Basic of Information Security
0 likes295 views
Information security, or infosec, is the practice of protecting information by managing risks and preventing unauthorized access or misuse. The document outlines the structure of information security, its classification schemes, and the benefits of proper data classification, which include identifying critical systems, implementing security controls, and managing cybersecurity investments. Additionally, it emphasizes the importance of security awareness and proper handling of sensitive information.
Basic of Information Security
- 1. An Introduction to INFORMATION SECURITY InfoSec-DAD
- 2. WHAT IS INFORMATION SECURITY? Information security, sometimes shortened to infosec, is the practice of protecting INFORMATION by mitigating information risks. It is part of INFORMATION RISK MANAGEMENT. It typically involves preventing or reducing the probability of unauthorized/inappropriate access to DATA, or the unlawful use, disclosure, disruption, deletion, corruption, modification, inspection, recording, or devaluation of information ~WikiPedia
- 3. INFORMATION SECURITY – OSI LAYER Every layer in OSI Layer shall have Security Controls should include TRADITIONAL SECURITY CONTROL & IMPROVE SECURITY CONTROL DETECT PREVENT https://community.fs.com/blog/tcpip-vs-osi-whats-the-difference-between-the-two-models.html
- 4. INFORMATION SECURITY - OVERVIEW End-user Web Application Server Database Internet
- 5. INFORMATION SECURITY - OVERVIEW End-user Web Application Server Database Internet Internal Network • Operating Systems • Applications • Software’s • Personal Information • Banking information’s • Private Information • Service Running • Interface use to collect information from the user • Display information of the user • Display functions to perform transactions • Process the information Provided by the end- user • Send the information to Server (Back-End) • Operating Systems • Running Application • Running Services to cater the Front-end to perform its task • Store the information to database server • System administrator accounts • Operating Systems • Database server • Client Information • Database and system Administrator accounts
- 6. BASIC CLASSIFICATION SCHEME Commercial Classification o Public – Information that me be disclosed to anyone o Proprietary – Organizational Processes o Private – Customers, Partners information o Confidential – Vendors, Partners contract, employee information o Sensitive – Company Intellectual Property Government Classification o Unclassified – Data that may be publicly released with authorization o Sensitive Unclassified – Data tagged “For Official Use Only” o Confidential – Data indicating strength of ground forces o Secret – select military plans o Top Secret – cryptographic and communications intelligence Source: https://blog.netwrix.com/2020/09/02/data-classification/
- 7. HUMAN FACTORS Visitor Access Communication with strangers Images from: https://www.e-sec.com/en-us/products/posters you can buy posters to them for your security awareness campaign Clean desk Public Conversation BYOD Presentation with sensitive content Classification of Information Leaving the Office
- 8. DATA CLASSIFICATION PROCESS Define the purpose of data classification Define the scope of the data environment Discover All in-scope data Define sensitivity levels and classify the data Develop data handling guidelines Source: https://blog.netwrix.com/2020/09/02/data-classification/
- 9. WHAT IS THE BENEFITS? 1. You will able to identify the criticality of your systems 2. You will able to classify your information and to implement proper security controls 3. It will help you manage your investment, you will know what is your priority to secure 4. Build you cybersecurity enablement roadmap 5. Reduce the impact of any breach
- 10. THANK YOU! IF YOU HAVE QUESTIONS, PLEASE LEAVE YOUR QUESTIONS ON THE COMMENT SECTION, I WILL ANSWER IT THE BEST AS I CAN