1 / 14

Securing Your Computer After a Major Security Incident

Securing Your Computer After a Major Security Incident<br>

pooja321
Download Presentation

Securing Your Computer After a Major Security Incident

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Securing Your Computer After a Major Security Incident

  2. Introduction - The business value of information has increased dramatically over the last few decades. Information systems have pervaded the business world in a rapid pace and have become critical assets in many organisations. Many organisations have become largely dependent on information and information systems to support their core business processes. Unfortunately, many threats to information and information systems exist today, which threaten the reliability of information (systems) and consequently business continuity.

  3. Introduction -

  4. Aspects of information security - Reliability aspects of information security - Basically, information security deals with protecting three different “reliability” aspects of information: confidentiality, integrity and availability, which can be remembered by the mnemonic “CIA” and are frequently referred to as the CIA triad [PELT05]. These three widely accepted attributes of information security are stated below. Confidentiality - Confidentiality is the concealment of information or resources and is defined by ISO-17799 as “ensuring that information is accessible only to those authorised to have access to it.” So, to attain confidentiality, a business needs to keep secret information secret. This also means that only certain people should know about the existence of certain information in the first place, on a need to know basis.

  5. Integrity - Integrity refers to the trustworthiness of information or resources and is defined by the ISO-17799 standard as “the action of safeguarding the accuracy and completeness of information and processing methods.” When a user requests any type of information from the system, the information will be complete, correct and up to date. Availability - ISO-17799 defines availability as “ensuring that authorised users have access to information and associated assets when required.” Availability requires measures to ensure timeliness and continuity of information, so that business processes don’t come to a halt. Aspects of information security -

  6. Security controls from threat to recovery -

  7. Defining security incidents - Without threats ever materialising and vulnerabilities ever being exploited, there would not be any security incident. However, this is clearly not the case: security incidents occur frequently within organisations. Results from a survey by the ISF show that incidents erode companies’ profits, depress the value of the business and compromise future earnings

  8. Information security incidents -

  9. ISF information security incident management - Recently, in April 2006, the ISF publicised a report containing the results of a study on information security incident management, which yielded a process for information security incident management. The first three stages of that process, namely Identification, Response and Recovery, consist of steps specific to minimising the impact of and resolving an information security incident. The final stage, Post-incident review, involves follow-up activities which relate to the information security incident. It must be noted that the stages of the information security incident management process, and the steps contained within those stages, are not necessarily fully sequential.

  10. ISF information security incident management -

  11. Cyberspace - A global domain within the information environment consisting of the interdependent network of information technology infrastructures, including the internet, telecommunications networks, computer systems, and embedded processors and controllers.

  12. Life in a Networked World - Rapid development in information technology – Speed of microprocessor chips doubles every 12-18 months Storage density doubles every 12 months Bandwidth is doubling every 12 months Price keeps dropping making technology affordable & pervasive

  13. Thank you for watching this site Click here to install Webroot setup http://webroot-com-safes.com

More Related