Chapter 1: Information Security Fundamentals - PowerPoint PPT Presentation

About This Presentation
Title:

Chapter 1: Information Security Fundamentals

Description:

USA PATRIOT Act 2001. HIPAA. Health Insurance Portability and Accounting Act (1996) ... The US Patriot Act also authorizes law enforcement to install electronic ... – PowerPoint PPT presentation

Number of Views:59
Avg rating:3.0/5.0
Slides: 31
Provided by: hills
Learn more at: https://hills.ccsf.edu
Category:

less

Transcript and Presenter's Notes

Title: Chapter 1: Information Security Fundamentals


1
Chapter 1 Information Security Fundamentals
  • Mission College CIT 016
  • Security

2
Objectives
  • Identify the challenges for information security
  • Define information security
  • Explain the importance of information security

3
Objectives
  • List and define information security terminology
  • Describe the CompTIA Security certification exam
  • Describe information security careers

4
Challenges for Information Security
  • Challenge of keeping networks and computers
    secure has never been greater
  • A number of trends illustrate why security is
    becoming increasingly difficult
  • Many trends have resulted in security attacks
    growing at an alarming rate

5
Identifying the Challenges for Information
Security (continued)
  • Computer Emergency Response Team (CERT) security
    organization compiles statistics regarding number
    of reported attacks, including
  • Speed of attacks
  • Sophistication of attacks
  • Faster detection of weaknesses
  • Distributed attacks
  • Difficulties of patching

6
Challenges for Information Security
7
Challenges for Information Security
8
Defining Information Security
  • Information security
  • Tasks of guarding digital information, which is
    typically processed by a computer (such as a
    personal computer), stored on a magnetic or
    optical storage device (such as a hard drive or
    DVD), and transmitted over a network spacing

9
Defining Information Security
  • Ensures that protective measures are properly
    implemented
  • Is intended to protect information
  • Involves more than protecting the information
    itself

10
Defining Information Security
11
Defining Information Security
  • Three characteristics of information must be
    protected by information security
  • Confidentiality
  • Integrity
  • Availability
  • Center of diagram shows what needs to be
    protected (information)
  • Information security achieved through a
    combination of the three above entities

12
Importance of Information Security
  • Information security is important to businesses
  • Prevents data theft
  • Avoids legal consequences of not securing
    information
  • Maintains productivity
  • Foils cyberterrorism
  • Thwarts identity theft

13
Preventing Data Theft
  • Security often associated with theft prevention
  • Drivers install security systems on their cars to
    prevent the cars from being stolen
  • Same is true with information security?businesses
    cite preventing data theft as primary goal of
    information security

14
Preventing Data Theft (continued)
  • Theft of data is single largest cause of
    financial loss due to a security breach
  • One of the most important objectives of
    information security is to protect important
    business and personal data from theft

15
Avoiding Legal Consequences
  • In recent years, a number of federal and state
    laws have been enacted to protect the privacy or
    electronic data.
  • Businesses that fail to protect data may face
    serious penalties
  • Laws include
  • The Health Insurance Portability and
    Accountability Act of 1996 (HIPAA)
  • The Sarbanes-Oxley Act of 2002 (Sarbox)
  • The Gramm-Leach-Bliley Act (GLBA)
  • USA PATRIOT Act 2001

16
HIPAA
  • Health Insurance Portability and Accounting Act
    (1996)
  • Title I of HIPAA protects health insurance
    coverage for workers and their families when they
    change or lose their jobs.
  • Title II, the Administrative Simplification (AS)
    provisions, requires the establishment of
    national standards for electronic health care
    transactions and national identifiers for
    providers, health insurance plans, and employers.
  • The AS provisions also address the security and
    privacy of health data.
  • http//en.wikipedia.org/wiki/HIPAA

17
Sarbanes-Oxley Act of 2002
  • Federal law passed in response to a number of
    major corporate and accounting scandals.
  • SOX or SarbOX requires stringent reporting
    requirements and internal controls on electronic
    financial reporting systems.
  • Corporate officers who knowingly certify a false
    financial report can be fined up to 5 million
    and serve 20 yrs. in prison.
  • http//en.wikipedia.org/wiki/Sarbanes-Oxley_Act

18
Gramm-Leach-Bliley Act (GLBA)
  • The GLBA requires banks and financial
    institutions to alert customers of their policies
    and practices in disclosing customer information.
  • The GLBA also states that all electronic and
    paper data containing personally identifiable
    financial information must be protected.
  • The Gramm-Leach-Bliley Act (GLBA) also allowed
    commercial and investment banks to consolidate.
  • http//www.consumerprivacyguide.org/law/glb.shtml
  • http//en.wikipedia.org/wiki/Gramm-Leach-Bliley_Ac
    t

19
US Patriot Act (2001)
  • Designed to broaden the surveillance of law
    enforcement agencies so they can detect and
    suppress terrorism.
  • The US Patriot Act also authorizes law
    enforcement to install electronic monitoring
    devices to assess computer and telephone usage.
  • http//en.wikipedia.org/wiki/Patriot_Act
  • http//www.epic.org/privacy/terrorism/usapatriot/
  • http//thomas.loc.gov/cgi-bin/bdquery/z?d107h.r.0
    3162

20
Maintaining Productivity
  • After an attack on information security, clean-up
    efforts divert resources, such as time and money
    away from normal activities
  • A Corporate IT Forum survey of major corporations
    showed
  • Each attack costs a company an average of
    213,000 in lost man-hours and related costs
  • One-third of corporations reported an average of
    more than 3,000 man-hours lost

21
Maintaining Productivity
22
Foiling Cyberterrorism
  • An area of growing concern among defense experts
    are surprise attacks by terrorist groups using
    computer technology and the Internet
    (cyberterrorism)
  • These attacks could cripple a nations electronic
    and commercial infrastructure
  • Our challenge in combating cyberterrorism is that
    many prime targets are not owned and managed by
    the federal government
  • http//www.pbs.org/wgbh/pages/frontline/shows/cybe
    rwar/

23
Thwarting Identity Theft
  • Identity theft involves using someones personal
    information, such as social security numbers, to
    establish bank or credit card accounts that are
    then left unpaid, leaving the victim with the
    debts and ruining their credit rating
  • National, state, and local legislation continues
    to be enacted to deal with this growing problem
  • The Fair and Accurate Credit Transactions Act of
    2003 is a federal law that addresses identity
    theft
  • Consumers can receive a free copy of their credit
    report once every year.

24
Information Security Terminology
25
Exploring the CompTIA Security Certification Exam
  • Since 1982, the Computing Technology Industry
    Association (CompTIA) has been working to advance
    the growth of the IT industry
  • CompTIA is the worlds largest developer of
    vendor-neutral IT certification exams
  • The CompTIA Security certification tests for
    mastery in security concepts and practices

26
Exploring the CompTIA Security Certification Exam
  • Exam was designed with input from security
    industry leaders, such as VeriSign, Symantec, RSA
    Security, Microsoft, Sun, IBM, Novell, and
    Motorola
  • The Security exam is designed to cover a broad
    range of security topics categorized into five
    areas or domains
  • General Security Concepts 30
  • Communication Security 20
  • Infrastructure Security 20
  • Basics of Cryptography 15
  • Operational and Organizational Security 15

27
Surveying Information Security Careers
  • Information security is one of the fastest
    growing career fields
  • As information attacks increase, companies are
    becoming more aware of their vulnerabilities and
    are looking for ways to reduce their risks and
    liabilities

28
Surveying Information Security Careers
  • Sometimes divided into three general roles
  • Security manager develops corporate security
    plans and policies, provides education and
    awareness, and communicates with executive
    management about security issues
  • Security engineer designs, builds, and tests
    security solutions to meet policies and address
    business needs
  • Security administrator configures and maintains
    security solutions to ensure proper service
    levels and availability

29
Summary
  • The challenge of keeping computers secure is
    becoming increasingly difficult
  • Attacks can be launched without human
    intervention and infect millions of computers in
    a few hours
  • Information security protects the integrity,
    confidentiality, and availability of information
    on the devices that store, manipulate, and
    transmit the information through products,
    people, and procedures

30
Summary (continued)
  • Information security has its own set of
    terminology
  • A threat is an event or an action that can defeat
    security measures and result in a loss
  • CompTIA has been working to advance the growth of
    the IT industry and those individuals working
    within it
  • CompTIA is the worlds largest developer of
    vendor-neutral IT certification exams
Write a Comment
User Comments (0)
About PowerShow.com