Presentation is loading. Please wait.

Presentation is loading. Please wait.

Cyber Security/Information Security Definitions

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "Cyber Security/Information Security Definitions"— Presentation transcript:

1 Cyber Security/Information Security Definitions

2 Cyber Security/Information Security Types
General Security Term Type / Definition InfoSec Broad definition – Generally relates to the IT technical focus of security, including: firewalls, routers/switches and networking equipment security, DMZ (network demilitarization zones), network access controls, CAC (common access cards)/tokens, PKI (public key infrastructure) controls, access point security, secure data backup, NACs (network access controls), etc. Information Assurance Broad definition – Addresses a wide variety of information security disciplines (IT, physical security, personnel security, s/w development standards and security, IT outsourcing security, end-user IT security, database/host security, encryption/data security, audit/compliance, etc.) Mission Assurance Broad definition – Includes additional aspects beyond Information Assurance, focused on single outcome of the entire system to be protected (frequently includes COOP, BCP, disaster recovery) Cyber Security Narrower definition–Generally associated with the technical aspects of data protection (PKI, encryption, access control, data shredding/recovery prevention, etc.) Information Security Assessments Narrower definition – Applies to review of systems against standards or requirements (ISO 27001, ISO15408) and determines posture of system. Usually associated with remedial actions and preparation consulting for future certifications/ assessments. Certification and Accreditation (C&A) Narrow definition - Detailed technical and management assessments and deliberate assessment/acceptance of risk of IT systems, as measured against specific technical criteria (depends on client – there are many technical standards and ‘customer-specific’ criteria, such as DCIDs, DoD 8500, NIST, etc.). Vulnerability Assessments Narrow definition – Usually technical in nature and quite detailed, a system-by-system review and assessment of security settings and security protocols for IT systems. Automated tools to ‘scan’ and assess the security posture of the IT infrastructure are usually used to identify vulnerabilities (e.g, Nessus, nmap) Penetration Testing (Pen Testing) Narrow definition – Adversarial ‘attack’ on systems by a friendly player to gain access of systems/data or control entities on a network. “Red Teaming” is done by an external entity and employs a variety of techniques (technical, physical, ‘social’, etc.) to gain access, as if being done by adversaries. “Blue Teaming” is performed by internal entities, usually with partial internal access to all or a portion of the network. Many technical/legal issues must be addressed as part of pen testing to allow for adequate ‘real life’ testing without disrupting operations. Usually requires most senior management approval and ‘get out of jail free’ authority for pen testing personnel. Security Operations / Computer Incident Response Teams (CIRT) capability Narrow definition – Focused on operational/’watch center’ and real-time threat monitoring/response issues. Includes intrusion detection, virus detection/virus definition updates, software updates/patch management, IAVA (information assurance vulnerability alert)/STIG (security technical implementation guides) implementation and management, malware detection/removal, incident response and remediation.

Download ppt "Cyber Security/Information Security Definitions"

Similar presentations

ETHICAL HACKING A LICENCE TO HACK

ETHICAL HACKING A LICENCE TO HACK
The Whole/Hole of Security Public (DoD) v. Corporate Carl Bourland US Army Judge Advocate Generals Corps.

The Whole/Hole of Security Public (DoD) v. Corporate Carl Bourland US Army Judge Advocate Generals Corps.
Protection of Information Assets I. Joko Dewanto 1.

Protection of Information Assets I. Joko Dewanto 1.
Smart Grid - Cyber Security Small Rural Electric George Gamble Black & Veatch

Smart Grid - Cyber Security Small Rural Electric George Gamble Black & Veatch
MAINSTAY ENTERPRISES, INC. “We Support Your Security Needs” Information System Security Services In today’s competitive marketplace, facilitating electronic.

MAINSTAY ENTERPRISES, INC. “We Support Your Security Needs” Information System Security Services In today’s competitive marketplace, facilitating electronic.
Security Controls – What Works

Security Controls – What Works
Planning and Managing Information Security Randall Sutton, President Elytra Enterprises Inc. April 4, 2006.

Planning and Managing Information Security Randall Sutton, President Elytra Enterprises Inc. April 4, 2006.
Cybersecurity Summit 2004 Andrea Norris Deputy Chief Information Officer/ Director of Division of Information Systems.

Cybersecurity Summit 2004 Andrea Norris Deputy Chief Information Officer/ Director of Division of Information Systems.
Know the Client Own the Problem Share the Solution The 2005 Case for Information Technology Security October 14, 2004.

Know the Client Own the Problem Share the Solution The 2005 Case for Information Technology Security October 14, 2004.
ITS Offsite Workshop 2002 PolyU IT Security Policy PolyU IT/Computer Systems Security Policy (SSP) By Ken Chung Senior Computing Officer Information Technology.

ITS Offsite Workshop 2002 PolyU IT Security Policy PolyU IT/Computer Systems Security Policy (SSP) By Ken Chung Senior Computing Officer Information Technology.
E-Commerce Security and Fraud Issues and Protections

E-Commerce Security and Fraud Issues and Protections
Computer Security: Principles and Practice

Computer Security: Principles and Practice
Controls for Information Security

Controls for Information Security
Security Offering. Cyber Security Solutions 2 Assessment Analysis & Planning Design & Architecture Development & Implementation O&M Critical Infrastructure.

Security Offering. Cyber Security Solutions 2 Assessment Analysis & Planning Design & Architecture Development & Implementation O&M Critical Infrastructure.
Stephen S. Yau CSE 465-591, Fall 2006 1 Security Strategies.

Stephen S. Yau CSE , Fall Security Strategies.
Network Security. Trust Relationships (Trust Zones) High trust (internal) = f c (once you gain access); g p Low trust ( ) = more controls; fewer privileges.

Network Security. Trust Relationships (Trust Zones) High trust (internal) = f c (once you gain access); g p Low trust ( ) = more controls; fewer privileges.
Network security policy: best practices

Network security policy: best practices
VULNERABILITY MANAGEMENT Moving Away from the Compliance Checkbox Towards Continuous Discovery.

VULNERABILITY MANAGEMENT Moving Away from the Compliance Checkbox Towards Continuous Discovery.
Introduction to Network Defense

Introduction to Network Defense
SEC835 Database and Web application security Information Security Architecture.

SEC835 Database and Web application security Information Security Architecture.

Similar presentations

Ads by Google