Please enable JavaScript.
Coggle requires JavaScript to display documents.
Information Systems Security (The Seven Domains of a Typical IT…
Information Systems Security
Information Systmes Security
Risks, Threats, and Vulnerabilities
Risk- the likelihood something bad will happen to an asset
Threat- any action that could damage an asset
Vulnerability- a weakness that allows a threat to be realized or have an effect on an asset
What is information Security?
The collection of activities that protect the information system and the data in it
U.S. Compliance Laws Drive Need for Information Systems Security
Federal Information Security Management ACt (FISMA)
Federal Information Security Modernization Act (FISMA)
Sarbanes-Oxley Act
Gramm-Leach-Bliley Act (GLBA)
Health Insurance Portability and Accountability Act (HIPAA)
Children Internet Protection Act (CIPA)
The Seven Domains of a Typical IT Infrastructure
Workstation Domain
LAN Domain
User Domain
LAN-to-WAN Domain
WAN Domain
Remote Access Domain
System/Application Domain
Tenets Three of Information Systems Security
Confidentiality
The guarding of information from everyone except those with rights to it
Integrity
The validity and accuracy of the data
Availablity
Generally expressed as the amount of time users can use a system, application, and data
Weakest Link in the Security of an IT Infrastructure
The user is the weakest link in security. Human error is a major risk and threat to any orginzation
Reduce risk by...
Checking the background of each candidate carefully
Apply sound application and software testing and review for quality
Rotate access to sensitive systmes, applications, and data among differnt staff postions
Regularly review security plans throughout the seven domains of a typical IT system
Give Staff members a regualr evalution
Preform annual security control audits
IT Security Policy Framework
IIT security is crucial to any organization's ability to survive as the assurance of the security of personal data become more and more paramount
Definitions
Policy- a short written statement that states the course of action or direction of an orginazation
Standard- a detailed written definition for hardware and software and how they are used. ensure that consistent security controls are used throughout the IT system
Procedure- written instructions for how to use policies and standards. They may include a plan of action, installation, testing, and auditing of security controls
Guidelines- a suggested course of action for using the policy, standards, or procedures. Guidelines can be specific or they can be flexible
Data Classification Standards
Private Data- data about people that MUST be kept private
Internal use only- INformation of data shared internally by an organization, intended to not leave the organization
Confidential- Information or data owned by the organization
Public Domain Data- Information or data shared with the public such as website content, white papers, and such