IT Security CS5493(74293). IT Security Q: Why do you need security? A: To protect assets.

Slides:

Advertisements

Similar presentations

Security+ All-In-One Edition Chapter 17 – Risk Management

Advertisements

Module 1 Evaluation Overview © Crown Copyright (2000)

04 October 2006 © 2006 Rhye Internet Solutions Limited 1 Open Source Security Is Open Source software more or less secure than proprietary equivalents?

Your Customer Deserves the Best Copy Number ______.

© 2014 wheresjenny.com Cyber crime CYBER CRIME. © 2014 wheresjenny.com Cyber crime Vocabulary Defacement : An attack on a website that changes the visual.

Networked Systems Survivability CERT ® Coordination Center Software Engineering Institute Carnegie Mellon University Pittsburgh, PA © 2002 Carnegie.

Lockton Companies International Limited. Authorised and regulated by the Financial Services Authority. A Lloyd’s Broker. Protecting Your Business from.

CERT ® System and Network Security Practices Presented by Julia H. Allen at the NCISSE 2001: 5th National Colloquium for Information Systems Security Education,

Introducing Computer and Network Security

Sanjay Goel, School of Business/Center for Information Forensics and Assurance University at Albany Proprietary Information 1 Information Security Risk.

Sanjay Goel, School of Business/Center for Information Forensics and Assurance University at Albany Proprietary Information 1 Unit Outline Qualitative.

Security+ Guide to Network Security Fundamentals, Third Edition Chapter 9 Performing Vulnerability Assessments.

This work is supported by the National Science Foundation under Grant Number DUE Any opinions, findings and conclusions or recommendations expressed.

Sanjay Goel, School of Business/Center for Information Forensics and Assurance University at Albany Proprietary Information 1 Unit Outline Information.

Summary of Lecture 1 Security attack types: either by function or by the property being compromised Security mechanism – prevention, detection and reaction.

Randy Marchany VA Tech Computing Center

SELECTING AND IMPLEMENTING VULNERABILITY SCANNER FOR FUN AND PROFIT by Tim Jett and Mike Townes.

Sanjay Goel, School of Business/Center for Information Forensics and Assurance University at Albany Proprietary Information 1 Unit Outline Qualitative.

Sanjay Goel, School of Business/Center for Information Forensics and Assurance University at Albany Proprietary Information 1 Unit Outline Information.

Chapter Extension 22 Managing Computer Security Risk © 2008 Pearson Prentice Hall, Experiencing MIS, David Kroenke.

Network Security. Trust Relationships (Trust Zones) High trust (internal) = f c (once you gain access); g p Low trust ( ) = more controls; fewer privileges.

SEC835 Database and Web application security Information Security Architecture.

© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public ITE PC v4.0 Chapter 1 1 Basic Security Networking for Home and Small Businesses – Chapter 8.

Network Security Policy Anna Nash MBA 737. Agenda Overview Goals Components Success Factors Common Barriers Importance Questions.

Security Risk Assessment Applied Risk Management July 2002.

Session 602 Exploring the Evolution of Access: Classified, Privacy, and Proprietary Restrictions.

Discussing “Risk Analysis in Software Design” 1 FEB Joe Combs.

CSC 386 – Computer Security Scott Heggen. Agenda Security Management.

Risk Assessment Farrokh Alemi, Ph.D. Monday, July 07, 2003.

What does secure mean? You have been assigned a task of finding a cloud provider who can provide a secure environment for the launch of a new web application.

© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Version 4.0 Basic Security Networking for Home and Small Businesses – Chapter 8.

Lesson 7-Managing Risk. Overview Defining risk. Identifying the risk to an organization. Measuring risk.

John Carpenter & lecture & Information Security 2008 Lecture 1: Subject Introduction and Security Fundamentals.

Security Policies and Procedures. cs490ns-cotter2 Objectives Define the security policy cycle Explain risk identification Design a security policy –Define.

Where in the world is your data? Data Breach Analysis Angelbeat Seminar Billy Austin, President iScan Online, Inc.

Chapter 1 Overview The NIST Computer Security Handbook defines the term Computer Security as:

℠ Pryvos ℠ Computer Security and Forensic Services May 27, 2015 Copyright © 2015 Pryvos, Inc. 1.

Security+ Guide to Network Security Fundamentals, Third Edition Chapter 9 Performing Vulnerability Assessments.

.  Define risk and risk management  Describe the components of risk management  List and describe vulnerability scanning tools  Define penetration.

Alaa Mubaied Risk Management Alaa Mubaied

Lecture slides prepared for “Computer Security: Principles and Practice”, 3/e, by William Stallings and Lawrie Brown, Chapter 1 “Overview”. © 2016 Pearson.

2/16/06 Page 1Loui Some Notes from Sommerville Software Engineering 7 CS436 (material for quiz)

Visual 1. 1 Lesson 1 Overview and and Risk Management Terminology.

Information Security Governance and Risk Chapter 2 Part 2 Pages 69 to 100.

Security Mindset Lesson Introduction Why is cyber security important?

INDICATOR 3.02 USE COMMUNICATION SKILLS TO FOSTER OPEN, HONEST COMMUNICATIONS.

By: Mark Reed.  Protecting information and information systems from unauthorized access, use, disclosure, disruption, modification, or destruction.

Database Security Threats. Database An essential corporate resource Data is a valuable resource Must be strictly controlled, managed and secured May have.

Computer Science / Risk Management and Risk Assessment Nathan Singleton.

INSIDER THREATS BY: DENZEL GAY COSC 356. ROAD MAP What makes the insider threat important Types of Threats Logic bombs Ways to prevent.

Unit 4: Impact of the Use of IT on Business Systems

Cybersecurity as a Business Differentiator

CS457 Introduction to Information Security Systems

Risk management.

إدارة الأعمال الإلكترونية عمادة التعلم الإلكتروني والتعليم عن بعد

CS 450/650 Fundamentals of Integrated Computer Security

Chapter Three Objectives

Information Security based on International Standard ISO 27001

I have many checklists: how do I get started with cyber security?

IT Vocab IT = information technology Server Client or host

Can be imitated at a cost

Must cost less than possible Impact

Database Security &Threats

Networking for Home and Small Businesses – Chapter 8

IS4680 Security Auditing for Compliance

Cybersecurity Threat Assessment

Networking for Home and Small Businesses – Chapter 8

Networking for Home and Small Businesses – Chapter 8

Chapter 1 Key Security Terms.

Presentation transcript:

IT Security CS5493(74293)

IT Security Q: Why do you need security? A: To protect assets.

What are assets? Any item that has value: – People – Intellectual property – Physical property – Data – Services – Reputation Assets are the things you want to protect

The SA and Assets People – Employees – Shareholders – Customers – Contractors

The SA and Assets Physical - The information computing system (hardware, software)

The SA and Assets Intellectual property – Patents – Proprietary source code. – Formulas – plans

The SA and Assets Data – Financial data – Customer database – Inventory – Scientific data

The SA and Assets Services – Availability of services – Productivity of employees

SA and Services Reputation – Brand image

Attacks, Threats, &Vulnerabilities Assets are subject to – Threats – Vulnerabilities – Attacks

SA: Threats A threat is a potential action that could compromise an asset.

SA: Vulnerabilities A vulnerability is a weakness in a system that makes it possible for a threat to cause harm.

SA: Attacks An attack is an action that compromises an asset.

Risks All risk cannot be eliminated. Risk is managed analytically through risk analysis.

Risk Analysis Quantifying (in monetary terms) the impact of attacks, threats, and vulnerabilities upon assets.

Security Summary Protect your assets Understand the threats Eliminate the vulnerabilities Reach an acceptable level of risk