environment for information security n distributed computing n decentralization of is function n...
TRANSCRIPT
![Page 1: Environment for Information Security n Distributed computing n Decentralization of IS function n Outsourcing](https://reader035.vdocuments.mx/reader035/viewer/2022062802/56649e855503460f94b875a3/html5/thumbnails/1.jpg)
Environment for Information Security
Distributed computing
Decentralization of IS function
Outsourcing
![Page 2: Environment for Information Security n Distributed computing n Decentralization of IS function n Outsourcing](https://reader035.vdocuments.mx/reader035/viewer/2022062802/56649e855503460f94b875a3/html5/thumbnails/2.jpg)
Environment for Information Security
Close relationships with suppliers and customers
Portable computers
Internet connections
![Page 3: Environment for Information Security n Distributed computing n Decentralization of IS function n Outsourcing](https://reader035.vdocuments.mx/reader035/viewer/2022062802/56649e855503460f94b875a3/html5/thumbnails/3.jpg)
Role of Information Security
Ensure availability of valid information when users need it to run the business
Protect confidentiality of sensitive corporate information
Protect the privacy of users
![Page 4: Environment for Information Security n Distributed computing n Decentralization of IS function n Outsourcing](https://reader035.vdocuments.mx/reader035/viewer/2022062802/56649e855503460f94b875a3/html5/thumbnails/4.jpg)
Role of Information Security
Protect information assets from unauthorized modification
Ensure ability to continue operation in event of a disaster
![Page 5: Environment for Information Security n Distributed computing n Decentralization of IS function n Outsourcing](https://reader035.vdocuments.mx/reader035/viewer/2022062802/56649e855503460f94b875a3/html5/thumbnails/5.jpg)
What Needs to be Protected?
Not all information has same value or importance
Classify the sensitivity of both information and applications
![Page 6: Environment for Information Security n Distributed computing n Decentralization of IS function n Outsourcing](https://reader035.vdocuments.mx/reader035/viewer/2022062802/56649e855503460f94b875a3/html5/thumbnails/6.jpg)
What Needs to be Protected?
Estimate costs to the business if an application were unavailable for one, two days or longer
Estimate damage if competitor gains access or information becomes corrupted
![Page 7: Environment for Information Security n Distributed computing n Decentralization of IS function n Outsourcing](https://reader035.vdocuments.mx/reader035/viewer/2022062802/56649e855503460f94b875a3/html5/thumbnails/7.jpg)
Reappraisal Issues
What are the threats and risks?
Who or what is the enemy?
What are the targets?
Who “owns” the targets?
![Page 8: Environment for Information Security n Distributed computing n Decentralization of IS function n Outsourcing](https://reader035.vdocuments.mx/reader035/viewer/2022062802/56649e855503460f94b875a3/html5/thumbnails/8.jpg)
Reappraisal Issues
How vulnerable are the targets?
How much loss can the company bear?
Which assets are not worth protecting?
![Page 9: Environment for Information Security n Distributed computing n Decentralization of IS function n Outsourcing](https://reader035.vdocuments.mx/reader035/viewer/2022062802/56649e855503460f94b875a3/html5/thumbnails/9.jpg)
Technologies for Security
Expert systems and neural networks– recognizing patterns of behavior
– configuring human interface to suit individual users and their permitted accesses
![Page 10: Environment for Information Security n Distributed computing n Decentralization of IS function n Outsourcing](https://reader035.vdocuments.mx/reader035/viewer/2022062802/56649e855503460f94b875a3/html5/thumbnails/10.jpg)
Technologies for Security
Expert systems and neural networks– detection of intrusion through sensors
– reconfiguring networks and systems to maintain availability and circumvent failed components
![Page 11: Environment for Information Security n Distributed computing n Decentralization of IS function n Outsourcing](https://reader035.vdocuments.mx/reader035/viewer/2022062802/56649e855503460f94b875a3/html5/thumbnails/11.jpg)
Technologies for Security
Smart cards– contain own software and data– recognize signatures, voices– store personal identification information– may use cryptographic keys
Personal communications numbers
![Page 12: Environment for Information Security n Distributed computing n Decentralization of IS function n Outsourcing](https://reader035.vdocuments.mx/reader035/viewer/2022062802/56649e855503460f94b875a3/html5/thumbnails/12.jpg)
Technologies for Security
Voice recognition
Wireless tokens
Prohibited passwords lists
Third party authentication
![Page 13: Environment for Information Security n Distributed computing n Decentralization of IS function n Outsourcing](https://reader035.vdocuments.mx/reader035/viewer/2022062802/56649e855503460f94b875a3/html5/thumbnails/13.jpg)
Threats to Security
Document imaging systems– reading and storing images of paper documents
– character recognition of texts for abstracting and indexing
– retrieval of stored documents by index entry
![Page 14: Environment for Information Security n Distributed computing n Decentralization of IS function n Outsourcing](https://reader035.vdocuments.mx/reader035/viewer/2022062802/56649e855503460f94b875a3/html5/thumbnails/14.jpg)
Threats to Security
Document imaging systems (cont’d.)– manipulation of stored images
– appending notes to stored images through text, voice
– workflow management tools to program the distribution of documents
![Page 15: Environment for Information Security n Distributed computing n Decentralization of IS function n Outsourcing](https://reader035.vdocuments.mx/reader035/viewer/2022062802/56649e855503460f94b875a3/html5/thumbnails/15.jpg)
Threats to Security
Massively parallel mini-supercomputers– used for signal processing, image recognition, large-
scale computation, neural networks
– can be connected to workstations, file servers, local area networks
– good platform for cracking encryption codes
![Page 16: Environment for Information Security n Distributed computing n Decentralization of IS function n Outsourcing](https://reader035.vdocuments.mx/reader035/viewer/2022062802/56649e855503460f94b875a3/html5/thumbnails/16.jpg)
Threats to Security
Neural networks– can “learn” how to penetrate a network or computer
system
Wireless local area networks– use radio frequencies or infrared transmission
– subject to signal interruption or message capture
![Page 17: Environment for Information Security n Distributed computing n Decentralization of IS function n Outsourcing](https://reader035.vdocuments.mx/reader035/viewer/2022062802/56649e855503460f94b875a3/html5/thumbnails/17.jpg)
Threats to Security
Wide area network radio communications– direct connectivity no longer needed to connect to a
network
– uses satellite transmission or radio/telephone technology, wireless modems
![Page 18: Environment for Information Security n Distributed computing n Decentralization of IS function n Outsourcing](https://reader035.vdocuments.mx/reader035/viewer/2022062802/56649e855503460f94b875a3/html5/thumbnails/18.jpg)
Threats to Security
Videoconferencing– open telephone lines can be tapped
Embedded systems– computers embedded in mechanical devices
– potential to endanger customers
– potential to access host computers
![Page 19: Environment for Information Security n Distributed computing n Decentralization of IS function n Outsourcing](https://reader035.vdocuments.mx/reader035/viewer/2022062802/56649e855503460f94b875a3/html5/thumbnails/19.jpg)
Threats to Security
Smart cards– can be lost or damaged
Notebooks and palmtop computers– subject to loss or theft
– wireless modems
![Page 20: Environment for Information Security n Distributed computing n Decentralization of IS function n Outsourcing](https://reader035.vdocuments.mx/reader035/viewer/2022062802/56649e855503460f94b875a3/html5/thumbnails/20.jpg)
Defensive Measures
Frequent backups and storage of backups in secure areas
Highly restricted access to workflow management programs
![Page 21: Environment for Information Security n Distributed computing n Decentralization of IS function n Outsourcing](https://reader035.vdocuments.mx/reader035/viewer/2022062802/56649e855503460f94b875a3/html5/thumbnails/21.jpg)
Defensive Measures
Password controls and user profiles
Unannounced audits of high-value documents
Restricted access at the document level
![Page 22: Environment for Information Security n Distributed computing n Decentralization of IS function n Outsourcing](https://reader035.vdocuments.mx/reader035/viewer/2022062802/56649e855503460f94b875a3/html5/thumbnails/22.jpg)
What Security Services Are Required?
Policy and procedure development
Employee training, motivation, and awareness
Secure facilities and architectures
![Page 23: Environment for Information Security n Distributed computing n Decentralization of IS function n Outsourcing](https://reader035.vdocuments.mx/reader035/viewer/2022062802/56649e855503460f94b875a3/html5/thumbnails/23.jpg)
What Security Services Are Required?
Security for applications
Ongoing operational administration and control
Procedural advisory services
Technical advisory services
![Page 24: Environment for Information Security n Distributed computing n Decentralization of IS function n Outsourcing](https://reader035.vdocuments.mx/reader035/viewer/2022062802/56649e855503460f94b875a3/html5/thumbnails/24.jpg)
What Security Services Are Required?
Emergency response support
Compliance monitoring
Public relations
![Page 25: Environment for Information Security n Distributed computing n Decentralization of IS function n Outsourcing](https://reader035.vdocuments.mx/reader035/viewer/2022062802/56649e855503460f94b875a3/html5/thumbnails/25.jpg)
Disaster Recovery Needs Assessment
Who should be involved?– computer and network operations staff
– information security specialist
– systems analysts for mission-critical operations
– end users
– external consultants
![Page 26: Environment for Information Security n Distributed computing n Decentralization of IS function n Outsourcing](https://reader035.vdocuments.mx/reader035/viewer/2022062802/56649e855503460f94b875a3/html5/thumbnails/26.jpg)
Disaster Recovery Needs Assessment
Assessing the disaster plan– what kinds of disasters are anticipated?
– which applications are mission-critical?
– which computer/communications architectures are covered?
– when was the plan last updated?
![Page 27: Environment for Information Security n Distributed computing n Decentralization of IS function n Outsourcing](https://reader035.vdocuments.mx/reader035/viewer/2022062802/56649e855503460f94b875a3/html5/thumbnails/27.jpg)
Disaster Recovery Needs Assessment
Assessing the disaster plan– what is the annual cost for maintaining and operating
the recovery strategy?
– what strategies are used?
– how often is the plan tested?
– would failure of mission-critical applications incur liability to other firms?
![Page 28: Environment for Information Security n Distributed computing n Decentralization of IS function n Outsourcing](https://reader035.vdocuments.mx/reader035/viewer/2022062802/56649e855503460f94b875a3/html5/thumbnails/28.jpg)
Disaster Recovery Models
“Cold site” backup agreement with another firm specializing in backup services
“Hot site” backup through building or leasing another facility with excess capacity
Distributed processing backup
Replacement