Professional Documents
Culture Documents
1
25-Sep-19
Course Content
• Course Books:
Principles of Information Security by Whitman & Mattord
NETWORK SECURITY ESSENTIALS: APPLICATIONS AND STANDARDS by
William Stallings
• Class Group : infosec2019subscribe@googlegroups.com
2
25-Sep-19
Course Objective
Assets
“anything of value to the organization “
Not all assets have the same value. An organization must classify its assets.
Vulnerability
a weakness in a system or a design that might be exploited.
Threat
is a potential danger to Assets.
3
25-Sep-19
Risk
Risk is the potential for uncontrolled loss of an Asset.
Attack
An attack is an action that compromises the security of information
Countermeasure
is a safeguard that mitigates against potential risks. Countermeasures are typically administrative,
technical, and physical controls.
Security (Action ) is about protecting assets from damage or harm
4
25-Sep-19
5
25-Sep-19
Information Security
Security Goals
• The CIA triad has become the de facto standard model for keeping
your organization secure.
6
25-Sep-19
Integrity
Assurance that data received is as sent by an authorized entity. A
loss of integrity is the unauthorized modification or destruction of information
Availability
• The information created and stored by an organization needs to
be available to authorized entities. A loss of availability is the disruption of
access to or use of information or an information system.
7
25-Sep-19
Network Security
• Network security, a subset of Information security, aims to protect
any data that is being sent through devices in your network to
ensure that the information is not changed or intercepted.
• The role of network security is to protect the organization’s IT
infrastructure from all types of cyber threats.
Conclusion: Information security doesn’t have a final goal, it’s a continuing process
8
25-Sep-19
Security has become more complex than ever as the motives and
capabilities of threat actors continue to evolve while allowing the
miscreants to often stay (at least) one step ahead of those of us in the
Information security space. In addition, the concept of location of data
is becoming blurred by concepts of cloud computing and content-data
Networks .
9
25-Sep-19
Classifying Assets
• Reason to classify an asset is so that you can take specific action,
based on policy, with regard to assets in a given class.
Asset Classification
Not all assets have the same value. An organization must classify its assets
10
25-Sep-19
• Alice and Bob also want to make sure that the contents of Alice's message
have not been altered in transit.
11
25-Sep-19
12
25-Sep-19
Security Attacks
• Security attack: Any action that compromises the security of
information owned by an organization
• Passive Attacks
A Passive attack attempts to learn or make use of information from
the system but does not affect system resources. The goal of the
opponent is to obtain information is being transmitted.
13
25-Sep-19
14
25-Sep-19
15
25-Sep-19
16