Presentation is loading. Please wait.

Presentation is loading. Please wait.

Module 02: 1 Introduction to Computer Security and Information Assurance Objectives Recognize that physical security and cyber security are related Recognize.

Published byDarrell Stephens Modified over 9 years ago

Similar presentations

Presentation on theme: "Module 02: 1 Introduction to Computer Security and Information Assurance Objectives Recognize that physical security and cyber security are related Recognize."— Presentation transcript:

1 Module 02: 1 Introduction to Computer Security and Information Assurance Objectives Recognize that physical security and cyber security are related Recognize that personnel security policies and procedures are related to cyber security Explain how awareness training strengthens cyber security practices

2 Module 02: 2 Introduction to Computer Security and Information Assurance Physical Security Addresses the protection of the organization’s assets: –Personnel –Property –Information

3 Module 02: 3 Introduction to Computer Security and Information Assurance Physical And Cyber Security Disciplines merging Physical access can lead to compromise

4 Module 02: 4 Introduction to Computer Security and Information Assurance Physical Security Threats Most threats in this area are ‘physical’ –Fire –Flood –Natural disasters The Human factor is an exception to this rule

5 Module 02: 5 Introduction to Computer Security and Information Assurance Major Sources Of Physical Loss Temperature extremes Gases Liquids Living organisms Excessive movement Energy anomalies Source: “Fighting Computer Crime” by Donn B. Parker

6 Module 02: 6 Introduction to Computer Security and Information Assurance Physical Security Threat Categories Natural and Environmental Man-made

7 Module 02: 7 Introduction to Computer Security and Information Assurance Natural And Environmental Threats Hurricanes Tornadoes Earthquakes Floods Lightning Mudslides Fire Electrical

8 Module 02: 8 Introduction to Computer Security and Information Assurance Man-Made Threats Hackers Theft Human error

9 Module 02: 9 Introduction to Computer Security and Information Assurance Physical Security Countermeasures Property protection Structural hardening Physical access control Intrusion detection Physical security procedures Contingency plans Physical security awareness training

10 Module 02: 10 Introduction to Computer Security and Information Assurance Property Protection Fences Gates Doors Locks and keys Lighting Fire detection and suppression systems

11 Module 02: 11 Introduction to Computer Security and Information Assurance Structural Hardening Robust construction Minimal penetration Building complexity

12 Module 02: 12 Introduction to Computer Security and Information Assurance Physical Access Control Ensures only authorized individuals are allowed into certain areas –Who –What –When –Where –How

13 Module 02: 13 Introduction to Computer Security and Information Assurance Intrusion Detection Guards Dogs Electronic monitoring systems

14 Module 02: 14 Introduction to Computer Security and Information Assurance Physical Security Procedures Impose consequences for physical security violations Examples: –Log personnel access to restricted areas –Escort visitors, delivery, terminated personnel

15 Module 02: 15 Introduction to Computer Security and Information Assurance Contingency Plans Considerations include –Generators –Fire suppression and detection systems –Water sensors –Alternate facility –Offsite storage facility

16 Module 02: 16 Introduction to Computer Security and Information Assurance Physical Security Awareness Training Train personnel what to do about –Suspicious activities –Unrecognized persons

17 Module 02: 17 Introduction to Computer Security and Information Assurance Personnel Security Practices established to ensure the safety and security of personnel and other organizational assets

18 Module 02: 18 Introduction to Computer Security and Information Assurance Personnel Security It’s all about the people People are the weakest link An avenue to mold and define personnel behavior

19 Module 02: 19 Introduction to Computer Security and Information Assurance Personnel Security Threat Categories Insider threats Social engineering

20 Module 02: 20 Introduction to Computer Security and Information Assurance Insider Threats One of the most common threats to any organization More difficult to recognize Include –Sabotage –Unauthorized disclosure of information

21 Module 02: 21 Introduction to Computer Security and Information Assurance Social Engineering Threats Multiple techniques are used to gain information from authorized employees and using that information in conjunction with an attack –Protect your password (even from the help desk) –Protect personnel rosters

22 Module 02: 22 Introduction to Computer Security and Information Assurance Dumpster Diving Rummaging through a company’s or individual’s garbage for discarded documents, information, and other precious items that could be used in an attack against that person or company

23 Module 02: 23 Introduction to Computer Security and Information Assurance Phishing Usually takes place through fraudulent e- mails requesting users to disclose personal or financial information E-mail appears to come from a legitimate organization

24 Module 02: 24 Introduction to Computer Security and Information Assurance

25 Module 02: 25 Introduction to Computer Security and Information Assurance Security Awareness Recognizing what types of security issues might arise Knowing your responsibilities and what actions to take in case of a breach

26 Module 02: 26 Introduction to Computer Security and Information Assurance Policies And Procedures Acceptable use policy Personnel controls Hiring and termination practices

27 Module 02: 27 Introduction to Computer Security and Information Assurance People And Places: What You Need To Know Physical security Physical security threats and countermeasures Personnel security Personnel security threats and countermeasures

Download ppt "Module 02: 1 Introduction to Computer Security and Information Assurance Objectives Recognize that physical security and cyber security are related Recognize."

Similar presentations

1 COMPUTER GENERATED & STORED RECORDS CONTROLS Presented by COSCAP-SA.

1 COMPUTER GENERATED & STORED RECORDS CONTROLS Presented by COSCAP-SA.
11006130/0403 Copyright ©2004 Business and Legal Reports, Inc. BLRs Safety Training Presentations Transportation Security TrainingPart II 49 CFR 172.704.

/0403 Copyright ©2004 Business and Legal Reports, Inc. BLRs Safety Training Presentations Transportation Security TrainingPart II 49 CFR
4 Information Security.

4 Information Security.
Computer Fraud Chapter 5.

Computer Fraud Chapter 5.
Computer Fraud Chapter 5.

Computer Fraud Chapter 5.
Copyright 2004 Foreman Architects Engineers School Security From Common Sense to High Tech.

Copyright 2004 Foreman Architects Engineers School Security From Common Sense to High Tech.
Greg Lamb. Introduction It is clear that we as consumers and entrepreneurs cannot expect complete privacy when discussing business matters. However… There.

Greg Lamb. Introduction It is clear that we as consumers and entrepreneurs cannot expect complete privacy when discussing business matters. However… There.
Physical and Environmental Security Chapter 5 Part 1 Pages 427 to 456.

Physical and Environmental Security Chapter 5 Part 1 Pages 427 to 456.
11 ASSESSING THE NEED FOR SECURITY Chapter 1. Chapter 1: Assessing the Need for Security2 ASSESSING THE NEED FOR SECURITY  Security design concepts 

11 ASSESSING THE NEED FOR SECURITY Chapter 1. Chapter 1: Assessing the Need for Security2 ASSESSING THE NEED FOR SECURITY  Security design concepts 
Lecture 1: Overview modified from slides of Lawrie Brown.

Lecture 1: Overview modified from slides of Lawrie Brown.
Dr. Bhavani Thuraisingham The University of Texas at Dallas (UTD) June 2011 Physical (Environmental) Security.

Dr. Bhavani Thuraisingham The University of Texas at Dallas (UTD) June 2011 Physical (Environmental) Security.
1 An Overview of Computer Security computer security.

1 An Overview of Computer Security computer security.
8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.

8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.
8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.

8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.
Stephen S. Yau CSE 465 & CSE591, Fall 2006 1 Physical Security for Information Systems.

Stephen S. Yau CSE 465 & CSE591, Fall Physical Security for Information Systems.
8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.

8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.
Sanjay Goel, School of Business/Center for Information Forensics and Assurance University at Albany Proprietary Information 1 Unit Outline Qualitative.

Sanjay Goel, School of Business/Center for Information Forensics and Assurance University at Albany Proprietary Information 1 Unit Outline Qualitative.
This work is supported by the National Science Foundation under Grant Number DUE-0302909. Any opinions, findings and conclusions or recommendations expressed.

This work is supported by the National Science Foundation under Grant Number DUE Any opinions, findings and conclusions or recommendations expressed.
Information Security Principles and Practices

Information Security Principles and Practices
Lecture 11 Reliability and Security in IT infrastructure.

Lecture 11 Reliability and Security in IT infrastructure.

Similar presentations

Ads by Google