Introduction to cyber security and information assurance
Download
1 / 17

Introduction to Cyber Security and Information Assurance - PowerPoint PPT Presentation


  • 1372 Views
  • Updated On :
loader
I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
capcha
Download Presentation

PowerPoint Slideshow about 'Introduction to Cyber Security and Information Assurance' - Rita


An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
Introduction to cyber security and information assurance l.jpg

Introduction to Cyber Security and Information Assurance

Center of Excellence for IT at Bellevue College


Slide2 l.jpg

Cyber security and information assurance refer to measures for protecting computer systems, networks, and information systems from disruption or unauthorized access, use, disclosure, modification, or destruction.


Cyber security and information assurance l.jpg
Cyber Security and Information Assurance for

  • Cyber security often refers to safety of the infrastructure and computer systems with a strong emphasis on the technology

  • Information assurance tends to have a boarder focus with emphasis on information management and business practices

  • The two areas overlap strongly and the terms are sometimes used interchangeably


Slide4 l.jpg

Information assurance (IA) for is the practice of managing information-related risks. More specifically, IA practitioners seek to protect and defend information and information systems by ensuring confidentiality, data integrity, authentication, availability, and non-repudiation. IA measures include providing for restoration of information systems by incorporating protection, detection, and reaction capabilities.


Confidentiality l.jpg
Confidentiality for

Confidentiality has been defined by the International Organization for Standardization (ISO) as "ensuring that information is accessible only to those authorized to have access" and is one of the cornerstones of information security. Confidentiality is one of the design goals for many cryptosystems, made possible in practice by the techniques of modern cryptography.


Data integrity l.jpg
Data Integrity for

Data integrity means that the data is "whole" or complete, and is identically maintained during any operation (such as transfer, storage or retrieval). Data integrity is the assurance that data is consistent and correct.

Loss of integrity can result from:

  • Malicious altering, such as an attacker altering an account number in a bank transaction, or forgery of an identity document

  • Accidental altering, such as a transmission error, or a hard disk crash


Authentication l.jpg
Authentication for

Authentication is a security measure designed to establish the validity of a transmission, message, document or originator, or a means of verifying an individual's authorization to receive specific categories of information.

Authentication technologies include:

  • passwords, digital signatures, keys and passports, biometrics


Availability l.jpg
Availability for

Availability means that the information, the computing systems used to process the information, and the security controls used to protect the information are all available and functioning correctly when the information is needed = timely, reliable access to data and information services for authorized users.


Nonrepudation l.jpg
Nonrepudation for

Non-repudiation is the assurance the sender of data is provided with proof of delivery and the recipient is provided with proof of the sender's identity, so neither can later deny having processed the data.

Technologies include:

  • Digital certificates and signatures


Some global trends l.jpg
Some Global Trends for

  • The global recession will lead to a rise of cybercrime worldwide according to 2009 cybercrime forecasts from leading IT security firms.

  • Approximately 1.5 million pieces of unique malware will have been identified by the end of the year, more than in the previous five years combined.

  • The optimal way to prevent malicious files from infecting PCs and corporate networks is active real-time content inspection technologies.

    www.securitymanagement.com/print/4969


Us cyber security trends l.jpg
US Cyber Security Trends for

  • The United States has bypassed China as the biggest purveyor of malware as well as sends the most spam worldwide, says Sophos Security Threat Report: 2009.

  • Not only is the USA relaying the most spam because too many of its computers have been compromised and are under the control of hackers, but it's also carrying the most malicious webpages.

    www.securitymanagement.com/print/4969


Web 2 0 and cyber security l.jpg
Web 2.0 and Cyber Security for

  • Cybercriminals will continue to exploit the best Web 2.0 technologies, such as Trojan technologies.

  • Cybercriminals are increasingly relying on Adobe PDF and Flash files, normally considered safe, to infect victims with malware.

  • Hackers have been breaking into Facebook and MySpace and implanting malware to distribute to a victim's social network.

    www.securitymanagement.com/print/4969


Trends in technology l.jpg
Trends in Technology for

  • Increasing complexity of IT systems and networks

  • Convergence of IT and communication systems

  • Expanding wireless connectivity and multiplicity of wireless devices

  • Increasing amount of digital information collected

  • Increasing connectivity and accessibility of digital information systems

  • Globalization of IT and information systems

  • Increased web access to a wide range of web services and web applications

  • Increase in all forms of digital commerce

  • Trends towards data-marts and hosted data warehousing services


Areas of emphasis l.jpg
Areas of Emphasis for

  • Network security

  • Disaster recovery

  • Information system security technologies

  • Wireless system security

  • Internet security

  • Legal issues, standards and compliance

  • Cybercrime

  • Information management

  • Information audit and risk analysis

  • Digital forensics

  • Secure electronic commerce


Technologies l.jpg
Technologies for

  • Types of intrusion and intrusion detection systems

  • Firewalls and access control

  • Cryptography

  • Digital certificates

  • Biometrics

  • Digital authentication and Public Key Infrastructure (PKI)

  • Data assurance and disaster recovery


Tools l.jpg
Tools for

  • Cryptography systems

  • Identification and authentication systems

  • Operating system security

  • E-commerce security tools and strategies

  • Firewalls and proxy servers

  • Anti-malware and anti-spyware technology

  • Anti-piracy techniques

  • Network traffic analysis tools


Resources l.jpg
Resources for

  • en.wikipedia.org/wiki/Cyber_security

  • en.wikipedia.org/wiki/Information_assurance

  • www.cssia.org/

  • www.afei.org/news/NCES/NCES_Information_Assurance.pdf

  • www.nitrd.gov/pubs/csia/csia_federal_plan.pdf

  • www.sis.uncc.edu/LIISP/slides00/GAIL.pdf

  • www.cnss.gov/Assets/pdf/cnssi_4009.pdf

  • www2.cs.uidaho.edu/~oman/CS336_F08_syllabus.pdf

  • www.coastline.edu/degrees/page.cfm?LinkID=786

  • bii.mc.maricopa.edu/degrees/checklists/CCLInformationAssurance5227.pdf


ad