Presentation is loading. Please wait.

Presentation is loading. Please wait.

Information Systems Security IS 460 Notes by Thomas Hilton.

Similar presentations


Presentation on theme: "Information Systems Security IS 460 Notes by Thomas Hilton."— Presentation transcript:

1 Information Systems Security IS 460 Notes by Thomas Hilton

2 Overview What is an Information System Personnel Security Procedural Security Facilities Security Technical Security Security Implementation

3 Security Perspective: What is an Information System The General Systems View… Intended Output Unintended Output Main Input Spurious Input Transformation Processes Output Interface Input Interface Control Processes

4 Security Perspective: What is an Information System Intended Output: High Quality Information Unintended Output: Mis-, Dis-, Untimely, Irrelevant, Unknown Origin Main Input: High Quality Data Spurious Input: Mis-, Dis-, Untimely, Irrelevant, Unknown Origin Transformation Processes: Hardware, Software, Procedures, People Output Interface: Video/Print/Audio/Tactile-Kinesthetic/Olfactory, /IM/Website/Telnet/Disks/Cable/Wireless, Conversations/Phone/Notes/Memos/Terminations/Departures Input Interface: Tactile-Kinesthetic/Audio/Video/Print/Olfactory, /IM/Web/Telnet/Disks/Cable/Wireless, Conversations/Phone/Notes/Memos/Hires/Arrivals Control Processes: …?

5 Scope of Security Subsystem a lá U.S. Department of Defense… Personnel Procedural Facilities Technical

6 Personnel Security Security Organization Steering Committee CSO Other security personnel Security responsibilities of all personnel Human Resources Hiring and Remuneration Vacation Termination

7 Procedural Security Risk Assessment Security Audit Security Policy Business Continuity Plan Training Plan

8 Facilities Security Proximity(Each other, Users, Threats) Perimeters(Boundaries, Access) Power(Electricity Availability, Quality) Etc. (Cooling, Hardening, …)

9 Technical Security Information C.I.A. Confidentiality Integrity Availability Event Management Deter Detect Mitigate Recover Debrief

10 Security Implementation IndividualWorkstation WorkgroupLAN EnterpriseWAN / Intranet E-CommerceInternet

11 Security Implementation Individual / Workstation Operating Systems and Applications User Account Management Data File Management Anti-Virus Software Personal Firewall Other Utilities

12 Security Implementation Workgroup / LAN All of the above Server security Eaves-dropping Topologies

13 Security Implementation Enterprise / WAN All of the above DMZs (multiple firewalls) Routers Cold/Hot Site synchronization VPNs

14 Security Implementation E-Commerce / Internet All of the above Internet visible systems HTML FTP SMTP Etc.


Download ppt "Information Systems Security IS 460 Notes by Thomas Hilton."

Similar presentations


Ads by Google