Lecture Note Professional practices in information technology - Lecture No. 29: Information Security

After studying this chapter you will be able to understand: The CIA; security governance; policies, procedures, etc; organizational structures; roles and responsibilities; information classification; risk management. | Professional Practices in Information Technology HandBook COMSATS Institute of Information Technology (Virtual Campus) Islamabad, Pakistan Lecture 29 Information Security Overview The CIA Security Governance – Policies, Procedures, etc. – Organizational Structures – Roles and Responsibilities Information Classification Risk Management The CIA: Information Security Principles Confidentiality – Allowing only authorized subjects access to information Integrity – Allowing only authorized subjects to modify information Availability – Ensuring that information and resources are accessible when needed Reverse CIA Confidentiality – Preventing unauthorized subjects from accessing information Integrity – Preventing unauthorized subjects from modifying information Availability – Preventing information and resources from being inaccessible when needed Using the CIA – Think in terms of the core information security principles – How does this threat impact the CIA? – What controls can be used to reduce the risk to CIA? – If we increase confidentiality, will we decrease availability? Security Governance Security Governance is the organizational processes and relationships for managing risk – Policies, Procedures, Standards, Guidelines, Baselines – Organizational Structures – Roles and Responsibilities Policy Mapping Figure : Policy Mapping Policies – Policies are statements of management intentions and goals – Senior Management support and approval is vital to success – General, high-level objectives – Acceptable use, internet access, logging, information security, etc Procedures – Procedures are detailed steps to perform a specific task – Usually required by policy – Decommissioning resources, adding user accounts, deleting user accounts, change management, etc Standards – Standards specify the use of specific technologies in a uniform manner – Requires uniformity throughout the organization – Operating systems, applications, server tools, router configurations, etc Guidelines – Guidelines are recommended methods for performing a task – Recommended, but not required – Malware cleanup, spyware removal, data conversion, sanitization, etc Baselines – Baselines are similar to standards but account for differences in technologies and versions from different vendors – Operating system security baselines – FreeBSD , Mac OS X Panther, Solaris 10, Red Hat Enterprise Linux 5, Windows 2000, Windows XP, Windows Vista, etc Professional Practices in Information Technology CSC 110

Không thể tạo bản xem trước, hãy bấm tải xuống
TỪ KHÓA LIÊN QUAN
TÀI LIỆU MỚI ĐĂNG
Đã phát hiện trình chặn quảng cáo AdBlock
Trang web này phụ thuộc vào doanh thu từ số lần hiển thị quảng cáo để tồn tại. Vui lòng tắt trình chặn quảng cáo của bạn hoặc tạm dừng tính năng chặn quảng cáo cho trang web này.