IT Security CS5493(74293)
IT Security Q: Why do you need security? A: To protect assets.
What are assets? Any item that has value: – People – Intellectual property – Physical property – Data – Services – Reputation Assets are the things you want to protect
The SA and Assets People – Employees – Shareholders – Customers – Contractors
The SA and Assets Physical - The information computing system (hardware, software)
The SA and Assets Intellectual property – Patents – Proprietary source code. – Formulas – plans
The SA and Assets Data – Financial data – Customer database – Inventory – Scientific data
The SA and Assets Services – Availability of services – Productivity of employees
SA and Services Reputation – Brand image
Attacks, Threats, &Vulnerabilities Assets are subject to – Threats – Vulnerabilities – Attacks
SA: Threats A threat is a potential action that could compromise an asset.
SA: Vulnerabilities A vulnerability is a weakness in a system that makes it possible for a threat to cause harm.
SA: Attacks An attack is an action that compromises an asset.
Risks All risk cannot be eliminated. Risk is managed analytically through risk analysis.
Risk Analysis Quantifying (in monetary terms) the impact of attacks, threats, and vulnerabilities upon assets.
Security Summary Protect your assets Understand the threats Eliminate the vulnerabilities Reach an acceptable level of risk