Beruflich Dokumente
Kultur Dokumente
Introduction
What is Security?
Components
Approach
SDLC
SecSDLC
Professionals
Introduction
What is Security?
Components
Approach
SDLC
SecSDLC
Professionals
Learning Objectives
Introduction
What is Security?
Components
Approach
SDLC
SecSDLC
Professionals
Outline
1
Introduction
What is Security?
Introduction
What is Security?
Components
Approach
SDLC
SecSDLC
Professionals
Introduction
Information security:
a well-informed sense of assurance that the information risks and
controls are in balance.
Introduction
What is Security?
Components
Approach
SDLC
SecSDLC
Professionals
Introduction
What is Security?
Components
Approach
SDLC
SecSDLC
Professionals
Introduction
What is Security?
Components
Approach
SDLC
SecSDLC
Professionals
Introduction
What is Security?
Components
Approach
SDLC
SecSDLC
Professionals
Introduction
What is Security?
Components
Approach
SDLC
SecSDLC
Professionals
Introduction
What is Security?
Components
Approach
SDLC
SecSDLC
Professionals
10
Introduction
What is Security?
Components
Approach
SDLC
SecSDLC
Professionals
Quick Quiz
1
11
Introduction
What is Security?
Components
Approach
SDLC
SecSDLC
Professionals
Quick Quiz
1
11
Introduction
What is Security?
Components
Approach
SDLC
SecSDLC
Professionals
Quick Quiz
1
11
Introduction
What is Security?
Components
Approach
SDLC
SecSDLC
Professionals
Quick Quiz
1
11
Introduction
What is Security?
Components
Approach
SDLC
SecSDLC
Professionals
Quick Quiz
1
11
Introduction
What is Security?
Components
Approach
SDLC
SecSDLC
Professionals
Quick Quiz
1
11
Introduction
What is Security?
Components
Approach
SDLC
SecSDLC
Professionals
Quick Quiz
1
11
Introduction
What is Security?
Components
Approach
SDLC
SecSDLC
Professionals
Quick Quiz
1
11
Introduction
What is Security?
Components
Approach
SDLC
SecSDLC
Professionals
What is Security?
Security is the quality of being free from danger (e.g.,
National security is a multi-layered system that protects
assets, resources, and people of a state).
12
Introduction
What is Security?
Components
Approach
SDLC
SecSDLC
Professionals
What is Security?
Security is the quality of being free from danger (e.g.,
National security is a multi-layered system that protects
assets, resources, and people of a state).
A successful organization should have the following multiple
layers of security in place for the protection of its operations:
Physical security
Personnel security
Operations security
Communications security
Network security
Information security
12
Introduction
What is Security?
Components
Approach
SDLC
SecSDLC
Professionals
13
Introduction
What is Security?
Components
Approach
SDLC
SecSDLC
Professionals
13
Introduction
What is Security?
Components
Approach
SDLC
SecSDLC
Professionals
14
Introduction
What is Security?
Components
Approach
SDLC
SecSDLC
Professionals
Quick Quiz
15
Introduction
What is Security?
Components
Approach
SDLC
SecSDLC
Professionals
Quick Quiz
15
Introduction
What is Security?
Components
Approach
SDLC
SecSDLC
Professionals
Quick Quiz
15
Introduction
What is Security?
Components
Approach
SDLC
SecSDLC
Professionals
Quick Quiz
15
Introduction
What is Security?
Components
Approach
SDLC
SecSDLC
Professionals
Quick Quiz
15
Introduction
What is Security?
Components
Approach
SDLC
SecSDLC
Professionals
Quick Quiz
15
Introduction
What is Security?
Components
Approach
SDLC
SecSDLC
Professionals
16
Introduction
What is Security?
Components
Approach
SDLC
SecSDLC
Professionals
17
Introduction
What is Security?
Components
Approach
SDLC
SecSDLC
Professionals
Availability
Accuracy
Authenticity
Confidentiality
Integrity
Utility
Possession
18
Introduction
What is Security?
Components
Approach
SDLC
SecSDLC
Professionals
19
Introduction
What is Security?
Components
Approach
SDLC
SecSDLC
Professionals
Quick Quiz
1
20
Introduction
What is Security?
Components
Approach
SDLC
SecSDLC
Professionals
Quick Quiz
1
20
Introduction
What is Security?
Components
Approach
SDLC
SecSDLC
Professionals
Quick Quiz
1
availability.
accuracy.
authenticity
integrity
possession
Answer:
20
Introduction
What is Security?
Components
Approach
SDLC
SecSDLC
Professionals
Quick Quiz
1
availability.
accuracy.
authenticity
integrity
possession
Answer: (e)
20
Introduction
What is Security?
Components
Approach
SDLC
SecSDLC
Professionals
Quick Quiz
3
Public
Personnel
Physical
Personal
Answer:
21
Introduction
What is Security?
Components
Approach
SDLC
SecSDLC
Professionals
Quick Quiz
3
Public
Personnel
Physical
Personal
Answer: (b)
21
Introduction
What is Security?
Components
Approach
SDLC
SecSDLC
Professionals
Quick Quiz
3
Public
Personnel
Physical
Personal
Answer: (b)
4
21
Introduction
What is Security?
Components
Approach
SDLC
SecSDLC
Professionals
Quick Quiz
3
Public
Personnel
Physical
Personal
Answer: (b)
4
21
Introduction
What is Security?
Components
Approach
SDLC
SecSDLC
Professionals
Quick Quiz
3
Public
Personnel
Physical
Personal
Answer: (b)
4
21
Introduction
What is Security?
Components
Approach
SDLC
SecSDLC
Professionals
Quick Quiz
3
Public
Personnel
Physical
Personal
Answer: (b)
4
21
Introduction
What is Security?
Components
Approach
SDLC
SecSDLC
Professionals
22
Introduction
What is Security?
Components
Approach
SDLC
SecSDLC
Professionals
23
Introduction
What is Security?
Components
Approach
SDLC
SecSDLC
Professionals
24
Introduction
What is Security?
Components
Approach
SDLC
SecSDLC
Professionals
Quiz
25
Introduction
What is Security?
Components
Approach
SDLC
SecSDLC
Professionals
Quiz
25
Introduction
What is Security?
Components
Approach
SDLC
SecSDLC
Professionals
Quiz
25
Introduction
What is Security?
Components
Approach
SDLC
SecSDLC
Professionals
Quiz
25
Introduction
What is Security?
Components
Approach
SDLC
SecSDLC
Professionals
Quiz
25
Introduction
What is Security?
Components
Approach
SDLC
SecSDLC
Professionals
Quiz
25
Introduction
What is Security?
Components
Approach
SDLC
SecSDLC
Professionals
26
Introduction
What is Security?
Components
Approach
SDLC
SecSDLC
Professionals
26
Introduction
What is Security?
Components
Approach
SDLC
SecSDLC
Professionals
27
Introduction
What is Security?
Components
Approach
SDLC
SecSDLC
Professionals
Quick Quiz
1
28
Introduction
What is Security?
Components
Approach
SDLC
SecSDLC
Professionals
Quick Quiz
1
28
Introduction
What is Security?
Components
Approach
SDLC
SecSDLC
Professionals
Quick Quiz
1
28
Introduction
What is Security?
Components
Approach
SDLC
SecSDLC
Professionals
Quick Quiz
1
28
Introduction
What is Security?
Components
Approach
SDLC
SecSDLC
Professionals
Quick Quiz
1
executive led
trickle down
top-down
bottom-up
Answer:
Chapter 1 Introduction to Information Security
28
Introduction
What is Security?
Components
Approach
SDLC
SecSDLC
Professionals
Quick Quiz
1
executive led
trickle down
top-down
bottom-up
Answer: (c)
Chapter 1 Introduction to Information Security
28
Introduction
What is Security?
Components
Approach
SDLC
SecSDLC
Professionals
29
Introduction
What is Security?
Components
Approach
SDLC
SecSDLC
Professionals
29
Introduction
What is Security?
Components
Approach
SDLC
SecSDLC
Professionals
30
Introduction
What is Security?
Components
Approach
SDLC
SecSDLC
Professionals
31
Introduction
What is Security?
Components
Approach
SDLC
SecSDLC
Professionals
32
Introduction
What is Security?
Components
Approach
SDLC
SecSDLC
Professionals
33
Introduction
What is Security?
Components
Approach
SDLC
SecSDLC
Professionals
34
Introduction
What is Security?
Components
Approach
SDLC
SecSDLC
Professionals
Implementation (phase 5)
Needed software created
Components ordered, received, and tested
Users trained and documentation created
Feasibility analysis prepared
Users presented with system for performance review and
acceptance test
35
Introduction
What is Security?
Components
Approach
SDLC
SecSDLC
Professionals
36
Introduction
What is Security?
Components
Approach
SDLC
SecSDLC
Professionals
37
Introduction
What is Security?
Components
Approach
SDLC
SecSDLC
Professionals
Investigation (phase 1)
Identifies process, outcomes, goals, and constraints of the
project
Begins with Enterprise Information Security Policy (EISP)
Organizational feasibility analysis is performed
38
Introduction
What is Security?
Components
Approach
SDLC
SecSDLC
Professionals
Analysis (phase 2)
Documents from investigation phase are studied
Analysis of existing security policies or programs, along with
documented current threats and associated controls
Includes analysis of relevant legal issues that could impact
design of the security solution
Risk management task begins
39
Introduction
What is Security?
Components
Approach
SDLC
SecSDLC
Professionals
40
Introduction
What is Security?
Components
Approach
SDLC
SecSDLC
Professionals
41
Introduction
What is Security?
Components
Approach
SDLC
SecSDLC
Professionals
Implementation (phase 5)
Security solutions are acquired, tested, implemented, and
tested again
Personnel issues evaluated; specific training and education
programs conducted
Entire tested package is presented to management for final
approval
42
Introduction
What is Security?
Components
Approach
SDLC
SecSDLC
Professionals
43
Introduction
What is Security?
Components
Approach
SDLC
SecSDLC
Professionals
Quick Quiz
44
Introduction
What is Security?
Components
Approach
SDLC
SecSDLC
Professionals
Quick Quiz
44
Introduction
What is Security?
Components
Approach
SDLC
SecSDLC
Professionals
Quick Quiz
44
Introduction
What is Security?
Components
Approach
SDLC
SecSDLC
Professionals
Quick Quiz
44
Introduction
What is Security?
Components
Approach
SDLC
SecSDLC
Professionals
Quick Quiz
44
Introduction
What is Security?
Components
Approach
SDLC
SecSDLC
Professionals
Quick Quiz
44
Introduction
What is Security?
Components
Approach
SDLC
SecSDLC
Professionals
45
Introduction
What is Security?
Components
Approach
SDLC
SecSDLC
Professionals
46
Introduction
What is Security?
Components
Approach
SDLC
SecSDLC
Professionals
47
Introduction
What is Security?
Components
Approach
SDLC
SecSDLC
Professionals
Data Responsibilities
Data owner: responsible for the security and use of a
particular set of information
Data custodian: responsible for storage, maintenance, and
protection of information
Data users: end users who work with information to perform
their daily jobs supporting the mission of the organization
48
Introduction
What is Security?
Components
Approach
SDLC
SecSDLC
Professionals
Communities of Interest
49
Introduction
What is Security?
Components
Approach
SDLC
SecSDLC
Professionals
Communities of Interest
49
Introduction
What is Security?
Components
Approach
SDLC
SecSDLC
Professionals
Quick Quiz
1
50
Introduction
What is Security?
Components
Approach
SDLC
SecSDLC
Professionals
Quick Quiz
1
50
Introduction
What is Security?
Components
Approach
SDLC
SecSDLC
Professionals
Quick Quiz
1
50
Introduction
What is Security?
Components
Approach
SDLC
SecSDLC
Professionals
Quick Quiz
1
50
Introduction
What is Security?
Components
Approach
SDLC
SecSDLC
Professionals
Quick Quiz
1
50
Introduction
What is Security?
Components
Approach
SDLC
SecSDLC
Professionals
Quick Quiz
1
50
Introduction
What is Security?
Components
Approach
SDLC
SecSDLC
Professionals
Security as Art
No hard and fast rules nor many universally accepted
complete solutions
No manual for implementing security through entire system
51
Introduction
What is Security?
Components
Approach
SDLC
SecSDLC
Professionals
52
Introduction
What is Security?
Components
Approach
SDLC
SecSDLC
Professionals
53
Introduction
What is Security?
Components
Approach
SDLC
SecSDLC
Professionals
Quick Quiz
1
54
Introduction
What is Security?
Components
Approach
SDLC
SecSDLC
Professionals
Quick Quiz
1
54
Introduction
What is Security?
Components
Approach
SDLC
SecSDLC
Professionals
Quick Quiz
1
Community science
Social science
Societal science
Interaction management
Answer:
Chapter 1 Introduction to Information Security
54
Introduction
What is Security?
Components
Approach
SDLC
SecSDLC
Professionals
Quick Quiz
1
Community science
Social science
Societal science
Interaction management
Answer: (b)
Chapter 1 Introduction to Information Security
54
Introduction
What is Security?
Components
Approach
SDLC
SecSDLC
Professionals
Additional Resources
55