slide1 n.
Download
Skip this Video
Loading SlideShow in 5 Seconds..
IS3350 Security Issues in Legal Context PowerPoint Presentation
Download Presentation
IS3350 Security Issues in Legal Context

Loading in 2 Seconds...

play fullscreen
1 / 19

IS3350 Security Issues in Legal Context - PowerPoint PPT Presentation


  • 626 Views
  • Uploaded on

IS3350 Security Issues in Legal Context. Unit 1 Information Systems Security Overview. Learning Objective. Recognize the legal aspects of the information security triad: Availability Integrity Confidentiality. Key Concepts. Availability, Integrity, and Confidentiality (AIC Triad)

loader
I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
capcha
Download Presentation

PowerPoint Slideshow about 'IS3350 Security Issues in Legal Context' - jeremy-duffy


An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
slide1

IS3350 Security Issues in Legal Context

Unit 1

Information Systems Security Overview

learning objective
Learning Objective

Recognize the legal aspects of the information security triad:

  • Availability
  • Integrity
  • Confidentiality
key concepts
Key Concepts
  • Availability, Integrity, and Confidentiality (AIC Triad)
  • Basic information system security concepts
  • Risk analysis and mitigation
  • Mechanisms for organizational information security
  • Data classifications requiring specialized legal consideration
cia triad
CIA Triad

Confidentiality

Information Security

Integrity

Availability

information security common concerns
Information Security Common Concerns
  • Shoulder Surfing
  • Social Engineering
  • Spear Phishing
  • Malware
  • Spyware
  • Logic Bomb
  • Back Door Denial of Service
legal mechanisms to ensure information security
Legal Mechanisms to Ensure Information Security
  • Laws
    • Gramm-Leach-Bliley Act, HIPPA, Sarbanes-Oxley (SOX), and others
  • Information Regulations
    • Financial, credit card, health, etc.
  • Agencies
    • FTC, Banks, DHHS, SEC, DOE, etc.
risk management concepts
Risk Management Concepts
  • Vulnerability ~ asset weaknesses
  • Mitigation ~ safeguard assets
  • Threat Agent ~ hacker or malware
  • Exploits ~ threats carried out
  • Risks ~ minimized by asset owner
risk management process

Owner

Safeguard

Vulnerability

Threat Agent

Risk

Threat

Asset

Risk Management Process
roles in risk management
Roles in Risk Management

Senior Management

Chief Information Security Officer

Information Technology Department

Legal Department

access control models
Access Control Models
  • Discretionary Access Control (DAC):
  • discretion of the owner
  • Mandatory Access Control (MAC):
  • security labels & classifications
  • Role-Based Access Control (RBAC):
      • job function or role
law and information security
Law and Information Security
  • Cyberspace theft
  • Internet extortion
  • Online pedophilia
  • Jurisdiction issues
  • Electronic signature issues
summary
Summary
  • Availability, Integrity, and Confidentiality (AIC Triad)
  • Basic information system security concepts
  • Risk analysis and mitigation
  • Mechanisms for organizational information security
  • Data classifications requiring specialized legal consideration