Presentation is loading. Please wait.

Presentation is loading. Please wait.

Assessment Presentation Philip Robbins - July 14, 2012 University of Phoenix Hawaii Campus Fundamentals of Information Systems Security.

Published bySophie McLaughlin Modified over 8 years ago

Similar presentations

Presentation on theme: "Assessment Presentation Philip Robbins - July 14, 2012 University of Phoenix Hawaii Campus Fundamentals of Information Systems Security."— Presentation transcript:

1 Assessment Presentation Philip Robbins - July 14, 2012 University of Phoenix Hawaii Campus Fundamentals of Information Systems Security

2 Scope & Applicability UOPX Courses -CIS 207 Information Systems Fundamentals -CMGT 244 Intro to IT Security -CMGT 245 IS Security Concepts -CMGT 400 Intro to Information Assurance & Security -CMGT 440 Intro to Information Systems Security -CMGT 441 Intro to Information Systems Security Management -CMGT 430 Enterprise Security -CMGT 442 Information Systems Risk Management

3 Objectives Review of Concepts. What is (are): -Information Systems? -Information Security? -Information Systems Security? -Information Assurance? -Cyber Security? -Defense in Depth? Significance / Importance of Concepts Advanced Topics in Security Risk Analysis Present & Future Challenges Q&A

4 Who am I? Information Systems Authorizing Official Representative -United States Pacific Command (USPACOM) -Risk Management Field -Assessments to USPACOM Authorizing Official / CIO Former Electronics Engineer Bachelor of Science in Electrical Engineering Master of Science in Information Systems Ph.D. Student in Communication & Information Sciences Certified Information Systems Security Professional (CISSP) and Project Management Professional (PMP)

5 Review of Concepts What are Information Systems? -Systems that store, transmit, and process information. + What is Information Security? -The protection of information. ------------------------------------------------------------------------------- What is Information Systems Security? -The protection of systems that store, transmit, and process information.

6 Review of Concepts What is Information Assurance? -Emphasis on Information Sharing -Establishing and controlling trust -Authorization and Authentication (A&A) What is Cyber Security? -Protection of information and systems within networks that are connected to the Internet.

7 Review of Concepts Progression of Terminology Computer Security (COMPUSEC) Information Security (INFOSEC) Information Assurance (IA) Cyber Security Legacy Term (no longer used). Legacy Term (still used). Term widely accepted today with focus on Information Sharing. Broad Term quickly being adopted.

8 Review of Concepts What is the Defense in Depth Strategy? -Using layers of defense as protection. People, Technology, and Operations. Onion Model

9 Review of Concepts

10 ISS Management What is a Backup Plan (BP) vs Disaster Recovery Plan (DRP) vs Emergency Response Plan (ERP) vs Business Recovery Plan (BRP) vs Business Impact Analysis (BIA) vs Incident Response Plan (IRP) vs Continuity of Operations Plan (COOP) vs Contingency Plan? Policy & Planning Test, Audit, Update Configuration Control Protection, Detection, Reaction (Assessment, CND, Incident Response)

11 Why is this important? Information is valuable. therefore, Information Systems are valuable. etc… Compromise of Information Security Services (C-I-A) have real consequences (loss) -Confidentiality: death, proprietary info, privacy, theft -Integrity: theft, disruption -Availability: productivity lost, C2, defense, emergency services

12 Why is this important? Fixed Resources Sustainable strategies reduce costs

13 Advanced Topics: Measuring Risk What is Risk? thus Qualitative v.s. Quantitative Methods Risk Assessments v.s. Risk Analysis Security Risk Analysis (SRA) Units for measurement?

14 Advanced Topics: Measuring Risk Risk is conditional, NOT independent.

15 Advanced Topics: Measuring Risk Quantitative, time-dependent (continuous), Risk Distribution Function: Source: Robbins, P. (Dec, 2011). Security Risk Analysis and Critical Information Systems (Master's Thesis). Hawaii Pacific University, Honolulu, HI.Security Risk Analysis and Critical Information Systems

16 Advanced Topics: Measuring Risk Expected Value of Risk = Product of Risks Risk is never zero Risk Dimension (units): confidence in ISS, C-I-A

17 Advanced Topics: Measuring Risk Expected Value and Risk Loss Confidence vs Cumulative Risk Product

18 Advanced Topics: Measuring Risk Quantitative Risk Determination Expression Risk Rate & Risk Variability Adjudication of Risk

19 Advanced Topics: Measuring Risk Determining Risk Tolerance / Threshold Levels

20 Advanced Topics: Measuring Risk Risk Areas as a function of Probability and Impact

21 Present Challenges Rapid growth of Advanced Persistent Threats (APTs) Half million cases of cyber related incidents in 2012. Is this a problem? What about vulnerabilities associated with interconnections? Source: US-CERT

22 Future Challenges Cyberspace: Are we at war? Cyber Crime vs Cyber Warfare vs Cyber Conflict

23 Closing Thoughts Information Systems Security (Cyber Security) is an explosive field. - Spanning Commercial, Private and Government Sectors - Demand >> Capacity: Strategies, solutions, workforce - $ - Evolving field (not fully matured) Security will change our communications landscape - Efficiencies (centralization of services, technology) - Intelligent design of network interconnections and interdependencies - Regulations

24 Thank you! Got Questions?

Download ppt "Assessment Presentation Philip Robbins - July 14, 2012 University of Phoenix Hawaii Campus Fundamentals of Information Systems Security."

Similar presentations

Lynn Ray ISO Towson University Strategic Planning for IT Security Copyright Lynn Ray, 2007. This work is the intellectual property rights of the author.

Lynn Ray ISO Towson University Strategic Planning for IT Security Copyright Lynn Ray, This work is the intellectual property rights of the author.
Cyber and Maritime Infrastructure

Cyber and Maritime Infrastructure
Chap 1: Overview Concepts of CIA: confidentiality, integrity, and availability Confidentiality: concealment of information –The need arises from sensitive.

Chap 1: Overview Concepts of CIA: confidentiality, integrity, and availability Confidentiality: concealment of information –The need arises from sensitive.
Cyber Security: Past and Future John M. Gilligan CERT’s 20 th Anniversary Technical Symposium Pittsburgh, PA www.gilligangroupinc.com March 10, 2009.

Cyber Security: Past and Future John M. Gilligan CERT’s 20 th Anniversary Technical Symposium Pittsburgh, PA March 10, 2009.
Smart Grid - Cyber Security Small Rural Electric George Gamble Black & Veatch

Smart Grid - Cyber Security Small Rural Electric George Gamble Black & Veatch
A Covenant University Presentation By Favour Femi-Oyewole, BSc, MSc (Computer Science), MSc (Information Security) Certified COBIT 5 Assessor /Certified.

A Covenant University Presentation By Favour Femi-Oyewole, BSc, MSc (Computer Science), MSc (Information Security) Certified COBIT 5 Assessor /Certified.
Lecture 1: Overview modified from slides of Lawrie Brown.

Lecture 1: Overview modified from slides of Lawrie Brown.
Chapter 5 5-1 © 2009 Pearson Education, Inc. Publishing as Prentice Hall.

Chapter © 2009 Pearson Education, Inc. Publishing as Prentice Hall.
Cybersecurity Summit 2004 Andrea Norris Deputy Chief Information Officer/ Director of Division of Information Systems.

Cybersecurity Summit 2004 Andrea Norris Deputy Chief Information Officer/ Director of Division of Information Systems.
Security Offering. Cyber Security Solutions 2 Assessment Analysis & Planning Design & Architecture Development & Implementation O&M Critical Infrastructure.

Security Offering. Cyber Security Solutions 2 Assessment Analysis & Planning Design & Architecture Development & Implementation O&M Critical Infrastructure.
Information Assurance Education Today LTC Clifton H. Poole, CISSP, CISM, IAM Information Resources Management College National Defense University Policy2004.

Information Assurance Education Today LTC Clifton H. Poole, CISSP, CISM, IAM Information Resources Management College National Defense University Policy2004.
Comptroller of the Currency Administrator of National Banks E- Security Risk Mitigation: A Supervisor’s Perspective Global Dialogue World Bank Group September.

Comptroller of the Currency Administrator of National Banks E- Security Risk Mitigation: A Supervisor’s Perspective Global Dialogue World Bank Group September.
Security Risk Management Marcus Murray, CISSP, MVP (Security) Senior Security Advisor, Truesec

Security Risk Management Marcus Murray, CISSP, MVP (Security) Senior Security Advisor, Truesec
Resiliency Rules: 7 Steps for Critical Infrastructure Protection.

Resiliency Rules: 7 Steps for Critical Infrastructure Protection.
Information Security Compliance System Owner Training Richard Gadsden Information Security Office Office of the CIO – Information Services Sharon Knowles.

Information Security Compliance System Owner Training Richard Gadsden Information Security Office Office of the CIO – Information Services Sharon Knowles.
Information Systems Risk Management

Information Systems Risk Management
Information Security Group DSD & E-Security DSD and E-Security Tim Burmeister Information Security Policy Defence Signals Directorate

Information Security Group DSD & E-Security DSD and E-Security Tim Burmeister Information Security Policy Defence Signals Directorate
Information Security Technological Security Implementation and Privacy Protection.

Information Security Technological Security Implementation and Privacy Protection.
SEC835 Database and Web application security Information Security Architecture.

SEC835 Database and Web application security Information Security Architecture.
CHAPTER 4 Information Security. CHAPTER OUTLINE 4.1 Introduction to Information Security 4.2 Unintentional Threats to Information Security 4.3 Deliberate.

CHAPTER 4 Information Security. CHAPTER OUTLINE 4.1 Introduction to Information Security 4.2 Unintentional Threats to Information Security 4.3 Deliberate.

Similar presentations

Ads by Google