Information Systems Security IS 460 Notes by Thomas
Information Systems Security IS 460 Notes by Thomas Hilton
Overview n n n What is an Information System Personnel Security Procedural Security Facilities Security Technical Security Implementation
Security Perspective: What is an Information System The General Systems View… n Intended Output n Unintended Output n Main Input n Spurious Input n Transformation Processes n Output Interface n Input Interface n Control Processes
Security Perspective: What is an Information System n Intended Output: High Quality Information n Unintended Output: Mis-, Dis-, Untimely, Irrelevant, Unknown Origin n Main Input: High Quality Data n Spurious Input: Mis-, Dis-, Untimely, Irrelevant, Unknown Origin n Transformation Processes: Hardware, Software, Procedures, People n n n Output Interface: Video/Print/Audio/Tactile-Kinesthetic/Olfactory, Email/IM/Website/Telnet/Disks/Cable/Wireless, Conversations/Phone/Notes/Memos/Terminations/Departures Input Interface: Tactile-Kinesthetic/Audio/Video/Print/Olfactory, Email/IM/Web/Telnet/Disks/Cable/Wireless, Conversations/Phone/Notes/Memos/Hires/Arrivals Control Processes: …?
Scope of Security Subsystem a lá U. S. Department of Defense… n n Personnel Procedural Facilities Technical
Personnel Security n Security Organization n n Steering Committee CSO Other security personnel Security responsibilities of all personnel Human Resources n n n Hiring and Remuneration Vacation Termination
Procedural Security n n n Risk Assessment Security Audit Security Policy Business Continuity Plan Training Plan
Facilities Security n n Proximity Perimeters Power Etc. (Each other, Users, Threats) (Boundaries, Access) (Electricity Availability, Quality) (Cooling, Hardening, …)
Technical Security n Information “C. I. A. ” n n n Confidentiality Integrity Availability n Event Management n n n Deter Detect Mitigate Recover Debrief
Security Implementation n n Individual Workgroup Enterprise E-Commerce Workstation LAN WAN / Intranet Internet
Security Implementation Individual / Workstation n n n Operating Systems and Applications User Account Management Data File Management Anti-Virus Software Personal Firewall Other Utilities
Security Implementation Workgroup / LAN n n All of the above Server security Eaves-dropping Topologies
Security Implementation Enterprise / WAN n n n All of the above DMZs (multiple firewalls) Routers Cold/Hot Site synchronization VPNs
Security Implementation E-Commerce / Internet n n All of the above Internet visible systems n n HTML FTP SMTP Etc.
- Slides: 14