Professional Documents
Culture Documents
Session Outline
Intro To Information
Assurance (IA) Information Assurance Scope Of Information
Introduction Learning Objectives IA Core Principles Process & Model Assurance A Bit On Risk
1 2 3 4 5 6 7 8 9 10 11 12
About CSE 3100 The Need For IA Architecture IA vs InfoSec The Security Security Big
Description Information Assurance Framework & Views Paradigm Picture
Learning Objectives
Required Readings
Session Schedules
Weekly Topics
Course Assessment
2
University of Guyana
Jerome Allicock
Hello!
Mr. Jerome Allicock B.Sc., IMBA.
⬡ 12+ years in Telecoms
⬡ 7+ years in Revenue Assurance
⬡ Entrepreneur & Tech Enthusiast
⬡ Contact #: 621-5866
⬡ Email: jerome.allicock@uog.edu.gy
3
University of Guyana
Jerome Allicock
⬡ This course will equip the students with the analytical knowledge required to apply information
security knowledge.
⬡ Students will be introduced to current, real-world cases which are widely reviewed in the
practitioner community.
4
University of Guyana
Jerome Allicock
Assess risks
Be aware of threats & vulnerabilities associated with the use of various computing
technologies
5
University of Guyana
Jerome Allicock
6
University of Guyana
Jerome Allicock
Learning Objectives
⬡ By the end of this course students will be able to:
7
University of Guyana
Jerome Allicock
Required Readings
⬡ Information Assurance: Security in the Information Environment by Andrew Blyth and Gerald L.
Kovacich
⬡ Information Assurance: Managing Organizational IT Security Risks by Joseph Boyce and Daniel
Jennings
⬡ Information Assurance and Security Technologies for Risk Assessment and Threat Management:
Advances by Te-Shun Chou
Lecture Sessions
⬡ Fridays @ 04:15PM – 07:15PM
8
University of Guyana
Jerome Allicock
Weekly Topics
⬡ Introduction to Information Assurance
⬡ Metrics for Information Assurance /Risk Assessment
⬡ Networking and Cryptography
⬡ Information Assurance Planning and Deployment
⬡ Vulnerabilities and Protection
⬡ Identity and Trust Technologies
⬡ Verification and Evaluation
⬡ Incident Response
⬡ Human Factors / Cultural Anthropology
⬡ Legal, Ethical, and Social Implications
9
University of Guyana
Jerome Allicock
Course Assessment
⬡ Coursework: 40%
⬡ Finals: 60%
Course Requirements
⬡ Attend all class sessions and labs
10
University of Guyana
Jerome Allicock
11
University of Guyana
Jerome Allicock
Information
Assurance & Security
University of Guyana
Jerome Allicock
Learning Objectives
⬡ Understand the concept of Information Assurance.
13
University of Guyana
Jerome Allicock
Brief Re-cap
Baltzan, Paige 2017. Information Systems. 4/e, McGraw Hill. ISBN: 978-1-259-81429-7
14
University of Guyana
Jerome Allicock
What is Information?
⬡ “Information is data endowed with relevance and purpose. Converting data into information thus
requires knowledge. Knowledge by definition is specialized.” (Blyth and Kovacich, p. 17)
15
University of Guyana
Jerome Allicock
⬡ More specifically, IA practitioners seek to protect and defend information and information systems by
ensuring
Confidentiality, integrity, authentication, availability, and non-repudiation.
⬡ These goals are relevant whether the information are in storage, processing, or transit, and whether
threatened by malice or accident
⬡ In other words, IA is the process of ensuring that authorized users have access to authorized
information at the authorized time
16
University of Guyana
Assurance?
⬡ Discussions on…
Ecommerce
Banking
Business Processes
National Defense
Mission-critical information
processing
Aircraft Flight Management
Systems
Other Navigation Systems
IA Core Principles
⬡ Confidentiality – disclosure to authorized user
⬡ Nonrepudiation – ensure that the originator of a message or transaction may not later deny action
18
University of Guyana
Jerome Allicock
IA Architecture Framework
⬡ Conceptual structure for defining and describing an IA architecture
⬡ IA Architectural Perspectives
People
Policy
Business process
System & Application
Information/data
Infrastructure
19
University of Guyana
Jerome Allicock
⬡ Repeat…
20
University of Guyana
Jerome Allicock
Image source:
https://cybersecnugget.wordpress.com/2015/04/26/it-
security-modelling-tools-information-assurance-model/
21
University of Guyana
(InfoSec)
⬡ IA is a complete process/model that includes the elements of InfoSec
⬡ Both involve people, processes, techniques, and technology e.g. administrative, technical, and
physical controls
⬡ InfoSec – Confidentiality, integrity and availability, also known as the CIA triad
⬡ Common Security Frameworks include ISO/IEC 27001-2:2005-6, ITGI, COBIT, COSO, FFIEC,
NIST, CICA, ITCG, OGC and ITIL
22
University of Guyana
24
University of Guyana
Jerome Allicock
Image source:
https://commons.wikimedia.org/wiki/File:A_Reference_Model_
of_Information_Assurance_and_Security_%28RMIAS%29.png
Image source:
https://www.snia.org/sites/default/education/tutorials/2009/sprin
g/security/EricHibbard-Introduction-Information-Assurance.pdf
25
University of Guyana
Jerome Allicock
26
University of Guyana
Jerome Allicock
27
University of Guyana
Jerome Allicock
28
Points to note…
University of Guyana
Jerome Allicock
Thanks!
Any questions?
30