1 / 10

Session 1 – Introduction to Information Security

Session 1 – Introduction to Information Security. Security Objectives. Confidentiality (includes privacy) Integrity Availability . Information Security Framework. Information security policy (what is important, who are accountable and responsible?)

niveditha
Télécharger la présentation

Session 1 – Introduction to Information Security

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Session 1 – Introduction to Information Security CSE 4482, Fall 2012, D Chan

  2. Security Objectives • Confidentiality (includes privacy) • Integrity • Availability CSE 4482, Fall 2012, D Chan

  3. Information Security Framework • Information security policy (what is important, who are accountable and responsible?) • Information security standards (acceptable levels of security in systems development and operation. • Information security procedures (how to protect?) CSE 4482, Fall 2012, D Chan

  4. Information Security Framework • Information security infrastructure, firewalls, virtual private network etc. • Information security software, anti-virus software, access control software, application security etc. • Chief information security officer, information security staff. CSE 4482, Fall 2012, D Chan

  5. Information Security Framework • Information classification based on sensitivity. • Keep in mind the objectives of confidentiality, integrity and availability. • Information ownership. CSE 4482, Fall 2012, D Chan

  6. Security Processes • Identification • Authentication • Authorization • Logging • Monitoring CSE 4482, Fall 2012, D Chan

  7. Common Security Measures • Password • Two-factor authentication • Biometrics • Access control lists for granting authorization to information • Locks • Encryption • Anti-virus • Usage and rejection reports CSE 4482, Fall 2012, D Chan

  8. Passwords • Should not be shared • Should be changed by user • Should be changed frequently and upon compromise (suspected unauthorized disclosure) CSE 4482, Fall 2012, D Chan

  9. Passwords • Long, at least 8 characters • Alphanumeric • Hashed (one-way scrambling) • System should allow only a few attempts before locking out account CSE 4482, Fall 2012, D Chan

  10. Passwords • An 8-letter password is 676 times stronger than a 6-letter password. • A 6-character alphanumeric password is 6 times stronger than a 6-letter password. • Strength should depend on user’s privilege and locality of system. CSE 4482, Fall 2012, D Chan

More Related