Upload File

information security fundamentals

1

Click here to load reader

Upload: james-w-de-rienzo

Post on 25-May-2015

164 views

Category:

Technology


0 download

Report

DESCRIPTION

Information Security Fundamentals

TRANSCRIPT

Page 1: Information Security Fundamentals

Information Assurance Training

#Security Attributes Definition

1 Confidentiality A system should ensure that only authorized users access information. X X

2 Integrity A system should ensure completeness, accuracy and absence of unauthorized modifications in all its components.

X X X X X X X

3 Availability A system should ensure that all system’s components are available and operational when they are required by authorized users.

X X X X X X X

4 Accountability An ability of a system to hold users responsible for their actions (e.g. misuse of information). X X

5 Auditability An ability of a system to conduct persistent, non‐bypassable monitoring of all actions performed by humans or machines within the system.

X X

6 Authenticity/Trustworthiness

An ability of a system to verify identity and establish trust in a third party and in information it provides.

X X X X X X X

7 Non‐repudiation An  ability  of  a  system  to  prove  (with  legal  validity) occurrence/non‐occurrence  of  an  event  or participation/non‐participation of a party in an event.

X X X

8 Privacy A  system  should  obey  privacy  legislation and  it should enable individuals to control, where feasible, their personal information (user‐involvement).

X X X

Security controls strengthen the security attributes inherent in assets, such as facilities and information system components (i.e., people, technology and information).  NIST SP 800‐60 Volume 1 Revision 2 focuses on the categorization of information systems/information types, based on the impact from changes to the sensitivity level of information types stored or processed by the information system. A risk assessment determines the risk level of an information system by estimating the likelihood that a threat agent/actor can exploit a known vulnerability within an asset; and the perceived impact to the organization if a breach were to occur.  The Authorizing Official determines the Maximum Risk Tolerance Threshold and applies compensating controls to mitigate risk to an acceptable level if necessary.

The goal of Information Security is to protect and defend valuable information assets from motivated threat actors or agents‐‐‐where the source of an attack can be internal or external, intentional or unintentional, environmental or man‐made.  Information Assurance (IA) Professionals recommend security controls to safeguard information system components‐‐‐Information, People, Processes, Hardware, Software, Network‐‐‐from harm, loss, misconfiguration, misuse or exploitation.  An IA Professional determines the Sensitivity Level of an information system by assigning an impact level of LOW, MODERATE or HIGH to each of the three security attributes associated with "Information" (red X's  above) stored or processed on the information system.  NIST SP 800‐60 V2R1 Appendices C, D and E divide Information into Information Types, and the process for determining sensitivity level is repeated for each Information Type.  An IA Professional determines the minimum set of baseline security controls using the high water mark method based on the highest sensitivity level for all information types stored or processed on the information system.  For example, if the impact value associated with the confidentiality security attribute of an information type is HIGH, then the IA Professional selects a HIGH set of minimum baseline controls from the NIST SP 800‐53 Revision 4 Security Control Catalog.  The "Data" information system component aligns with a broader set of security attributes as well, including Authenticity/Trustworthiness, Non‐repudiation and Privacy (see table above).  For instance, systems that store Personally Identifiable Information (PII)  must contain security controls that protect against the loss of PII.  NIST SP 800‐53 Rev. 4 Appendix J contains a set of Privacy security controls.

Processes

Hardw

are

Software

Network

(Com

mun

ications)

Facilities

Peop

le

Inform

ation

(Data)

Assets

Information System Components

Technology

INFORMATION SECURITY FUNDAMENTALS

Print Date: 2/22/2014 Page 1 of 1 Contact: James W. De Rienzo

Security+ Guide to Network Security Fundamentals, Third ...fac.ksu.edu.sa/.../net455-lecture_4-security_policies_and_training.pdf · Security+ Guide to Network Security Fundamentals,

Fundamentals of Network Security Preparation for Security+ Certification Essential for any Information Technology professional

Information Security Fundamentals, Second Edition - Peltier, Thomas R

Chapter 1: Information Security Fundamentals Mission College CIT 016 Security+

Fundamentals of Security

25-SEPT-20011 Security Fundamentals Robin Anderson UMBC, Office of Information Technology

Fundamentals of Information Systems Security Lesson 3

Security+ Guide to Network Security Fundamentals, Fourth ...faculty.olympic.edu/.../cmptr236/PowerPoint/9781111640125_PPT_ch0… · Security+ Guide to Network Security Fundamentals,

Fundamentals of Information Security - Access controls for systems

FUNDAMENTALS OF INFORMATION SECURITY FOR SERVICE …€¦ · Fundamentals of Information Security for Service Providers 4 Integrity Integrity is about ensuring that data hasn’t

Career Launch Endorsement Review (CLER) Application...IT 180 - Information Security Fundamentals: Presents the principles of information security. Includes examples of challenges faced

Small Business Information Security · NISTIR 7621 . Revision 1 . Small Business Information Security : The Fundamentals . Celia Paulsen . Patricia Toth . This publication is available

Fundamentals of Information Systems Security Chapter 5

Application Security Fundamentals

Aws security Fundamentals

Security+ Guide to Network Security Fundamentals, …faculty.olympic.edu/.../cmptr236/PowerPoint/9781428340664_PPT_ch0… · Security+ Guide to Network Security Fundamentals, Third

10 – 12 APRIL 2005 Riyadh, Saudi Arabia. Web Application Security Fundamentals Murat Lostar Information Security Consultant

National CyberWatch Center Information Security … CyberWatch Center Information Security Curricula ... the first to align instructional design, ... and database development fundamentals

Student Name: · 2019-11-13 · The Information Security Track provides a solid background in information security. Fundamentals of information security, offensive and defensive techniques,

ECSSv3 Module 01 Information Security Fundamentals

ASP.Net Security: Fundamentals

Fundamentals of Information Systems Security Chapter 4

Security fundamentals

Understanding Security Fundamentals

Fundamentals of Information Systems Security Chapter 9

Web viewChapter VIII. Data and file management. fundamentals. D. atabase . fundamentals. Information security. fundamentals. File. fundamentals. What is a file? ... Example (if we

KM C454e-20190712131408 › bupers-npc › officer › ...Certified Information Security manager, CompTIA Security+ and/or GIAC Information Security Fundamentals (GISF). Certifications

Privacy & Security: Fundamentals of a Security Risk Analysis · Meaningful Use Core Measure 15: Protect Electronic Health Information Objective: Protect electronic health information

Computer & Information TechnologiesThe Security+ Certificate offers students the opportunity to earn a credential demonstrating the fundamentals of information security. This certificate

Computer Information Systems & Computer and Networking ..._____CIS270 Essentials of Network and Information Security (3) OR ITS110 Information Security Fundamentals (3) 3-6 _____ITS240

Password Security Fundamentals

WebSphere Security Fundamentals

Fundamentals of Information Systems Security Chapter 6

Security Fundamentals (98- 367) - Cognixia Fundamentals (… · Security Fundamentals (98-367) Understand security layers Understand core security principles Confidentiality; integrity;

CIST 1601 Information Security Fundamentals