Presentation on theme: "Information Systems Security IS 460 Notes by Thomas Hilton."— Presentation transcript:
Information Systems Security IS 460 Notes by Thomas Hilton
Overview What is an Information System Personnel Security Procedural Security Facilities Security Technical Security Security Implementation
Security Perspective: What is an Information System The General Systems View… Intended Output Unintended Output Main Input Spurious Input Transformation Processes Output Interface Input Interface Control Processes
Security Perspective: What is an Information System Intended Output: High Quality Information Unintended Output: Mis-, Dis-, Untimely, Irrelevant, Unknown Origin Main Input: High Quality Data Spurious Input: Mis-, Dis-, Untimely, Irrelevant, Unknown Origin Transformation Processes: Hardware, Software, Procedures, People Output Interface: Video/Print/Audio/Tactile-Kinesthetic/Olfactory, Email/IM/Website/Telnet/Disks/Cable/Wireless, Conversations/Phone/Notes/Memos/Terminations/Departures Input Interface: Tactile-Kinesthetic/Audio/Video/Print/Olfactory, Email/IM/Web/Telnet/Disks/Cable/Wireless, Conversations/Phone/Notes/Memos/Hires/Arrivals Control Processes: …?
Scope of Security Subsystem a lá U.S. Department of Defense… Personnel Procedural Facilities Technical
Personnel Security Security Organization Steering Committee CSO Other security personnel Security responsibilities of all personnel Human Resources Hiring and Remuneration Vacation Termination
Procedural Security Risk Assessment Security Audit Security Policy Business Continuity Plan Training Plan