Upload File

system security basics. information system security the protection of information systems against...

  • Home
  • Documents
  • System Security Basics. Information System Security The protection of information systems against unauthorized access to or modification of information,
16
System Security Basics

Upload: leona-tyler

Post on 01-Jan-2016

215 views

Category:

Documents


2 download

Report

TRANSCRIPT

Page 1: System Security Basics. Information System Security The protection of information systems against unauthorized access to or modification of information,

System Security Basics

Page 2: System Security Basics. Information System Security The protection of information systems against unauthorized access to or modification of information,

Information System Security

• The protection of information systems against unauthorized access to or modification of information, whether in storage, processing, or transit, and against the denial of service to authorized users, including those measures necessary to detect, document, and counter such threats.

Page 3: System Security Basics. Information System Security The protection of information systems against unauthorized access to or modification of information,
Page 4: System Security Basics. Information System Security The protection of information systems against unauthorized access to or modification of information,
Page 5: System Security Basics. Information System Security The protection of information systems against unauthorized access to or modification of information,

Fortress Model

• Watch towers to detect threat

• Protection by:– Moat– Outer Wall– Inner Wall of Keep

• Draw bridge and Gate – controlled access

Page 6: System Security Basics. Information System Security The protection of information systems against unauthorized access to or modification of information,

Fortress model for defense

1. Critical information

2. Physical protection

3. Operation system hardening

4. Information access

5. External access

Page 7: System Security Basics. Information System Security The protection of information systems against unauthorized access to or modification of information,

1. Critical Information

• Data categorization– Public– Internal– Confidential– Secret

• Application hardening

Page 8: System Security Basics. Information System Security The protection of information systems against unauthorized access to or modification of information,

2. Physical Protection

• Physical environment– Geographical location– Social environment– Building construction

• Physical controls

• Communications

• Surveillance

Page 9: System Security Basics. Information System Security The protection of information systems against unauthorized access to or modification of information,

3. Operation Systems Hardening

• Security configuration

• Anti-malware

• File system– Encrypting File System

• ADDS security

• System redundancy

Page 10: System Security Basics. Information System Security The protection of information systems against unauthorized access to or modification of information,

4. Information Access

• User identification

• Security policies

• Resources access

• Role base access control

• Access auditing

• Digital rights management

Page 11: System Security Basics. Information System Security The protection of information systems against unauthorized access to or modification of information,

5. External Access

• Perimeter network

• VPN/ RRAS (Routing and Remote Access)

• SSTP (Secure Socket Tunneling Protocol)

• PKI

• Identity federation

• NAP (Network Access Protection)

Page 12: System Security Basics. Information System Security The protection of information systems against unauthorized access to or modification of information,

Polices, Procedures & Awareness

Data

Application

Host

Internal Network

Perimeter

The Microsoft Model

Page 13: System Security Basics. Information System Security The protection of information systems against unauthorized access to or modification of information,

Things to do

• Identify who enter your system

• Provide the user with the appropriate access right

• Identify the person modifying the data is authorized to do so

• Guarantee the confidentiality of information

• Guarantee the availability of information

Page 14: System Security Basics. Information System Security The protection of information systems against unauthorized access to or modification of information,

Things to do

• Ensure the integrity of the information

• Monitor the activities of the system

• Audit security events

• Put in administrative procedures to ensure the system is secure

Page 15: System Security Basics. Information System Security The protection of information systems against unauthorized access to or modification of information,

System composition

• File server/ Print server/ Fax server

• Web server

• Application server

• DNS server

• DHCP server

• Domain controller

• Terminal server

Page 16: System Security Basics. Information System Security The protection of information systems against unauthorized access to or modification of information,

System composition

• Email server

• RADIUS server

• VPN server

• Certificate server

• UDDI server

• Network policy and access server

• Gateway/ Firewall/ Switch

• And users


REPORT OF INVESTIGATION...C06541713 Approved for Release: 2016/06/10 C06541713 · NATIONAL SECURITY INFORMATION Unauthorized Disclosure Subject to Criminal Sanctions NOFORN· PROPIN·

Syallabus - WordPress.com · Syallabus Unit I Managing Information Security Services: Configuring Network Devices, Identifying Unauthorized Devices, Testing the Traffic Filtering

INFORMATION SECURITY ANALYSTS - Skillful...•Develop plans, policies, and procedures to safeguard computer files against accidental or unauthorized modification, destruction, or disclosure

Securing Information Systems. System Vulnerability and Abuse Security: Policies, procedures and technical measures used to prevent unauthorized access,

Information security. The protection of information and ...€¦ · Information security. The protection of information and information systems against unauthorized access or modification

HIPAA AND HITECH EDUCATION - tsc.edu · HIPAA Security Rule Confidentiality Data or information must not be available or disclosed to unauthorized persons. Integrity Data or information

Community College Security Design Considerations · sharing and instant messaging abuse; and access to forbidden content † Unauthorized access—Intrusions, unauthorized users,

Security Breach Notification Chart - Perkins Coie...breach of security, sensitive personally identifying information has been acquired by an unauthorized person and is reasonably likely

12/18/20151 Computer Security Introduction. 12/18/20152 Basic Components 1.Confidentiality: Concealment of information (prevent unauthorized disclosure

Encryption. Introduction Computer security is the prevention of or protection against –access to information by unauthorized recipients –intentional but

Preventing Unauthorized Messages and Achieving End-to-End Security

Information Security (formatted) · 2019-12-18 · 2 Introduction Information security is the practice of preventing unauthorized access, use, disclosure, disruption, modification,

of Terminology . . . A€¦ · the heart of information security (InfoSec). It is the protection of information, intellectual property, privacy, and technology from unauthorized access,

Baseline Information Security Standards: An Audit …...“Security commensurate with the risk and magnitude of harm resulting from the loss, misuse, or unauthorized access to or modification

Unauthorized Disclosures of Classified Information Text

8/16/051 SECURITY AWARENESS TRAINING 8/16/052 INFORMATION SYSTEM SECURITY (INFOSEC) Protection of information systems against unauthorized access to

SANS ICS Security Summit 2019 Critical Infrastructure ... · Diagnostic telemetry data Unauthorized information disclosure High eMail recipient Abuse of trusted sender, phishing,

Information Security Training · 2018-11-20 · Information Security • Definition: – the practice of preventing unauthorized access, use, disclosure, disruption, modification,

1 IT Security TCS Internal. 2 IT Security TCS Internal Information Security means protecting information and information systems from unauthorized access,

Chapter 7 Securing Information Systems. Security & Controls Security: – Policies, procedures, and technical measures used to prevent unauthorized access,

HIPAA Security Education - Ballad Health · Security incident: Unauthorized access, use, disclosure, modification or destruction of information or interference with system operations

SAP Security - · PDF fileSAP Security 1 In a SAP Distributed Environment, there is always a need that you protect your critical information and data from unauthorized access

C8- Securing Information Systems. Definitions Security: the policies, procedures and technical measures used to prevent unauthorized access, alteration,

Wireless Networks Security Tahani Qaisi. Outlines Introduction to wireless security Modes of unauthorized access. Security measures Security risks Implementing

Cyber Security in International Law · Threat Types: Threats to cyber security involve threats concerning information modifi-cation or misuse, information destruction, unauthorized

SECURITY PROBLEM SOLVERS! HIGH SECURITY LOCKING SOLUTIONS · SECURITY PROBLEM SOLVERS! HIGH SECURITY LOCKING SOLUTIONS ... Bumping & Unauthorized Key Use ... *Reference Special Model

Develop Your Information Security Management … SecURITY & RISK PRofeSSIoNAS Develop your information Security Management System anuary 19, 2017 2017 forrester Research, Inc. Unauthorized

Information Privacy, Security and Ethical Considerations · An ethical requirement that requires attorneys to make “reasonable efforts” to prevent unauthorized use or disclosure

Student Guide for Unauthorized Disclosure of Classified ... · PDF fileCenter for Development of Security Excellence Page 1 Student Guide . Unauthorized Disclosure of Classified Information

Information Security: Opportunities to Reduce the Risk of ......2017/09/27  · Office of the Inspector General In Brief Information Security: Opportunities to Reduce the Risk of Unauthorized

Personal Information and Data Security€¦ · passwords to protect your phone from unauthorized access. Turn the functions off if you do not use them. • Install and upgrade security

Computer Security. What is Information Security? The protection of the information assets stored within your computer, against unauthorized access

Security Breach Notification Chart - perkinscoie.com · The unauthorized acquisition of data in electronic form containing sensitive personally identifying information. ... or guidance

Copyright © cs-tutorial.com 1. What is Security....? Security means protecting information and information systems from unauthorized access, use, disclosure,

MOBILE APPLICATION SECURITY - HEK.SI · mobile application security 8 the top 10 list 1. activity monitoring and data retrieval 2. unauthorized dialing, sms and payments 3. unauthorized