100 likes | 437 Views
Session 1 – Introduction to Information Security. Security Objectives. Confidentiality (includes privacy) Integrity Availability . Information Security Framework. Information security policy (what is important, who are accountable and responsible?)
E N D
Session 1 – Introduction to Information Security CSE 4482, Fall 2012, D Chan
Security Objectives • Confidentiality (includes privacy) • Integrity • Availability CSE 4482, Fall 2012, D Chan
Information Security Framework • Information security policy (what is important, who are accountable and responsible?) • Information security standards (acceptable levels of security in systems development and operation. • Information security procedures (how to protect?) CSE 4482, Fall 2012, D Chan
Information Security Framework • Information security infrastructure, firewalls, virtual private network etc. • Information security software, anti-virus software, access control software, application security etc. • Chief information security officer, information security staff. CSE 4482, Fall 2012, D Chan
Information Security Framework • Information classification based on sensitivity. • Keep in mind the objectives of confidentiality, integrity and availability. • Information ownership. CSE 4482, Fall 2012, D Chan
Security Processes • Identification • Authentication • Authorization • Logging • Monitoring CSE 4482, Fall 2012, D Chan
Common Security Measures • Password • Two-factor authentication • Biometrics • Access control lists for granting authorization to information • Locks • Encryption • Anti-virus • Usage and rejection reports CSE 4482, Fall 2012, D Chan
Passwords • Should not be shared • Should be changed by user • Should be changed frequently and upon compromise (suspected unauthorized disclosure) CSE 4482, Fall 2012, D Chan
Passwords • Long, at least 8 characters • Alphanumeric • Hashed (one-way scrambling) • System should allow only a few attempts before locking out account CSE 4482, Fall 2012, D Chan
Passwords • An 8-letter password is 676 times stronger than a 6-letter password. • A 6-character alphanumeric password is 6 times stronger than a 6-letter password. • Strength should depend on user’s privilege and locality of system. CSE 4482, Fall 2012, D Chan