Information Systems Security IS 460 Notes by Thomas

Information Systems Security IS 460 Notes by Thomas Hilton

Overview n n n What is an Information System Personnel Security Procedural Security Facilities Security Technical Security Implementation

Security Perspective: What is an Information System The General Systems View… n Intended Output n Unintended Output n Main Input n Spurious Input n Transformation Processes n Output Interface n Input Interface n Control Processes

Security Perspective: What is an Information System n Intended Output: High Quality Information n Unintended Output: Mis-, Dis-, Untimely, Irrelevant, Unknown Origin n Main Input: High Quality Data n Spurious Input: Mis-, Dis-, Untimely, Irrelevant, Unknown Origin n Transformation Processes: Hardware, Software, Procedures, People n n n Output Interface: Video/Print/Audio/Tactile-Kinesthetic/Olfactory, Email/IM/Website/Telnet/Disks/Cable/Wireless, Conversations/Phone/Notes/Memos/Terminations/Departures Input Interface: Tactile-Kinesthetic/Audio/Video/Print/Olfactory, Email/IM/Web/Telnet/Disks/Cable/Wireless, Conversations/Phone/Notes/Memos/Hires/Arrivals Control Processes: …?

Scope of Security Subsystem a lá U. S. Department of Defense… n n Personnel Procedural Facilities Technical

Personnel Security n Security Organization n n Steering Committee CSO Other security personnel Security responsibilities of all personnel Human Resources n n n Hiring and Remuneration Vacation Termination

Procedural Security n n n Risk Assessment Security Audit Security Policy Business Continuity Plan Training Plan

Facilities Security n n Proximity Perimeters Power Etc. (Each other, Users, Threats) (Boundaries, Access) (Electricity Availability, Quality) (Cooling, Hardening, …)

Technical Security n Information “C. I. A. ” n n n Confidentiality Integrity Availability n Event Management n n n Deter Detect Mitigate Recover Debrief

Security Implementation n n Individual Workgroup Enterprise E-Commerce Workstation LAN WAN / Intranet Internet

Security Implementation Individual / Workstation n n n Operating Systems and Applications User Account Management Data File Management Anti-Virus Software Personal Firewall Other Utilities