10 likes | 170 Views
References: Schou and Shoemaker, Information Assurance for the Enterprise: A Roadmap to Information Security ,, McGraw-Hill Irwin, 2007 http://www.knoppix-std.org/ http://csrc.nist.gov. ITEC 5321 Process of Information Systems Security and Application of LiveCD.
E N D
References: Schou and Shoemaker, Information Assurance for the Enterprise: A Roadmap to Information Security ,, McGraw-Hill Irwin, 2007 http://www.knoppix-std.org/ http://csrc.nist.gov ITEC 5321 Process of Information Systems Security and Application of LiveCD Ming ChenDepartment of Information & Logistics Technology, College of Technology, University of Houston Conclusions Abstract: Knoppix STD is a security tools version of the popular Knoppix Live Linux CD. The course ITEC 5321 Introduction to Information Systems Security introduces the principle of enterprise information systems security. These principles are examined within operational, technical, and administrative contexts. The National Institute of Standards and Technology (NIST) provides technical measurement and standards infrastructure for securing information technology systems and risk management guide. LiveCD and Open Source Tools are the based security toolkits used for the course. The LiveCD Project applies security principles and practices. The essentials of risk assessment and analysis and risk management process defined by the NIST SP 800-30 and the eight principles and fourteen practices of NIST SP 800-14 are the instruction to set up the processes for securing information technology system in an organization. LiveCDs with security tools are effective in applying the security principles and practices and risk management in information technology system. There are many distributions of LiveCDs. Those LiveCDs have common functions and their own specific contributions to the information technology security system. An appropriate protection system which can ensure the security of all information of value, account for likely risks and address them with countermeasures is needed by an organization. Figure 2: Technical Security Control in the Information System Table 1: Comparing and Contrasting of Some LiveCDs The NIST special publication 800-14 explains the generally accepted principles and practices for securing information technology systems, which need technical methods to implement. NIST and Information Technology Security System The National Institute of Standards and Technology (NIST) provides technical leadership for the nation’s measurement and standards infrastructure. The Special Publication 800-30 (SP 800-30) of NIST is a “Risk Management Guide for Information Technology Systems“, LiveCD and Information Technology Security System A LiveCD is a computer operating system executed upon boot, without installation to a hard drive. Live CD will not infect the computer with virus and malicious software; Live CD operation systems can also pretend the data from accessing by hackers when using the public computers. Acknowledgments I thank the instructor of this course, Prof. Crowley for his help with the project, post design and lab instruction. Some liveCDs have security tools(eg. Authentication; Authentication; Cracker; Encryption; Forensics; Firewall; Honeypots; IDS; Network Utilities; Passwords Tools; Servers; Packet Sniffers; tcp tools; tunnels; Vulnerability Assessment; Wireless tools,etc.) which facilitate risks assessment, migrations and controls and the principles and practices for Securing Information Technology Systems. For information: Please contact mchen6@uh..edu. More information on this and related projects can be obtained at my website http://flowing6.freehostia.com/ Figure 1: The Process View of Risk Analysis and Risk Management Areas