” —Jim Anderson.Introduction • Information security: a “well-informed sense of assurance that the information risks and controls are in balance. Inovant (2002) .

What is Security? • “The quality or state of being secure—to be free from danger” • A successful organization should have multiple layers of security in place: – – – – – – Physical security Personal security Operations security Communications security Network security Information security .

store. technology . including systems and hardware that use.What is Information Security? • The protection of information and its critical elements. education. and transmit that information • Necessary tools: policy. training. awareness.



Information Security Conceptual Architecture .

MACHINE INFECTED? ACTION PLAN: 1) Write down the error or alert message verbatim •inform your tech support team •quarantine the machine 2) Look up the message in an authoritative anti-virus site (demo) •diagnose the problem •take recommended remedial action .

install.If appropriate: •Download. run the anti-virus removal tool (demo) •Apply all missing critical security patches (demo) 3) Reboot the machine •Run a full system scan before placing the machine back in service .

NOTE #1 • Search engines are NOT reliable sources of virus information  Information may be inaccurate. incomplete or out of date  Search engines generate huge numbers of indiscriminate hits Some anti-virus Web sites are scams (or contain trojan Horses) Go directly to authoritative anti-virus sites   .

NOTE #2 • Computer companies are NOT reliable sources of virus information Computer companies:    Usually refer you to an anti-virus vendor are not in the anti-virus business themselves are victims! .

Ethics Overview • Ethics is about how we ought to live* • The purpose of Ethics in Information Security is not just philosophically important. even when no one is looking . it can mean the survival of a business or an industry** Ethics is doing the right thing.

Proactive Promotion and Education to Influence Positive Behavior . develop and maintain guidelines for ethics relating to Information Security practices.ISSA International Ethics Committee • Founded in 2002 • 15 active members • Purpose: Provide guidance on ethical behavior for Information System Security professionals.

-Courtesy of the Computer Ethics Institute. Thou shalt always use a computer in ways that insure consideration and respect for your fellow humans. Thou shalt not use a computer to steal. Thou shalt not appropriate other people's intellectual output. Thou shalt not use a computer to bear false witness.Ten Commandments of Ethics in Information Security Thou shalt not use a computer to harm other people. Thou shalt not copy or use proprietary software for which you have not paid. Thou shalt not interfere with other people's computer work. Thou shalt not use other people's computer resources without authorization or proper compensation. Thou shalt not snoop around in other people's computer files. A project of the Brookings Institution . Thou shalt think about the social consequences of the program you are writing or the system you are designing.

ciac.rutgers.sans.edu (Computing Incident Response Team-Rutgers) • • • .first.cert.org (Forum of Incident Response and Security Teams) www.cirt.org (Computer Emergency Response Team-CMU) • www.org/aboutsans.php (Server and Network Security) www.org/ciac (CIAC-Department of Energy) www.Authoritative Anti-Virus Organizations • www.

Master your semester with Scribd & The New York Times

Special offer for students: Only $4.99/month.

Master your semester with Scribd & The New York Times

Cancel anytime.