KEMBAR78
Data Information and Security Unit-1.pptx
Uploaded bysbrainyajay
PPTX, PDF17 views

Data Information and Security Unit-1.pptx

The document outlines the evolution of data and information security, detailing its history from the development of mainframes to the modern-day necessity for layered security systems. It discusses components of security, including physical, personnel, operation, communication, network, and information security, as well as evolving threats and the need for robust policies and training. Key concepts such as the CIA triangle (confidentiality, integrity, availability) and the components of information security are emphasized for organizational protection.

Download to read offline
JAD 1501 Data and Information Security
 Immediately after the development of Main frames, computer security was in need.  Physical controls were required to limit access to authorized personnel to sensitive military locations.  Only rudimentary controls were available to defend against physical theft, espionage, and sabotage History
 Magnetic Tapes – Recorded and Mailed  Department of Defense’s Advanced Research Project Agency (ARPA) began examining the feasibility of a redundant networked communications  Larry Roberts – ARPANET – linked Computers instead of mailing. 1960 s
 ARPANET grew in popularity as did its potential for misuse  Fundamental problems with ARPANET security were identified (Robert M-1973) • No safety procedures for dial-up connections to the ARPANET • User identification and authorization to the system were non-existent  In the late 1970s the microprocessor expanded computing capabilities and security threats The 1970s and 80s
 Information Security began with Rand Report R-609  The scope of computer security grew from physical security to include: • Safety of the data • Limiting unauthorized access to that data • Involvement of personnel from multiple levels of the organization R-609 – The Start of the Study of Computer Security
 Networks of computers became more common, so too did the need to interconnect the networks  Resulted in the Internet, the first manifestation of a global network of networks  In early Internet deployments, security was treated as a low priority The 1990s
 The Internet has brought millions of computer networks into communication with each other – many of them unsecured  Ability to secure each now influenced by the security on every computer to which it is connected The Present
 The quality or state of being secure—to be free from danger  A successful organization should have multiple layers of security in place: • Physical security • Personal security • Operations security • Communications security • Network security • Information security What is Security?
 The protection of information and its critical elements including systems and hardware used, store and transmit that information.  Necessary Tools: Policy, Awareness, Training, Education and Technology What is Security? (Contd…)
CIA Triangle / TRIAD
 Privacy  Unauthorized access is denied.  Only authorized ppl can access.  Training ppl(Encryption, DES, AES)  Use VPN  Biometric  Security Tokens/Cards Confidentiality
 Involves – Consistency, Accuracy and Trustworthiness of data over its entire life cycle.  Data must not be changed in transit and steps must be taken to ensure that data cannot be altered by unauthorized users. Eg. Hacking YouTube Channels Integrity
 Only authorized users should have availability- Anytime  Maintaining all hardware-uptodate  Security Levels  Perform immediate hardware repair  Correct functioning operating system  Systems without bottleneck  Eg. DOS attack Availability
Components of Information Security
 Access  Asset  Attack  Control, Safeguard or Countermeasure  Exploit  Exposure  Loss  Protection Profile/Security Posture  Risk Information Security Concepts
 Threat  Threat Agent  Vulnerability  Subjects and Objects Contd…
 Availability  Accuracy  Authenticity  Confidentiality  Integrity  Utility  Possession Critical Characteristics of Information
 National Security Telecommunication and Information Systems Security Committee  National Training Standard for Information Security Professionals  Evaluation Standard for the security of Information System  Developed by John McCumber – McCumber Cube  Provides more detailed perspective on security  3 dimensions on information security-omits discussion of detailed guidelines & policies NSTISSC Security Model
 Intelligence activity  Cryptographic activities  Commands or controls of military forces  Equipments-Part of weapons/weapon system Contd…
 Entire set of Software, Hardware, Data, People, Procedures, Networks – necessary to use information as a resource in the organization.  Six critical components enable information to be input, processed, output and stored.  Each component – Own Security requirement Components of an Information System
 The software components of IS comprises applications, operating systems and assorted command utilities.  Software programs are created – demanding constraints of project management- time limit, cost and manpower. Hence software becomes an easy target of accidental or intentional attack. 1. Software
 Hardware is the physical technology – house and executes the software, stores and carries the data.  Provides interface for entry and removal of information from the system.  Physical security policies deal with hardware as a physical asset and with the protection of these physical assets from harm and theft.  Securing the physical location of computers and computers – breach of physical security – loss of information 2. Hardware
 Intruder Alarm System  Access Control System  Closed Circuit Television Examples of Physical Security Policies:
 Data stored, processed and transmitted through a computer system must be protected.  Data is the most valuable asset possessed by an organization and is the main target of intentional attacks.  The raw, unorganized, discrete(separate, isolated) potentially useful facts and figures that are later processed(manipulated) to produce information. 3. Data
 There are many roles for people in information systems.  Common ones include  System Analyst  Programmer  Technician  Engineer  Network Manager  MIS(Manager of Information Systems)  Data Entry Operator 4. People
 Procedure is a series of documented actions taken to achieve something.  A procedure is more than a single simple task. A procedure can be quite complex and involved such as performing a backup, shutting down a system, patching software. 5. Procedure
 When information systems are connected to each other to form LANs, these LANs are connected to other networks such as internet.  Steps to provide network security are essential, as is the implementation of alarm and intrusion systems to make system owners aware of ongoing compromises. 6. Networks
Balancing Security and Access
SDLC
Planning
Defining
Designing
Building
Testing
Deployment
 Traditional SDLC  Adapt to support implementation of an IS project  Identify specific threats and creating controls  SecSDLC – coherent program not series of random Security Systems Development Life Cycle SecSDLC
 Identify process, outcomes, goals and constraints of the project  Begins with EISP (Enterprise Information Security Policy)  Organizational feasibility analysis is performed Investigation
 Documents from Investigation phase are studied  Analysis of existing security policies or programs  Analysis of relevant legal issues that could impact design of the security solution  Risk Management task begins Analysis
 Creates and develops blue print for IS  Incident Actions:  Continuous Planning  Incident Response  Disaster Recovery Logical Design
 Security Technology  Alternatives are generated  Final design  End of Phase – Feasibility study – Readiness of Organization for project Physical Design
 Security Solutions – Acquired, Tested, Implemented and Tested again  Specific Training and Educate Programs  Entire tested package – to Management for Final Approval Implementation
 Most Important Phase- Ever changing threat environment  Repairing damage and restoring information is a constant duel with an unseen adversary  IS profile of an organization requires constant adaption as new threats emerge and old threats evolve Maintenance and Change

More Related Content

PPT
chapter 1. Introduction to Information Security
byelmuhammadmuhammad
 
PPT
is_1_Introduction to Information Security
bySARJERAO Sarju
 
PPT
168581476-Critical-Characteristics-of-Information-In-Information-Security.ppt
bySenzotaSemakuwa
 
PPT
Introduction to information security
byKumawat Dharmpal
 
PPT
01Introduction to Information Security.ppt
byit160320737038
 
PDF
IT8073 _Information Security _UNIT I Full notes
byGuru Nanak Technical Institutions
 
PDF
IT8073_Information Security_UNIT I _.pdf
byGuru Nanak Technical Institutions
 
PPT
Information security
byrazendar79
 
chapter 1. Introduction to Information Security
byelmuhammadmuhammad
 
is_1_Introduction to Information Security
bySARJERAO Sarju
 
168581476-Critical-Characteristics-of-Information-In-Information-Security.ppt
bySenzotaSemakuwa
 
Introduction to information security
byKumawat Dharmpal
 
01Introduction to Information Security.ppt
byit160320737038
 
IT8073 _Information Security _UNIT I Full notes
byGuru Nanak Technical Institutions
 
IT8073_Information Security_UNIT I _.pdf
byGuru Nanak Technical Institutions
 
Information security
byrazendar79
 

Similar to Data Information and Security Unit-1.pptx

PPTX
Jb ia
byDeepal Samaraweera
 
PPT
Chap01
byKASSAWMAR AYALEW
 
PPTX
IS Chap 1 by whitman chapter 1 pptx.pptx
bysania82678
 
PPTX
Information Security Blueprint
byZefren Edior
 
PDF
Ch2 Introduction to Information Security (3).pdf
bymominabotayea1997
 
PPTX
Information security Chap 1 whitman.pptx
bysania82678
 
PPT
Introduction to information security - by Ivan Nganda
bySee You Rise Holdings
 
PPTX
Princinples of information security Lecture_1_Information_Security.pptx
byMuhammadUsmanNasir5
 
PPT
Introduction to information security
byElumalai Vasan
 
PDF
Chapter 1 introduction to-information_security
bySyaiful Ahdan
 
PPTX
Information Security introduction and management.pptx
bydaudevarist18
 
PPTX
MIS 7.pptx
byOmar91305
 
PPTX
c plus plus ssssssssssssssssssssssssssss
byASKMEDIA
 
PPTX
Chapter 1_Overview hhhhhhhhhhhhhhhhhhhhhhhhhh
byASKMEDIA
 
DOCX
Instructor_manual_for_principles_of_information_security_7th_edition.
bylecthupper
 
PDF
1. Security and Risk Management
bySam Bowne
 
PPT
Information Security
byDhilsath Fathima
 
PPTX
Introduction-to-Information-Security.pptx
bySittieAmaniAlonto
 
PDF
CNIT 125: Ch 2. Security and Risk Management (Part 1)
bySam Bowne
 
PDF
Fundamentals of-information-security
bymadunix
 
Jb ia
byDeepal Samaraweera
 
Chap01
byKASSAWMAR AYALEW
 
IS Chap 1 by whitman chapter 1 pptx.pptx
bysania82678
 
Information Security Blueprint
byZefren Edior
 
Ch2 Introduction to Information Security (3).pdf
bymominabotayea1997
 
Information security Chap 1 whitman.pptx
bysania82678
 
Introduction to information security - by Ivan Nganda
bySee You Rise Holdings
 
Princinples of information security Lecture_1_Information_Security.pptx
byMuhammadUsmanNasir5
 
Introduction to information security
byElumalai Vasan
 
Chapter 1 introduction to-information_security
bySyaiful Ahdan
 
Information Security introduction and management.pptx
bydaudevarist18
 
MIS 7.pptx
byOmar91305
 
c plus plus ssssssssssssssssssssssssssss
byASKMEDIA
 
Chapter 1_Overview hhhhhhhhhhhhhhhhhhhhhhhhhh
byASKMEDIA
 
Instructor_manual_for_principles_of_information_security_7th_edition.
bylecthupper
 
1. Security and Risk Management
bySam Bowne
 
Information Security
byDhilsath Fathima
 
Introduction-to-Information-Security.pptx
bySittieAmaniAlonto
 
CNIT 125: Ch 2. Security and Risk Management (Part 1)
bySam Bowne
 
Fundamentals of-information-security
bymadunix
 

Recently uploaded

PDF
How Are Learning-Based Methods Reshaping Trajectory Planning in Autonomous D...
byimagnejane
 
PDF
Boundary Conditions of field components.pdf
byRCC Institute of Information Technology
 
PDF
energies-14-0ggggggggggggggggg2725-v2.pdf
byCarlosPrezBuelga
 
PPTX
Basic presentation - architecture pics.pptx
byMelsonJohnDalabajan
 
PDF
Energias renovables estudio energias.pdf
byCarlosPrezBuelga
 
PDF
International Journal of Network Security & Its Applications (IJNSA)
byIJNSA Journal
 
PPT
GSM concepts_Slide with frame structure.ppt
byATULJOSHI721117
 
PPTX
UNIT - IV - Computer aided process planning - part 2.pptx
byrameshrajendhra
 
PPTX
COLLAGE PLACEMENT MANAGEMENT SYSTEM.pptx
bychaitanyachopade08
 
PDF
How Are Learning-Based Methods Reshaping Trajectory Planning in Autonomous D...
byimagnejane
 
PPTX
Optimizing Wave Energy Capture: Utilizing Variable-Pitch Turbine Blades in We...
byArijit Biswas
 
PDF
Project photos of Caliagua's new Telemark project for FivePoint.
byjhines4
 
PDF
Somnath Mukherjee_BIM Specialist_Resume.pdf
bySomnathMukherjee980757
 
PDF
mariadbwebinardr07301000156458558219.pdf
byEduardo154255
 
PPTX
aerated foam concrete types of concrete .pptx
bykumarrajsumn
 
PPT
Basic electronics concepts like what is resistor , inductor capacitor
byibrahimshaikh112026
 
PPTX
UNIT - V - Flexible Manufacturing System.pptx
byrameshrajendhra
 
PDF
(17-30)Geotechnical Research in India - Scenario up to 2025.pdf
byDharmsinh Desai of University
 
PPTX
Semiconductor and diode theory and application.pptx
bygetnetzegeye
 
PPTX
E waste_management_module 4.pptx_22_scheme_VTU
byvarshinijs3
 
How Are Learning-Based Methods Reshaping Trajectory Planning in Autonomous D...
byimagnejane
 
Boundary Conditions of field components.pdf
byRCC Institute of Information Technology
 
energies-14-0ggggggggggggggggg2725-v2.pdf
byCarlosPrezBuelga
 
Basic presentation - architecture pics.pptx
byMelsonJohnDalabajan
 
Energias renovables estudio energias.pdf
byCarlosPrezBuelga
 
International Journal of Network Security & Its Applications (IJNSA)
byIJNSA Journal
 
GSM concepts_Slide with frame structure.ppt
byATULJOSHI721117
 
UNIT - IV - Computer aided process planning - part 2.pptx
byrameshrajendhra
 
COLLAGE PLACEMENT MANAGEMENT SYSTEM.pptx
bychaitanyachopade08
 
How Are Learning-Based Methods Reshaping Trajectory Planning in Autonomous D...
byimagnejane
 
Optimizing Wave Energy Capture: Utilizing Variable-Pitch Turbine Blades in We...
byArijit Biswas
 
Project photos of Caliagua's new Telemark project for FivePoint.
byjhines4
 
Somnath Mukherjee_BIM Specialist_Resume.pdf
bySomnathMukherjee980757
 
mariadbwebinardr07301000156458558219.pdf
byEduardo154255
 
aerated foam concrete types of concrete .pptx
bykumarrajsumn
 
Basic electronics concepts like what is resistor , inductor capacitor
byibrahimshaikh112026
 
UNIT - V - Flexible Manufacturing System.pptx
byrameshrajendhra
 
(17-30)Geotechnical Research in India - Scenario up to 2025.pdf
byDharmsinh Desai of University
 
Semiconductor and diode theory and application.pptx
bygetnetzegeye
 
E waste_management_module 4.pptx_22_scheme_VTU
byvarshinijs3
 

Data Information and Security Unit-1.pptx

  • 1.
    JAD 1501 Data andInformation Security
  • 2.
     Immediately afterthe development of Main frames, computer security was in need.  Physical controls were required to limit access to authorized personnel to sensitive military locations.  Only rudimentary controls were available to defend against physical theft, espionage, and sabotage History
  • 3.
     Magnetic Tapes– Recorded and Mailed  Department of Defense’s Advanced Research Project Agency (ARPA) began examining the feasibility of a redundant networked communications  Larry Roberts – ARPANET – linked Computers instead of mailing. 1960 s
  • 4.
     ARPANET grewin popularity as did its potential for misuse  Fundamental problems with ARPANET security were identified (Robert M-1973) • No safety procedures for dial-up connections to the ARPANET • User identification and authorization to the system were non-existent  In the late 1970s the microprocessor expanded computing capabilities and security threats The 1970s and 80s
  • 5.
     Information Securitybegan with Rand Report R-609  The scope of computer security grew from physical security to include: • Safety of the data • Limiting unauthorized access to that data • Involvement of personnel from multiple levels of the organization R-609 – The Start of the Study of Computer Security
  • 6.
     Networks ofcomputers became more common, so too did the need to interconnect the networks  Resulted in the Internet, the first manifestation of a global network of networks  In early Internet deployments, security was treated as a low priority The 1990s
  • 7.
     The Internethas brought millions of computer networks into communication with each other – many of them unsecured  Ability to secure each now influenced by the security on every computer to which it is connected The Present
  • 8.
     The qualityor state of being secure—to be free from danger  A successful organization should have multiple layers of security in place: • Physical security • Personal security • Operations security • Communications security • Network security • Information security What is Security?
  • 9.
     The protectionof information and its critical elements including systems and hardware used, store and transmit that information.  Necessary Tools: Policy, Awareness, Training, Education and Technology What is Security? (Contd…)
  • 10.
  • 11.
     Privacy  Unauthorizedaccess is denied.  Only authorized ppl can access.  Training ppl(Encryption, DES, AES)  Use VPN  Biometric  Security Tokens/Cards Confidentiality
  • 12.
     Involves –Consistency, Accuracy and Trustworthiness of data over its entire life cycle.  Data must not be changed in transit and steps must be taken to ensure that data cannot be altered by unauthorized users. Eg. Hacking YouTube Channels Integrity
  • 13.
     Only authorizedusers should have availability- Anytime  Maintaining all hardware-uptodate  Security Levels  Perform immediate hardware repair  Correct functioning operating system  Systems without bottleneck  Eg. DOS attack Availability
  • 14.
  • 15.
     Access  Asset Attack  Control, Safeguard or Countermeasure  Exploit  Exposure  Loss  Protection Profile/Security Posture  Risk Information Security Concepts
  • 16.
     Threat  ThreatAgent  Vulnerability  Subjects and Objects Contd…
  • 17.
     Availability  Accuracy Authenticity  Confidentiality  Integrity  Utility  Possession Critical Characteristics of Information
  • 18.
     National SecurityTelecommunication and Information Systems Security Committee  National Training Standard for Information Security Professionals  Evaluation Standard for the security of Information System  Developed by John McCumber – McCumber Cube  Provides more detailed perspective on security  3 dimensions on information security-omits discussion of detailed guidelines & policies NSTISSC Security Model
  • 19.
     Intelligence activity Cryptographic activities  Commands or controls of military forces  Equipments-Part of weapons/weapon system Contd…
  • 21.
     Entire setof Software, Hardware, Data, People, Procedures, Networks – necessary to use information as a resource in the organization.  Six critical components enable information to be input, processed, output and stored.  Each component – Own Security requirement Components of an Information System
  • 22.
     The softwarecomponents of IS comprises applications, operating systems and assorted command utilities.  Software programs are created – demanding constraints of project management- time limit, cost and manpower. Hence software becomes an easy target of accidental or intentional attack. 1. Software
  • 23.
     Hardware isthe physical technology – house and executes the software, stores and carries the data.  Provides interface for entry and removal of information from the system.  Physical security policies deal with hardware as a physical asset and with the protection of these physical assets from harm and theft.  Securing the physical location of computers and computers – breach of physical security – loss of information 2. Hardware
  • 24.
     Intruder AlarmSystem  Access Control System  Closed Circuit Television Examples of Physical Security Policies:
  • 26.
     Data stored,processed and transmitted through a computer system must be protected.  Data is the most valuable asset possessed by an organization and is the main target of intentional attacks.  The raw, unorganized, discrete(separate, isolated) potentially useful facts and figures that are later processed(manipulated) to produce information. 3. Data
  • 27.
     There aremany roles for people in information systems.  Common ones include  System Analyst  Programmer  Technician  Engineer  Network Manager  MIS(Manager of Information Systems)  Data Entry Operator 4. People
  • 28.
     Procedure isa series of documented actions taken to achieve something.  A procedure is more than a single simple task. A procedure can be quite complex and involved such as performing a backup, shutting down a system, patching software. 5. Procedure
  • 29.
     When informationsystems are connected to each other to form LANs, these LANs are connected to other networks such as internet.  Steps to provide network security are essential, as is the implementation of alarm and intrusion systems to make system owners aware of ongoing compromises. 6. Networks
  • 30.
  • 31.
  • 32.
  • 33.
  • 34.
  • 35.
  • 36.
  • 37.
  • 38.
     Traditional SDLC Adapt to support implementation of an IS project  Identify specific threats and creating controls  SecSDLC – coherent program not series of random Security Systems Development Life Cycle SecSDLC
  • 39.
     Identify process,outcomes, goals and constraints of the project  Begins with EISP (Enterprise Information Security Policy)  Organizational feasibility analysis is performed Investigation
  • 40.
     Documents fromInvestigation phase are studied  Analysis of existing security policies or programs  Analysis of relevant legal issues that could impact design of the security solution  Risk Management task begins Analysis
  • 41.
     Creates anddevelops blue print for IS  Incident Actions:  Continuous Planning  Incident Response  Disaster Recovery Logical Design
  • 42.
     Security Technology Alternatives are generated  Final design  End of Phase – Feasibility study – Readiness of Organization for project Physical Design
  • 43.
     Security Solutions– Acquired, Tested, Implemented and Tested again  Specific Training and Educate Programs  Entire tested package – to Management for Final Approval Implementation
  • 44.
     Most ImportantPhase- Ever changing threat environment  Repairing damage and restoring information is a constant duel with an unseen adversary  IS profile of an organization requires constant adaption as new threats emerge and old threats evolve Maintenance and Change