Model Information Security Planning By Mohammed Ashfaq Ahmed

1
Model Information Security PlanningBy Mohammed
Ashfaq Ahmed
2
Adopt multilayered security model

• Follow defense-in-depth strategy
• Defense-in-depth design from inside out but
  tested from the outside in,
• Information lies at core and most reliable
  protection element lie close to it
• Penetration of attackers occurs from outside in

3
Seven layer security model

• It covers both the security of information as
  well as the security of the information system
• The layers of the model are
• Information at the core
• Cryptographic method layer
• Verification and authentication layer
• OS hardening layer
• Information system architecture and design
• Web services layer
• The 8 ps of security layer

4
Benefits of this model..

• vigorously protects information
• Will slow down perpetrators as they attempt any
  attack
• Discourage attackers
• Assist in identification of hackers
• Low cost and effective

5
Information at the core..

• Information reside at the core of the model
• Why information at the core why not information
  system
• Reason..
• The information system is too vast and cannot be
  narrowed sufficiently

6
Information has many properties like disguise,
protect, authenticate, test..

• The most important and interesting quality of
  information is changing state and still retaining
  all of its semantic value
• These factors allows us to effectively manage the
  
• information

7
2. Cryptographic method layer..

• It is the second layer and actually the most
  important from a security countermeasure point
• It represents a formidable barrier that coats and
  protects information
• It uses the properties of information

8
Advantages..

• Cryptography disguises information
• Cryptographic methods are extremely complex and
  require significant time and cost to break
• it provides an elegant linkage to the
  authentication and verification layer
• Cryptographic layers are many and varied

9
3.Authentication and verification layer..

• It is closely related to cryptographic layer
• It has two distinct parts
• The inner authentication and verification which
  pertains to the information exclusively
  Ex.
  Digital signatures, code signing, etc.
• The outer half which provides an authentication
  and verification for the information system
• Ex. Password, access controls, etc
  

10
Authentication is the process of determining if
the information presented is real or fake

• Authentication techniques usually take advantage
  of any of the following four factors to
  authenticate access to information
• Possession factor something you have that grant
  access to information ex smartcard, token
  etc.
• Biometric factor something that you are that
  identifies you uniquely ex finger print, face
  print, DNA etc.

11

• 3. Knowledge factor something you know that is
  secret
• Ex. Password, username etc.
• 4. Integrity factor something that allows the
  authentication routines to authenticate your
  actions after you are admitted access
• Ex. Message authentication code( macs)

12

• Authentication techniques can be used either
  directly with information or as a part of
  information system
• Verification is the one-to-one process of
  matching the user by name against an
  authentication template, maintained by trusted
  third party and provide the authentication status

13

• My Question?

14
Answer

• The model is design from the inside out and
  tested from outside in. It mean that information
  is at the core to the model ant the most reliable
  protection elements of the plan are placed
  closest to it. penetration by attackers occurs
  from outside in, this concept is known as defense
  in depth.