Infosec
- 2. Objectives What is information security? Security goal CIA trial Security vulnerabilities threats and attacks Challenges to InfoSec How do we overcome to these problem Consequence of security Breach Q&A Importance of Security Security vs safety Key Takeaways
- 3. Information systems security, more commonly referred to as INFOSEC, by definition It is a set of business processes that protects information assets regardless of how the information is formatted or whether it is being processed, is in transit or is being stored. . What is information security?
- 4. Security goal CIA trial The purpose of computer security is to devise ways to prevent the weaknesses from being exploited. To understand what preventive measures make the most sense, we consider what we mean when we say that a system is “secure.” Talking About security goal , we are addressing three important aspects of any computer- related system: • Confidentiality • Integrity • Availability
- 5. Security goal CIA trial • Confidentiality Ensures that computer related assets are accessed only by authorized parties. • Integrity Safeguard , the accuracy and completeness of information and processing methods. • Availability Ensuring that authorized users have access to associated assets when required.
- 6. Security goal CIA trial
- 7. Security Vulnerabilities, Threats and Attacks Computer-based system has three separate but valuable components: hardware, software and data. Each of these assets offers value to different members of the community affected by the system . we identify weaknesses in the system. • Vulnerability, anything that leaves information exposed to threat .
- 8. • Attack an action taken against a target with the intention of doing harm ; it attempts to destroy , alert , disable , steal or gain authorized access to or make authorized use of an asset. • Threat is a set of circumstances that has the potential to cause loss or harm. Security Vulnerabilities, Threats and Attacks
- 9. Challenges of security A number of trends illustrate why security is becoming increasingly difficult: Speed of attacks Sophistication of attacks Faster detection of weaknesses Distributed attacks Difficulties of patching
- 10. Important of security • The internet allows an attacker to attack from anywhere on the planet. • Risk caused by poor security knowledge and practice: Identity theft Monetary theft Legal Ramifications ( staff and companies) Termination if organization policies are not followed. • According to www.SANS.org , the top vulnerabilities available for cyber criminal are : Web browser IM clients Web application Excessive User Rights
- 11. Security vs Safety • Security: We must protect our computers and data in the same way that we secure the doors to our homes. • Safety: We must behave in ways that protect us against risks and threats that come with technology.
- 12. • Most of the practices are from the National Institute of Standards and Technology • Must use the practices at home and at work to keep safe and secure (Security awareness). • Employers should have policies and procedures regarding secure practices. Be sure to understand them and adhere to them. It will protect you, your employer and your customers. How do we overcome to these problems
- 13. Consequence of security Breach Information security is “organizational problem “rather than “IT problem “and the Consequence of security breach leads to: Reputation loss Financial loss Intellectual property loss loss Legislation Loss of customers confidence Loss of customers confidence Eventually Loss of good will ……..
- 14. Key Takeaways: • Objective of InfoSec is Confidentiality, Integrity and Availability protect your systems and your data • Security should be applied in layers • Security Awareness at all levels must be maintained • Failure to Secure is an Opportunity to Fail
- 15. Questions ?