Presentation is loading. Please wait.

Presentation is loading. Please wait.

By: Mark Reed.  Protecting information and information systems from unauthorized access, use, disclosure, disruption, modification, or destruction.

Published byAileen Casey Modified over 7 years ago

Similar presentations

Presentation on theme: "By: Mark Reed.  Protecting information and information systems from unauthorized access, use, disclosure, disruption, modification, or destruction."— Presentation transcript:

1 By: Mark Reed

2  Protecting information and information systems from unauthorized access, use, disclosure, disruption, modification, or destruction.

3  Confidentiality  Integrity  Availability

4  Confidentiality means that confidential information must only be accessed, used, copied, or disclosed by persons who have been authorized to do so

5  Integrity means that data cannot be created, changed, or deleted without authorization  Data that is stored in a system must be in agreement with other related data that is stored on the same system

6  Availability means that the information, the computing systems used to process the information, and the security controls used to protect the information are all available and functioning when the information is needed

7  Risk – the likelihood that something bad will happen that causes harm to an information asset  Vulnerability – a weakness that could be used to endanger or cause harm to an informational asset  Threat – anything that has the potential to cause harm

8  Identify all assets and estimate their value  Assets include people, buildings, hardware, software, data, and supplies.

9  Conduct a threat assessment  Threat assessment must include acts of nature, acts of ware, accidents, and malicious acts originating from inside or outside the organization.

10  Conduct a vulnerability assessment and for each vulnerability that is found, calculate the probability that it will be exploited  Evaluate all policies, procedures, standards, training, physical security, quality control, and technical security.

11  Calculate the impact that each threat would have on each asset  Qualitative analysis can be used such as informed opinion or quantitative analysis can be used such as dollar amounts and historical information

12  Identify, select and implement the appropriate controls to provide a proportional response  Consider productivity, cost effectiveness, and value of the asset

13  Evaluate the effectiveness of the control measures  Ensure that the controls provide the required cost effective protection without loss of productivity

14  Administrative – consist of approved written policies, procedures, standards, and guidelines  Logical – use software and data to monitor and control access to information and computing systems (passwords, firewalls, IDS, etc.)  Physical – monitor and control the environment of the work place and computing facilities

15  Information security must protect information throughout the life span of the information  Information security must be evaluated and updated and more threats arise

Download ppt "By: Mark Reed.  Protecting information and information systems from unauthorized access, use, disclosure, disruption, modification, or destruction."

Similar presentations

Driving Factors Security Risk Mgt Controls Compliance.

Driving Factors Security Risk Mgt Controls Compliance.
Module 1 Evaluation Overview © Crown Copyright (2000)

Module 1 Evaluation Overview © Crown Copyright (2000)
OCTAVESM Process 4 Create Threat Profiles

OCTAVESM Process 4 Create Threat Profiles
S3-1 © 2001 Carnegie Mellon University OCTAVE SM Process 3 Identify Staff Knowledge Software Engineering Institute Carnegie Mellon University Pittsburgh,

S3-1 © 2001 Carnegie Mellon University OCTAVE SM Process 3 Identify Staff Knowledge Software Engineering Institute Carnegie Mellon University Pittsburgh,
HIPAA: FEDERAL REGULATIONS REGARDING PATIENT SECURITY.

HIPAA: FEDERAL REGULATIONS REGARDING PATIENT SECURITY.
Is There a Security Problem in Computing? Network Security / G. Steffen1.

Is There a Security Problem in Computing? Network Security / G. Steffen1.
The Office of Information Technology Information Security Administrator Kenneth Pierce, Vice Provost for IT and Chief Information Officer.

The Office of Information Technology Information Security Administrator Kenneth Pierce, Vice Provost for IT and Chief Information Officer.
CST 481/598 Many thanks to Jeni Li.  Potential negative impact to an asset  Probability of a loss  A function of three variables  The probability.

CST 481/598 Many thanks to Jeni Li.  Potential negative impact to an asset  Probability of a loss  A function of three variables  The probability.
1 An Overview of Computer Security computer security.

1 An Overview of Computer Security computer security.
Introducing Computer and Network Security

Introducing Computer and Network Security
Sanjay Goel, School of Business/Center for Information Forensics and Assurance University at Albany Proprietary Information 1 Unit Outline Qualitative.

Sanjay Goel, School of Business/Center for Information Forensics and Assurance University at Albany Proprietary Information 1 Unit Outline Qualitative.
Unit # 3: Information Security and Risk Management

Unit # 3: Information Security and Risk Management
Stephen S. Yau CSE465 & CSE591, Fall 2006 1 Information Assurance (IA) & Security Overview Concepts Security principles & strategies Techniques Guidelines,

Stephen S. Yau CSE465 & CSE591, Fall Information Assurance (IA) & Security Overview Concepts Security principles & strategies Techniques Guidelines,
Sanjay Goel, School of Business/Center for Information Forensics and Assurance University at Albany Proprietary Information 1 Unit Outline Information.

Sanjay Goel, School of Business/Center for Information Forensics and Assurance University at Albany Proprietary Information 1 Unit Outline Information.
Security Architecture Dr. Gabriel. Security Database security: –degree to which data is fully protected from tampering or unauthorized acts –Full understanding.

Security Architecture Dr. Gabriel. Security Database security: –degree to which data is fully protected from tampering or unauthorized acts –Full understanding.
Introduction to Network Defense

Introduction to Network Defense
Agenda  Introduce key concepts in information security from the practitioner’s viewpoint.  Discuss identifying and prioritizing information assets through.

Agenda  Introduce key concepts in information security from the practitioner’s viewpoint.  Discuss identifying and prioritizing information assets through.
SEC835 Database and Web application security Information Security Architecture.

SEC835 Database and Web application security Information Security Architecture.
Overview Of Information Security Management By BM RAO Senior Technical Director National Informatics Centre Ministry of Communications and Information.

Overview Of Information Security Management By BM RAO Senior Technical Director National Informatics Centre Ministry of Communications and Information.
Information Systems Security Computer System Life Cycle Security.

Information Systems Security Computer System Life Cycle Security.

Similar presentations

Ads by Google