Scribd
Upload
9 views12 pages

Introduction Information Assurance and Security 1

Uploaded by

Daniel De guzman
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPTX, PDF, TXT or read online on Scribd
9 views12 pages

Introduction Information Assurance and Security 1

Uploaded by

Daniel De guzman
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPTX, PDF, TXT or read online on Scribd
You are on page 1/ 12

Introduction

Information
Assurance and
Security 1
Topic
01 Information Systems Security Concepts
02 Confidentiality, Integrity, and Availability (CIA)
03 The Seven Domains of an IT Infrastructure
04 IT Security Policy Framework and Data Standard Classification
01.
Information Systems
Security Concepts
Introduction to Information Systems
Security
 Information Systems Security (ISS) refers to the
practices and technologies used to protect
information systems from unauthorized access,
misuse, disclosure, disruption, modification, or
destruction. It aims to ensure that data is secure,
systems are operational, and users can rely on the
integrity of their information.
These concepts encompass the core principles, strategies, and methods
designed to protect information systems. The key components include:

 Risk Management: Identifying and mitigating potential security threats


and vulnerabilities. Example: A company assessing risks associated with
remote workers accessing sensitive data.

 Authentication and Authorization: Verifying user identities and


granting access based on roles. Example: Multi-factor authentication
(MFA) requiring a password and a mobile OTP for login.

 Encryption: Transforming data to prevent unauthorized access.


Example: Encrypting emails to ensure secure communication.

 Incident Response: Steps to detect, analyze, and mitigate security


breaches. Example: Activating a response plan after detecting a
phishing attack.
02.
Confidentiality,
Integrity, and
Availability (CIA)
The CIA triad forms the foundation of ISS by defining its
objectives:

 Confidentiality: Ensures sensitive information is accessible


only to authorized individuals. Example: Restricting access to
financial records to the finance team through role-based
permissions.

 Integrity: Ensures data is accurate and unaltered unless


authorized. Example: Using hashing algorithms to verify the
integrity of transmitted files.

 Availability: Ensures that information and systems are


accessible when needed. Example: Implementing redundant
systems to maintain service during hardware failures.
Five Fundamental Security
Principles
Confidentiality Integrity Availability
Ensuring that information Maintaining the accuracy Ensuring that information and
is only accessible to those and completeness of resources are available to
who are authorized to information. For example, authorized users when needed.
view it. For example, using using checksums or hashes For example, implementing
encryption to protect to verify that data has not redundancy and failover systems
sensitive data. been altered. to prevent downtime.

Authentication Authorization
Verifying the identity of users Ensuring that actions or
and systems. For example, transactions cannot be denied
using multi-factor by the parties involved. For
authentication (MFA) to example, using digital
strengthen access controls. signatures to provide proof of
origin and integrity of data.
03.
The Seven
Domains of an
IT Infrastructure
The seven domains outline areas within an IT infrastructure that require
security controls:

1. User Domain: End users interacting with IT systems. Example: Employees using secure
passwords.

2. Workstation Domain: Devices used by users (e.g., computers, laptops). Example: Installing
antivirus software on workstations.

3. LAN Domain: Internal networks connecting workstations and servers. Example: Configuring
firewalls to restrict traffic.

4. LAN-to-WAN Domain: The transition point between the internal network and the internet.
Example: Deploying intrusion detection systems (IDS).

5. WAN Domain: Connections between remote sites or external networks. Example: Using VPNs
for secure remote access.

6. Remote Access Domain: Connections from external users or devices to internal systems.
Example: Implementing MFA for remote logins.

7. System/Application Domain: Critical systems and applications. Example: Applying regular


patches and updates to a customer relationship management (CRM) system.
04.
IT Security Policy
Framework and Data
Standard
Classification
An IT security policy framework defines the structure and guidelines for securing
information systems, while data classification organizes data based on its sensitivity.

 IT Security Policy Framework: A structured set of policies, procedures, and standards.


 Example Policies:
 Acceptable Use Policy (AUP): Specifies appropriate use of IT resources.
 Incident Response Policy: Defines actions during security incidents.

 Data Standard Classification: Categorizes data into levels based on sensitivity and required
protection.
 Examples of Classifications:
 Public Data: Minimal impact if disclosed (e.g., website content).
 Internal Data: For internal use only (e.g., employee directories).
 Confidential Data: Sensitive information (e.g., customer records).
 Restricted Data: Highly sensitive (e.g., trade secrets).

You might also like