slide1 n.
Download
Skip this Video
Loading SlideShow in 5 Seconds..
IS3350 Security Issues in Legal Context PowerPoint Presentation
Download Presentation
IS3350 Security Issues in Legal Context

Loading in 2 Seconds...

play fullscreen
1 / 19

IS3350 Security Issues in Legal Context - PowerPoint PPT Presentation


  • 642 Views
  • Uploaded on

IS3350 Security Issues in Legal Context. Unit 1 Information Systems Security Overview. Learning Objective. Recognize the legal aspects of the information security triad: Availability Integrity Confidentiality. Key Concepts. Availability, Integrity, and Confidentiality (AIC Triad)

loader
I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
capcha
Download Presentation

IS3350 Security Issues in Legal Context


An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
    Presentation Transcript
    1. IS3350 Security Issues in Legal Context Unit 1 Information Systems Security Overview

    2. Learning Objective Recognize the legal aspects of the information security triad: • Availability • Integrity • Confidentiality

    3. Key Concepts • Availability, Integrity, and Confidentiality (AIC Triad) • Basic information system security concepts • Risk analysis and mitigation • Mechanisms for organizational information security • Data classifications requiring specialized legal consideration

    4. EXPLORE: CONCEPTS

    5. CIA Triad Confidentiality Information Security Integrity Availability

    6. Information Security Common Concerns • Shoulder Surfing • Social Engineering • Spear Phishing • Malware • Spyware • Logic Bomb • Back Door Denial of Service

    7. Data Classification

    8. Legal Mechanisms to Ensure Information Security • Laws • Gramm-Leach-Bliley Act, HIPPA, Sarbanes-Oxley (SOX), and others • Information Regulations • Financial, credit card, health, etc. • Agencies • FTC, Banks, DHHS, SEC, DOE, etc.

    9. Risk Management Concepts • Vulnerability ~ asset weaknesses • Mitigation ~ safeguard assets • Threat Agent ~ hacker or malware • Exploits ~ threats carried out • Risks ~ minimized by asset owner

    10. EXPLORE: PROCESS

    11. Owner Safeguard Vulnerability Threat Agent Risk Threat Asset Risk Management Process

    12. EXPLORE: ROLES

    13. Roles in Risk Management Senior Management Chief Information Security Officer Information Technology Department Legal Department

    14. EXPLORE: CONTEXT

    15. Information Security in Different Contexts

    16. Access Control Models • Discretionary Access Control (DAC): • discretion of the owner • Mandatory Access Control (MAC): • security labels & classifications • Role-Based Access Control (RBAC): • job function or role

    17. EXPLORE: RATIONALE

    18. Law and Information Security • Cyberspace theft • Internet extortion • Online pedophilia • Jurisdiction issues • Electronic signature issues

    19. Summary • Availability, Integrity, and Confidentiality (AIC Triad) • Basic information system security concepts • Risk analysis and mitigation • Mechanisms for organizational information security • Data classifications requiring specialized legal consideration