Information Security Overview (The need for ISS (Potential risk (Hostile…
Information Security Overview
The need for
Purpose : Protect Assets
Physically : Strong walls, well-guarded door to secure access – closed network
Emerging technologies, LANs and WANs : e-business, mobile commerce, wireless networks – creating untold number of security risks
Firewall : intrusion detection, authentication, authorization and vulnerability assessment system
Keeping the bad guys out : increasing complex ways of letting good guys in
Perform only authorized tasks
obtain only authorized information
Cannot cause damage to the data, applications, or operating environment of a system.
Prevent unauthorized access to the network.
Ensure authentic users can effectively access the network and its services.
Applications that can protect the network from unauthorized access are in place.
Hackers or corporate competitors
Processes & methodologies involve keeping information confidential, available, & assuring its integrity.
Access controls, preventing unauthorized personnel from entering or accessing a system.
Protect information no matter where there are.
Detection & remediation of security breaches, as well as documenting those events.
Protect information from disclosure to unauthorized parties.
Protect information from modification of unauthorized parties
Ensure authorized parties able to access the information when needed.
Potential Risk of ISS
The process of identifying, quantifying and prioritizing the vulnerabilities in the system.
To ensure configurations are correctly set and the proper security patches are applied.
To identify a threat in the system.
Unauthorized access to information through networks.
To identify the resources used in network for various applications.
Network devices such as routers, switches and firewalls should be taken care.
Network resources should be able to identify users’ privacy.