Please enable JavaScript.
Coggle requires JavaScript to display documents.
Information Security Overview (The need for ISS (Potential risk (Hostile…
Information Security Overview
The need for
ISS
Purpose : Protect Assets
Physically : Strong walls, well-guarded door to secure access – closed network
Emerging technologies, LANs and WANs : e-business, mobile commerce, wireless networks – creating untold number of security risks
Firewall : intrusion detection, authentication, authorization and vulnerability assessment system
Keeping the bad guys out : increasing complex ways of letting good guys in
Expectation
Perform only authorized tasks
obtain only authorized information
Cannot cause damage to the data, applications, or operating environment of a system.
Network security
Prevent unauthorized access to the network.
Ensure authentic users can effectively access the network and its services.
Applications that can protect the network from unauthorized access are in place.
Potential risk
Hostile nations/state
Terrorist
Criminal elements
Hackers or corporate competitors
INFOSEC
Processes & methodologies involve keeping information confidential, available, & assuring its integrity.
Access controls, preventing unauthorized personnel from entering or accessing a system.
Protect information no matter where there are.
Detection & remediation of security breaches, as well as documenting those events.
Characteristics of
ISS
Confidentiality
Protect information from disclosure to unauthorized parties.
Integrity
Protect information from modification of unauthorized parties
Availabilty
Ensure authorized parties able to access the information when needed.
Potential Risk of ISS
Vulnerability Assessment
The process of identifying, quantifying and prioritizing the vulnerabilities in the system.
To ensure configurations are correctly set and the proper security patches are applied.
Threat Identification
To identify a threat in the system.
Unauthorized access to information through networks.
Asset Identification
To identify the resources used in network for various applications.
Network devices such as routers, switches and firewalls should be taken care.
Network resources should be able to identify users’ privacy.