SlideShare a Scribd company logo

Principles of information security Chapter 1 (1).ppt

Download as PPT, PDF
E
EstherBaguma

Principles of information security Chapter 1 (1).ppt

Data & Analytics
Related topics:
Information Security
1 of 28
Download to read offline
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
Chapter 1: Information Security Fundamentals
’ Objectives • Identify the challenges for information security • Define information security • Explain the importance of information security • List and define information security terminology • Describe the CompTIA Security+ certification exam • Describe information security careers
Difficulties in Defending against Attacks • Computer Emergency Response Team (CERT) security organization compiles statistics regarding number of reported attacks, including: – Speed of attacks – Greater sophistication of attacks: The increasing sophistication of cyber attacks can put even the most protected security operations under threat. The highly-trained and globally experienced professionals provide the highest standards of forensic investigation and analysis against compromised networks and end user IT devices see the link: https://securityboulevard.com/2019/09/7-sophisticated-cyber-attacks-that- are-growing-in-2019/ – Simplicity of attack tools – Attackers can detect vulnerabilities more quickly and more readily exploit these vulnerabilities – Delays in patching hardware and software products – Most attacks are now distributed attacks, instead of coming from only one source
Difficulties in Defending against Attacks (continued)
• Security can be considered as a state of freedom from a danger or risk • This state or condition of freedom exists because protective measures are established and maintained • Information security • The tasks of guarding information that is in a digital format • Ensures that protective measures are properly implemented • Cannot completely prevent attacks or guarantee that a system is totally secure Defining Information Security (continued)
• Information security is intended to protect information that has value to people and organizations – This value comes from the characteristics of the information: • Confidentiality • Integrity • Availability • Information security is achieved through a combination of three entities Defining Information Security (continued)
• Confidentiality: Prevention of unauthorized disclosure of information. Or keeping unwanted parties from accessing assets of a computer system Also known as: secrecy or privacy • Integrity: Prevention of unauthorized modification of information. • Availability: Prevention of unauthorized withholding of information or resources. Or keeping system available Defining Information Security (continued)
Defining Information Security (continued)
Defining Information Security (continued)
’‘ • A more comprehensive definition of information security is: – That which protects the integrity, confidentiality, and availability of information on the devices that store, manipulate, and transmit the information through products, people, and procedures integrity, confidentiality, and availability (Security properties/requirements) store, manipulate, and transmit (Information States ) products, people, and procedures (Security Measures ) Defining Information Security (continued)
Information Security Model
Understanding the Importance of Information Security • Information security is important to businesses: – Prevents data theft – Avoids legal consequences of not securing information (‫المعلومات‬ ‫تأمين‬ ‫لعدم‬ ‫القانونية‬ ‫العواقب‬ ‫)تجنب‬ – Maintains productivity ( ‫ال‬ ‫حف‬ ‫ا‬ ‫اإلنتاجية‬ ‫على‬ ‫ظ‬ ) – Foils cyberterrorism (‫السيبراني‬ ‫اإلرهاب‬ ‫)إحباط‬ – Thwarts identity theft (‫الهوية‬ ‫سرقة‬ ‫)إحباط‬
Preventing Data Theft • Security often associated with theft prevention • Drivers install security systems on their cars to prevent the cars from being stolen • Same is true with information security—businesses cite preventing data theft as primary goal of information security • Theft of data is single largest cause of financial loss due to a security breach • One of the most important objectives of information security is to protect important business and personal data from theft
Avoiding Legal Consequences • Businesses that fail to protect data may face serious penalties • Laws include: – The Health Insurance Portability and Accountability Act of 1996 (HIPAA) – The Sarbanes-Oxley Act of 2002 (Sarbox) – The Cramm-Leach-Blilely Act (GLBA) – USA PATRIOT Act 2001
Maintaining Productivity • After an attack on information security, clean-up efforts divert resources, such as time and money away from normal activities • A Corporate IT Forum survey of major corporations showed: – Each attack costs a company an average of $213,000 in lost man-hours and related costs – One-third of corporations reported an average of more than 3,000 man-hours lost
Maintaining Productivity (continued)
• An area of growing concern among defense experts are surprise attacks by terrorist groups using computer technology and the Internet (cyberterrorism) • These attacks could cripple a nation’s electronic and commercial infrastructure • Our challenge in combating cyberterrorism is that many prime targets are not owned and managed by the federal government Foiling Cyberterrorism
Thwarting Identity Theft • Identity theft involves using someone’s personal information, such as social security numbers, to establish bank or credit card accounts that are then left unpaid, leaving the victim with the debts and ruining their credit rating • National, state, and local legislation continues to be enacted to deal with this growing problem – The Fair and Accurate Credit Transactions Act of 2003 is a federal law that addresses identity theft
’’ Security+ Guide to Network Security Fundamentals, Third Edition Information Security Terminology (continued) • Asset – Something that has a value • Threat – An event or object that may defeat the security measures in place and result in a loss • Threat agent – A person or thing that has the power to carry out a threat
’‘ Security+ Guide to Network Security Fundamentals, Third Edition Information Security Terminology (continued) • Vulnerability – Weakness that allows a threat agent to bypass security • Risk – The likelihood that a threat agent will exploit a vulnerability – Realistically, risk cannot ever be entirely eliminated
Information Security Terminology (continued) ’³ Security+ Guide to Network Security Fundamentals, Third Edition
Information Security Terminology (continued) ’9 Security+ Guide to Network Security Fundamentals, Third Edition
’‘ Security+ Guide to Network Security Fundamentals, 2e Exploring the CompTIA Security+ Certification Exam (continued) • Since 1982, the Computing Technology Industry Association (CompTIA) has been working to advance the growth of the IT industry • CompTIA is the world’s largest developer of vendor- neutral IT certification exams • The CompTIA Security+ certification tests for mastery in security concepts and practices
’T Security+ Guide to Network Security Fundamentals, 2e Exploring the CompTIA Security+ Certification Exam (continued) • The Security+ exam is an internationally recognized validation of foundation-level security skills and knowledge Used by organizations and security professionals around the world • The six domains covered by the Security+ exam: – Systems Security, Network Infrastructure, Access Control, Assessments and Audits, Cryptography, and Organizational Security
’M Security+ Guide to Network Security Fundamentals, 2e Surveying Information Security Careers • Information security is one of the fastest growing career fields • As information attacks increase, companies are becoming more aware of their vulnerabilities and are looking for ways to reduce their risks and liabilities
’R Security+ Guide to Network Security Fundamentals, 2e Surveying Information Security Careers (continued) • Sometimes divided into three general roles: – Security manager develops corporate security plans and policies, provides education and awareness, and communicates with executive management about security issues – Security engineer designs, builds, and tests security solutions to meet policies and address business needs – Security administrator configures and maintains security solutions to ensure proper service levels and availability
‘t Security+ Guide to Network Security Fundamentals, 2e Summary • The challenge of keeping computers secure is becoming increasingly difficult • Attacks can be launched without human intervention and infect millions of computers in a few hours • Information security protects the integrity, confidentiality, and availability of information on the devices that store, manipulate, and transmit the information through products, people, and procedures
‘’ Security+ Guide to Network Security Fundamentals, 2e Summary (continued) • Information security has its own set of terminology • A threat is an event or an action that can defeat security measures and result in a loss • Many organizations use the CompTIA Security+ certification to verify security competency

More Related Content

PPT
cyber security in information technology.ppt
ubaidullah75790
 
PPT
Information security principles chapter 1
EstherBaguma
 
PPT
Intro to Security
primeteacher32
 
PPTX
cybersecurityandthe importance of the that
JayachanduHNJc
 
PDF
Cybersecurity Roadmap Development for Executives
Krist Davood - Principal - CIO
 
PPTX
Lec 1- Intro to cyber security and recommendations
BilalMehmood44
 
PPTX
Cyber-Security-Unit-1.pptx
TikdiPatel
 
PPTX
Infosec
Ismaila Gassama
 
cyber security in information technology.ppt
ubaidullah75790
 
Information security principles chapter 1
EstherBaguma
 
Intro to Security
primeteacher32
 
cybersecurityandthe importance of the that
JayachanduHNJc
 
Cybersecurity Roadmap Development for Executives
Krist Davood - Principal - CIO
 
Lec 1- Intro to cyber security and recommendations
BilalMehmood44
 
Cyber-Security-Unit-1.pptx
TikdiPatel
 
Infosec
Ismaila Gassama
 

Similar to Principles of information security Chapter 1 (1).ppt (20)

PPTX
Infosec
Ismaila Gassama
 
PPTX
What is Cyber & information security.pptx
amnamahfooz615
 
PPTX
Management Information Systems ( Security and Control.pptx
NamugenyiBetty
 
PPTX
1_Introduction to security.pptx
diaa46
 
PPT
Securityandethicalchallengesofinfornationtechnology 090902132631-phpapp02
anjalee990
 
PDF
I0516064
IOSR Journals
 
PDF
internet security and cyber lawUnit1
Royalzig Luxury Furniture
 
PPT
information security management
Gurpreetkaur838
 
PPTX
All About Network Security & its Essentials.pptx
Infosectrain3
 
PPTX
ICS_Unit-I_Foundations of Information Security
KartikMaski
 
PPTX
Information security[277]
Timothy Warren
 
PDF
CyberSecurity: A computer-misuse-and-cybercrimes-act.pdf
newtonaseri
 
PDF
CyberSecurity.pdf
Suleiman55
 
PDF
Lecture 01 Information Security BS computer Science
maqib8373
 
PPTX
Cyber Sequrity.pptx is life of cyber security
perweeng31
 
PDF
cryptograph and computer security lecture 1.pdf
AWELHAJI2
 
PPTX
CYBER LAW & ETHICS (PART OF THE JNTUH SYLLABUS
deepthikamidi
 
PPTX
Unit 1.pptx
MsVaishaliKumar
 
PPTX
Cyber Security awareness of cyber security
BabaBoss5
 
PPTX
Module 1Introduction to cyber security.pptx
Skippedltd
 
Infosec
Ismaila Gassama
 
What is Cyber & information security.pptx
amnamahfooz615
 
Management Information Systems ( Security and Control.pptx
NamugenyiBetty
 
1_Introduction to security.pptx
diaa46
 
Securityandethicalchallengesofinfornationtechnology 090902132631-phpapp02
anjalee990
 
I0516064
IOSR Journals
 
internet security and cyber lawUnit1
Royalzig Luxury Furniture
 
information security management
Gurpreetkaur838
 
All About Network Security & its Essentials.pptx
Infosectrain3
 
ICS_Unit-I_Foundations of Information Security
KartikMaski
 
Information security[277]
Timothy Warren
 
CyberSecurity: A computer-misuse-and-cybercrimes-act.pdf
newtonaseri
 
CyberSecurity.pdf
Suleiman55
 
Lecture 01 Information Security BS computer Science
maqib8373
 
Cyber Sequrity.pptx is life of cyber security
perweeng31
 
cryptograph and computer security lecture 1.pdf
AWELHAJI2
 
CYBER LAW & ETHICS (PART OF THE JNTUH SYLLABUS
deepthikamidi
 
Unit 1.pptx
MsVaishaliKumar
 
Cyber Security awareness of cyber security
BabaBoss5
 
Module 1Introduction to cyber security.pptx
Skippedltd
 
Ad

More from EstherBaguma (12)

PDF
Information Systems chapter 2 - Organizations
EstherBaguma
 
PPT
Information Systems chapter 1 - Introduction
EstherBaguma
 
PPT
Chapter 3 Principles of Info Security.ppt
EstherBaguma
 
PPT
chp 6_ethical_and_security_issues_in_is.ppt
EstherBaguma
 
PPT
Principles of information security Chapter 5.ppt
EstherBaguma
 
PPT
Principles of information security chp 4.ppt
EstherBaguma
 
PPT
Principles of information security ch03_1.ppt
EstherBaguma
 
PPT
Principles of information security ch02_2.ppt
EstherBaguma
 
PPT
Introduction to Software engineeringSE chp_04.ppt
EstherBaguma
 
PPT
Introduction to Software engineeringPSE-Chp 05.ppt
EstherBaguma
 
PPT
Introduction to principles of software engineering chp_04.ppt
EstherBaguma
 
PPT
Introduction to principles of software engineeringWhy1and2
EstherBaguma
 
Information Systems chapter 2 - Organizations
EstherBaguma
 
Information Systems chapter 1 - Introduction
EstherBaguma
 
Chapter 3 Principles of Info Security.ppt
EstherBaguma
 
chp 6_ethical_and_security_issues_in_is.ppt
EstherBaguma
 
Principles of information security Chapter 5.ppt
EstherBaguma
 
Principles of information security chp 4.ppt
EstherBaguma
 
Principles of information security ch03_1.ppt
EstherBaguma
 
Principles of information security ch02_2.ppt
EstherBaguma
 
Introduction to Software engineeringSE chp_04.ppt
EstherBaguma
 
Introduction to Software engineeringPSE-Chp 05.ppt
EstherBaguma
 
Introduction to principles of software engineering chp_04.ppt
EstherBaguma
 
Introduction to principles of software engineeringWhy1and2
EstherBaguma
 
Ad

Recently uploaded (20)

PPTX
Global journeys: estimating international migration
Office for National Statistics
 
PDF
Galatica Smart Energy Infrastructure Startup Pitch Deck
Shahzaib Ajmal
 
PDF
Foundation of Data Science unit number two notes
sanguleumeshit
 
PDF
Fluorescence-microscope_Botany_detailed content
dollydoll12
 
PPTX
iec ppt-1 pptx icmr ppt on rehabilitation.pptx
thirishadevan81
 
PPTX
The THESIS FINAL-DEFENSE-PRESENTATION.pptx
hshakobe3
 
PPTX
Major-Components-ofNKJNNKNKNKNKronment.pptx
dushyantsharma1221
 
PDF
Recruitment and Placement PPT.pdfbjfibjdfbjfobj
Alka392097
 
PDF
"Python Programming for Geospatial Data Science." ...
institute of Geoinformatics and Earth Observation at PMAS ARID Agriculture University of Rawalpindi
 
PDF
TRAFFIC-MANAGEMENT-AND-ACCIDENT-INVESTIGATION-WITH-DRIVING-PDF-FILE.pdf
chouziyu14
 
PPTX
Supervised vs unsupervised machine learning algorithms
agarwal18harsh08
 
PPTX
DISORDERS OF THE LIVER, GALLBLADDER AND PANCREASE (1).pptx
chepkoitcheruiyot
 
PPTX
Database Infoormation System (DBIS).pptx
TefferiMekonnen2
 
PPTX
oil_refinery_comprehensive_20250804084928 (1).pptx
TusharPrajapati65
 
PPTX
Business Ppt On Nestle.pptx huunnnhhgfvu
ashaurya327
 
PPTX
Bharatiya Antariksh Hackathon 2025 Idea Submission PPT.pptx
abhinavmemories2026
 
PDF
“Getting Started with Data Analytics Using R – Concepts, Tools & Case Studies”
Nusrat Gulbarga
 
PDF
Clinical guidelines as a resource for EBP(1).pdf
MashalKhan626345
 
PPT
Miokarditis (Inflamasi pada Otot Jantung)
NandaAndini1
 
PPTX
Introduction to Knowledge Engineering Part 1
busyprogrammersguide
 
Global journeys: estimating international migration
Office for National Statistics
 
Galatica Smart Energy Infrastructure Startup Pitch Deck
Shahzaib Ajmal
 
Foundation of Data Science unit number two notes
sanguleumeshit
 
Fluorescence-microscope_Botany_detailed content
dollydoll12
 
iec ppt-1 pptx icmr ppt on rehabilitation.pptx
thirishadevan81
 
The THESIS FINAL-DEFENSE-PRESENTATION.pptx
hshakobe3
 
Major-Components-ofNKJNNKNKNKNKronment.pptx
dushyantsharma1221
 
Recruitment and Placement PPT.pdfbjfibjdfbjfobj
Alka392097
 
"Python Programming for Geospatial Data Science." ...
institute of Geoinformatics and Earth Observation at PMAS ARID Agriculture University of Rawalpindi
 
TRAFFIC-MANAGEMENT-AND-ACCIDENT-INVESTIGATION-WITH-DRIVING-PDF-FILE.pdf
chouziyu14
 
Supervised vs unsupervised machine learning algorithms
agarwal18harsh08
 
DISORDERS OF THE LIVER, GALLBLADDER AND PANCREASE (1).pptx
chepkoitcheruiyot
 
Database Infoormation System (DBIS).pptx
TefferiMekonnen2
 
oil_refinery_comprehensive_20250804084928 (1).pptx
TusharPrajapati65
 
Business Ppt On Nestle.pptx huunnnhhgfvu
ashaurya327
 
Bharatiya Antariksh Hackathon 2025 Idea Submission PPT.pptx
abhinavmemories2026
 
“Getting Started with Data Analytics Using R – Concepts, Tools & Case Studies”
Nusrat Gulbarga
 
Clinical guidelines as a resource for EBP(1).pdf
MashalKhan626345
 
Miokarditis (Inflamasi pada Otot Jantung)
NandaAndini1
 
Introduction to Knowledge Engineering Part 1
busyprogrammersguide
 

Principles of information security Chapter 1 (1).ppt

  • 1. Chapter 1: Information Security Fundamentals
  • 2. ’ Objectives • Identify the challenges for information security • Define information security • Explain the importance of information security • List and define information security terminology • Describe the CompTIA Security+ certification exam • Describe information security careers
  • 3. Difficulties in Defending against Attacks • Computer Emergency Response Team (CERT) security organization compiles statistics regarding number of reported attacks, including: – Speed of attacks – Greater sophistication of attacks: The increasing sophistication of cyber attacks can put even the most protected security operations under threat. The highly-trained and globally experienced professionals provide the highest standards of forensic investigation and analysis against compromised networks and end user IT devices see the link: https://securityboulevard.com/2019/09/7-sophisticated-cyber-attacks-that- are-growing-in-2019/ – Simplicity of attack tools – Attackers can detect vulnerabilities more quickly and more readily exploit these vulnerabilities – Delays in patching hardware and software products – Most attacks are now distributed attacks, instead of coming from only one source
  • 4. Difficulties in Defending against Attacks (continued)
  • 5. • Security can be considered as a state of freedom from a danger or risk • This state or condition of freedom exists because protective measures are established and maintained • Information security • The tasks of guarding information that is in a digital format • Ensures that protective measures are properly implemented • Cannot completely prevent attacks or guarantee that a system is totally secure Defining Information Security (continued)
  • 6. • Information security is intended to protect information that has value to people and organizations – This value comes from the characteristics of the information: • Confidentiality • Integrity • Availability • Information security is achieved through a combination of three entities Defining Information Security (continued)
  • 7. • Confidentiality: Prevention of unauthorized disclosure of information. Or keeping unwanted parties from accessing assets of a computer system Also known as: secrecy or privacy • Integrity: Prevention of unauthorized modification of information. • Availability: Prevention of unauthorized withholding of information or resources. Or keeping system available Defining Information Security (continued)
  • 10. ’‘ • A more comprehensive definition of information security is: – That which protects the integrity, confidentiality, and availability of information on the devices that store, manipulate, and transmit the information through products, people, and procedures integrity, confidentiality, and availability (Security properties/requirements) store, manipulate, and transmit (Information States ) products, people, and procedures (Security Measures ) Defining Information Security (continued)
  • 12. Understanding the Importance of Information Security • Information security is important to businesses: – Prevents data theft – Avoids legal consequences of not securing information (‫المعلومات‬ ‫تأمين‬ ‫لعدم‬ ‫القانونية‬ ‫العواقب‬ ‫)تجنب‬ – Maintains productivity ( ‫ال‬ ‫حف‬ ‫ا‬ ‫اإلنتاجية‬ ‫على‬ ‫ظ‬ ) – Foils cyberterrorism (‫السيبراني‬ ‫اإلرهاب‬ ‫)إحباط‬ – Thwarts identity theft (‫الهوية‬ ‫سرقة‬ ‫)إحباط‬
  • 13. Preventing Data Theft • Security often associated with theft prevention • Drivers install security systems on their cars to prevent the cars from being stolen • Same is true with information security—businesses cite preventing data theft as primary goal of information security • Theft of data is single largest cause of financial loss due to a security breach • One of the most important objectives of information security is to protect important business and personal data from theft
  • 14. Avoiding Legal Consequences • Businesses that fail to protect data may face serious penalties • Laws include: – The Health Insurance Portability and Accountability Act of 1996 (HIPAA) – The Sarbanes-Oxley Act of 2002 (Sarbox) – The Cramm-Leach-Blilely Act (GLBA) – USA PATRIOT Act 2001
  • 15. Maintaining Productivity • After an attack on information security, clean-up efforts divert resources, such as time and money away from normal activities • A Corporate IT Forum survey of major corporations showed: – Each attack costs a company an average of $213,000 in lost man-hours and related costs – One-third of corporations reported an average of more than 3,000 man-hours lost
  • 17. • An area of growing concern among defense experts are surprise attacks by terrorist groups using computer technology and the Internet (cyberterrorism) • These attacks could cripple a nation’s electronic and commercial infrastructure • Our challenge in combating cyberterrorism is that many prime targets are not owned and managed by the federal government Foiling Cyberterrorism
  • 18. Thwarting Identity Theft • Identity theft involves using someone’s personal information, such as social security numbers, to establish bank or credit card accounts that are then left unpaid, leaving the victim with the debts and ruining their credit rating • National, state, and local legislation continues to be enacted to deal with this growing problem – The Fair and Accurate Credit Transactions Act of 2003 is a federal law that addresses identity theft
  • 19. ’’ Security+ Guide to Network Security Fundamentals, Third Edition Information Security Terminology (continued) • Asset – Something that has a value • Threat – An event or object that may defeat the security measures in place and result in a loss • Threat agent – A person or thing that has the power to carry out a threat
  • 20. ’‘ Security+ Guide to Network Security Fundamentals, Third Edition Information Security Terminology (continued) • Vulnerability – Weakness that allows a threat agent to bypass security • Risk – The likelihood that a threat agent will exploit a vulnerability – Realistically, risk cannot ever be entirely eliminated
  • 21. Information Security Terminology (continued) ’³ Security+ Guide to Network Security Fundamentals, Third Edition
  • 22. Information Security Terminology (continued) ’9 Security+ Guide to Network Security Fundamentals, Third Edition
  • 23. ’‘ Security+ Guide to Network Security Fundamentals, 2e Exploring the CompTIA Security+ Certification Exam (continued) • Since 1982, the Computing Technology Industry Association (CompTIA) has been working to advance the growth of the IT industry • CompTIA is the world’s largest developer of vendor- neutral IT certification exams • The CompTIA Security+ certification tests for mastery in security concepts and practices
  • 24. ’T Security+ Guide to Network Security Fundamentals, 2e Exploring the CompTIA Security+ Certification Exam (continued) • The Security+ exam is an internationally recognized validation of foundation-level security skills and knowledge Used by organizations and security professionals around the world • The six domains covered by the Security+ exam: – Systems Security, Network Infrastructure, Access Control, Assessments and Audits, Cryptography, and Organizational Security
  • 25. ’M Security+ Guide to Network Security Fundamentals, 2e Surveying Information Security Careers • Information security is one of the fastest growing career fields • As information attacks increase, companies are becoming more aware of their vulnerabilities and are looking for ways to reduce their risks and liabilities
  • 26. ’R Security+ Guide to Network Security Fundamentals, 2e Surveying Information Security Careers (continued) • Sometimes divided into three general roles: – Security manager develops corporate security plans and policies, provides education and awareness, and communicates with executive management about security issues – Security engineer designs, builds, and tests security solutions to meet policies and address business needs – Security administrator configures and maintains security solutions to ensure proper service levels and availability
  • 27. ‘t Security+ Guide to Network Security Fundamentals, 2e Summary • The challenge of keeping computers secure is becoming increasingly difficult • Attacks can be launched without human intervention and infect millions of computers in a few hours • Information security protects the integrity, confidentiality, and availability of information on the devices that store, manipulate, and transmit the information through products, people, and procedures
  • 28. ‘’ Security+ Guide to Network Security Fundamentals, 2e Summary (continued) • Information security has its own set of terminology • A threat is an event or an action that can defeat security measures and result in a loss • Many organizations use the CompTIA Security+ certification to verify security competency