Introduction to Cyber Security and Information Assurance - PowerPoint PPT Presentation

1 / 17
About This Presentation
Title:

Introduction to Cyber Security and Information Assurance

Description:

... into Facebook and MySpace and implanting malware to ... Firewalls and proxy servers. Anti-malware and anti-spyware technology. Anti-piracy techniques ... – PowerPoint PPT presentation

Number of Views:7474
Avg rating:5.0/5.0
Slides: 18
Provided by: bcc87
Category:

less

Transcript and Presenter's Notes

Title: Introduction to Cyber Security and Information Assurance


1
Introduction to Cyber Security and Information
Assurance
  • Center of Excellence for IT at Bellevue College

2
  • Cyber security and information assurance refer to
    measures for protecting computer systems,
    networks, and information systems from disruption
    or unauthorized access, use, disclosure,
    modification, or destruction.

3
Cyber Security and Information Assurance
  • Cyber security often refers to safety of the
    infrastructure and computer systems with a strong
    emphasis on the technology
  • Information assurance tends to have a boarder
    focus with emphasis on information management and
    business practices
  • The two areas overlap strongly and the terms are
    sometimes used interchangeably

4
  • Information assurance (IA) is the practice of
    managing information-related risks. More
    specifically, IA practitioners seek to protect
    and defend information and information systems by
    ensuring confidentiality, data integrity,
    authentication, availability, and
    non-repudiation. IA measures include providing
    for restoration of information systems by
    incorporating protection, detection, and reaction
    capabilities.

5
Confidentiality
  • Confidentiality has been defined by the
    International Organization for Standardization
    (ISO) as "ensuring that information is accessible
    only to those authorized to have access" and is
    one of the cornerstones of information security.
    Confidentiality is one of the design goals for
    many cryptosystems, made possible in practice by
    the techniques of modern cryptography.

6
Data Integrity
  • Data integrity means that the data is "whole" or
    complete, and is identically maintained during
    any operation (such as transfer, storage or
    retrieval). Data integrity is the assurance that
    data is consistent and correct.
  • Loss of integrity can result from
  • Malicious altering, such as an attacker altering
    an account number in a bank transaction, or
    forgery of an identity document
  • Accidental altering, such as a transmission
    error, or a hard disk crash

7
Authentication
  • Authentication is a security measure designed to
    establish the validity of a transmission,
    message, document or originator, or a means of
    verifying an individual's authorization to
    receive specific categories of information.
  • Authentication technologies include
  • passwords, digital signatures, keys and
    passports, biometrics

8
Availability
  • Availability means that the information, the
    computing systems used to process the
    information, and the security controls used to
    protect the information are all available and
    functioning correctly when the information is
    needed timely, reliable access to data and
    information services for authorized users.

9
Nonrepudation
  • Non-repudiation is the assurance the sender of
    data is provided with proof of delivery and the
    recipient is provided with proof of the sender's
    identity, so neither can later deny having
    processed the data.
  • Technologies include
  • Digital certificates and signatures

10
Some Global Trends
  • The global recession will lead to a rise of
    cybercrime worldwide according to 2009 cybercrime
    forecasts from leading IT security firms.
  • Approximately 1.5 million pieces of unique
    malware will have been identified by the end of
    the year, more than in the previous five years
    combined.
  • The optimal way to prevent malicious files from
    infecting PCs and corporate networks is active
    real-time content inspection technologies.
  • www.securitymanagement.com/print/4969

11
US Cyber Security Trends
  • The United States has bypassed China as the
    biggest purveyor of malware as well as sends the
    most spam worldwide, says Sophos Security Threat
    Report 2009.
  • Not only is the USA relaying the most spam
    because too many of its computers have been
    compromised and are under the control of hackers,
    but it's also carrying the most malicious
    webpages.
  • www.securitymanagement.com/print/4969

12
Web 2.0 and Cyber Security
  • Cybercriminals will continue to exploit the best
    Web 2.0 technologies, such as Trojan
    technologies.
  • Cybercriminals are increasingly relying on Adobe
    PDF and Flash files, normally considered safe, to
    infect victims with malware.
  • Hackers have been breaking into Facebook and
    MySpace and implanting malware to distribute to a
    victim's social network.
  • www.securitymanagement.com/print/4969

13
Trends in Technology
  • Increasing complexity of IT systems and networks
  • Convergence of IT and communication systems
  • Expanding wireless connectivity and multiplicity
    of wireless devices
  • Increasing amount of digital information
    collected
  • Increasing connectivity and accessibility of
    digital information systems
  • Globalization of IT and information systems
  • Increased web access to a wide range of web
    services and web applications
  • Increase in all forms of digital commerce
  • Trends towards data-marts and hosted data
    warehousing services

14
Areas of Emphasis
  • Network security
  • Disaster recovery
  • Information system security technologies
  • Wireless system security
  • Internet security
  • Legal issues, standards and compliance
  • Cybercrime
  • Information management
  • Information audit and risk analysis
  • Digital forensics
  • Secure electronic commerce

15
Technologies
  • Types of intrusion and intrusion detection
    systems
  • Firewalls and access control
  • Cryptography
  • Digital certificates
  • Biometrics
  • Digital authentication and Public Key
    Infrastructure (PKI)
  • Data assurance and disaster recovery

16
Tools
  • Cryptography systems
  • Identification and authentication systems
  • Operating system security
  • E-commerce security tools and strategies
  • Firewalls and proxy servers
  • Anti-malware and anti-spyware technology
  • Anti-piracy techniques
  • Network traffic analysis tools

17
Resources
  • en.wikipedia.org/wiki/Cyber_security
  • en.wikipedia.org/wiki/Information_assurance
  • www.cssia.org/
  • www.afei.org/news/NCES/NCES_Information_Assurance.
    pdf
  • www.nitrd.gov/pubs/csia/csia_federal_plan.pdf
  • www.sis.uncc.edu/LIISP/slides00/GAIL.pdf
  • www.cnss.gov/Assets/pdf/cnssi_4009.pdf
  • www2.cs.uidaho.edu/oman/CS336_F08_syllabus.pdf
  • www.coastline.edu/degrees/page.cfm?LinkID786
  • bii.mc.maricopa.edu/degrees/checklists/CCLInformat
    ionAssurance5227.pdf
Write a Comment
User Comments (0)
About PowerShow.com
Home About Us Terms and Conditions Privacy Policy Presentation Removal Request Contact Us
Copyright 2024 CrystalGraphics, Inc. — All rights Reserved. PowerShow.com is a trademark of CrystalGraphics, Inc.
The PowerPoint PPT presentation: "Introduction to Cyber Security and Information Assurance" is the property of its rightful owner.
Do you have PowerPoint slides to share? If so, share your PPT presentation slides online with PowerShow.com. It's FREE!