focus on IT Information Security. I am a highly motivated, dynamic, technology profession and is looking to join a award-winning, innovative technology team that is looking to revolutionizing your IT services. Prof. Dave Chen Classroom: NB/1.92 Phone: 917 945 3893 Department Phone 917-945 3893 e-mail: wchend@aol.com Office hours: M, W 5:30 PM – 6:00 PM or by appointment John Jay College of Criminal Justice © 2012
Introduce Yourself • Name • Major / Expected Year of Graduation • Career goal(s) • Why did you select this class • What do you expect to learn from this class • How would you define “Information Security” John Jay College of Criminal Justice © 2012
Readings Required Texts: There is an extensive amount of reading and research required for this course. Focus on your gaining an understanding of the concepts, a familiarity with the technological vocabulary is essential. The Syllabus outlines the Text chapters and number of pages related to the topic of each class. Official (ISC)2 Guide to the CISSP CBK 2nd ed ISBN-13 978-1439809594 Published 12/2209 Network Security for Dummy 1th ed ISBN-13: 978-0764516795 Publication 10/10/02 Recommend readings: Art of Deception 1th ed ISBN-13: 978-0764542800 Published 10/17/03 Secrets and Lies Digital Security in a Network World ISBN-13: 978-0471453802 Published 1/30/2004 John Jay College of Criminal Justice © 2012
• Course Policies • Grading System • Term Paper – Presentation – Report – Executive Summary – Rules and Grade Requirement – Plagiarism • Briefings John Jay College of Criminal Justice © 2012
Citywide Policies • A. Incomplete Grade Policy • • B. Extra work during the semester: None is available in this course. • • C. Americans with Disabilities Act (ADA) Policies: Qualified students with disabilities will be provided reasonable academic accommodations if determined eligible by the Office of Accessibility Services (OAS). Prior to granting disability accommodations in this course, the instructor must receive written verification of a student’s eligibility from the OAS which is located at 1233N (212- 237-8144). It is the student’s responsibility to initiate contact with the office and to follow the established procedures for having the accommodation notice sent to the instructor. John Jay College of Criminal Justice © 2012
Access Control • management to specify what users can do, • which resources they can access, and • what operations they can perform on a system. • Access control techniques, and detective and corrective measures • understand the potential risks, vulnerabilities, and exposures. The students should fully understand access control concepts, methodologies, and implementations within centralized and decentralized environments across the enterprise's computer systems. John Jay College of Criminal Justice © 2012
Application Development Security • The controls that are included within system and application software and the steps used in their development. • Applications refer to agents, applets, software, databases, data warehouses, and knowledge-based systems. • These applications may be used in distributed or centralized environments. The student should fully understand the security and controls of the systems development process, system life cycle, application controls, change controls, data warehousing, data mining, knowledge-based systems, program interfaces, and concepts used to ensure data and application integrity, security, and availability. John Jay College of Criminal Justice © 2012
Business Continuity and Disaster Recovery Planning • Preservation of the business in the face of major disruptions to normal business operations. • Business continuity plans (BCPs) verse disaster recovery plans (DRPs) • the natural and man-made events and the consequences if not dealt with promptly and effectively. • procedures for emergency response, extended backup operation, and post-disaster recovery • provide the capability to process mission-essential applications, in a degraded mode, and return to normal mode of operation within a reasonable amount of time. The student will be expected to know the difference between business continuity planning and disaster recovery; business continuity planning in terms of project scope and planning, business impact analysis, recovery strategies, recovery plan development, and implementation. The candidate should understand disaster recovery in terms of recovery plan development, implementation, and restoration. John Jay College of Criminal Justice © 2012
Cryptography • principles, means, and methods of disguising information to ensure its integrity, confidentiality, and authenticity. The student will be expected to know basic concepts within cryptography; public and private key algorithms in terms of their applications and uses; algorithm construction, key distribution and management, and methods of attack; and the applications, construction, and use of digital signatures to provide authenticity of electronic transactions, and non-repudiation of the parties involved. John Jay College of Criminal Justice © 2012
Information Security Governance and Risk Management • identification of an organization's information assets and develop , and implementation of policies, standards, procedures, and guidelines that ensure confidentiality, integrity, and availability. • Management tools such as data classification, risk assessment, and risk analysis are used to identify the threats, classify assets, and to rate their vulnerabilities • Risk management - identification, measurement, control, and minimization loss associated with uncertain events or risks. • Overall security review, risk analysis, selection and evaluation of safeguards, cost— benefit analysis, management decision, safeguard implementation, and effectiveness review. The Student will be expected to understand the planning, organization, and roles of individuals in securing an organization's information assets; the development and use of policies stating management's views and position on particular topics and the use of guidelines, standards, and procedures to support the policies; security-awareness training to make employees aware of the importance of information security, its significance, and the specific security-related requirements relative to their position; the importance of confidentiality, proprietary, and private information; employment agreements; employee hiring and termination practices; and risk management practices and tools to identify, rate, and reduce the risk to specific resources. John Jay College of Criminal Justice © 2012
Legal, Regulations, Compliance, and Investigations • Legal, regulations, compliance, and investigations domain addresses computer crime laws and regulations • Measures and techniques that can be used to determine if a crime has been committed, and • methods to gather evidence. • Incident handling The Student will be expected to know the methods for determining whether a computer crime has been committed; the laws that would be applicable for the crime; laws prohibiting specific types of computer crimes; methods to gather and preserve evidence of a computer crime, and investigative methods and techniques; and ways to address compliance. John Jay College of Criminal Justice © 2012
Operations Security • Identify the controls over hardware, media, and the operators with access privileges to any of these resources. • Audit and monitoring the mechanisms, tools, and facilities that permit the identification of security events and subsequent actions. The student will be expected to know the resources that must be protected, the privileges that must be restricted, the control mechanisms available, the potential for abuse of access, the appropriate controls, and the principles of good practice. John Jay College of Criminal Justice © 2012
Physical (Environmental) Security • Threats, vulnerabilities, and countermeasures that can be utilized to physically protect an enterprise's resources and sensitive information • people, the facility, and the data, equipment, support systems, media, and supplies they utilize. The Student will be expected to know the elements involved in choosing a secure site, its design and configuration, and the methods for securing the facility against unauthorized access, theft of equipment and information, and the environmental and safety measures needed to protect people, the facility, and its resources. John Jay College of Criminal Justice © 2012
Security Architecture and Design • Concepts, principles, structures, and standards used to design, implement, monitor, and secure operating systems, equipment, networks, applications • Controls used to enforce various levels of confidentiality, integrity, and availability. The Studentshould understand security models in terms of confidentiality, integrity, information flow; system models in terms of the common criteria; technical platforms in terms of hardware, firmware, and software; and system security techniques in terms of preventive, detective, and corrective controls. John Jay College of Criminal Justice © 2012
Telecommunications and Network Security • The structures, transmission methods, transport formats, and security measures used • transmissions over private and public communication networks and media The Student is expected to demonstrate an understanding of communications and network security as it relates to voice communications; data communications in terms of local area, wide area, and remote access; Internet/intranet/extranet in terms of firewalls, routers, and TCP/IP; and communications security management and techniques in terms of preventive, detective, and corrective measures. John Jay College of Criminal Justice © 2012
Questions John Jay College of Criminal Justice © 2012

Recommended

Assets Protection Course_I_BR_1109
Assets Protection Course_I_BR_1109Assets Protection Course_I_BR_1109
Assets Protection Course_I_BR_1109Shannon Gregg, MBA
 
Security Awareness and Training
Security Awareness and TrainingSecurity Awareness and Training
Security Awareness and TrainingPriyank Hada
 
Erau cybersecurity and security degrees
Erau cybersecurity and security degreesErau cybersecurity and security degrees
Erau cybersecurity and security degreesERAUWebinars
 
Secure Your Career Shift With Computer-Security Training
Secure Your Career Shift With Computer-Security TrainingSecure Your Career Shift With Computer-Security Training
Secure Your Career Shift With Computer-Security TrainingCCI Training Center
 
Secure Your Career Shift With Computer-Security Training
Secure Your Career Shift With Computer-Security TrainingSecure Your Career Shift With Computer-Security Training
Secure Your Career Shift With Computer-Security TrainingCCI Training Center
 
Lessons learnt from the 2012 cyber security audit of Western Australian State...
Lessons learnt from the 2012 cyber security audit of Western Australian State...Lessons learnt from the 2012 cyber security audit of Western Australian State...
Lessons learnt from the 2012 cyber security audit of Western Australian State...Edith Cowan University
 
Bin saleem
Bin saleemBin saleem
Bin saleemanesah
 
The importance of authenticity in cyber security training and education
The importance of authenticity in cyber security training and educationThe importance of authenticity in cyber security training and education
The importance of authenticity in cyber security training and educationJisc
 

Recommended

Assets Protection Course_I_BR_1109
Assets Protection Course_I_BR_1109Assets Protection Course_I_BR_1109
Assets Protection Course_I_BR_1109Shannon Gregg, MBA
 
Security Awareness and Training
Security Awareness and TrainingSecurity Awareness and Training
Security Awareness and TrainingPriyank Hada
 
Erau cybersecurity and security degrees
Erau cybersecurity and security degreesErau cybersecurity and security degrees
Erau cybersecurity and security degreesERAUWebinars
 
Secure Your Career Shift With Computer-Security Training
Secure Your Career Shift With Computer-Security TrainingSecure Your Career Shift With Computer-Security Training
Secure Your Career Shift With Computer-Security TrainingCCI Training Center
 
Secure Your Career Shift With Computer-Security Training
Secure Your Career Shift With Computer-Security TrainingSecure Your Career Shift With Computer-Security Training
Secure Your Career Shift With Computer-Security TrainingCCI Training Center
 
Lessons learnt from the 2012 cyber security audit of Western Australian State...
Lessons learnt from the 2012 cyber security audit of Western Australian State...Lessons learnt from the 2012 cyber security audit of Western Australian State...
Lessons learnt from the 2012 cyber security audit of Western Australian State...Edith Cowan University
 
Bin saleem
Bin saleemBin saleem
Bin saleemanesah
 
The importance of authenticity in cyber security training and education
The importance of authenticity in cyber security training and educationThe importance of authenticity in cyber security training and education
The importance of authenticity in cyber security training and educationJisc
 
Cv for ala' zayadeen
Cv for ala' zayadeen Cv for ala' zayadeen
Cv for ala' zayadeen Eng. Ala' Zayadeen- MBA,CEH,ISO Lead Implementer, MCP
 
Everything you need to implement a data forensics program
Everything you need to implement a data forensics programEverything you need to implement a data forensics program
Everything you need to implement a data forensics programCaveon Test Security
 
Workshop incident response n handling-bssn 12 nop 2019-ignmantra
Workshop incident response n handling-bssn 12 nop 2019-ignmantraWorkshop incident response n handling-bssn 12 nop 2019-ignmantra
Workshop incident response n handling-bssn 12 nop 2019-ignmantraIGN MANTRA
 
Physical Security - Why Your Business Needs It
Physical Security - Why Your Business Needs ItPhysical Security - Why Your Business Needs It
Physical Security - Why Your Business Needs ItTerra Verde
 
SYSTEM END-USER ACTIONS AS A THREAT TO INFORMATION SYSTEM SECURITY
SYSTEM END-USER ACTIONS AS A THREAT TO INFORMATION SYSTEM SECURITYSYSTEM END-USER ACTIONS AS A THREAT TO INFORMATION SYSTEM SECURITY
SYSTEM END-USER ACTIONS AS A THREAT TO INFORMATION SYSTEM SECURITYIJNSA Journal
 
1 Info Sec+Risk Mgmt
1 Info Sec+Risk Mgmt1 Info Sec+Risk Mgmt
1 Info Sec+Risk MgmtAlfred Ouyang
 
Code of practice for physical security systems in banks
Code of practice for physical security systems in banksCode of practice for physical security systems in banks
Code of practice for physical security systems in banksSamer Al Basha
 
Security Awareness Training
Security Awareness TrainingSecurity Awareness Training
Security Awareness TrainingDaniel P Wallace
 
PACE-IT, Security+3.7: Overview of Security Assessment Tools
PACE-IT, Security+3.7: Overview of Security Assessment ToolsPACE-IT, Security+3.7: Overview of Security Assessment Tools
PACE-IT, Security+3.7: Overview of Security Assessment ToolsPace IT at Edmonds Community College
 
Internet safety and security strategies for building an internet safety wall
Internet safety and security strategies for building an internet safety wallInternet safety and security strategies for building an internet safety wall
Internet safety and security strategies for building an internet safety wallCommonwealth Telecommunications Organisation
 
WP82 Physical Security in Mission Critical Facilities
WP82 Physical Security in Mission Critical FacilitiesWP82 Physical Security in Mission Critical Facilities
WP82 Physical Security in Mission Critical FacilitiesSE_NAM_Training
 
Information Technology Security Basics
Information Technology Security BasicsInformation Technology Security Basics
Information Technology Security BasicsMohan Jadhav
 
ConnieJusticeCV-2016
ConnieJusticeCV-2016ConnieJusticeCV-2016
ConnieJusticeCV-2016Connie Justice
 
New Age Red Teaming - Enterprise Infilteration
New Age Red Teaming - Enterprise InfilterationNew Age Red Teaming - Enterprise Infilteration
New Age Red Teaming - Enterprise InfilterationShritam Bhowmick
 
Mash f43
Mash f43Mash f43
Mash f43SelectedPresentations
 
IT Information Security Management Principles, 28 February - 02 March 2016 Du...
IT Information Security Management Principles, 28 February - 02 March 2016 Du...IT Information Security Management Principles, 28 February - 02 March 2016 Du...
IT Information Security Management Principles, 28 February - 02 March 2016 Du...360 BSI
 
Practical Application of Physical Security Criteria
Practical Application of Physical Security CriteriaPractical Application of Physical Security Criteria
Practical Application of Physical Security CriteriaScott L Weiland PE
 
Cissp combined notes
Cissp combined notesCissp combined notes
Cissp combined notesJoshua Fonseca
 
4 Operations Security
4 Operations Security4 Operations Security
4 Operations SecurityAlfred Ouyang
 
SECURITY AND CONTROL
SECURITY AND CONTROLSECURITY AND CONTROL
SECURITY AND CONTROLshinydey
 
Sec 270 02 sect 01av1
Sec 270 02 sect 01av1Sec 270 02 sect 01av1
Sec 270 02 sect 01av1wchend
 
Tbc career meeting 02 2012 linked in-2
Tbc career meeting 02 2012 linked in-2Tbc career meeting 02 2012 linked in-2
Tbc career meeting 02 2012 linked in-2wchend
 

More Related Content

What's hot

Everything you need to implement a data forensics program
Everything you need to implement a data forensics programEverything you need to implement a data forensics program
Everything you need to implement a data forensics programCaveon Test Security
 
Workshop incident response n handling-bssn 12 nop 2019-ignmantra
Workshop incident response n handling-bssn 12 nop 2019-ignmantraWorkshop incident response n handling-bssn 12 nop 2019-ignmantra
Workshop incident response n handling-bssn 12 nop 2019-ignmantraIGN MANTRA
 
Physical Security - Why Your Business Needs It
Physical Security - Why Your Business Needs ItPhysical Security - Why Your Business Needs It
Physical Security - Why Your Business Needs ItTerra Verde
 
SYSTEM END-USER ACTIONS AS A THREAT TO INFORMATION SYSTEM SECURITY
SYSTEM END-USER ACTIONS AS A THREAT TO INFORMATION SYSTEM SECURITYSYSTEM END-USER ACTIONS AS A THREAT TO INFORMATION SYSTEM SECURITY
SYSTEM END-USER ACTIONS AS A THREAT TO INFORMATION SYSTEM SECURITYIJNSA Journal
 
1 Info Sec+Risk Mgmt
1 Info Sec+Risk Mgmt1 Info Sec+Risk Mgmt
1 Info Sec+Risk MgmtAlfred Ouyang
 
Code of practice for physical security systems in banks
Code of practice for physical security systems in banksCode of practice for physical security systems in banks
Code of practice for physical security systems in banksSamer Al Basha
 
Security Awareness Training
Security Awareness TrainingSecurity Awareness Training
Security Awareness TrainingDaniel P Wallace
 
WP82 Physical Security in Mission Critical Facilities
WP82 Physical Security in Mission Critical FacilitiesWP82 Physical Security in Mission Critical Facilities
WP82 Physical Security in Mission Critical FacilitiesSE_NAM_Training
 
Information Technology Security Basics
Information Technology Security BasicsInformation Technology Security Basics
Information Technology Security BasicsMohan Jadhav
 
New Age Red Teaming - Enterprise Infilteration
New Age Red Teaming - Enterprise InfilterationNew Age Red Teaming - Enterprise Infilteration
New Age Red Teaming - Enterprise InfilterationShritam Bhowmick
 
IT Information Security Management Principles, 28 February - 02 March 2016 Du...
IT Information Security Management Principles, 28 February - 02 March 2016 Du...IT Information Security Management Principles, 28 February - 02 March 2016 Du...
IT Information Security Management Principles, 28 February - 02 March 2016 Du...360 BSI
 
Practical Application of Physical Security Criteria
Practical Application of Physical Security CriteriaPractical Application of Physical Security Criteria
Practical Application of Physical Security CriteriaScott L Weiland PE
 
4 Operations Security
4 Operations Security4 Operations Security
4 Operations SecurityAlfred Ouyang
 
SECURITY AND CONTROL
SECURITY AND CONTROLSECURITY AND CONTROL
SECURITY AND CONTROLshinydey
 

What's hot (20)

Cv for ala' zayadeen
Cv for ala' zayadeen Cv for ala' zayadeen
Cv for ala' zayadeen
 
Everything you need to implement a data forensics program
Everything you need to implement a data forensics programEverything you need to implement a data forensics program
Everything you need to implement a data forensics program
 
Workshop incident response n handling-bssn 12 nop 2019-ignmantra
Workshop incident response n handling-bssn 12 nop 2019-ignmantraWorkshop incident response n handling-bssn 12 nop 2019-ignmantra
Workshop incident response n handling-bssn 12 nop 2019-ignmantra
 
Physical Security - Why Your Business Needs It
Physical Security - Why Your Business Needs ItPhysical Security - Why Your Business Needs It
Physical Security - Why Your Business Needs It
 
SYSTEM END-USER ACTIONS AS A THREAT TO INFORMATION SYSTEM SECURITY
SYSTEM END-USER ACTIONS AS A THREAT TO INFORMATION SYSTEM SECURITYSYSTEM END-USER ACTIONS AS A THREAT TO INFORMATION SYSTEM SECURITY
SYSTEM END-USER ACTIONS AS A THREAT TO INFORMATION SYSTEM SECURITY
 
1 Info Sec+Risk Mgmt
1 Info Sec+Risk Mgmt1 Info Sec+Risk Mgmt
1 Info Sec+Risk Mgmt
 
Code of practice for physical security systems in banks
Code of practice for physical security systems in banksCode of practice for physical security systems in banks
Code of practice for physical security systems in banks
 
Security Awareness Training
Security Awareness TrainingSecurity Awareness Training
Security Awareness Training
 
PACE-IT, Security+3.7: Overview of Security Assessment Tools
PACE-IT, Security+3.7: Overview of Security Assessment ToolsPACE-IT, Security+3.7: Overview of Security Assessment Tools
PACE-IT, Security+3.7: Overview of Security Assessment Tools
 
Internet safety and security strategies for building an internet safety wall
Internet safety and security strategies for building an internet safety wallInternet safety and security strategies for building an internet safety wall
Internet safety and security strategies for building an internet safety wall
 
WP82 Physical Security in Mission Critical Facilities
WP82 Physical Security in Mission Critical FacilitiesWP82 Physical Security in Mission Critical Facilities
WP82 Physical Security in Mission Critical Facilities
 
Information Technology Security Basics
Information Technology Security BasicsInformation Technology Security Basics
Information Technology Security Basics
 
ConnieJusticeCV-2016
ConnieJusticeCV-2016ConnieJusticeCV-2016
ConnieJusticeCV-2016
 
New Age Red Teaming - Enterprise Infilteration
New Age Red Teaming - Enterprise InfilterationNew Age Red Teaming - Enterprise Infilteration
New Age Red Teaming - Enterprise Infilteration
 
Mash f43
Mash f43Mash f43
Mash f43
 
IT Information Security Management Principles, 28 February - 02 March 2016 Du...
IT Information Security Management Principles, 28 February - 02 March 2016 Du...IT Information Security Management Principles, 28 February - 02 March 2016 Du...
IT Information Security Management Principles, 28 February - 02 March 2016 Du...
 
Practical Application of Physical Security Criteria
Practical Application of Physical Security CriteriaPractical Application of Physical Security Criteria
Practical Application of Physical Security Criteria
 
Cissp combined notes
Cissp combined notesCissp combined notes
Cissp combined notes
 
4 Operations Security
4 Operations Security4 Operations Security
4 Operations Security
 
SECURITY AND CONTROL
SECURITY AND CONTROLSECURITY AND CONTROL
SECURITY AND CONTROL
 

Viewers also liked

Sec 270 02 sect 01av1
Sec 270 02 sect 01av1Sec 270 02 sect 01av1
Sec 270 02 sect 01av1wchend
 
Tbc career meeting 02 2012 linked in-2
Tbc career meeting 02 2012 linked in-2Tbc career meeting 02 2012 linked in-2
Tbc career meeting 02 2012 linked in-2wchend
 
Evolutionand impactofhiddenmobilethreats wandera
Evolutionand impactofhiddenmobilethreats wanderaEvolutionand impactofhiddenmobilethreats wandera
Evolutionand impactofhiddenmobilethreats wanderaAnjoum .
 
Six Sigma For Managers 185
Six Sigma For Managers 185Six Sigma For Managers 185
Six Sigma For Managers 185Anjoum .
 
Tbc career meeting 02 2012 linked in-1
Tbc career meeting 02 2012 linked in-1Tbc career meeting 02 2012 linked in-1
Tbc career meeting 02 2012 linked in-1wchend
 
提高扩展能力的常用模式——黄东
提高扩展能力的常用模式——黄东提高扩展能力的常用模式——黄东
提高扩展能力的常用模式——黄东programmermag
 
Slideshare Bedrijfspresentatie Connect It V1.0
Slideshare Bedrijfspresentatie Connect It V1.0Slideshare Bedrijfspresentatie Connect It V1.0
Slideshare Bedrijfspresentatie Connect It V1.0prijke
 
Business Excellence
Business ExcellenceBusiness Excellence
Business ExcellenceAnjoum .
 

Viewers also liked (9)

Sec 270 02 sect 01av1
Sec 270 02 sect 01av1Sec 270 02 sect 01av1
Sec 270 02 sect 01av1
 
Tbc career meeting 02 2012 linked in-2
Tbc career meeting 02 2012 linked in-2Tbc career meeting 02 2012 linked in-2
Tbc career meeting 02 2012 linked in-2
 
Evolutionand impactofhiddenmobilethreats wandera
Evolutionand impactofhiddenmobilethreats wanderaEvolutionand impactofhiddenmobilethreats wandera
Evolutionand impactofhiddenmobilethreats wandera
 
Six Sigma For Managers 185
Six Sigma For Managers 185Six Sigma For Managers 185
Six Sigma For Managers 185
 
Tbc career meeting 02 2012 linked in-1
Tbc career meeting 02 2012 linked in-1Tbc career meeting 02 2012 linked in-1
Tbc career meeting 02 2012 linked in-1
 
提高扩展能力的常用模式——黄东
提高扩展能力的常用模式——黄东提高扩展能力的常用模式——黄东
提高扩展能力的常用模式——黄东
 
Slideshare Bedrijfspresentatie Connect It V1.0
Slideshare Bedrijfspresentatie Connect It V1.0Slideshare Bedrijfspresentatie Connect It V1.0
Slideshare Bedrijfspresentatie Connect It V1.0
 
Business Excellence
Business ExcellenceBusiness Excellence
Business Excellence
 
All
AllAll
All
 

Similar to Sec 270 02 sect 01v1

Get training in cyber security & place yourself in good companies through...
Get training in cyber security & place yourself in good companies through...Get training in cyber security & place yourself in good companies through...
Get training in cyber security & place yourself in good companies through...CCI Training Center
 
Cyber awareness ppt on the recorded data
Cyber awareness ppt on the recorded dataCyber awareness ppt on the recorded data
Cyber awareness ppt on the recorded dataTecnoIncentive
 
Project Access Control ProposalPurposeThis course project i.docx
Project Access Control ProposalPurposeThis course project i.docxProject Access Control ProposalPurposeThis course project i.docx
Project Access Control ProposalPurposeThis course project i.docxstilliegeorgiana
 
Activity 2 Presentation1.pptxlllllllmmmm
Activity 2 Presentation1.pptxlllllllmmmmActivity 2 Presentation1.pptxlllllllmmmm
Activity 2 Presentation1.pptxlllllllmmmmcanpaksolutions04
 
Cybersecurity Management Principles, 12 - 15 Nov 2017 Dubai, UAE
Cybersecurity Management Principles, 12 - 15 Nov 2017 Dubai, UAECybersecurity Management Principles, 12 - 15 Nov 2017 Dubai, UAE
Cybersecurity Management Principles, 12 - 15 Nov 2017 Dubai, UAE360 BSI
 
Cybersecurity Management: Preventing Data Breaches in the Age of Big Data, 25...
Cybersecurity Management: Preventing Data Breaches in the Age of Big Data, 25...Cybersecurity Management: Preventing Data Breaches in the Age of Big Data, 25...
Cybersecurity Management: Preventing Data Breaches in the Age of Big Data, 25...360 BSI
 
Get training in cyber security & place yourself in good companies through...
Get training in cyber security & place yourself in good companies through...Get training in cyber security & place yourself in good companies through...
Get training in cyber security & place yourself in good companies through...CCI Training Center
 
Cybersecurity Management Principles, 11 - 14 Sept 2017 KL, Malaysia / 17 - 20...
Cybersecurity Management Principles, 11 - 14 Sept 2017 KL, Malaysia / 17 - 20...Cybersecurity Management Principles, 11 - 14 Sept 2017 KL, Malaysia / 17 - 20...
Cybersecurity Management Principles, 11 - 14 Sept 2017 KL, Malaysia / 17 - 20...360 BSI
 
Dancyrityshy 1foundatioieh
Dancyrityshy 1foundatioiehDancyrityshy 1foundatioieh
Dancyrityshy 1foundatioiehAnne Starr
 
Mergers and Acquisition Security - Areas of Interest
Mergers and Acquisition Security - Areas of InterestMergers and Acquisition Security - Areas of Interest
Mergers and Acquisition Security - Areas of InterestMatthew Rosenquist
 
Cybersecurity Risk Governance
Cybersecurity Risk GovernanceCybersecurity Risk Governance
Cybersecurity Risk GovernanceDan Michaluk
 
Comprehensive plans are in place to improve our institutional cyber security
Comprehensive plans are in place to improve our institutional cyber securityComprehensive plans are in place to improve our institutional cyber security
Comprehensive plans are in place to improve our institutional cyber securityJasonTrinhNguyenTruo
 
Need for a Comprehensive Cyber Security Policy By Dr.S.Jagadeesh Kumar
Need for a Comprehensive Cyber Security Policy By Dr.S.Jagadeesh KumarNeed for a Comprehensive Cyber Security Policy By Dr.S.Jagadeesh Kumar
Need for a Comprehensive Cyber Security Policy By Dr.S.Jagadeesh KumarDr.S.Jagadeesh Kumar
 
chapter 1. Introduction to Information Security
chapter 1. Introduction to Information Security chapter 1. Introduction to Information Security
chapter 1. Introduction to Information Security elmuhammadmuhammad
 
How Your Nonprofit Can Avoid Data Breaches and Ensure Privacy Part 2
How Your Nonprofit Can Avoid Data Breaches and Ensure Privacy Part 2How Your Nonprofit Can Avoid Data Breaches and Ensure Privacy Part 2
How Your Nonprofit Can Avoid Data Breaches and Ensure Privacy Part 2TechSoup Canada
 
Case Study
Case StudyCase Study
Case Studylneut03
 
2014 NCSAM - Data Security and Compliance—What You Need to Know.pptx
2014 NCSAM - Data Security and Compliance—What You Need to Know.pptx2014 NCSAM - Data Security and Compliance—What You Need to Know.pptx
2014 NCSAM - Data Security and Compliance—What You Need to Know.pptxVITNetflix
 
IT Risk Management & Leadership 30 March - 02 April 2014 Dubai UAE
IT Risk Management & Leadership 30 March - 02 April 2014 Dubai UAEIT Risk Management & Leadership 30 March - 02 April 2014 Dubai UAE
IT Risk Management & Leadership 30 March - 02 April 2014 Dubai UAE360 BSI
 
Best Practices for Security Awareness and Training
Best Practices for Security Awareness and TrainingBest Practices for Security Awareness and Training
Best Practices for Security Awareness and TrainingKimberly Hood
 

Similar to Sec 270 02 sect 01v1 (20)

Get training in cyber security & place yourself in good companies through...
Get training in cyber security & place yourself in good companies through...Get training in cyber security & place yourself in good companies through...
Get training in cyber security & place yourself in good companies through...
 
Cyber awareness ppt on the recorded data
Cyber awareness ppt on the recorded dataCyber awareness ppt on the recorded data
Cyber awareness ppt on the recorded data
 
Project Access Control ProposalPurposeThis course project i.docx
Project Access Control ProposalPurposeThis course project i.docxProject Access Control ProposalPurposeThis course project i.docx
Project Access Control ProposalPurposeThis course project i.docx
 
Activity 2 Presentation1.pptxlllllllmmmm
Activity 2 Presentation1.pptxlllllllmmmmActivity 2 Presentation1.pptxlllllllmmmm
Activity 2 Presentation1.pptxlllllllmmmm
 
Cybersecurity Management Principles, 12 - 15 Nov 2017 Dubai, UAE
Cybersecurity Management Principles, 12 - 15 Nov 2017 Dubai, UAECybersecurity Management Principles, 12 - 15 Nov 2017 Dubai, UAE
Cybersecurity Management Principles, 12 - 15 Nov 2017 Dubai, UAE
 
Cybersecurity Management: Preventing Data Breaches in the Age of Big Data, 25...
Cybersecurity Management: Preventing Data Breaches in the Age of Big Data, 25...Cybersecurity Management: Preventing Data Breaches in the Age of Big Data, 25...
Cybersecurity Management: Preventing Data Breaches in the Age of Big Data, 25...
 
Get training in cyber security & place yourself in good companies through...
Get training in cyber security & place yourself in good companies through...Get training in cyber security & place yourself in good companies through...
Get training in cyber security & place yourself in good companies through...
 
Cybersecurity Management Principles, 11 - 14 Sept 2017 KL, Malaysia / 17 - 20...
Cybersecurity Management Principles, 11 - 14 Sept 2017 KL, Malaysia / 17 - 20...Cybersecurity Management Principles, 11 - 14 Sept 2017 KL, Malaysia / 17 - 20...
Cybersecurity Management Principles, 11 - 14 Sept 2017 KL, Malaysia / 17 - 20...
 
Dancyrityshy 1foundatioieh
Dancyrityshy 1foundatioiehDancyrityshy 1foundatioieh
Dancyrityshy 1foundatioieh
 
Mergers and Acquisition Security - Areas of Interest
Mergers and Acquisition Security - Areas of InterestMergers and Acquisition Security - Areas of Interest
Mergers and Acquisition Security - Areas of Interest
 
Cybersecurity Risk Governance
Cybersecurity Risk GovernanceCybersecurity Risk Governance
Cybersecurity Risk Governance
 
Comprehensive plans are in place to improve our institutional cyber security
Comprehensive plans are in place to improve our institutional cyber securityComprehensive plans are in place to improve our institutional cyber security
Comprehensive plans are in place to improve our institutional cyber security
 
Need for a Comprehensive Cyber Security Policy By Dr.S.Jagadeesh Kumar
Need for a Comprehensive Cyber Security Policy By Dr.S.Jagadeesh KumarNeed for a Comprehensive Cyber Security Policy By Dr.S.Jagadeesh Kumar
Need for a Comprehensive Cyber Security Policy By Dr.S.Jagadeesh Kumar
 
Jason r mc kinney halfday
Jason r mc kinney halfdayJason r mc kinney halfday
Jason r mc kinney halfday
 
chapter 1. Introduction to Information Security
chapter 1. Introduction to Information Security chapter 1. Introduction to Information Security
chapter 1. Introduction to Information Security
 
How Your Nonprofit Can Avoid Data Breaches and Ensure Privacy Part 2
How Your Nonprofit Can Avoid Data Breaches and Ensure Privacy Part 2How Your Nonprofit Can Avoid Data Breaches and Ensure Privacy Part 2
How Your Nonprofit Can Avoid Data Breaches and Ensure Privacy Part 2
 
Case Study
Case StudyCase Study
Case Study
 
2014 NCSAM - Data Security and Compliance—What You Need to Know.pptx
2014 NCSAM - Data Security and Compliance—What You Need to Know.pptx2014 NCSAM - Data Security and Compliance—What You Need to Know.pptx
2014 NCSAM - Data Security and Compliance—What You Need to Know.pptx
 
IT Risk Management & Leadership 30 March - 02 April 2014 Dubai UAE
IT Risk Management & Leadership 30 March - 02 April 2014 Dubai UAEIT Risk Management & Leadership 30 March - 02 April 2014 Dubai UAE
IT Risk Management & Leadership 30 March - 02 April 2014 Dubai UAE
 
Best Practices for Security Awareness and Training
Best Practices for Security Awareness and TrainingBest Practices for Security Awareness and Training
Best Practices for Security Awareness and Training
 

Recently uploaded

call girls in Kamla Market (DELHI) 🔝 >༒9953330565🔝 genuine Escort Service 🔝✔️✔️
call girls in Kamla Market (DELHI) 🔝 >༒9953330565🔝 genuine Escort Service 🔝✔️✔️call girls in Kamla Market (DELHI) 🔝 >༒9953330565🔝 genuine Escort Service 🔝✔️✔️
call girls in Kamla Market (DELHI) 🔝 >༒9953330565🔝 genuine Escort Service 🔝✔️✔️9953056974 Low Rate Call Girls In Saket, Delhi NCR
 
mini mental status format.docx
mini mental status format.docxmini mental status format.docx
mini mental status format.docxPoojaSen20
 
Incoming and Outgoing Shipments in 1 STEP Using Odoo 17
Incoming and Outgoing Shipments in 1 STEP Using Odoo 17Incoming and Outgoing Shipments in 1 STEP Using Odoo 17
Incoming and Outgoing Shipments in 1 STEP Using Odoo 17Celine George
 
SOCIAL AND HISTORICAL CONTEXT - LFTVD.pptx
SOCIAL AND HISTORICAL CONTEXT - LFTVD.pptxSOCIAL AND HISTORICAL CONTEXT - LFTVD.pptx
SOCIAL AND HISTORICAL CONTEXT - LFTVD.pptxiammrhaywood
 
POINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptx
POINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptxPOINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptx
POINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptxSayali Powar
 
How to Configure Email Server in Odoo 17
How to Configure Email Server in Odoo 17How to Configure Email Server in Odoo 17
How to Configure Email Server in Odoo 17Celine George
 
Introduction to ArtificiaI Intelligence in Higher Education
Introduction to ArtificiaI Intelligence in Higher EducationIntroduction to ArtificiaI Intelligence in Higher Education
Introduction to ArtificiaI Intelligence in Higher Educationpboyjonauth
 
Software Engineering Methodologies (overview)
Software Engineering Methodologies (overview)Software Engineering Methodologies (overview)
Software Engineering Methodologies (overview)eniolaolutunde
 
Crayon Activity Handout For the Crayon A
Crayon Activity Handout For the Crayon ACrayon Activity Handout For the Crayon A
Crayon Activity Handout For the Crayon AUnboundStockton
 
_Math 4-Q4 Week 5.pptx Steps in Collecting Data
_Math 4-Q4 Week 5.pptx Steps in Collecting Data_Math 4-Q4 Week 5.pptx Steps in Collecting Data
_Math 4-Q4 Week 5.pptx Steps in Collecting DataJhengPantaleon
 
Paris 2024 Olympic Geographies - an activity
Paris 2024 Olympic Geographies - an activityParis 2024 Olympic Geographies - an activity
Paris 2024 Olympic Geographies - an activityGeoBlogs
 
Presiding Officer Training module 2024 lok sabha elections
Presiding Officer Training module 2024 lok sabha electionsPresiding Officer Training module 2024 lok sabha elections
Presiding Officer Training module 2024 lok sabha electionsanshu789521
 
URLs and Routing in the Odoo 17 Website App
URLs and Routing in the Odoo 17 Website AppURLs and Routing in the Odoo 17 Website App
URLs and Routing in the Odoo 17 Website AppCeline George
 
Alper Gobel In Media Res Media Component
Alper Gobel In Media Res Media ComponentAlper Gobel In Media Res Media Component
Alper Gobel In Media Res Media ComponentInMediaRes1
 
Employee wellbeing at the workplace.pptx
Employee wellbeing at the workplace.pptxEmployee wellbeing at the workplace.pptx
Employee wellbeing at the workplace.pptxNirmalaLoungPoorunde1
 
“Oh GOSH! Reflecting on Hackteria's Collaborative Practices in a Global Do-It...
“Oh GOSH! Reflecting on Hackteria's Collaborative Practices in a Global Do-It...“Oh GOSH! Reflecting on Hackteria's Collaborative Practices in a Global Do-It...
“Oh GOSH! Reflecting on Hackteria's Collaborative Practices in a Global Do-It...Marc Dusseiller Dusjagr
 
CARE OF CHILD IN INCUBATOR..........pptx
CARE OF CHILD IN INCUBATOR..........pptxCARE OF CHILD IN INCUBATOR..........pptx
CARE OF CHILD IN INCUBATOR..........pptxGaneshChakor2
 
Contemporary philippine arts from the regions_PPT_Module_12 [Autosaved] (1).pptx
Contemporary philippine arts from the regions_PPT_Module_12 [Autosaved] (1).pptxContemporary philippine arts from the regions_PPT_Module_12 [Autosaved] (1).pptx
Contemporary philippine arts from the regions_PPT_Module_12 [Autosaved] (1).pptxRoyAbrique
 
How to Make a Pirate ship Primary Education.pptx
How to Make a Pirate ship Primary Education.pptxHow to Make a Pirate ship Primary Education.pptx
How to Make a Pirate ship Primary Education.pptxmanuelaromero2013
 

Recently uploaded (20)

call girls in Kamla Market (DELHI) 🔝 >༒9953330565🔝 genuine Escort Service 🔝✔️✔️
call girls in Kamla Market (DELHI) 🔝 >༒9953330565🔝 genuine Escort Service 🔝✔️✔️call girls in Kamla Market (DELHI) 🔝 >༒9953330565🔝 genuine Escort Service 🔝✔️✔️
call girls in Kamla Market (DELHI) 🔝 >༒9953330565🔝 genuine Escort Service 🔝✔️✔️
 
mini mental status format.docx
mini mental status format.docxmini mental status format.docx
mini mental status format.docx
 
Incoming and Outgoing Shipments in 1 STEP Using Odoo 17
Incoming and Outgoing Shipments in 1 STEP Using Odoo 17Incoming and Outgoing Shipments in 1 STEP Using Odoo 17
Incoming and Outgoing Shipments in 1 STEP Using Odoo 17
 
SOCIAL AND HISTORICAL CONTEXT - LFTVD.pptx
SOCIAL AND HISTORICAL CONTEXT - LFTVD.pptxSOCIAL AND HISTORICAL CONTEXT - LFTVD.pptx
SOCIAL AND HISTORICAL CONTEXT - LFTVD.pptx
 
POINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptx
POINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptxPOINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptx
POINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptx
 
How to Configure Email Server in Odoo 17
How to Configure Email Server in Odoo 17How to Configure Email Server in Odoo 17
How to Configure Email Server in Odoo 17
 
Model Call Girl in Tilak Nagar Delhi reach out to us at 🔝9953056974🔝
Model Call Girl in Tilak Nagar Delhi reach out to us at 🔝9953056974🔝Model Call Girl in Tilak Nagar Delhi reach out to us at 🔝9953056974🔝
Model Call Girl in Tilak Nagar Delhi reach out to us at 🔝9953056974🔝
 
Introduction to ArtificiaI Intelligence in Higher Education
Introduction to ArtificiaI Intelligence in Higher EducationIntroduction to ArtificiaI Intelligence in Higher Education
Introduction to ArtificiaI Intelligence in Higher Education
 
Software Engineering Methodologies (overview)
Software Engineering Methodologies (overview)Software Engineering Methodologies (overview)
Software Engineering Methodologies (overview)
 
Crayon Activity Handout For the Crayon A
Crayon Activity Handout For the Crayon ACrayon Activity Handout For the Crayon A
Crayon Activity Handout For the Crayon A
 
_Math 4-Q4 Week 5.pptx Steps in Collecting Data
_Math 4-Q4 Week 5.pptx Steps in Collecting Data_Math 4-Q4 Week 5.pptx Steps in Collecting Data
_Math 4-Q4 Week 5.pptx Steps in Collecting Data
 
Paris 2024 Olympic Geographies - an activity
Paris 2024 Olympic Geographies - an activityParis 2024 Olympic Geographies - an activity
Paris 2024 Olympic Geographies - an activity
 
Presiding Officer Training module 2024 lok sabha elections
Presiding Officer Training module 2024 lok sabha electionsPresiding Officer Training module 2024 lok sabha elections
Presiding Officer Training module 2024 lok sabha elections
 
URLs and Routing in the Odoo 17 Website App
URLs and Routing in the Odoo 17 Website AppURLs and Routing in the Odoo 17 Website App
URLs and Routing in the Odoo 17 Website App
 
Alper Gobel In Media Res Media Component
Alper Gobel In Media Res Media ComponentAlper Gobel In Media Res Media Component
Alper Gobel In Media Res Media Component
 
Employee wellbeing at the workplace.pptx
Employee wellbeing at the workplace.pptxEmployee wellbeing at the workplace.pptx
Employee wellbeing at the workplace.pptx
 
“Oh GOSH! Reflecting on Hackteria's Collaborative Practices in a Global Do-It...
“Oh GOSH! Reflecting on Hackteria's Collaborative Practices in a Global Do-It...“Oh GOSH! Reflecting on Hackteria's Collaborative Practices in a Global Do-It...
“Oh GOSH! Reflecting on Hackteria's Collaborative Practices in a Global Do-It...
 
CARE OF CHILD IN INCUBATOR..........pptx
CARE OF CHILD IN INCUBATOR..........pptxCARE OF CHILD IN INCUBATOR..........pptx
CARE OF CHILD IN INCUBATOR..........pptx
 
Contemporary philippine arts from the regions_PPT_Module_12 [Autosaved] (1).pptx
Contemporary philippine arts from the regions_PPT_Module_12 [Autosaved] (1).pptxContemporary philippine arts from the regions_PPT_Module_12 [Autosaved] (1).pptx
Contemporary philippine arts from the regions_PPT_Module_12 [Autosaved] (1).pptx
 
How to Make a Pirate ship Primary Education.pptx
How to Make a Pirate ship Primary Education.pptxHow to Make a Pirate ship Primary Education.pptx
How to Make a Pirate ship Primary Education.pptx
 

Sec 270 02 sect 01v1

  • 1. SECURITY OF COMPUTERS AND THEIR DATA, SEC 207-02 M, W 4:15 PM – 5:30 PM (6th Period) DEPARTMENT OF SECURITY, FIRE AND EMERGENCY MANAGEMENT John Jay College of Criminal Justice © 2012
  • 2. Course Description: • Introductory / overview of the landscape for Information Security and Information Risk Management. • The “Human Factors” influencing the perpetration of security incidents • Overview of the existing legal and regulatory issues relating to “computer crime” • Steps followed an incident • Security Standards and Policies • Technique to secure computer, network, and data storage will be reviewed. • Disasters disaster recovery and business continuity will be discussed. John Jay College of Criminal Justice © 2012
  • 3. Your Professor Chief Information Security Officer and Assistant Commissioner, with extensive experience in Risk Assessment, Technology Security Research, IT Governance and Compliance. Served as executive capacity in the areas of IT Security as it related to computer applications programming, system programming, computer systems development, data telecommunications, database administration, and supervision of staff. Commanded cross-functional teams to complete major security initiatives. Experience with business continuity planning, auditing, and risk management with strong working knowledge of pertinent law and the law enforcement community. Skilled at articulating and communicating technical information to Senior Management and Business Stakeholders. Solid background in information technology, served in following industries: Media, Financial Services, and Utility Industries with over 10 years of experience focus on IT Information Security. I am a highly motivated, dynamic, technology profession and is looking to join a award-winning, innovative technology team that is looking to revolutionizing your IT services. Prof. Dave Chen Classroom: NB/1.92 Phone: 917 945 3893 Department Phone 917-945 3893 e-mail: wchend@aol.com Office hours: M, W 5:30 PM – 6:00 PM or by appointment John Jay College of Criminal Justice © 2012
  • 4. Introduce Yourself • Name • Major / Expected Year of Graduation • Career goal(s) • Why did you select this class • What do you expect to learn from this class • How would you define “Information Security” John Jay College of Criminal Justice © 2012
  • 5. Readings Required Texts: There is an extensive amount of reading and research required for this course. Focus on your gaining an understanding of the concepts, a familiarity with the technological vocabulary is essential. The Syllabus outlines the Text chapters and number of pages related to the topic of each class. Official (ISC)2 Guide to the CISSP CBK 2nd ed ISBN-13 978-1439809594 Published 12/2209 Network Security for Dummy 1th ed ISBN-13: 978-0764516795 Publication 10/10/02 Recommend readings: Art of Deception 1th ed ISBN-13: 978-0764542800 Published 10/17/03 Secrets and Lies Digital Security in a Network World ISBN-13: 978-0471453802 Published 1/30/2004 John Jay College of Criminal Justice © 2012
  • 6. • Course Policies • Grading System • Term Paper – Presentation – Report – Executive Summary – Rules and Grade Requirement – Plagiarism • Briefings John Jay College of Criminal Justice © 2012
  • 7. Citywide Policies • A. Incomplete Grade Policy • • B. Extra work during the semester: None is available in this course. • • C. Americans with Disabilities Act (ADA) Policies: Qualified students with disabilities will be provided reasonable academic accommodations if determined eligible by the Office of Accessibility Services (OAS). Prior to granting disability accommodations in this course, the instructor must receive written verification of a student’s eligibility from the OAS which is located at 1233N (212- 237-8144). It is the student’s responsibility to initiate contact with the office and to follow the established procedures for having the accommodation notice sent to the instructor. John Jay College of Criminal Justice © 2012
  • 8. Access Control • management to specify what users can do, • which resources they can access, and • what operations they can perform on a system. • Access control techniques, and detective and corrective measures • understand the potential risks, vulnerabilities, and exposures. The students should fully understand access control concepts, methodologies, and implementations within centralized and decentralized environments across the enterprise's computer systems. John Jay College of Criminal Justice © 2012
  • 9. Application Development Security • The controls that are included within system and application software and the steps used in their development. • Applications refer to agents, applets, software, databases, data warehouses, and knowledge-based systems. • These applications may be used in distributed or centralized environments. The student should fully understand the security and controls of the systems development process, system life cycle, application controls, change controls, data warehousing, data mining, knowledge-based systems, program interfaces, and concepts used to ensure data and application integrity, security, and availability. John Jay College of Criminal Justice © 2012
  • 10. Business Continuity and Disaster Recovery Planning • Preservation of the business in the face of major disruptions to normal business operations. • Business continuity plans (BCPs) verse disaster recovery plans (DRPs) • the natural and man-made events and the consequences if not dealt with promptly and effectively. • procedures for emergency response, extended backup operation, and post-disaster recovery • provide the capability to process mission-essential applications, in a degraded mode, and return to normal mode of operation within a reasonable amount of time. The student will be expected to know the difference between business continuity planning and disaster recovery; business continuity planning in terms of project scope and planning, business impact analysis, recovery strategies, recovery plan development, and implementation. The candidate should understand disaster recovery in terms of recovery plan development, implementation, and restoration. John Jay College of Criminal Justice © 2012
  • 11. Cryptography • principles, means, and methods of disguising information to ensure its integrity, confidentiality, and authenticity. The student will be expected to know basic concepts within cryptography; public and private key algorithms in terms of their applications and uses; algorithm construction, key distribution and management, and methods of attack; and the applications, construction, and use of digital signatures to provide authenticity of electronic transactions, and non-repudiation of the parties involved. John Jay College of Criminal Justice © 2012
  • 12. Information Security Governance and Risk Management • identification of an organization's information assets and develop , and implementation of policies, standards, procedures, and guidelines that ensure confidentiality, integrity, and availability. • Management tools such as data classification, risk assessment, and risk analysis are used to identify the threats, classify assets, and to rate their vulnerabilities • Risk management - identification, measurement, control, and minimization loss associated with uncertain events or risks. • Overall security review, risk analysis, selection and evaluation of safeguards, cost— benefit analysis, management decision, safeguard implementation, and effectiveness review. The Student will be expected to understand the planning, organization, and roles of individuals in securing an organization's information assets; the development and use of policies stating management's views and position on particular topics and the use of guidelines, standards, and procedures to support the policies; security-awareness training to make employees aware of the importance of information security, its significance, and the specific security-related requirements relative to their position; the importance of confidentiality, proprietary, and private information; employment agreements; employee hiring and termination practices; and risk management practices and tools to identify, rate, and reduce the risk to specific resources. John Jay College of Criminal Justice © 2012
  • 13. Legal, Regulations, Compliance, and Investigations • Legal, regulations, compliance, and investigations domain addresses computer crime laws and regulations • Measures and techniques that can be used to determine if a crime has been committed, and • methods to gather evidence. • Incident handling The Student will be expected to know the methods for determining whether a computer crime has been committed; the laws that would be applicable for the crime; laws prohibiting specific types of computer crimes; methods to gather and preserve evidence of a computer crime, and investigative methods and techniques; and ways to address compliance. John Jay College of Criminal Justice © 2012
  • 14. Operations Security • Identify the controls over hardware, media, and the operators with access privileges to any of these resources. • Audit and monitoring the mechanisms, tools, and facilities that permit the identification of security events and subsequent actions. The student will be expected to know the resources that must be protected, the privileges that must be restricted, the control mechanisms available, the potential for abuse of access, the appropriate controls, and the principles of good practice. John Jay College of Criminal Justice © 2012
  • 15. Physical (Environmental) Security • Threats, vulnerabilities, and countermeasures that can be utilized to physically protect an enterprise's resources and sensitive information • people, the facility, and the data, equipment, support systems, media, and supplies they utilize. The Student will be expected to know the elements involved in choosing a secure site, its design and configuration, and the methods for securing the facility against unauthorized access, theft of equipment and information, and the environmental and safety measures needed to protect people, the facility, and its resources. John Jay College of Criminal Justice © 2012
  • 16. Security Architecture and Design • Concepts, principles, structures, and standards used to design, implement, monitor, and secure operating systems, equipment, networks, applications • Controls used to enforce various levels of confidentiality, integrity, and availability. The Studentshould understand security models in terms of confidentiality, integrity, information flow; system models in terms of the common criteria; technical platforms in terms of hardware, firmware, and software; and system security techniques in terms of preventive, detective, and corrective controls. John Jay College of Criminal Justice © 2012
  • 17. Telecommunications and Network Security • The structures, transmission methods, transport formats, and security measures used • transmissions over private and public communication networks and media The Student is expected to demonstrate an understanding of communications and network security as it relates to voice communications; data communications in terms of local area, wide area, and remote access; Internet/intranet/extranet in terms of firewalls, routers, and TCP/IP; and communications security management and techniques in terms of preventive, detective, and corrective measures. John Jay College of Criminal Justice © 2012
  • 18. Questions John Jay College of Criminal Justice © 2012