Escolar Documentos
Profissional Documentos
Cultura Documentos
Managing IT Security
INFORMATION SYSTEMS @ X
Objectives
Information Security
The Threats
Scope of Security Management
Security
Securitys Five Pillars
Tools for Computer Security
Business Continuity
INFORMATION SYSTEMS @ X
Information Security
Information security is more than just
protecting hardware and software from being
crashed
crashed
It
Its about protecting the information resources
that keep the company operating
Goals are to ensure:
INFORMATION SYSTEMS @ X
INFORMATION SYSTEMS @ X
INFORMATION SYSTEMS @ X
INFORMATION SYSTEMS @ X
INFORMATION SYSTEMS @ X
Data security
Application and OS security
Network security
Facility security
Egress security should be enforced
INFORMATION SYSTEMS @ X
INFORMATION SYSTEMS @ X
Identification:
Identification: Identifying users to grant them appropriate
access
> Allowing system to know who someone is to give appropriate
access rights
Privacy:
Privacy: Protecting information from being seen
> E.g., against spyware installed without consent in a computer to
collect information
INFORMATION SYSTEMS @ X
Non-repudiation:
Non-repudiation: Preventing parties from denying
actions they have taken
> Ensuring that the parties in a transaction are who they say
they are and cannot deny that transaction took place
INFORMATION SYSTEMS @ X
Technical Countermeasures
Firewalls:
Firewalls:
Encryption/decryption:
Encryption/decryption:
INFORMATION SYSTEMS @ X
Technical Countermeasures
Virtual Private Networks (VPNs)
INFORMATION SYSTEMS @ X
Encryption / SSL
An SSL Certificate
enables encryption of
sensitive information
during online
transactions.
Each SSL Certificate
contains unique,
authenticated
information about the
certificate owner.
Each SSL Certificate consists of a public key and a
A Certificate Authority
private key. Public key: scramble; Private Key:
verifies the identity of
unscramble
the certificate owner
Secure Sockets Layer handshake authenticates the
when it is issued.
server (Web site) and the client (Web browser).
Unique session key established and secure
transmission can begin.
INFO420: Managing the IT Function
INFORMATION SYSTEMS @ X
Business Continuity