IT SECURITY AND

MANAGEMENT
IS PROEL 2
QUESTIONS:
• What is IT security management?
• What is the objective of IT security management?
• What are the 5 principles of IT security?
• What is the role of IT security?
• Who needs information security management?
• What is an example of IT security?
WHAT IS IT SECURITY
MANAGEMENT?
•Information security management is the process
of protecting an organization's data and assets
against potential threats. One of the primary
goals of these processes is to protect data
confidentiality, integrity, and availability .
 WHAT IS THE OBJECTIVE OF IT
SECURITY MANAGEMENT?

•The overall objective of an information security

program is to protect the information and
systems that support the operations and assets
of the agency.
WHAT ARE THE 5 PRINCIPLES OF IT
SECURITY?

• The U.S. Department of Defense has promulgated the

Five Pillars of Information Assurance model that
includes the protection of confidentiality, integrity,
availability, authenticity, and non-repudiation of user
data.
WHAT IS THE ROLE OF IT SECURITY?

• IT Security is the information security which is applied to

technology and computer systems. It focuses on protecting
computers, networks, programs and data from
unauthorised access or damage. IT Security can also be
referred to as Cyber Security.
WHO NEEDS INFORMATION
SECURITY MANAGEMENT?
• For some organizations, information security management
is more than a requirement for protecting sensitive internal
documents and customer information. Depending on your
industry vertical, information security management might
be a legal requirement to safeguard sensitive information
that you collect from customers.
 WHAT IS AN EXAMPLE OF IT
SECURITY?
For example, IT security would
encompass securing keypads that allow access
to a room full of data files..

Cybersecurity tends to focus on criminal

activity facilitated specifically through the
Internet. In many cases, such criminal activity
affects an entities electronic data and daily
operations.
WHAT DOES IT SECURITY STAND
FOR?
• Information Technology (IT) includes computers
and everything that can be done with them. IT
security is focused on protecting these computers,
networks, and other digital systems against
cyberattacks and other threats.
MODULE I

• The Security Problem in Computing: The meaning of

computer Security, Computer Criminals, Methods of
Defense, Elementary Cryptography: Substitution Ciphers,
Transpositions, Making “Good” Encryption algorithms,
The Data Encryption Standard, The AES Encryption
Algorithms, Public Key Encryptions, Uses of Encryption.
MODULE II

• Program Security: Secure Programs, Nonmalicious Program Errors,

viruses and other malicious code, Targeted Malicious code, controls
Against Program Threats, Protection in General- Purpose operating
system protected objects and methods of protection memory and
addmens protection, File protection Mechanisms, User
Authentication Designing Trusted O.S: Security polices, models of
security, trusted O.S design, Assurance in trusted O.S.
Implementation examples.
MODULE III

• Data base Security: Security requirements, Reliability

and integrity, Sensitive data, Inference, multilevel
database, proposals for multilevel security. Security in
Network: Threats in Network, Network Security
Controls, Firewalls, Intrusion Detection
Systems,Secure E-Mail.
MODULE IV

• Administering Security: Security Planning, Risk Analysis,

Organizational Security policies, Physical Security. Legal
Privacy and Ethical Issues in Computer Security:
Protecting Programs and data, Information and the law,
Rights of Employees and Employers, Software failures,
Computer Crime, Praia, Ethical issues in Computer
Security, case studies of Ethics.