Information Systems Security - PowerPoint PPT Presentation

About This Presentation
Title:

Information Systems Security

Description:

Information Systems Security IS 460 Notes by Thomas Hilton Overview What is an Information System Personnel Security Procedural Security Facilities Security Technical ... – PowerPoint PPT presentation

Number of Views:270
Avg rating:3.0/5.0
Slides: 15
Provided by: TomHi98
Learn more at: https://people.uwec.edu
Category:

less

Transcript and Presenter's Notes

Title: Information Systems Security


1
Information Systems Security
  • IS 460 Notesby Thomas Hilton

2
Overview
  • What is an Information System
  • Personnel Security
  • Procedural Security
  • Facilities Security
  • Technical Security
  • Security Implementation

3
Security PerspectiveWhat is an Information
System
  • The General Systems View
  • Intended Output
  • Unintended Output
  • Main Input
  • Spurious Input
  • Transformation Processes
  • Output Interface
  • Input Interface
  • Control Processes

4
Security PerspectiveWhat is an Information
System
  • Intended Output High Quality Information
  • Unintended Output Mis-, Dis-, Untimely,
    Irrelevant, Unknown Origin
  • Main Input High Quality Data
  • Spurious Input Mis-, Dis-, Untimely, Irrelevant,
    Unknown Origin
  • Transformation Processes Hardware, Software,
    Procedures, People
  • Output Interface Video/Print/Audio/Tactile-Kinest
    hetic/Olfactory, Email/IM/Website/Telnet/Disks/Cab
    le/Wireless, Conversations/Phone/Notes/Memos/Termi
    nations/Departures
  • Input Interface Tactile-Kinesthetic/Audio/Video/P
    rint/Olfactory, Email/IM/Web/Telnet/Disks/Cable/Wi
    reless, Conversations/Phone/Notes/Memos/Hires/Arri
    vals
  • Control Processes ?

5
Scope of Security Subsystem
  • a lá U.S. Department of Defense
  • Personnel
  • Procedural
  • Facilities
  • Technical

6
Personnel Security
  • Security Organization
  • Steering Committee
  • CSO
  • Other security personnel
  • Security responsibilities of all personnel
  • Human Resources
  • Hiring and Remuneration
  • Vacation
  • Termination

7
Procedural Security
  • Risk Assessment
  • Security Audit
  • Security Policy
  • Business Continuity Plan
  • Training Plan

8
Facilities Security
  • Proximity (Each other, Users, Threats)
  • Perimeters (Boundaries, Access)
  • Power (Electricity Availability, Quality)
  • Etc. (Cooling, Hardening, )

9
Technical Security
  • Event Management
  • Deter
  • Detect
  • Mitigate
  • Recover
  • Debrief
  • Information C.I.A.
  • Confidentiality
  • Integrity
  • Availability

10
Security Implementation
  • Individual Workstation
  • Workgroup LAN
  • Enterprise WAN / Intranet
  • E-Commerce Internet

11
Security ImplementationIndividual / Workstation
  • Operating Systems and Applications
  • User Account Management
  • Data File Management
  • Anti-Virus Software
  • Personal Firewall
  • Other Utilities

12
Security Implementation Workgroup / LAN
  • All of the above
  • Server security
  • Eaves-dropping
  • Topologies

13
Security Implementation Enterprise / WAN
  • All of the above
  • DMZs (multiple firewalls)
  • Routers
  • Cold/Hot Site synchronization
  • VPNs

14
Security Implementation E-Commerce / Internet
  • All of the above
  • Internet visible systems
  • HTML
  • FTP
  • SMTP
  • Etc.
Write a Comment
User Comments (0)
About PowerShow.com