80 likes | 193 Views
Live Session Presentation. Meeting 1 Designing Secure Networks Week I. Information Systems Security. Purpose: Confidentiality Integrity Availability Also: Authenticity Non-Repudiation. Protect. Detect. Full security is achieved through: physical, administrative, and
E N D
Live Session Presentation Meeting 1 Designing Secure Networks Week I
Information Systems Security Purpose: Confidentiality Integrity Availability Also: Authenticity Non-Repudiation Protect Detect Full security is achieved through: physical, administrative, and technical safeguards common sense Recover Respond
Information Systems Security Assets Threats Threat Agents Vulnerabilities Risk Countermeasures
Chaos Infrastructure Issues While many books and lectures paint the picture of loss or capture of your personal business systems and data, consider the potential impacts for a moment of modification or destruction to data and/or software, or hacking into and gaining root/superuser access (disclosure), and/or denying authorized service to the following systems: Railroad Switching Computers Power Grids for Major Cities Reservoir Dam Control Systems Nuclear Reactor Control Systems Traffic Control Systems Internal Revenue Service Systems “911” Services Your Agency/Company Payroll
Potential Impacts Sophistication of available tools Required Technical Skills 1940 2001
Key Players Management End Users (First Line of Defense) System Administrators Infrastructure Support Services
Common Sense Management Support Confidentiality Availability Integrity “Key” Premise Keep in Mind: The ultimate Goal is to apply Top-Down support and Common Sense to Integrity, Confidentiality, and Availability concerns. Information Resources … and don’t forget … Your Mom may have wanted you to bundle up by applying layers in the Winter… Same goes for your network … Defense in-Depth!
Asynch Session Readings http://www.sans.org/infosecFAQ/policy/sec_aware.htm http://www.sans.org/infosecFAQ/homeoffice/personal_fw.htm Discussion: Introduction to Information Systems Security, Security Policy and Training.