Presentation is loading. Please wait.

Presentation is loading. Please wait.

Chapter 1: Information Security Fundamentals Security+ Guide to Network Security Fundamentals Second Edition.

Published byLee York Modified over 8 years ago

Similar presentations

Presentation on theme: "Chapter 1: Information Security Fundamentals Security+ Guide to Network Security Fundamentals Second Edition."— Presentation transcript:

1 Chapter 1: Information Security Fundamentals Security+ Guide to Network Security Fundamentals Second Edition

2 ’ Security+ Guide to Network Security Fundamentals, 2e Objectives Identify the challenges for information security Define information security Explain the importance of information security List and define information security terminology Describe the CompTIA Security+ certification exam Describe information security careers

3 ‘ Security+ Guide to Network Security Fundamentals, 2e Challenge of keeping networks and computers secure has never been greater A number of trends illustrate why security is becoming increasingly difficult Many trends have resulted in security attacks growing at an alarming rate Identifying the Challenges for Information Security

4 ³ Security+ Guide to Network Security Fundamentals, 2e Computer Emergency Response Team (CERT) security organization compiles statistics regarding number of reported attacks, including: –Speed of attacks –Sophistication of attacks –Faster detection of weaknesses –Distributed attacks –Difficulties of patching Identifying the Challenges for Information Security (continued)

5 9 Security+ Guide to Network Security Fundamentals, 2e

6 Identifying the Challenges for Information Security (continued) ‘ Security+ Guide to Network Security Fundamentals, 2e

7 T Security+ Guide to Network Security Fundamentals, 2e Information security: –Tasks of guarding digital information, which is typically processed by a computer (such as a personal computer), stored on a magnetic or optical storage device (such as a hard drive or DVD), and transmitted over a network spacing Defining Information Security (continued)

8 M Security+ Guide to Network Security Fundamentals, 2e Ensures that protective measures are properly implemented Is intended to protect information Involves more than protecting the information itself Defining Information Security (continued)

9 R Security+ Guide to Network Security Fundamentals, 2e Information security is intended to protect information that has value to people and organizations –This value comes from the characteristics of the information: Confidentiality Integrity Availability Information security is achieved through a combination of three entities Defining Information Security (continued)

10 ’t’t Security+ Guide to Network Security Fundamentals, 2e Confidentiality: Prevention of unauthorized disclosure of information. Or keeping unwanted parties from accessing assets of a computer system Also known as: secrecy or privacy Integrity: Prevention of unauthorized modification of information. Availability: Prevention of unauthorized withholding of information or resources. Or keeping system available Defining Information Security (continued)

11 ’ Security+ Guide to Network Security Fundamentals, 2e

12 Defining Information Security (continued) ’ Security+ Guide to Network Security Fundamentals, 2e

13 ’‘’‘ Security+ Guide to Network Security Fundamentals, 2e A more comprehensive definition of information security is: –That which protects the integrity, confidentiality, and availability of information on the devices that store, manipulate, and transmit the information through products, people, and procedures Defining Information Security (continued)

14 ’³ Security+ Guide to Network Security Fundamentals, 2e Understanding the Importance of Information Security Information security is important to businesses: –Prevents data theft –Avoids legal consequences of not securing information –Maintains productivity –Foils cyberterrorism –Thwarts identity theft

15 ’9’9 Security+ Guide to Network Security Fundamentals, 2e Preventing Data Theft Security often associated with theft prevention Drivers install security systems on their cars to prevent the cars from being stolen Same is true with information security—businesses cite preventing data theft as primary goal of information security

16 ’‘’‘ Security+ Guide to Network Security Fundamentals, 2e Preventing Data Theft (continued) Theft of data is single largest cause of financial loss due to a security breach One of the most important objectives of information security is to protect important business and personal data from theft

17 ’T’T Security+ Guide to Network Security Fundamentals, 2e Avoiding Legal Consequences Businesses that fail to protect data may face serious penalties Laws include: –The Health Insurance Portability and Accountability Act of 1996 (HIPAA) –The Sarbanes-Oxley Act of 2002 (Sarbox) –The Cramm-Leach-Blilely Act (GLBA) –USA PATRIOT Act 2001

18 ’M’M Security+ Guide to Network Security Fundamentals, 2e Maintaining Productivity After an attack on information security, clean-up efforts divert resources, such as time and money away from normal activities A Corporate IT Forum survey of major corporations showed: –Each attack costs a company an average of $213,000 in lost man-hours and related costs –One-third of corporations reported an average of more than 3,000 man-hours lost

19 Maintaining Productivity (continued) ’R’R Security+ Guide to Network Security Fundamentals, 2e

20 ’t’t Security+ Guide to Network Security Fundamentals, 2e An area of growing concern among defense experts are surprise attacks by terrorist groups using computer technology and the Internet (cyberterrorism) These attacks could cripple a nation’s electronic and commercial infrastructure Our challenge in combating cyberterrorism is that many prime targets are not owned and managed by the federal government Foiling Cyberterrorism

21 ’ Security+ Guide to Network Security Fundamentals, 2e Thwarting Identity Theft Identity theft involves using someone’s personal information, such as social security numbers, to establish bank or credit card accounts that are then left unpaid, leaving the victim with the debts and ruining their credit rating National, state, and local legislation continues to be enacted to deal with this growing problem –The Fair and Accurate Credit Transactions Act of 2003 is a federal law that addresses identity theft

22 ’ Security+ Guide to Network Security Fundamentals, Third Edition Information Security Terminology (continued) Asset –Something that has a value Threat –An event or object that may defeat the security measures in place and result in a loss Threat agent –A person or thing that has the power to carry out a threat

23 ’‘’‘ Security+ Guide to Network Security Fundamentals, Third Edition Information Security Terminology (continued) Vulnerability –Weakness that allows a threat agent to bypass security Risk –The likelihood that a threat agent will exploit a vulnerability –Realistically, risk cannot ever be entirely eliminated

24 Information Security Terminology (continued) ’³ Security+ Guide to Network Security Fundamentals, Third Edition

25 Information Security Terminology (continued) ’9’9 Security+ Guide to Network Security Fundamentals, Third Edition

26 ’‘’‘ Security+ Guide to Network Security Fundamentals, 2e Exploring the CompTIA Security+ Certification Exam (continued) Since 1982, the Computing Technology Industry Association (CompTIA) has been working to advance the growth of the IT industry CompTIA is the world’s largest developer of vendor- neutral IT certification exams The CompTIA Security+ certification tests for mastery in security concepts and practices

27 ’T’T Security+ Guide to Network Security Fundamentals, 2e Exploring the CompTIA Security+ Certification Exam (continued) The Security+ exam is an internationally recognized validation of foundation-level security skills and knowledge Used by organizations and security professionals around the world The six domains covered by the Security+ exam: –Systems Security, Network Infrastructure, Access Control, Assessments and Audits, Cryptography, and Organizational Security

28 ’M’M Security+ Guide to Network Security Fundamentals, 2e Surveying Information Security Careers Information security is one of the fastest growing career fields As information attacks increase, companies are becoming more aware of their vulnerabilities and are looking for ways to reduce their risks and liabilities

29 ’R’R Security+ Guide to Network Security Fundamentals, 2e Surveying Information Security Careers (continued) Sometimes divided into three general roles: –Security manager develops corporate security plans and policies, provides education and awareness, and communicates with executive management about security issues –Security engineer designs, builds, and tests security solutions to meet policies and address business needs –Security administrator configures and maintains security solutions to ensure proper service levels and availability

30 ‘t‘t Security+ Guide to Network Security Fundamentals, 2e Summary The challenge of keeping computers secure is becoming increasingly difficult Attacks can be launched without human intervention and infect millions of computers in a few hours Information security protects the integrity, confidentiality, and availability of information on the devices that store, manipulate, and transmit the information through products, people, and procedures

31 ‘’‘’ Security+ Guide to Network Security Fundamentals, 2e Summary (continued) Information security has its own set of terminology A threat is an event or an action that can defeat security measures and result in a loss Many organizations use the CompTIA Security+ certification to verify security competency

Download ppt "Chapter 1: Information Security Fundamentals Security+ Guide to Network Security Fundamentals Second Edition."

Similar presentations

IT Security Policy Framework

IT Security Policy Framework
Copyright © 2012, Big I Advantage®, Inc., and Swiss Re Corporate Solutions. All rights reserved. (Ed. 08/12 -1) E&O RISK MANAGEMENT: MEETING THE CHALLENGE.

Copyright © 2012, Big I Advantage®, Inc., and Swiss Re Corporate Solutions. All rights reserved. (Ed. 08/12 -1) E&O RISK MANAGEMENT: MEETING THE CHALLENGE.
S3-1 © 2001 Carnegie Mellon University OCTAVE SM Process 3 Identify Staff Knowledge Software Engineering Institute Carnegie Mellon University Pittsburgh,

S3-1 © 2001 Carnegie Mellon University OCTAVE SM Process 3 Identify Staff Knowledge Software Engineering Institute Carnegie Mellon University Pittsburgh,
Auditing Concepts.

Auditing Concepts.
Fundamentals of Information Systems, Second Edition 1 Security, Privacy, and Ethical Issues in Information Systems and the Internet Chapter 9.

Fundamentals of Information Systems, Second Edition 1 Security, Privacy, and Ethical Issues in Information Systems and the Internet Chapter 9.
JARED BIRD Nagios: Providing Value Throughout the Organization.

JARED BIRD Nagios: Providing Value Throughout the Organization.
E-Commerce Security Issues. General E-Business Security Issues Any E-Business needs to be concerned about network security. The Internet is a “ public.

E-Commerce Security Issues. General E-Business Security Issues Any E-Business needs to be concerned about network security. The Internet is a “ public.
Security Controls – What Works

Security Controls – What Works
Course ILT Security overview Unit objectives Discuss network security Discuss security threat trends and their ramifications Determine the factors involved.

Course ILT Security overview Unit objectives Discuss network security Discuss security threat trends and their ramifications Determine the factors involved.
Security+ Guide to Network Security Fundamentals

Security+ Guide to Network Security Fundamentals
About the Presentations The presentations cover the objectives found in the opening of each chapter. All chapter objectives are listed in the beginning.

About the Presentations The presentations cover the objectives found in the opening of each chapter. All chapter objectives are listed in the beginning.
1 An Overview of Computer Security computer security.

1 An Overview of Computer Security computer security.
Security+ Guide to Network Security Fundamentals, Third Edition Chapter 1 Introduction to Security.

Security+ Guide to Network Security Fundamentals, Third Edition Chapter 1 Introduction to Security.
Chapter 1 Introduction to Security

Chapter 1 Introduction to Security
Security+ Guide to Network Security Fundamentals, Third Edition Chapter 9 Performing Vulnerability Assessments.

Security+ Guide to Network Security Fundamentals, Third Edition Chapter 9 Performing Vulnerability Assessments.
Chapter 9 Information Systems Controls for System Reliability— Part 2: Confidentiality and Privacy Copyright © 2012 Pearson Education, Inc. publishing.

Chapter 9 Information Systems Controls for System Reliability— Part 2: Confidentiality and Privacy Copyright © 2012 Pearson Education, Inc. publishing.
Security Overview. 2 Objectives Understand network security Understand security threat trends and their ramifications Understand the goals of network.

Security Overview. 2 Objectives Understand network security Understand security threat trends and their ramifications Understand the goals of network.
CYBER CRIME AND SECURITY TRENDS

CYBER CRIME AND SECURITY TRENDS
Security Awareness Challenges of Security No single simple solution to protecting computers and securing information Different types of attacks Difficulties.

Security Awareness Challenges of Security No single simple solution to protecting computers and securing information Different types of attacks Difficulties.
Ferst Center Incident Incident Identification – Border Intrusion Detection System Incident Response – Campus Executive Incident Response Team Incident.

Ferst Center Incident Incident Identification – Border Intrusion Detection System Incident Response – Campus Executive Incident Response Team Incident.

Similar presentations

Ads by Google