[go: up one dir, main page]
Scribd
Upload
17 views16 pages

Week#01.... Lecture#02

Uploaded by

emanajmal187
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPTX, PDF, TXT or read online on Scribd
17 views16 pages

Week#01.... Lecture#02

Uploaded by

emanajmal187
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPTX, PDF, TXT or read online on Scribd
You are on page 1/ 16

Information

Security
CS205
Introduction to information
security

– CNSS Security Model


– Balancing the information security and access
– Approaches to Information Security
implementation
– Security Professionals and the Organization
– Communities of Interest
– Information Security: Is it an Art or a Science?
CIA Triangle
• The C.I.A. triangle is based on the three
characteristics of information that give it value
to organizations:
confidentiality, integrity, and availability.

• Confidentiality
Sensitive information should be protected from
unauthorized access or disclosure.
• Integrity
Information must remain whole, accurate, and uncorrupted
to maintain trustworthiness.
• Availability
Information should be accessible to authorized users
without interference or issue.
CNSS Security Model
• The CNSS model for information security is a framework
established by the Committee on National Security
Systems (CNSS) in the United States.
• It outlines policies for securing national security systems
and sensitive information.
• The CNSS model has three key goals of
security: Confidentiality, Integrity, and Availability.
McCumber Cube
• The first dimension of the cube includes the
(Confidentiality, Integrity, Availability).

• The second dimension of the cube identifies


the state of information or data that must
be protected (Storage, Transmission,
Processing)

• The third dimension of the cube identifies


the security measures required to provide
information security (Policy, Education,
Technology)
Balancing Information Security and
Access
• Balancing information security and access means
finding a good balance between keeping
important data safe and allowing appropriate
access for users.

• We need to make sure our security measures are


strong enough to stop any potential problems,
while also letting people who should have access
do their jobs well.

• To achieve balance, level of security must allow


reasonable access, yet protect against threats
Figure – Balancing Security and
Access
Approaches to Information
Security Implementation
• Two main approaches to implementing information
security are the bottom-up and top-down methods.

• Bottom-up Approach:
• Starts from the efforts of technical experts or system
administrators within the organization.

• Focuses on enhancing security measures at the system


level using administrators' expertise.

• Relies on administrators' detailed knowledge of system


threats and protective mechanisms.

• Often lacks broad support and organizational
sustainability, leading to lower success rates.
Approaches to Information
Security Implementation
• Top-down Approach:

• It was initiated by upper-level managers who


establish security policies, procedures, and
processes.

• Management sets goals, defines accountability,


and provides resources for security actions.

• They were typically supported by strong


management backing, dedicated funding, and a
clear implementation plan.
Approaches Diagram:
Security Professionals and the Organization

 Senior Management

• Chief Information Officer (CIO):


• Responsible for advising top executives on
strategic planning related to information
management.

• Chief Information Security Officer


(CISO):
• Responsible for assessing, managing, and
implementing information security.
Security Professionals and the Organization
(cont’d)

 Information security team

• The information security team is responsible for


protecting an organization's digital assets.

• They ensure the confidentiality, integrity, and availability


of information.

• The team consists of skilled professionals specializing in


cybersecurity, risk management, compliance, incident
response, and security architecture.

• The information security team plays an important role in


protecting the organization from cyber threats and
ensuring the security of sensitive data.
Communities of Interest
• In organizations, there are distinct communities of
interest, each with its own values and objectives,
but all contributing to the organization's overall
goals. Three main communities of interest are
identified:

• Information Security Management


and Professionals:
• This group focuses on protecting the
organization's information systems and data
from attacks. Their goal is to ensure the
security and integrity of the organization's
digital assets.
Communities of Interest
(cont’d)
• Information Technology Management
and Professionals:
• Consisting of IT managers and skilled professionals in
system design and networks, this community shares goals
with information security but also focuses on factors like
cost-effectiveness, user-friendliness, and system
performance.

• Organizational Management and


Professionals:
• This broader community includes general management,
production management, human resources, accounting,
and legal departments. Their primary focus is on achieving
the organization's most important objectives.
Information Security: Is it an
Art or a Science?
• Science:
It's about using rules, systematic study and technology to
protect information, similar to how scientists use
experiments and data to solve problems.

• Art:
It involves being clever and creative to come up with new
ways to keep things secure, kind of like making a puzzle that
only you can solve.

• Social Science:
It's important to know how people think and act to keep
information safe, Just as we need to communicate effectively
to ensure others don't unintentionally reveal sensitive details,
grasping human behavior helps in creating effective security
measures.
Thank you!

You might also like