information systems security
Download
Skip this Video
Download Presentation
Information Systems Security

Loading in 2 Seconds...

play fullscreen
1 / 20

Information Systems Security - PowerPoint PPT Presentation


  • 238 Views
  • Uploaded on

Information Systems Security. A comprehensive guide. Outline. CIA Triangle Threat Analysis and Asset Inventory General Security Concepts Communication Security Network Security Physical Security Disaster Recovery Security Policies and Procedures Security in small vs. large companies.

loader
I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
capcha
Download Presentation

PowerPoint Slideshow about ' Information Systems Security' - daw


An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
information systems security

Information Systems Security

A comprehensive guide

outline
Outline
  • CIA Triangle
  • Threat Analysis and Asset Inventory
  • General Security Concepts
  • Communication Security
  • Network Security
  • Physical Security
  • Disaster Recovery
  • Security Policies and Procedures
  • Security in small vs. large companies
cia triangle

Confidentiality

Integrity

Availability

CIA Triangle
  • Confidentiality
    • Preventing unauthorized access to systems
  • Integrity
    • Ensure data is what it claims to be
    • Ensure accuracy of data
  • Availability
    • Ensure systems and data are available when they are needed
threat analysis and asset inventory
Threat Analysis and Asset Inventory
  • Threat Categories
    • External Intentional (Hackers)
    • External Accidental (Remote Users)
    • Internal Intentional (Disgruntled Employees)
    • Internal Accidental (Untrained Employees)
    • Natural Disasters (Fires, Floods, Earthquakes)
  • Asset Inventory
    • Hardware, Software, Data, Expertise
general security concepts
General Security Concepts
  • Malicious Code
    • Viruses : software designed to infect and cause ‘damage’ to a computer
    • Trojan Horse : program pretending to be something legitimate
    • Worm : propagate through email or through network connections. Do not depend on other programs
    • Logic Bomb : execute when certain conditions are met
general security concepts con t
General Security Concepts (con’t)
  • Social Engineering
    • “Hello, I’m calling from the IT department, I need your password to fix your PC”
  • TCP/IP Attacks
    • Network Sniffers
    • Port Scans
    • Denial of Service Attacks
general security concepts con t1
General Security Concepts (con’t)
  • Man in the middle Attacks
  • Spoofing Attacks
  • Back Door Attacks
  • Password Guessing Attacks
    • Dictionary Attacks
    • Brute Force Attack
communication security
Communication Security
  • E-mail Security
    • Spam
    • Hoaxes
    • Viruses traveling as e-mail attachments
    • PGP Encryption (www.pgpi.org)
communication security con t
Communication Security (Con’t)
  • Web Security
    • SSL or HTTPS
    • Buffer Overflow
    • Denial of service attacks
  • Wireless Security
    • Wireless Access Points
    • Unsecure communication method
    • WEP->WPA->WPA2
network security
Network Security
  • Firewalls
  • Intrusion Detection Systems
  • OS Updates, Patches and Service Packs
  • Access control lists
    • Usernames and passwords
    • Rights and privileges
physical security
Physical Security
  • Locks on doors to protect systems
  • Access badges
  • Biometrics
    • Hand scan
    • Retina scan
    • Voice recognition
  • Fire Suppression
    • Sprinkler system? No, FM-200 gas fire suppression
disaster recovery
Disaster Recovery
  • September 11th lesson
  • Natural Disasters
  • Backups
    • Daily, weekly, monthly
  • Off site storage
  • Disaster Recovery Plan
  • Testing your plan
security policies and procedures
Security Policies and Procedures
  • Policies, Procedures and Consequences
  • Cost-effective solution
  • Acceptable use policy
    • Use of company email
    • Appropriate surfing policy
    • Coordination with Human Resources Dept
  • Communicate policies effectively
current security practices of smes a case study namu o weiner and jennex san diego state university

Security in small vs. large companies

3rd Security Conference April 14/15, 2004

Current Security Practices of SMEs: A Case StudyNamu`o, Weiner, and JennexSan Diego State University

Presentation by:

Clyne G. H. Namu’o

Systems Administrator, San Diego Regional Center

Graduate Student, San Diego State University

Adjunct Faculty, SD Comm. College District

Microsoft Certified Systems Administrator

Adobe Certified Expert

Microsoft Certified Professional

Microsoft Office User Specialist

[email protected]

survey background
Survey Background
  • Component of Generic Security Plan for SMEs
    • 32 questions regarding computer security (jump to survey)
  • Respondents
    • 218 total
    • All in San Diego (planned extension/expansion to other cities)
    • 56% Large corporations (123)
    • 44% SMEs (95) (Companies with less than 500 employees)
    • Working professionals
    • Industry professionals
  • Hypothesis
    • SMEs lack knowledge and resources to implement property security measures/barriers and will exhibit less knowledge about their security plans
    • Literature on SMEs supports this but found little quantitative data to support this
slide16

SMEs

Large

slide18

SMEs

Large

I am comfortable our security plan protects our critical data

We have adequate knowledge about IS security

I am confident my company won\'t have a IS security problem

We rely on one or two key people to manage our IS security

Our security rules are a burden to follow

I stay awake nights worrying about my company\'s data and networks

5=Agree 4=Somewhat agree 3=Neutral 2=Somewhat disagree 1=Disagree

conclusions
Conclusions
  • SMEs have less knowledge of security and their security plans than their counter parts in large companies
  • However, personnel in SMEs are just about as comfortable with their security as their counter parts in large companies
  • No one is losing sleep over their security plan
conclusion
Conclusion
  • CIA Triangle
  • Threat Analysis and Asset Inventory
  • General Security Concepts
  • Communication Security
  • Network Security
  • Physical Security
  • Disaster Recovery
  • Security Policies and Procedures
  • Security in small vs. large companies
ad