Information Security Fundamentals

1
Information Security Fundamentals
Chapter 1

• Security Guide to Network Security Fundamentals
• Second Edition

2
Important Terms

• Asset
• COPPA Childrens Online Privacy Protection Act
• CDSBA California Database Security Breach Act
• Cyberterrorism
• Exploit
• HIPAA Health Insurance Portability
  Accountability Act
• GLBA Gramm-Leach-Bliley Act
• Information Security
• Patch
• Risk
• Sarbanes-Oxley Act Sarbox
• Threat
• Threat Agent
• USA Patriot Act
• vulnerability

3
Objectives

• Identify the challenges for information security
• Define information security
• Explain the importance of information security
• List and define information security terminology
• Describe the CompTIA Security certification exam
• Describe information security careers

4
Identifying the Challenges for Information
Security

• Challenge of keeping networks and computers
  secure has never been greater
• A number of trends illustrate why security is
  becoming increasingly difficult
• Many trends have resulted in security attacks
  growing at an alarming rate

5
Identifying the Challenges for Information
Security (continued)

• Computer Emergency Response Team (CERT) security
  organization compiles statistics regarding number
  of reported attacks, including
• Speed of attacks
• Sophistication of attacks
• Faster detection of weaknesses
• Distributed attacks
• Difficulties of patching

6
Identifying the Challenges for Information
Security (continued)
7
Identifying the Challenges for Information
Security (continued)
8
Defining Information Security

• Information security
• Tasks of guarding digital information, which is
  typically processed by a computer (such as a
  personal computer), stored on a magnetic or
  optical storage device (such as a hard drive or
  DVD), and transmitted over a network spacing
• Ensures that protective measures are properly
  implemented
• Is intended to protect information
• Involves more than protecting the information
  itself

9
Defining Information Security (continued)
10
Defining Information Security (continued)

• Three characteristics of information must be
  protected by information security
• Confidentiality
• Integrity
• Availability
• Center of diagram shows what needs to be
  protected (information)
• Information security achieved through a
  combination of three entities

11
Understanding the Importance of Information
Security

• Information security is important to businesses
• Prevents data theft
• Avoids legal consequences of not securing
  information
• Maintains productivity
• Foils cyberterrorism
• Thwarts identity theft

12
Preventing Data Theft

• Security often associated with theft prevention
• Drivers install security systems on their cars to
  prevent the cars from being stolen
• Same is true with information security?businesses
  cite preventing data theft as primary goal of
  information security
• Theft of data is single largest cause of
  financial loss due to a security breach
• One of the most important objectives of
  information security is to protect important
  business and personal data from theft

13
Avoiding Legal Consequences

• Businesses that fail to protect data may face
  serious penalties
• Laws include
• The Health Insurance Portability and
  Accountability Act of 1996 (HIPAA)
• The Sarbanes-Oxley Act of 2002 (Sarbox)
• The Cramm-Leach-Blilely Act (GLBA)
• USA PATRIOT Act 2001

14
Maintaining Productivity

• After an attack on information security, clean-up
  efforts divert resources, such as time and money
  away from normal activities
• A Corporate IT Forum survey of major corporations
  showed
• Each attack costs a company an average of
  213,000 in lost man-hours and related costs
• One-third of corporations reported an average of
  more than 3,000 man-hours lost

15
Maintaining Productivity (continued)
16
Foiling Cyberterrorism

• An area of growing concern among defense experts
  are surprise attacks by terrorist groups using
  computer technology and the Internet
  (cyberterrorism)
• These attacks could cripple a nations electronic
  and commercial infrastructure
• Our challenge in combating cyberterrorism is that
  many prime targets are not owned and managed by
  the federal government

17
Cyber Security Tips Top Ten

• Use anti-virus software keep it up to date
• Dont open e-mails or attachments from unknown
  sources
• Protect your computer from internet intruders
  use firewalls
• Regularly download security updates patches
  for operating systems and other software
• Use hard-to-guess passwords mix upper, lower
  case and other characters and make sure it is at
  least eight characters long
• Back-up your computer data on disk or CDs
  regularly
• Dont share access to your computer with strangers

18
Cyber Security Tips Top Ten

• Disconnect from the net when not in use
• Check your security on a regular basis
• Make sure your family members and/or employees
  know what to do when your computer becomes
  infected.

19
Thwarting Identity Theft

• Identity theft involves using someones personal
  information, such as social security numbers, to
  establish bank or credit card accounts that are
  then left unpaid, leaving the victim with the
  debts and ruining their credit rating
• National, state, and local legislation continues
  to be enacted to deal with this growing problem
• The Fair and Accurate Credit Transactions Act of
  2003 is a federal law that addresses identity
  theft

20
Understanding Information Security Terminology
21
Exploring the CompTIA Security Cert Exam

• Since 1982, the Computing Technology Industry
  Association (CompTIA) has been working to advance
  the growth of the IT industry
• CompTIA is the worlds largest developer of
  vendor-neutral IT certification exams
• The CompTIA Security certification tests for
  mastery in security concepts and practices
• Exam was designed with input from security
  industry leaders, such as VeriSign, Symantec, RSA
  Security, Microsoft, Sun, IBM, Novell, and
  Motorola
• The Security exam is designed to cover a broad
  range of security topics categorized into five
  areas or domains

22
Surveying Information Security Careers

• Information security is one of the fastest
  growing career fields
• As information attacks increase, companies are
  becoming more aware of their vulnerabilities and
  are looking for ways to reduce their risks and
  liabilities
• Sometimes divided into three general roles
• Security manager develops corporate security
  plans and policies, provides education and
  awareness, and communicates with executive
  management about security issues
• Security engineer designs, builds, and tests
  security solutions to meet policies and address
  business needs
• Security administrator configures and maintains
  security solutions to ensure proper service
  levels and availability

23
Summary

• The challenge of keeping computers secure is
  becoming increasingly difficult
• Attacks can be launched without human
  intervention and infect millions of computers in
  a few hours
• Information security protects the integrity,
  confidentiality, and availability of information
  on the devices that store, manipulate, and
  transmit the information through products,
  people, and procedures Information security has
  its own set of terminology
• A threat is an event or an action that can defeat
  security measures and result in a loss
• CompTIA has been working to advance the growth of
  the IT industry and those individuals working
  within it
• CompTIA is the worlds largest developer of
  vendor-neutral IT certification exams

24
End of Chapter