Principles of InformationSecurity : Principles of InformationSecurity Frank Giannotti
MCT, MCSE, MCSA, Security +, A+, DHTI+
Housekeeping: : Housekeeping: Please set all cell phones to silent mode
Be respectful to all in the classroom
Please DO ask questions, but do it in a orderly fashion
Learning Objectives: : Learning Objectives: Understand the definition of information security
Understand the key terms and critical concepts of information security
Understand the components of an Information System
Information Security VS Information Access
TJX January 2007 : TJX January 2007 Unauthorized Intrusion to Credit and Debit Account information to 1,750 stores and 4 Million Customers between the years 2003 and 2006
The following store were affected:
T.J. Maxx
Marshalls
HomeGoods
A.J. Wright
Winners
HomeSense
Bob's Stores
Veteran’s Administration May 2006 : Veteran’s Administration May 2006 In May 2006, VA learned that an employee, a data analyst, took home electronic data from VA that was stored in his home on a laptop computer and external hard drive. He was not authorized to take this data home. This behavior was in violation of VA policies.
Slide 6 : The employee's home was burglarized and the computer equipment, along with various other items, were stolen. The electronic data stored on this computer included identifying information for millions of veterans.
Stop & Shop February 2007 : Stop & Shop February 2007 Stop & Shop said customer information, including personal identification codes for cards, was confirmed stolen from supermarkets in Coventry and Cranston, R.I.
High-tech thieves had broken into checkout-line card readers and planted the equivalent of bugs to steal information.
What is Security? : What is Security? “The quality or state of being secure—to be free from danger”
A successful organization should have multiple layers of security in place:
Physical security
Personal security
Operations security
Communications security
Network security
Information security
What is Information Security? : What is Information Security? The protection of information and its critical elements, including systems and hardware that use, store, and transmit that information
Necessary tools: policy, awareness, training, education, technology
Critical Characteristics of Information : Critical Characteristics of Information The value of information comes from the characteristics it possesses:
Availability
Accuracy
Authenticity
Slide 12 : Confidentiality
Information classification
Secure document storage
Application of general security policies
Education of information custodians and end users
Integrity
Utility
Possession
Components of an Information System : Components of an Information System Software
Hardware
Data
People
Procedures
Networks
Balancing Information Security and Access : Balancing Information Security and Access Impossible to obtain perfect security—it is a process, not an absolute
Security should be considered a balance between protection and availability
To achieve balance, level of security must allow reasonable access, yet protect against threats
To Sum Up! : To Sum Up! Information Security is the protection of information and its critical elements, including systems and hardware that use, store, and transmit that information
Slide 16 : Components of an Information System
Software
Hardware
Data
People
Procedures
Networks
Critical concepts of information security : Critical concepts of information security Availability
Accuracy
Authenticity
Confidentiality
Integrity
Utility
Possession
Delicate Balancing Act BetweenInformation Security and Access : Delicate Balancing Act BetweenInformation Security and Access Cannot have Maximum Security AND Maximum Access
Balance may vary between companies, and well as within companies