1 / 24

INTRODUCTION AND INFORMATION SECURITY SESSION 1

INTRODUCTION AND INFORMATION SECURITY SESSION 1. Course : M0792 INFORMATION SYSTEMS SECURITY (2 sks) Year : 2014. LECTURER INTRODUCTION.  Lecturer gives introduction of him or herself: The background of education The professional experiences (if any) The family, hobbies, etc. Profile.

wyman
Download Presentation

INTRODUCTION AND INFORMATION SECURITY SESSION 1

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. INTRODUCTION ANDINFORMATION SECURITYSESSION 1 Course : M0792 INFORMATION SYSTEMS SECURITY (2 sks) Year : 2014

  2. LECTURER INTRODUCTION Lecturer gives introduction of him or herself: • The background of education • The professional experiences (if any) • The family, hobbies, etc

  3. Profile • Kode Dosen : D3709 • Nama : Novan Zulkarnain, ST., Mkom. • Email : novan.zulkarnain@gmail.com • Website : www.BrenzSoft.com • Certificate: • Windows Server & SQL Server • Oracle • IBM DB2 • SAP - FICO

  4. Rules • Waktu : 9:20 • No Sandal • Mahasiswa Terlambat

  5. LECTURER INTRODUCTION Lecturer gives motivation to the students: • The important of the course • The important of group discussion, in the class as well as in the case study problem solving • Lecturer gives Short Explanation about CO and OR • Lecturer gives explanation about rules of the course (if any) • Students are grouped by them self. The size of group depends on lecturer decision.

  6. THE NEED FOR INFORMATION SECURITY TOPICS • What information systems security is? • What the tenets of information systems security are? • What the seven domain of an IT infrastructure is? • How an IT security policy framework can reduce risk? • How a data classification standard affects an IT infrastructure’s security needs?

  7. THE NEED FOR INFORMATION SECURITY THE GOALS • Relate how availability, integrity and confidentiality requirements affect the seven domain of a typical IT Infrastructure • Describe the threats and vulnerabilities commonly found within the seven domains • Identify a layered security approach throughout the seven domains • Develop an IT security policy framework to help reduce risk from common threats and vulnerabilities • Relate how a data classification standard affects the seven domains.

  8. Information Systems Security Cyberspace • Let see fig 1-1

  9. Information Systems Security • TCP/IP communications are in cleartext • Let see fig. 1-2

  10. Information Systems Security • Risks • Threats • Vulnerabilities • Let see fig 1-3. • Definition of ISS

  11. Figure 1.3

  12. Tenets of ISS • Let see fig. 1-5 • Availability: uptime, downtime, availability, Mean time to failure, mean time to repair, Recovery time objectives • Integrity: let see fig 1-6 • Confidentiality is includes private data of individuals; intellectual property of business; and national security for countries and governments.

  13. Figure 1.5

  14. The seven domain of a typical IT Infrastructure Let see fig. 1-8 • User domain: roles and tasks; responsibilities; accountability. look at table 1-1. 2. Workstation domain: roles and tasks; responsibilities; accountability. look at table 1-2. 3. LAN domain: NIC; Ethernet LAN; Unshielded twisted pair cabling; LAN switch; file server and print server; wireless access point (WAP). LAN domain roles and tasks; responsibilities; accountability look at table 1-3. 4. LAN-to-WAN domain: port 80; port 20; port 69; port 23; port 22. LAN-to-WAN domain roles and tasks; responsibilities; accountability; look at table 1-4

  15. The seven domain of a typical IT Infrastructure (cont) • WAN domain: Nationwide optical backbones; end-to-end IP transport; multi-site WAN cloud services; etc. WAN domain roles and tasks; responsibilities; accountability; look at table 1-5 and table 1-6. 6. Remote Access domain: mobile worker depends on some factors. Remote Access domain roles; responsibilities; accountability; 7. System/Application domain: the applications that may require second-level checks includes … System/Application domain roles; responsibilities; accountability;

  16. Table 1.1

  17. Table 1.2

  18. Table 1.3

  19. Table 1.4

  20. Table 1.5

  21. Table 1.6

  22. IT Security Policy Framework • Definitions of Policy, Standard, Procedures and Guidelines • Data classification standard: # Private data # Confidential # Internal use only # Public domain data

  23. Figure 1.5

More Related