Please enable JavaScript.
Coggle requires JavaScript to display documents.
8: CONTROLS FOR INFORMATION SECURITY - Coggle Diagram
8: CONTROLS FOR INFORMATION SECURITY
5 PRINCIPLES TO SYSTEM RELIABILITY
1- security - access to the system and data
2- Confidentiality - sensitive organizational information
3- privacy - personal information
4- processing integrity - data are processed accurately, completely
5- availability - the system and its information are available
TWO FUNDAMENTAL INFORMATION SECURITY CONCEPTS
1- SECURITY IS A MANAGEMENT ISSUE, NOT JUST A TECHNOLOGY ISSUE
SECURITY LIFE CYCLE
1- assess threats and select risk response
2- develop information security policies and communicating them to all employees
3- acquire and implement solutions
4- monitor performance
2- THE TIME BASED MODEL OF INFORMATION SECURITY
TIME BASED MODEL
to employ a combination of preventive, detective and corrective controls to protect information assets long enough
based on formula : (P>D+R)
P = the time it takes an attacker to break
Q= the time takes for organization to detect
R= the tome to respond and stop the attack
UNDERSTANDING TARGETTED ATTACKS
1- conduct reconnaissance
2- attempt social engineering
3- scan and map the target
4- research
5- execute the attack
6- cover tracks
TIME BASED MODEL COMPONENT
1- PROTECTION
people
creation of a 'security-aware' culture
training
process : user access controls (authentication and authorization)
process: penetration testing
process: change controls and change management
IT solutions
anti-malware
network access controls (firewalls, intrusion prevention systems)
device and software hardening
encryption
physical security: access controls (locks, guards)
2- DETECTION
log analysis
intrusion detection systems
continuous monitoring
3- RESPONSE
computer incident response teams (CIRT)
chief information security officer (CISO)