introduction to information
play

Introduction to information security Lecture #1 Security in - PowerPoint PPT Presentation

Jun 24, 2023 •290 likes •749 views

Introduction to information security Lecture #1 Security in Organizations 2011 Eric Verheul 1 Outline The lectures I will give Information Security events in the media What is Information Security? Recap Study for next

  1. Introduction to information security Lecture #1 Security in Organizations 2011 Eric Verheul 1

  2. Outline • The lectures I will give • Information Security events in the media • What is Information Security? • Recap • Study for next week 2

  3. The lectures I will give Things I will teach • Information security in organizations in practice based on the ISO 27001 / ISO 27002 standards • Conducting IS risk assessments in organizations • Introduction to EDP audits and auditors • Writing an information security policy 3

  4. The lectures I will give Information Security (IS) • Information Security: • Preservation of confidentiality, integrity and availability of information (ISO). • The protection of information and information systems from unauthorized access, use, disclosure, disruption, modification, or destruction in order to provide confidentiality, integrity, and availability (NIST). • The condition in which confidentiality, integrity and availability of information and information technology are protected by appropriate safeguards. (BSI). 4

  5. The lectures I will give Literature Main literature for my lectures (apart from the slides): 1. ISO 27001, ISO 27002, ISO 27005 2. How to Achieve 27001 Certification , Sigurjon Thor Arnason, Keith D. Willett, Auerbach publications, 2008. Accessible through SIO webpage 3. Management Issues, Chapter 22 of Security Engineering: A Guide to Building Dependable Distributed Systems, R. Anderson 4. What Is Security Engineering? Chapter 23 of Security Engineering: A Guide to Building Dependable Distributed Systems, R. Anderson 5

  6. Outline • The lectures I will give • Information Security events in the media • What is Information Security? • Recap • Study for next week 6

  7. Citibank admits: we've lost the backup tape C7 C5 C14 C11 C12 C8 C13 7

  8. Information Security events in the media Management commitment C5 ISO 27002 Chapter 5: SECURITY POLICY 8

  9. Information Security events in the media Organization of information security C6 ISO 27002 Chapter 6: Organization of Information Security 9

  10. Information Security events in the media Organization of information security C6 ISO 27002 Chapter 6: Organization of Information Security 10

  11. Information Security events in the media Lost USB sticks C7 ISO 27002 Chapter 7: ASSET MANAGEMENT 11

  12. Information Security events in the media Lost backup tapes Citibank admits: we've C7 lost the backup tape C7 Source http://www.theregister.co.uk ISO 27002 Chapter 7: ASSET MANAGEMENT 12

  13. Information Security events in the media Lost tax declarations C7 ISO 27002 Chapter 7: ASSET MANAGEMENT 13

  14. Information Security events in the media User awareness C8 ISO 27002 Chapter 8: HUMAN RESOURCES SECURITY 14

  15. Information Security events in the media User awareness C8 Source http://www.rtl.nl ISO 27002 Chapter 8: HUMAN RESOURCES SECURITY 15

  16. Information Security events in the media Screening C8 ISO 27002 Chapter 8: HUMAN RESOURCES SECURITY 16

  17. Information Security events in the media Physical security C9 ISO 27002 Chapter 9: PHYSICAL AND ENVIRONMENTAL SECURITY 17

  18. Information Security events in the media Physical security C9 ISO 27002 Chapter 9: PHYSICAL AND ENVIRONMENTAL SECURITY 18

  19. Information Security events in the media Fire C9 ISO 27002 Chapter 9: PHYSICAL AND ENVIRONMENTAL SECURITY 19

  20. Information Security events in the media Power failure C9 Source http://www.webwereld.nl ISO 27002 Chapter 9: PHYSICAL AND ENVIRONMENTAL SECURITY 20

  21. Information Security events in the media Power failure C9 Source http://www.nos.nl, August 10 2009 ISO 27002 Chapter 9: PHYSICAL AND ENVIRONMENTAL SECURITY 21

  22. Information Security events in the media Malicious code protection C10 ISO 27002 Chapter 10: COMMUNICATIONS AND OPERATIONS MANAGEMENT 22

  23. Information Security events in the media Malicious code protection C10 ISO 27002 Chapter 10: COMMUNICATIONS AND OPERATIONS MANAGEMENT 23

  24. Information Security events in the media Patching C10 ISO 27002 Chapter 10: COMMUNICATIONS AND OPERATIONS MANAGEMENT 24

  25. Information Security events in the media Password management C11 Source http://www.infosectoday.com ISO 27002 Chapter 11 : ACCESS CONTROL 25

  26. Information Security events in the media Security in software lifecycle C12 Source http://news.zdnet.co.uk ISO 27002 Chapter 12: INFORMATION SYSTEMS ACQUISITION, DEVELOPMENT AND MAINTENANCE 26

  27. Information Security events in the media Security incident handling C13 ISO 27002 Chapter 13: INFORMATION SECURITY INCIDENT MANAGEMENT 27

  28. Information Security events in the media Massive loss of information and employees C14 September 9, 2001 ISO 27002 Chapter 14: BUSINESS CONTINUITY MANAGEMENT 28

  29. Information Security events in the media Non compliance with privacy regulations C15 ISO 27002 Chapter 15: COMPLIANCE 29

  30. Information Security events in the media Non compliance with privacy regulations C15 ISO 27002 Chapter 15: COMPLIANCE 30

  31. Information Security controls (ISO 27002) ISO 27002 H ISO 27002 NEN Vertaling 5 Security Policy Beveiligingsbeleid 6 Organization of Information Security Beveiligingsorganisatie 7 Asset Management Classificatie en beheer van bedrijfsmiddelen 8 Human resources security Beveiligingseisen ten aanzien van personeel 9 Physical and Environmental Security Fysieke beveiliging en beveiliging van de omgeving 10 Communications and Operations Beheer van communicatie- en Management bedieningsprocessen 11 Access Control Toegangsbeveiliging 12 Information Systems Acquisition, Ontwikkeling en onderhoud van Development and Maintenance systemen 13 Information Security Incident Incidentmanagement Management 14 Business Continuity Management Continuïteitsmanagement 15 Compliance Naleving 31

  32. Outline • The lectures I will give • Information Security events in the media • What is Information Security? • Recap • Study for next week 32

  33. What is Information Security? Information Security (IS) Do you think that the incidents we have seen would not have occurred when the organizations implemented the 133 controls from ISO 27002? 33

  34. What is Information Security? Information Security (IS) Strangely enough the notion of ‘risk’ is not involved in these definitions. 34

  35. What is Information Security Alternative definition of IS • Adequately protecting information against possible threat manifestations. 35

  36. What is Information Security Alternative definition of IS • Adequately protecting the confidentiality, integrity and availability of information against possible threat manifestations. 36

  37. What is Information Security? Alternative definition of IS • Adequately protecting the confidentiality, integrity and availability of information against possible threat manifestations. • Threat manifestation ( or potential incident ): the successful combination of a threat and a vulnerability: • A threat is a) something „negative‟ that can accidentally happen or b) that some party intentionally wants to achieve. • A vulnerability is a weakness that can be accidentally triggered or intentionally exploited. • Threats can be Natural/Environmental or Human. 37

  38. What is Information Security? Alternative definition of IS • Adequately protecting the confidentiality, integrity and availability of information against possible threat manifestations. • Protection (controls) can be either: • Preventive • Detective • Repressive (e.g. fire extinguishers or punishment), or • Corrective (repairing the damage) 38

  39. What is Information Security? Alternative definition of IS • Adequately protecting the confidentiality, integrity and availability of information against possible threat manifestations. Risk Treatment Threat #1 Vulnerability #1 Threat #2 Vulnerability #2 Threat #3 Vulnerability #3 Threat #4 Vulnerability #4 Poten tenti tial al incide dents nts Threat # n Vulnerability # n 39

  40. What is Information Security? Alternative definition of IS • Adequately protecting the confidentiality, integrity and availability of information against possible threat manifestations. • Adequate: as supported by a risk assessment and treatment analysis whereby all possible manifestations of threats and their impacts („risks‟) are considered and somehow all „relevant‟ ones are sufficiently reduced with controls. • Risks are typically reduced but can also be accepted, avoided or transferred. • Who decides, who provides priority/budget? 40

  41. What is Information Security? Alternative definition of IS • Adequately protecting the confidentiality, integrity and availability of information against possible threat manifestations. Risk Treatment Risks can be: Preventive controls • Reduced/removed Detective controls Repressive controls • Accepted Corrective controls • Avoided • Transferred 41

  42. Outline • The lectures I will give • Information Security events in the media • What is Information Security? • Recap • Study for next week 42

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Introduction Information Retrieval Indian Statistical Institute Information Retrieval (ISI)

Introduction Information Retrieval Indian Statistical Institute Information Retrieval (ISI)

Introduction Information Retrieval Indian Statistical Institute Information Retrieval (ISI) Introduction 1 / 20 Course details Books [MRS] Introduction to Information Retrieval , Manning, Raghavan, Schtze. https://nlp.stanford.edu/IR-book/

1.16k views • 23 slides
I. Introduction I. Introduction Importance of Information Technology (IT) Importance of

I. Introduction I. Introduction Importance of Information Technology (IT) Importance of

Basi di Dati e Sistemi informativi II A.A. 2002/2003 I. Introduction I. Introduction Importance of Information Technology (IT) Importance of Information Technology (IT) Information Systems and Organizations Information Systems and

476 views • 18 slides
INTRODUCTION COMS W1001 Introduction to Information Science Boyi Xie 2 Todays Topics

INTRODUCTION COMS W1001 Introduction to Information Science Boyi Xie 2 Todays Topics

1 INTRODUCTION COMS W1001 Introduction to Information Science Boyi Xie 2 Todays Topics General information Introduction to information science Computers Computer programs and algorithms Abstraction Social impacts

387 views • 37 slides
Data, Information and Knowledge (and the delayed Introduction!) Session 2 INST 301 Introduction

Data, Information and Knowledge (and the delayed Introduction!) Session 2 INST 301 Introduction

Data, Information and Knowledge (and the delayed Introduction!) Session 2 INST 301 Introduction to Information Science Outline The Third Wave Data / Information / Knowledge All the usual stuff (syllabus, grading, )

557 views • 22 slides
9 INFORMATION PRODUCTS Chapter Introduction Information products are likely to have a

9 INFORMATION PRODUCTS Chapter Introduction Information products are likely to have a

CHAPTER 9: Information Products -Peter OGrady 1 9 INFORMATION PRODUCTS Chapter Introduction Information products are likely to have a significant market in the new few years. Such products include software, data and databases. They are

454 views • 22 slides
Course Introduction Neural Information Processing: Introduction Welcome and administration

Course Introduction Neural Information Processing: Introduction Welcome and administration

Course Introduction Neural Information Processing: Introduction Welcome and administration Matthias Hennig and Mark van Rossum Course outline and context A short neuroscience summary School of Informatics, University of Edinburgh January 2018

177 views • 5 slides
SLIDE 1 - INTRODUCTION Today we are going to go through some information about ice (also known as

SLIDE 1 - INTRODUCTION Today we are going to go through some information about ice (also known as

SLIDE 1 - INTRODUCTION Today we are going to go through some information about ice (also known as crystal methamphetamine). The information in this PowerPoint has been adapted from the Cracks in the Ice community toolkit, and companion booklet.

482 views • 7 slides
Information Retrieval CS276: Information Retrieval and Web Search Text Classification 1 Chris

Information Retrieval CS276: Information Retrieval and Web Search Text Classification 1 Chris

Introduction to Information Retrieval Introduction to Information Retrieval CS276: Information Retrieval and Web Search Text Classification 1 Chris Manning, Pandu Nayak and Prabhakar Raghavan Introduction to Information Retrieval Ch. 13

658 views • 47 slides
Information Retrieval CS276: Information Retrieval and Web Search Pandu Nayak and Prabhakar

Information Retrieval CS276: Information Retrieval and Web Search Pandu Nayak and Prabhakar

Introduction to Information Retrieval Introduction to Information Retrieval CS276: Information Retrieval and Web Search Pandu Nayak and Prabhakar Raghavan Lecture 4: Index Construction Introduction to Information Retrieval Plan Last

611 views • 49 slides
Overview Information-driven modeling of biomolecular complexes ! Introduction ! Information

Overview Information-driven modeling of biomolecular complexes ! Introduction ! Information

Overview Information-driven modeling of biomolecular complexes ! Introduction ! Information sources ! General aspects of docking ! Information-driven docking with HADDOCK ! Protein-DNA HADDOCKing ! HADDOCKs adventures in CAPRI ! Small molecule

675 views • 28 slides
General Information: 1/7 General Information: 1/7 Course: Course: CS3911 Introduction to

General Information: 1/7 General Information: 1/7 Course: Course: CS3911 Introduction to

General Information: 1/7 General Information: 1/7 Course: Course: CS3911 Introduction to Numerical Methods CS3911 Introduction to Numerical Methods with Fortran Office: Rehki 305 Instructor: Ching-Kuang Shene aka C-K k C K I t t

345 views • 7 slides
Information Retrieval CS276: Information Retrieval and Web Search

Information Retrieval CS276: Information Retrieval and Web Search

Introduction to Information Retrieval Introduction to Information Retrieval CS276: Information Retrieval and Web Search Christopher Manning, Pandu Nayak, and Prabhakar Raghavan

1.49k views • 50 slides
Information Retrieval CS276: Information Retrieval and Web Search

Information Retrieval CS276: Information Retrieval and Web Search

Introduction to Information Retrieval Introduction to Information Retrieval CS276: Information Retrieval and Web Search Christopher Manning and Prabhakar Raghavan Lecture 10: Text

736 views • 57 slides
IN5210 Information Systems Introduction part I 20.08.2020 Petter Nielsen

IN5210 Information Systems Introduction part I 20.08.2020 Petter Nielsen

IN5210 Information Systems Introduction part I 20.08.2020 Petter Nielsen (pnielsen@ifi.uio.no) Agenda 1. Welcome 2. Introduction to the course Motivation Structure 3. Expectations 4. A very short introduction to Information

496 views • 21 slides
Introduction to Bioinformatics: Chapter 11: Measuring Expression of Genome Information Jarkko

Introduction to Bioinformatics: Chapter 11: Measuring Expression of Genome Information Jarkko

HELSINKI UNIVERSITY OF TECHNOLOGY LABORATORY OF COMPUTER AND INFORMATION SCIENCE Introduction to Bioinformatics: Chapter 11: Measuring Expression of Genome Information Jarkko Salojrvi Lecture slides by Samuel Kaski Introduction to

1.07k views • 72 slides
Information and Communication Technology : The INFORMATION THEORY (an INTRODUCTION) presented by:

Information and Communication Technology : The INFORMATION THEORY (an INTRODUCTION) presented by:

Information and Communication Technology : The INFORMATION THEORY (an INTRODUCTION) presented by: Rhiza S. Sadjad rhiza@unhas.ac.id http://www.unhas.ac.id/~rhiza/ Yet, another extended meaning of INFORMATION The UNIT of INFORMATION Key

386 views • 15 slides
Taming the Twitter Beast: Going From Micro-blogging to Macro-Branding Jesse Engle, Co-Founder

Taming the Twitter Beast: Going From Micro-blogging to Macro-Branding Jesse Engle, Co-Founder

Welcome to the 2010 Digital Marketing World Virtual Conference Series Taming the Twitter Beast: Going From Micro-blogging to Macro-Branding Jesse Engle, Co-Founder & CEO, CoTweet Frank Eliason, Senior Vice President of Social Media,

397 views • 23 slides
GRUU again for the last time really Jonathan Rosenberg Cisco Changes from -11 Minor

GRUU again for the last time really Jonathan Rosenberg Cisco Changes from -11 Minor

GRUU again for the last time really Jonathan Rosenberg Cisco Changes from -11 Minor Changes Removed references to provisional responses for non-INVITES Added note from Dales draft about not mucking with Contacts with ;gruu

378 views • 10 slides
Realistic Traffic Generator Hanoch Haim Principal Engineer Agenda Overview Stateless

Realistic Traffic Generator Hanoch Haim Principal Engineer Agenda Overview Stateless

Realistic Traffic Generator Hanoch Haim Principal Engineer Agenda Overview Stateless Advance Stateful 2 TRex Results Open Source Cisco Customers 3 TRex Usa sage ge Ana nalyti ytics cs mont nthl hly y repo

361 views • 32 slides
IPv6 Secure ND implementation report on Cisco IOS Eric Levy-Abegnoli IETF 70th, vancouver 70th

IPv6 Secure ND implementation report on Cisco IOS Eric Levy-Abegnoli IETF 70th, vancouver 70th

IPv6 Secure ND implementation report on Cisco IOS Eric Levy-Abegnoli IETF 70th, vancouver 70th IETF - Vancouver, BC, Canada Implementation status Implements RFC3971 & RFC3972 Includes CGA support and Authorization Discovery

514 views • 7 slides
Context Founded in 1662 Old Downtown Congregation which has seen community change before and yet

Context Founded in 1662 Old Downtown Congregation which has seen community change before and yet

Context Founded in 1662 Old Downtown Congregation which has seen community change before and yet been able to respond by reinventing itself Jamaica, Queens OVERVIEW Tree of Life began with the belief that God has placed us in this community

466 views • 17 slides
Deep reinforcement learning methods Their advantages and shortcomings Ashley Hill CEA, LIST,

Deep reinforcement learning methods Their advantages and shortcomings Ashley Hill CEA, LIST,

Deep reinforcement learning methods Their advantages and shortcomings Ashley Hill CEA, LIST, LCSR 4 th May 2020 4 th May 2020 Ashley Hill ( CEA, LIST, LCSR ) Deep reinforcement learning methods 1 / 97 Who am I? Ashley Hill, PhD student at CEA

1.15k views • 97 slides
BUILDING CAPACITY FOR THE DIGITAL ECONOMY - ITU ACTIVITIES IN IOT ICTP -11 MAY 2018 Mike Nxele

BUILDING CAPACITY FOR THE DIGITAL ECONOMY - ITU ACTIVITIES IN IOT ICTP -11 MAY 2018 Mike Nxele

BUILDING CAPACITY FOR THE DIGITAL ECONOMY - ITU ACTIVITIES IN IOT ICTP -11 MAY 2018 Mike Nxele Presented by: Senior Human Capacity Building Officer, HCB/PKM/BDT PRESENTATION OUTLINE ABOUT ITU THE DIGITAL ECOSYSTEM AND CAPACITY BUILDING

1.17k views • 47 slides
City Forensics: Using Visual Elements to Predict Non-Visual City Attributes Sean M. Arietta

City Forensics: Using Visual Elements to Predict Non-Visual City Attributes Sean M. Arietta

City Forensics: Using Visual Elements to Predict Non-Visual City Attributes Sean M. Arietta Alexei A. Efros Ravi Ramamoorthi Maneesh Agrawala Experiment presented by: Yu-Chuan Su and Paul Choi Review 1. Discover visual elements which 2.

324 views • 18 slides

More recommend