SlideShare a Scribd company logo

Information Technology Security Basics

Download as PPT, PDF
M
Mohan Jadhav

The document discusses various topics related to IT security basics. It begins by providing two examples of security breaches to illustrate why security is important. It then discusses the four virtues of security and the nine rules of security. The document also defines information security, its goal of ensuring confidentiality, integrity and availability of systems, and the potential impacts of security failures. Additionally, it outlines common security definitions, 10 security domains, and provides an overview of access control and application security.

1 of 47
Downloaded 13 times
IT Security Basics 1
WIIFY 1. Why Security? 2. What are the sources of compromise? 3. Four virtues of Security. 4. The 9 rules of Security. 5. What is Information Security, it’s goal and impact. 6. Common Security definitions/terms. 7. 10 Security Domains by ‘International Information Systems Security Certification Consortium’ (ISC)2. 8. 3 Steps to success in Security. 9. Resources on web. 10.What do I do as a user? 11.Q&A. 2
Why Security? 3 • Case 1 The City of Joburg on 25 Oct night announced a breach of its network and shut down its website and all e-services as a precautionary measure. Key city systems were shut down, including online services, bill payments, and more. • Case 2 Database of Debit Card Payment System of Middle East Bank is hacked. The organized gang alters the available balances of card holders and duplicates the cards. The cash withdrawn from 17 countries is small amounts was in total US $18 Million in 2 days.
Serious Matters We all are at risk. This statement is not meant to instill fear, but simply to properly represent the state of IT in our modern world. Security can no longer be a question. It can no longer be ignored, dismissed, or treated like thorn in our side. At any given moment, an adequate amount of security is all that stands between our precious data and that wave of relentless and talented intruders striking out at our valuable resources. “Why would anyone hack us?’ is no longer a defense, and, “Do we really need to secure ourselves?” is no longer a question. We all are targets. We all are vulnerable. We are under attack, and without security, the only questions are where and when will we be struck, and just how badly will it hurt. 4
Don’t be so Sure! Usual pretext for not paying attention to Security. • I have antivirus installed. • I do not buy anything online. • We have nothing important stored except Client’s data. • It will never happen to me. • I am online for very short time just for checking emails. • Why someone will steal my data and what are they going to do with it. We’ll pull them in the court? 5
IT Security Areas • Information Security • Network Security • Cyber/Internet Security • Physical Security • Application Security • Database Security • Cloud Security • Mobile Security • Telecom Security • Software Security • Storage Security • Web Security 6
What are the sources of compromise? • Inside Job: 32% from internal employees, 28% ex-employees and partners and 50% from employees misusing access privileges. • Spyware: Most spyware comes in as direct result of user behavior. • Desktop/Laptop/Smart Devices: It’s like locking the doors and windows of the house - with the burglar still in the basement. • Put simply, to keep the burglar out of the basement, organizations need to remove the ability of employees to let the burglars in, in the first place. They need to implement tamper-proof solutions that users cannot easily evade – no matter what the external inducements. Do you know you are tracked? Big Data Analytics Organizations and Cyber criminals are watching. Install the Collusion for your browser and experience how you are tracked. 7
The four virtues of Security 1. Daily Consideration – Security MUST be a daily consideration in every area. 2. Community Effort – Security MUST be a community effort. 3. Higher Focus – Security practices MUST maintain a generalized focus. 4. Education – Security practices MUST include some measure of training for everyone. How do we practice these virtues?  Make security a continual thought. Encourage others to be continually mindful of security. Formally include security in all new projects and project implementations.  Keep informed. Inform others. Keep up-to-date. Inform end-users. Make group- based decisions.  Learn and share the concepts. Think in terms of the bigger picture. Follow the practices of higher security. Follow the concept of the written practice.  Good software installation practices. Good awareness practice. Good web browsing practice. Good confidentiality practices. 8
The nine rules of Security 1. Rule of Least Privilege. 2. Rule of Change. 3. Rule of Zero Trust. 4. Rule of the Weakest Link. 5. Rule of Separation. 6. Rule of the Three-Fold Process (IMM). 7. Rule of Preventive Action. 8. Rule of Immediate and Proper Response. 9. Rule of Encryption 9
What is Information Security (InfoSec)? 10  InfoSec is the practice of defending information from unauthorized access, use, disclosure, disruption, modification, perusal, inspection, recording or destruction.  Program/Process and not a project.  Never is 100%.  Risk Management to maintain and improve Security Posture.  Changing Security Landscape.  Threats.  Countermeasures.
GOAL and Impact of Information Security 11 GOAL - To ensure the Confidentiality, Integrity and Availability (CIA) of critical systems and confidential information. Impact due to information security failure:  Service Liability  Financial Liability  Legal Issues  Adverse impact on Image  Adverse impact on Brand  Adverse business impact
Common Security Definitions 12 Vulnerability is a software, hardware, or procedural weakness that may provide an attacker the open door he is looking for to enter a computer or network and have unauthorized access to resources within the environment. Threat is any potential danger to information or systems. The threat is that someone or something, will identify a specific vulnerability and use it against the company or individual. Threat agent could be an intruder accessing the network through a port on the firewall, a process accessing data in a way that violates the security policy, a tornado wiping out a facility, or an employee making an unintentional mistake that could expose confidential information or destroy a file’s integrity. Risk is the likelihood of a threat agent taking advantage of a vulnerability and the corresponding business impact. Exposure is an instance of being exposed to losses from a threat agent. Countermeasure or safeguard, is put into place to mitigate the potential risk. .
Common Security Terms • Anti-Virus - A security program that can run on a computer or mobile device and protects you by identifying and stopping the spread of malware on your system. • Drive-by Download - These attacks exploit vulnerabilities in your browser or it's plugins and helper applications when you simply surf to an attacker- controlled website. • Exploit Code that is designed to take advantage of a vulnerability. An exploit is designed to give an attacker the ability to execute additional malicious programs on the compromised system. • Firewall - A security program that filters inbound and outbound network connections. • Malware Stands for 'malicious software'. It is any type of code or program cyber attackers use to perform malicious actions. • Patch is an update to a vulnerable program or system. • Phishing is a social engineering technique where cyber attackers attempt to fool you into taking an action in response to an email. 13
Security Components Flowchart 14 .
Security Domains - (ISC)2 15 1. Access Control. 2. Application Security. 3. Business Continuity and Disaster Recovery Planning. 4. Cryptography. 5. Information Security and Risk Management. 6. Legal, Regulations, Compliance, and Investigations. 7. Operations Security. 8. Physical (Environmental) Security. 9. Security Models and Architecture. 10. Telecommunications and Network Security.
Access Control Access controls are security features that control how users and systems communicate and interact with other systems and resources. They protect the systems and resources from unauthorized access and can be components that participate in determining the level of authorization after an authentication procedure has successfully completed. Aim of Access Controls:  Identification : Method of establishing the subject (e.g. Username, any other public information, systems, etc). Authentication : Method of proving ones identify (e.g. use of biometric, passphrase token, private information, etc). Authorization : Determines that the proven identity has some set of characteristics associated with it that gives it the right to access the requested resources. Access Control Models: DAC, MAC, RBAC. Access Control Layers: Administrative, Physical, Technical/Logical. 16
Access Control – Quick Test 1. The basic functionality of a malicious code is to… a. Upgrade the operating system b. Execute itself in the client system c. Spoof d. Denial of Service 2. What is AAA of access control system? a. Access, Accept and Apply. b. Authorization, Authentication and Accountability. c. Authentication, Authorization and Accountability. d. Application, Acceptance and Approval. 17
Application Security 18 Applications are usually developed with functionality in mind and not security. Security and Functionality need to be incorporated during design and development. Both application and environment controls need to be used to ensure application security. ‘Security by Design’ should be the mantra for robust and secure applications. Application Controls Data modeling. Object oriented programming. Reusable and disturbed codes. Client/ Server Model. Data Types, Format and Length. Environment Controls Database modeling / Database management. Relational databases and database interfaces. DMZ – De military zones. Access restriction. Change Management. Software (code) Escrow.
Application Security… 19 Application Life Cycle Phases Project initiation. Functional design analysis and planning. System design and specifications. Software development. Installation / implementation. Operations / maintenance. Disposal. Software development methods Waterfall method. Spiral method. Joint analysis development. Rapid application development. Clean room development.
Application Security – Quick Test 1. An attack is a… a. Vulnerability b. Threat c. Technique d. Compromise 2. Encapsulation is a … a. Wrapper b. Threat c. Software application d. Class 20
Business Continuity and Disaster Recovery Plan  Checklist review  Structured walk-through  Simulation test  Parallel test  Full interruption test 21 The goal of disaster recovery is to minimize the effects of a disaster and take the necessary steps to ensure that the critical resources, personnel, and business processes are able to resume operation in a timely manner. The goal of business continuity planning is to provide methods and procedures for dealing with longer-term outages and disasters to ensure business is back to normal. Business Impact Analysis (BIA) is the crucial first step for business continuity and disaster recovery planning. This encompasses a detailed risk assessment and risk analysis. Qualitative and quantitative information needed to gathered and then properly analyzed and interpreted. Phases of plan development : Phases of plan implementation:  Identify business critical resources  Estimate potential disasters  Selecting planning strategies  Implementing strategies  Testing and revising the plan
Business Continuity and Disaster Recovery Plan – Quick test 22 1. The primary focus of the Business Continuity Plan is… a. Integrity b. Authenticity c. Availability d. Business growth 2. The Recovery Point Objective (RPO) estimates… a. The timeframe within which to resume operations b. The data recovery point c. The resources required for business continuity d. The time required to develop a BCP
Cryptography 23 Cryptography is a method of storing and transmitting data in a form that only those it is intended for can read and process. It is considered a science of protecting information by encoding it into an unreadable format. Goal of Cryptosystems: Confidentiality : Unauthorized parties cannot access the information. Authenticity : Validating the source of the message to ensure that the sender is properly identified. Integrity : Provides an assurance that the data was not modified during transmission. Nonrepudiation : Prevents the denial of actions by sender and receiver. Cryptographic Standards: Encryption, Hashing, Digital Signatures, PKI. Common Cryptography Systems: TLS, SET, IPSec, PGP, S/MIME, SSH, S-HTTP, Kerberos, Steganography, Digital Watermarking, SecureID, WAP, WPA, WEP. The goal of designing an encryption technology is to make compromising it too expensive or too time consuming.
Cryptography – Quick Test 1. IEEE 802.11 is a set of standards for … a. Wired Local Area Network b. Hyper Text Transport Protocol c. Secure Transport Layer d. Wireless Local Area Network 2. Steganography is a… a. Public Key Infrastructure b. Private Key c. Concealing Message d. Watermarking 24
Information Security and Risk Management Information Security and Risk Management are analogous to each other. Information security is to preserve CIA of organizational assets. Risk Management is to identify the threats and vulnerabilities that could impact the information security and devise suitable controls to mitigate these risks. 25 To ensure that information and vital services are accessible for use when required. To ensure the accuracy and completeness of information to protect university business processes. To ensure protection against unauthorized access to or use of confidential information. transmission
Information Security and Risk Management - 90/10 Rule Process Technology People 26 10% 90%
Information Security and Risk Management – Quick Test 1. In order to have an effective security within the organization, it is important that the people or personnel are aware of… a. Security requirements b. Security policies and procedures c. Roles and responsibilities d. All of the above 2. Which one of the following is a common type of classification in Government as well as private/public sector organizations? a. Top secret b. Confidential c. Unclassified d. Public 27
Legal, Regulations, Compliance, and Investigation 28 IT is need to be aware of various legal and regulatory requirements pertaining to the ethical usage of computers, compliance frameworks across the world, and investigative mechanisms to identify, protect, and preserve any evidence from computer crimes. The law and regulations depend on the state or country of operation. Laws are usually based on ethics and are put in place to ensure that others act in an ethical way. MOM of a Crime: Motive is the “Who” and “Why” of a crime. Opportunity is the “where” and “when” of a crime. Means is the capabilities a criminal would need to be successful. Some common types of computer crimes: Salami – Small crimes with the hope that the larger crime will go unnoticed. Data diddling – Alteration of existing data. Password sniffing – Sniff network traffic for passwords. IP Spoofing – Changing the attackers IP. Emanations capturing – Capturing electrical pulses and making meaning from them. Social reengineering – Faking somebody’s identity.
Legal, Regulations, Compliance, and Investigation… 29 Assets that Organizations are trying to protect: Intellectual Property Trade Secrets Copyrights Trademark Patents Software piracy Privacy Some Acts you will come across: Health Insurance Portability and Accountability Act Sarbanes-Oxley Act (SOX) 2001 Gramm-Leach-Bliley Act (GLBA) 1999 Data Protection Act (DPA) Computer Fraud and Abuse Act Federal Privacy Act 1972
Legal, Regulations, Compliance, and Investigation – Quick Test 1. Cyber Crime is using… a. Communication networks to perpetrate crime b. Phishing techniques c. Spam emails d. Unauthorized access 2. The primary objective of a Denial-of-Service attack is to… a. Authenticity b. Availability c. Authorization d. Access Control 30
Operations Security 31 Operational security has to do with keeping up with implemented solutions, keeping track of changes, properly maintaining systems, continually enforcing necessary standards and following through with security practices and tasks. This includes the continual maintenance of an environment and the activities that should take place on a day-to-day basis. Administrative Management Separation of duties. Rotation of duties / Job rotation. Least privilege access / shared access. Mandatory vacations. Accountability Access revalidation. Health checks. Capturing and monitoring audit logs. Auditing.
Operations Security… 32 Security Operations and Product Evaluation Operational assurance. Life cycle assurance. Change Management Control Request for change. Change approval. Change documentation. Change testing and presented. Change implementation. Change reporting. Media Controls : Media management “cradle to grave”. System Controls : Selected tasks can be performed only by “elevated access”. Trusted Recovery : System reboots and restarts. Input and Output Controls : Garbage In, Garbage Out.
Operations Security – Quick Test 1. A systematic and procedural way of managing incidents in known as… a. Configuration management b. Incident management c. Change management d. System management 2. If an event could possibly violate information security, then such an event is known as … a. Problem b. Confidentiality breach c. Incident d. Integrity breach 33
Physical (Environmental) Security 34 Physical and Environmental security encompasses a different set of threats, vulnerabilities and risks than the other types of security. Physical security mechanisms include site design and layout, environmental components, emergency response readiness, training, access control, intrusion detection, and power and fire protection. Physical security mechanisms protect people, data, equipment, systems, facilities and a long list of company assets. Type of threats:  Natural Environment : Floods, earthquake, storms, etc.  Supply System : Power distribution outages, interruptions, etc.  Man made : Unauthorized access, employee error and accidents, damage, etc.  Politically motivated : Strikes, riots, civil disobedience, etc. Solutions are planned and designed for:  Prevention  Detection  Suppression / Response
35
Physical (Environmental) Security – Quick Test 1. Which of the following needs to be considered while designing controls for physical security… a. Physical facility b. Geographic location c. Supporting facilities d. All of the above 2. Evacuation procedures should primarily address… a. Network b. Furniture c. People d. Computers 36
Security Architecture and Design 37 Two fundamental concepts in computers and information security are Policy and Security Model. While the Policy outlines how data is accessed, the level of security required and the actions that need to be taken when the requirements are not met, the Security Model is a statement that outlines the requirements necessary to properly support and implement the policy. Architecture defines how they are implemented. Some basic security models: Bell-LaPadula: [Protects Confidentiality] A subject cannot read data at a higher security level, a subject cannot write data to a lower security level, a subject that has read & write capability can perform these functions at the same security level. Biba: [Protects Integrity] A subject cannot read data at a lower security level, a subject cannot modify data to a higher security level, a subject cannot modify an object in a higher integrity level. Clark Wilson: Subjects can only access objects through authorized programs , separation of duties is enforced and auditing is required.
Security Architecture and Design – Quick Test 1. A trusted computer system should have… a. A well-defined security policy b. Accountability c. Assurance mechanisms d. All the above three 2. A security label is NOT… a. A classification mechanism b. A labeling of low, medium, high based on security c. A computer model d. Used for defining protection mechanisms 38
Telecommunications and Network Security 39 IT deals with the security of voice and data communications through local area, wide area, and remote access networking. The electrical transmission of data amongst systems, whether through analog, digital or wireless transmission types, various devices, software and protocols.
Telecommunication and Network Security – Quick Test 1. A protocol is a … a. Data encryption standard b. Layered architecture c. Communication standard d. Data link 2. The Internet Protocol (IP) operates in the … a. Physical layer b. Network layer c. Application layer d. Communication layer 40
The three steps to Success 1. Think about Security. 2. Do something (while still thinking about Security). 3. Continue to think about Security. Security cannot be afterthought. Do your best. Adopt good practices else trust in God! 41
10 Essentials of Security 1. THINK before you click. 2. Protect passwords. 3. Know if your job requires higher security standards. 4. Register all computers and devices used for business. 5. Connect to networks safely. 6. Manage and store client and company data securely. 7. Backup and encrypt data wherever it’s stored. 8. Keep your security settings and software up to date. 9. Manage your online privacy settings and THINK before sharing information. 10.Report security incidents immediately. 42
What to do for Security? (No more No less) • Make security a headline everyday. • ManageMenTactfully, Totally, Thoughtfully, Talkatively, Task fully, Thankfully, with respect to Trust, Time, Technology. • Communicate, Follow-up, Document, and Update. • Lead by example. • Expect unexpected. • Respond promptly but thoughtfully. Avoid reaction. • Delegate however empower and support. 43
Resources: • National Institute of Standards and Technology (NIST) – www.nist.gov • http://www.sourcesecurity.com/ • National Vulnerability Database http://web.nvd.nist.gov/view/vuln/search • Department of Electronics and Information Technology http://deity.gov.in/ • Latest IT News and Articles http://www.informationweek.in/home.aspx • IT Security Experts https://www.isc2.org/ • Information Systems Audit and Control Association http://www.isaca.org/about-isaca/Pages/default.aspx • https://www.us-cert.gov/about-us • https://www.nist.gov/ • https://www.cisecurity.org/ 44
Homework An ISF Threat Horizon Report 2019-2021: Recommended read at your leisure time 45 ISF_Threat Horizon 2021_Report.pdf
Summary  Why security is important and what are the sources of compromise.  Four virtues and eight rules of security.  What is information security, CIA and BIA.  Common security definitions and terms. 10 Security domains by (ISC)2.  3 Steps for success in security.  What to do for security. 46
THANK YOU for Watching Securely! 47
Ad

Recommended

Introduction to Information Security
Introduction to Information Security Introduction to Information Security
Introduction to Information Security
Shreedevi Tharanidharan
 
Data breach presentation
Data breach presentationData breach presentation
Data breach presentation
Bradford Bach
 
Information security
Information securityInformation security
Information security
LJ PROJECTS
 
Physical Security Assessments
Physical Security AssessmentsPhysical Security Assessments
Physical Security Assessments
Tom Eston
 
Cybersecurity Basics - Aravindr.com
Cybersecurity Basics - Aravindr.comCybersecurity Basics - Aravindr.com
Cybersecurity Basics - Aravindr.com
Aravind R
 
INFORMATION SECURITY
INFORMATION SECURITYINFORMATION SECURITY
INFORMATION SECURITY
Ahmed Moussa
 
Security Automation and Machine Learning
Security Automation and Machine LearningSecurity Automation and Machine Learning
Security Automation and Machine Learning
Siemplify
 
Introduction to Incident Response Management
Introduction to Incident Response ManagementIntroduction to Incident Response Management
Introduction to Incident Response Management
Don Caeiro
 
Physical Security Presentation
Physical Security PresentationPhysical Security Presentation
Physical Security Presentation
Wajahat Rajab
 
Cyber Security
Cyber SecurityCyber Security
Cyber Security
Ramiro Cid
 
Data breach
Data breachData breach
Data breach
Burhan Ahmed
 
Information Security Principles - Access Control
Information Security Principles - Access ControlInformation Security Principles - Access Control
Information Security Principles - Access Control
idingolay
 
Security Policies and Standards
Security Policies and StandardsSecurity Policies and Standards
Security Policies and Standards
primeteacher32
 
Information security threats
Information security threatsInformation security threats
Information security threats
complianceonline123
 
Sensitive Data Exposure
Sensitive Data ExposureSensitive Data Exposure
Sensitive Data Exposure
abodiford
 
Cyber Security Governance
Cyber Security GovernanceCyber Security Governance
Cyber Security Governance
Priyanka Aash
 
Introduction To Information Security
Introduction To Information SecurityIntroduction To Information Security
Introduction To Information Security
belsis
 
protection & security of e-commerce ...
protection & security of e-commerce ...protection & security of e-commerce ...
protection & security of e-commerce ...
Rishav Gupta
 
1. security management practices
1. security management practices1. security management practices
1. security management practices
7wounders
 
Build an Information Security Strategy
Build an Information Security StrategyBuild an Information Security Strategy
Build an Information Security Strategy
Andrew Byers
 
Social engineering attacks
Social engineering attacksSocial engineering attacks
Social engineering attacks
Ramiro Cid
 
Information Security Risk Management
Information Security Risk Management Information Security Risk Management
Information Security Risk Management
Ersoy AKSOY
 
INFORMATION SECURITY SYSTEM
INFORMATION SECURITY SYSTEMINFORMATION SECURITY SYSTEM
INFORMATION SECURITY SYSTEM
ANAND MURALI
 
02 Legal, Ethical, and Professional Issues in Information Security
02 Legal, Ethical, and Professional Issues in Information Security02 Legal, Ethical, and Professional Issues in Information Security
02 Legal, Ethical, and Professional Issues in Information Security
sappingtonkr
 
Security policies
Security policiesSecurity policies
Security policies
Nishant Pahad
 
End-User Security Awareness
End-User Security AwarenessEnd-User Security Awareness
End-User Security Awareness
Surya Bathulapalli
 
Data and Message Security
Data and Message SecurityData and Message Security
Data and Message Security
Nrapesh Shah
 
What is Network Security?
What is Network Security?What is Network Security?
What is Network Security?
Faith Zeller
 
Top Cyber Security Interview Questions and Answers 2022.pdf
Top Cyber Security Interview Questions and Answers 2022.pdfTop Cyber Security Interview Questions and Answers 2022.pdf
Top Cyber Security Interview Questions and Answers 2022.pdf
Careerera
 
SAM05_Barber PW (7-9-15)
SAM05_Barber PW (7-9-15)SAM05_Barber PW (7-9-15)
SAM05_Barber PW (7-9-15)
Norm Barber
 
Ad

More Related Content

What's hot (20)

Physical Security Presentation
Physical Security PresentationPhysical Security Presentation
Physical Security Presentation
Wajahat Rajab
 
Cyber Security
Cyber SecurityCyber Security
Cyber Security
Ramiro Cid
 
Data breach
Data breachData breach
Data breach
Burhan Ahmed
 
Information Security Principles - Access Control
Information Security Principles - Access ControlInformation Security Principles - Access Control
Information Security Principles - Access Control
idingolay
 
Security Policies and Standards
Security Policies and StandardsSecurity Policies and Standards
Security Policies and Standards
primeteacher32
 
Information security threats
Information security threatsInformation security threats
Information security threats
complianceonline123
 
Sensitive Data Exposure
Sensitive Data ExposureSensitive Data Exposure
Sensitive Data Exposure
abodiford
 
Cyber Security Governance
Cyber Security GovernanceCyber Security Governance
Cyber Security Governance
Priyanka Aash
 
Introduction To Information Security
Introduction To Information SecurityIntroduction To Information Security
Introduction To Information Security
belsis
 
protection & security of e-commerce ...
protection & security of e-commerce ...protection & security of e-commerce ...
protection & security of e-commerce ...
Rishav Gupta
 
1. security management practices
1. security management practices1. security management practices
1. security management practices
7wounders
 
Build an Information Security Strategy
Build an Information Security StrategyBuild an Information Security Strategy
Build an Information Security Strategy
Andrew Byers
 
Social engineering attacks
Social engineering attacksSocial engineering attacks
Social engineering attacks
Ramiro Cid
 
Information Security Risk Management
Information Security Risk Management Information Security Risk Management
Information Security Risk Management
Ersoy AKSOY
 
INFORMATION SECURITY SYSTEM
INFORMATION SECURITY SYSTEMINFORMATION SECURITY SYSTEM
INFORMATION SECURITY SYSTEM
ANAND MURALI
 
02 Legal, Ethical, and Professional Issues in Information Security
02 Legal, Ethical, and Professional Issues in Information Security02 Legal, Ethical, and Professional Issues in Information Security
02 Legal, Ethical, and Professional Issues in Information Security
sappingtonkr
 
Security policies
Security policiesSecurity policies
Security policies
Nishant Pahad
 
End-User Security Awareness
End-User Security AwarenessEnd-User Security Awareness
End-User Security Awareness
Surya Bathulapalli
 
Data and Message Security
Data and Message SecurityData and Message Security
Data and Message Security
Nrapesh Shah
 
What is Network Security?
What is Network Security?What is Network Security?
What is Network Security?
Faith Zeller
 
Physical Security Presentation
Physical Security PresentationPhysical Security Presentation
Physical Security Presentation
Wajahat Rajab
 
Cyber Security
Cyber SecurityCyber Security
Cyber Security
Ramiro Cid
 
Data breach
Data breachData breach
Data breach
Burhan Ahmed
 
Information Security Principles - Access Control
Information Security Principles - Access ControlInformation Security Principles - Access Control
Information Security Principles - Access Control
idingolay
 
Security Policies and Standards
Security Policies and StandardsSecurity Policies and Standards
Security Policies and Standards
primeteacher32
 
Information security threats
Information security threatsInformation security threats
Information security threats
complianceonline123
 
Sensitive Data Exposure
Sensitive Data ExposureSensitive Data Exposure
Sensitive Data Exposure
abodiford
 
Cyber Security Governance
Cyber Security GovernanceCyber Security Governance
Cyber Security Governance
Priyanka Aash
 
Introduction To Information Security
Introduction To Information SecurityIntroduction To Information Security
Introduction To Information Security
belsis
 
protection & security of e-commerce ...
protection & security of e-commerce ...protection & security of e-commerce ...
protection & security of e-commerce ...
Rishav Gupta
 
1. security management practices
1. security management practices1. security management practices
1. security management practices
7wounders
 
Build an Information Security Strategy
Build an Information Security StrategyBuild an Information Security Strategy
Build an Information Security Strategy
Andrew Byers
 
Social engineering attacks
Social engineering attacksSocial engineering attacks
Social engineering attacks
Ramiro Cid
 
Information Security Risk Management
Information Security Risk Management Information Security Risk Management
Information Security Risk Management
Ersoy AKSOY
 
INFORMATION SECURITY SYSTEM
INFORMATION SECURITY SYSTEMINFORMATION SECURITY SYSTEM
INFORMATION SECURITY SYSTEM
ANAND MURALI
 
02 Legal, Ethical, and Professional Issues in Information Security
02 Legal, Ethical, and Professional Issues in Information Security02 Legal, Ethical, and Professional Issues in Information Security
02 Legal, Ethical, and Professional Issues in Information Security
sappingtonkr
 
Security policies
Security policiesSecurity policies
Security policies
Nishant Pahad
 
End-User Security Awareness
End-User Security AwarenessEnd-User Security Awareness
End-User Security Awareness
Surya Bathulapalli
 
Data and Message Security
Data and Message SecurityData and Message Security
Data and Message Security
Nrapesh Shah
 
What is Network Security?
What is Network Security?What is Network Security?
What is Network Security?
Faith Zeller
 

Similar to Information Technology Security Basics (20)

Top Cyber Security Interview Questions and Answers 2022.pdf
Top Cyber Security Interview Questions and Answers 2022.pdfTop Cyber Security Interview Questions and Answers 2022.pdf
Top Cyber Security Interview Questions and Answers 2022.pdf
Careerera
 
SAM05_Barber PW (7-9-15)
SAM05_Barber PW (7-9-15)SAM05_Barber PW (7-9-15)
SAM05_Barber PW (7-9-15)
Norm Barber
 
CyberCore – Security Essentials_ Protecting Your Digital World.docx
CyberCore – Security Essentials_ Protecting Your Digital World.docxCyberCore – Security Essentials_ Protecting Your Digital World.docx
CyberCore – Security Essentials_ Protecting Your Digital World.docx
Oscp Training
 
Ethical hacking a licence to hack
Ethical hacking a licence to hackEthical hacking a licence to hack
Ethical hacking a licence to hack
amrutharam
 
Cyber Security Analyst Interview Questions: Download our white paper
Cyber Security Analyst Interview Questions: Download our white paperCyber Security Analyst Interview Questions: Download our white paper
Cyber Security Analyst Interview Questions: Download our white paper
InfosecTrain
 
𝐓𝐨𝐩 𝐂𝐲𝐛𝐞𝐫𝐬𝐞𝐜𝐮𝐫𝐢𝐭𝐲 𝐀𝐧𝐚𝐥𝐲𝐬𝐭 𝐈𝐧𝐭𝐞𝐫𝐯𝐢𝐞𝐰 𝐐𝐮𝐞𝐬𝐭𝐢𝐨𝐧𝐬: 𝐃𝐨𝐰𝐧𝐥𝐨𝐚𝐝 𝐎𝐮𝐫 𝗪𝗵𝗶𝘁𝗲 𝗣𝗮𝗽𝗲𝗿!
𝐓𝐨𝐩 𝐂𝐲𝐛𝐞𝐫𝐬𝐞𝐜𝐮𝐫𝐢𝐭𝐲 𝐀𝐧𝐚𝐥𝐲𝐬𝐭 𝐈𝐧𝐭𝐞𝐫𝐯𝐢𝐞𝐰 𝐐𝐮𝐞𝐬𝐭𝐢𝐨𝐧𝐬: 𝐃𝐨𝐰𝐧𝐥𝐨𝐚𝐝 𝐎𝐮𝐫 𝗪𝗵𝗶𝘁𝗲 𝗣𝗮𝗽𝗲𝗿!𝐓𝐨𝐩 𝐂𝐲𝐛𝐞𝐫𝐬𝐞𝐜𝐮𝐫𝐢𝐭𝐲 𝐀𝐧𝐚𝐥𝐲𝐬𝐭 𝐈𝐧𝐭𝐞𝐫𝐯𝐢𝐞𝐰 𝐐𝐮𝐞𝐬𝐭𝐢𝐨𝐧𝐬: 𝐃𝐨𝐰𝐧𝐥𝐨𝐚𝐝 𝐎𝐮𝐫 𝗪𝗵𝗶𝘁𝗲 𝗣𝗮𝗽𝗲𝗿!
𝐓𝐨𝐩 𝐂𝐲𝐛𝐞𝐫𝐬𝐞𝐜𝐮𝐫𝐢𝐭𝐲 𝐀𝐧𝐚𝐥𝐲𝐬𝐭 𝐈𝐧𝐭𝐞𝐫𝐯𝐢𝐞𝐰 𝐐𝐮𝐞𝐬𝐭𝐢𝐨𝐧𝐬: 𝐃𝐨𝐰𝐧𝐥𝐨𝐚𝐝 𝐎𝐮𝐫 𝗪𝗵𝗶𝘁𝗲 𝗣𝗮𝗽𝗲𝗿!
Mansi Kandari
 
Cybersecurity Analyst Interview Questions for 2024.pdf
Cybersecurity Analyst Interview Questions for 2024.pdfCybersecurity Analyst Interview Questions for 2024.pdf
Cybersecurity Analyst Interview Questions for 2024.pdf
infosec train
 
Top Cybersecurity Analyst Interview Questions: Download InfosecTrain’s White ...
Top Cybersecurity Analyst Interview Questions: Download InfosecTrain’s White ...Top Cybersecurity Analyst Interview Questions: Download InfosecTrain’s White ...
Top Cybersecurity Analyst Interview Questions: Download InfosecTrain’s White ...
infosecTrain
 
InfosecTrain Cybersecurity Analyst Interview Questions
InfosecTrain Cybersecurity Analyst Interview QuestionsInfosecTrain Cybersecurity Analyst Interview Questions
InfosecTrain Cybersecurity Analyst Interview Questions
priyanshamadhwal2
 
Cyber Security Interview Analyst Questions.pdf
Cyber Security Interview Analyst Questions.pdfCyber Security Interview Analyst Questions.pdf
Cyber Security Interview Analyst Questions.pdf
InfosecTrain
 
Cybersecurity Analyst Interview Questions.pdf
Cybersecurity Analyst Interview Questions.pdfCybersecurity Analyst Interview Questions.pdf
Cybersecurity Analyst Interview Questions.pdf
infosec train
 
Cybersecurity Analyst Interview Questions and Answers.pdf
Cybersecurity Analyst Interview Questions and Answers.pdfCybersecurity Analyst Interview Questions and Answers.pdf
Cybersecurity Analyst Interview Questions and Answers.pdf
infosecTrain
 
Cybersecurity Analyst Interview Questions By InfosecTrain
Cybersecurity Analyst Interview Questions By InfosecTrainCybersecurity Analyst Interview Questions By InfosecTrain
Cybersecurity Analyst Interview Questions By InfosecTrain
priyanshamadhwal2
 
Law Firm Cybersecurity: Practical Tips for Protecting Your Data
Law Firm Cybersecurity: Practical Tips for Protecting Your DataLaw Firm Cybersecurity: Practical Tips for Protecting Your Data
Law Firm Cybersecurity: Practical Tips for Protecting Your Data
Accellis Technology Group
 
Cyber Security vs.pdf
Cyber Security vs.pdfCyber Security vs.pdf
Cyber Security vs.pdf
Ming Man Chan
 
Your Skill Boost Masterclass Online Safety and Cybersecurity Tips
Your Skill Boost Masterclass Online Safety and Cybersecurity TipsYour Skill Boost Masterclass Online Safety and Cybersecurity Tips
Your Skill Boost Masterclass Online Safety and Cybersecurity Tips
Excellence Foundation for South Sudan
 
Cyber security for Developers
Cyber security for DevelopersCyber security for Developers
Cyber security for Developers
techtutorus
 
CyberSecurity Services and Why Cybersecurity is required
CyberSecurity Services and Why Cybersecurity is requiredCyberSecurity Services and Why Cybersecurity is required
CyberSecurity Services and Why Cybersecurity is required
RakeshSingh267520
 
Information Systems.pptx
Information Systems.pptxInformation Systems.pptx
Information Systems.pptx
KnownId
 
What Is Cyber Threat Intelligence | How It Work? | SOCVault
What Is Cyber Threat Intelligence | How It Work? | SOCVaultWhat Is Cyber Threat Intelligence | How It Work? | SOCVault
What Is Cyber Threat Intelligence | How It Work? | SOCVault
SOCVault
 
Top Cyber Security Interview Questions and Answers 2022.pdf
Top Cyber Security Interview Questions and Answers 2022.pdfTop Cyber Security Interview Questions and Answers 2022.pdf
Top Cyber Security Interview Questions and Answers 2022.pdf
Careerera
 
SAM05_Barber PW (7-9-15)
SAM05_Barber PW (7-9-15)SAM05_Barber PW (7-9-15)
SAM05_Barber PW (7-9-15)
Norm Barber
 
CyberCore – Security Essentials_ Protecting Your Digital World.docx
CyberCore – Security Essentials_ Protecting Your Digital World.docxCyberCore – Security Essentials_ Protecting Your Digital World.docx
CyberCore – Security Essentials_ Protecting Your Digital World.docx
Oscp Training
 
Ethical hacking a licence to hack
Ethical hacking a licence to hackEthical hacking a licence to hack
Ethical hacking a licence to hack
amrutharam
 
Cyber Security Analyst Interview Questions: Download our white paper
Cyber Security Analyst Interview Questions: Download our white paperCyber Security Analyst Interview Questions: Download our white paper
Cyber Security Analyst Interview Questions: Download our white paper
InfosecTrain
 
𝐓𝐨𝐩 𝐂𝐲𝐛𝐞𝐫𝐬𝐞𝐜𝐮𝐫𝐢𝐭𝐲 𝐀𝐧𝐚𝐥𝐲𝐬𝐭 𝐈𝐧𝐭𝐞𝐫𝐯𝐢𝐞𝐰 𝐐𝐮𝐞𝐬𝐭𝐢𝐨𝐧𝐬: 𝐃𝐨𝐰𝐧𝐥𝐨𝐚𝐝 𝐎𝐮𝐫 𝗪𝗵𝗶𝘁𝗲 𝗣𝗮𝗽𝗲𝗿!
𝐓𝐨𝐩 𝐂𝐲𝐛𝐞𝐫𝐬𝐞𝐜𝐮𝐫𝐢𝐭𝐲 𝐀𝐧𝐚𝐥𝐲𝐬𝐭 𝐈𝐧𝐭𝐞𝐫𝐯𝐢𝐞𝐰 𝐐𝐮𝐞𝐬𝐭𝐢𝐨𝐧𝐬: 𝐃𝐨𝐰𝐧𝐥𝐨𝐚𝐝 𝐎𝐮𝐫 𝗪𝗵𝗶𝘁𝗲 𝗣𝗮𝗽𝗲𝗿!𝐓𝐨𝐩 𝐂𝐲𝐛𝐞𝐫𝐬𝐞𝐜𝐮𝐫𝐢𝐭𝐲 𝐀𝐧𝐚𝐥𝐲𝐬𝐭 𝐈𝐧𝐭𝐞𝐫𝐯𝐢𝐞𝐰 𝐐𝐮𝐞𝐬𝐭𝐢𝐨𝐧𝐬: 𝐃𝐨𝐰𝐧𝐥𝐨𝐚𝐝 𝐎𝐮𝐫 𝗪𝗵𝗶𝘁𝗲 𝗣𝗮𝗽𝗲𝗿!
𝐓𝐨𝐩 𝐂𝐲𝐛𝐞𝐫𝐬𝐞𝐜𝐮𝐫𝐢𝐭𝐲 𝐀𝐧𝐚𝐥𝐲𝐬𝐭 𝐈𝐧𝐭𝐞𝐫𝐯𝐢𝐞𝐰 𝐐𝐮𝐞𝐬𝐭𝐢𝐨𝐧𝐬: 𝐃𝐨𝐰𝐧𝐥𝐨𝐚𝐝 𝐎𝐮𝐫 𝗪𝗵𝗶𝘁𝗲 𝗣𝗮𝗽𝗲𝗿!
Mansi Kandari
 
Cybersecurity Analyst Interview Questions for 2024.pdf
Cybersecurity Analyst Interview Questions for 2024.pdfCybersecurity Analyst Interview Questions for 2024.pdf
Cybersecurity Analyst Interview Questions for 2024.pdf
infosec train
 
Top Cybersecurity Analyst Interview Questions: Download InfosecTrain’s White ...
Top Cybersecurity Analyst Interview Questions: Download InfosecTrain’s White ...Top Cybersecurity Analyst Interview Questions: Download InfosecTrain’s White ...
Top Cybersecurity Analyst Interview Questions: Download InfosecTrain’s White ...
infosecTrain
 
InfosecTrain Cybersecurity Analyst Interview Questions
InfosecTrain Cybersecurity Analyst Interview QuestionsInfosecTrain Cybersecurity Analyst Interview Questions
InfosecTrain Cybersecurity Analyst Interview Questions
priyanshamadhwal2
 
Cyber Security Interview Analyst Questions.pdf
Cyber Security Interview Analyst Questions.pdfCyber Security Interview Analyst Questions.pdf
Cyber Security Interview Analyst Questions.pdf
InfosecTrain
 
Cybersecurity Analyst Interview Questions.pdf
Cybersecurity Analyst Interview Questions.pdfCybersecurity Analyst Interview Questions.pdf
Cybersecurity Analyst Interview Questions.pdf
infosec train
 
Cybersecurity Analyst Interview Questions and Answers.pdf
Cybersecurity Analyst Interview Questions and Answers.pdfCybersecurity Analyst Interview Questions and Answers.pdf
Cybersecurity Analyst Interview Questions and Answers.pdf
infosecTrain
 
Cybersecurity Analyst Interview Questions By InfosecTrain
Cybersecurity Analyst Interview Questions By InfosecTrainCybersecurity Analyst Interview Questions By InfosecTrain
Cybersecurity Analyst Interview Questions By InfosecTrain
priyanshamadhwal2
 
Law Firm Cybersecurity: Practical Tips for Protecting Your Data
Law Firm Cybersecurity: Practical Tips for Protecting Your DataLaw Firm Cybersecurity: Practical Tips for Protecting Your Data
Law Firm Cybersecurity: Practical Tips for Protecting Your Data
Accellis Technology Group
 
Cyber Security vs.pdf
Cyber Security vs.pdfCyber Security vs.pdf
Cyber Security vs.pdf
Ming Man Chan
 
Your Skill Boost Masterclass Online Safety and Cybersecurity Tips
Your Skill Boost Masterclass Online Safety and Cybersecurity TipsYour Skill Boost Masterclass Online Safety and Cybersecurity Tips
Your Skill Boost Masterclass Online Safety and Cybersecurity Tips
Excellence Foundation for South Sudan
 
Cyber security for Developers
Cyber security for DevelopersCyber security for Developers
Cyber security for Developers
techtutorus
 
CyberSecurity Services and Why Cybersecurity is required
CyberSecurity Services and Why Cybersecurity is requiredCyberSecurity Services and Why Cybersecurity is required
CyberSecurity Services and Why Cybersecurity is required
RakeshSingh267520
 
Information Systems.pptx
Information Systems.pptxInformation Systems.pptx
Information Systems.pptx
KnownId
 
What Is Cyber Threat Intelligence | How It Work? | SOCVault
What Is Cyber Threat Intelligence | How It Work? | SOCVaultWhat Is Cyber Threat Intelligence | How It Work? | SOCVault
What Is Cyber Threat Intelligence | How It Work? | SOCVault
SOCVault
 
Ad

Recently uploaded (20)

The Resurgence of US Industrial Policy - 2024 Babbage Forum
The Resurgence of US Industrial Policy - 2024 Babbage ForumThe Resurgence of US Industrial Policy - 2024 Babbage Forum
The Resurgence of US Industrial Policy - 2024 Babbage Forum
David Teece
 
ANIn Pune April 2025 | The Era of AI Driven Engineering Excellence by Vishal ...
ANIn Pune April 2025 | The Era of AI Driven Engineering Excellence by Vishal ...ANIn Pune April 2025 | The Era of AI Driven Engineering Excellence by Vishal ...
ANIn Pune April 2025 | The Era of AI Driven Engineering Excellence by Vishal ...
AgileNetwork
 
Church's Officers, 2021
Church's Officers, 2021Church's Officers, 2021
Church's Officers, 2021
Smiling Lungs
 
Mastering Risk Assessment: Key Principles & Practical Strategies
Mastering Risk Assessment: Key Principles & Practical StrategiesMastering Risk Assessment: Key Principles & Practical Strategies
Mastering Risk Assessment: Key Principles & Practical Strategies
BAZIL KURIAKOZE
 
Knowledge Integration as Human mode of interacting
Knowledge Integration as Human mode of interactingKnowledge Integration as Human mode of interacting
Knowledge Integration as Human mode of interacting
Oliver Krone-Franken
 
M2 Slide Topic 2 - Management and Leadership Functions.pptx
M2 Slide Topic 2 - Management and Leadership Functions.pptxM2 Slide Topic 2 - Management and Leadership Functions.pptx
M2 Slide Topic 2 - Management and Leadership Functions.pptx
saufi89
 
Alfonso Kennard_ The Impact of Emotional Intelligence on Leadership Effective...
Alfonso Kennard_ The Impact of Emotional Intelligence on Leadership Effective...Alfonso Kennard_ The Impact of Emotional Intelligence on Leadership Effective...
Alfonso Kennard_ The Impact of Emotional Intelligence on Leadership Effective...
Alfonso Kennard
 
ANIn Ahmedabad April 2025 | From Backlog to Bot: The Agile Leader’s Role in H...
ANIn Ahmedabad April 2025 | From Backlog to Bot: The Agile Leader’s Role in H...ANIn Ahmedabad April 2025 | From Backlog to Bot: The Agile Leader’s Role in H...
ANIn Ahmedabad April 2025 | From Backlog to Bot: The Agile Leader’s Role in H...
AgileNetwork
 
ANIn Ahmedabad April 2025 | The Agile Leadership Compass by Hemang Patel
ANIn Ahmedabad April 2025 | The Agile Leadership Compass by Hemang PatelANIn Ahmedabad April 2025 | The Agile Leadership Compass by Hemang Patel
ANIn Ahmedabad April 2025 | The Agile Leadership Compass by Hemang Patel
AgileNetwork
 
ANIn Chennai March 2025 | Agile Living: Applying Principles for Working Women...
ANIn Chennai March 2025 | Agile Living: Applying Principles for Working Women...ANIn Chennai March 2025 | Agile Living: Applying Principles for Working Women...
ANIn Chennai March 2025 | Agile Living: Applying Principles for Working Women...
AgileNetwork
 
101 ENTERPRISE BUSINESS TRANSFORMATION CASE STUDIES_ChandanLalPatary.pdf
101 ENTERPRISE BUSINESS TRANSFORMATION CASE STUDIES_ChandanLalPatary.pdf101 ENTERPRISE BUSINESS TRANSFORMATION CASE STUDIES_ChandanLalPatary.pdf
101 ENTERPRISE BUSINESS TRANSFORMATION CASE STUDIES_ChandanLalPatary.pdf
Chandan Patary
 
Five Golden Tips for First-Time Managers.pdf
Five Golden Tips for First-Time Managers.pdfFive Golden Tips for First-Time Managers.pdf
Five Golden Tips for First-Time Managers.pdf
Groval Selectia
 
ANIn Chennai April 2025 | Beyond Automation: Crafting Purpose-Driven AI for R...
ANIn Chennai April 2025 | Beyond Automation: Crafting Purpose-Driven AI for R...ANIn Chennai April 2025 | Beyond Automation: Crafting Purpose-Driven AI for R...
ANIn Chennai April 2025 | Beyond Automation: Crafting Purpose-Driven AI for R...
AgileNetwork
 
The Last Tycoon_20250429_130924_0000.pdf
The Last Tycoon_20250429_130924_0000.pdfThe Last Tycoon_20250429_130924_0000.pdf
The Last Tycoon_20250429_130924_0000.pdf
ssmmalik619
 
Chapter 8 Leadership PPT Fundamental of Business
Chapter 8 Leadership PPT Fundamental of BusinessChapter 8 Leadership PPT Fundamental of Business
Chapter 8 Leadership PPT Fundamental of Business
Samantha682603
 
Church's Officers, 2025
Church's Officers, 2025 Church's Officers, 2025
Church's Officers, 2025
Smiling Lungs
 
October 12th, 2015
October 12th, 2015October 12th, 2015
October 12th, 2015
Smiling Lungs
 
Shane Windmeyer and The Everyday Power of Inclusion: Why DEI Begins With Us
Shane Windmeyer and The Everyday Power of Inclusion: Why DEI Begins With UsShane Windmeyer and The Everyday Power of Inclusion: Why DEI Begins With Us
Shane Windmeyer and The Everyday Power of Inclusion: Why DEI Begins With Us
Shane Windmeyer
 
1-.Teklay-EFFORT (PPT) -April-2025- Risk Mgnt Top Mgmnt -Breifing.PPTX
1-.Teklay-EFFORT (PPT) -April-2025- Risk Mgnt Top Mgmnt -Breifing.PPTX1-.Teklay-EFFORT (PPT) -April-2025- Risk Mgnt Top Mgmnt -Breifing.PPTX
1-.Teklay-EFFORT (PPT) -April-2025- Risk Mgnt Top Mgmnt -Breifing.PPTX
teklayweldegerima1
 
“Scott M. Graffius swings a wrecking ball at the farce of ‘corporate Agile co...
“Scott M. Graffius swings a wrecking ball at the farce of ‘corporate Agile co...“Scott M. Graffius swings a wrecking ball at the farce of ‘corporate Agile co...
“Scott M. Graffius swings a wrecking ball at the farce of ‘corporate Agile co...
Scott M. Graffius
 
The Resurgence of US Industrial Policy - 2024 Babbage Forum
The Resurgence of US Industrial Policy - 2024 Babbage ForumThe Resurgence of US Industrial Policy - 2024 Babbage Forum
The Resurgence of US Industrial Policy - 2024 Babbage Forum
David Teece
 
ANIn Pune April 2025 | The Era of AI Driven Engineering Excellence by Vishal ...
ANIn Pune April 2025 | The Era of AI Driven Engineering Excellence by Vishal ...ANIn Pune April 2025 | The Era of AI Driven Engineering Excellence by Vishal ...
ANIn Pune April 2025 | The Era of AI Driven Engineering Excellence by Vishal ...
AgileNetwork
 
Church's Officers, 2021
Church's Officers, 2021Church's Officers, 2021
Church's Officers, 2021
Smiling Lungs
 
Mastering Risk Assessment: Key Principles & Practical Strategies
Mastering Risk Assessment: Key Principles & Practical StrategiesMastering Risk Assessment: Key Principles & Practical Strategies
Mastering Risk Assessment: Key Principles & Practical Strategies
BAZIL KURIAKOZE
 
Knowledge Integration as Human mode of interacting
Knowledge Integration as Human mode of interactingKnowledge Integration as Human mode of interacting
Knowledge Integration as Human mode of interacting
Oliver Krone-Franken
 
M2 Slide Topic 2 - Management and Leadership Functions.pptx
M2 Slide Topic 2 - Management and Leadership Functions.pptxM2 Slide Topic 2 - Management and Leadership Functions.pptx
M2 Slide Topic 2 - Management and Leadership Functions.pptx
saufi89
 
Alfonso Kennard_ The Impact of Emotional Intelligence on Leadership Effective...
Alfonso Kennard_ The Impact of Emotional Intelligence on Leadership Effective...Alfonso Kennard_ The Impact of Emotional Intelligence on Leadership Effective...
Alfonso Kennard_ The Impact of Emotional Intelligence on Leadership Effective...
Alfonso Kennard
 
ANIn Ahmedabad April 2025 | From Backlog to Bot: The Agile Leader’s Role in H...
ANIn Ahmedabad April 2025 | From Backlog to Bot: The Agile Leader’s Role in H...ANIn Ahmedabad April 2025 | From Backlog to Bot: The Agile Leader’s Role in H...
ANIn Ahmedabad April 2025 | From Backlog to Bot: The Agile Leader’s Role in H...
AgileNetwork
 
ANIn Ahmedabad April 2025 | The Agile Leadership Compass by Hemang Patel
ANIn Ahmedabad April 2025 | The Agile Leadership Compass by Hemang PatelANIn Ahmedabad April 2025 | The Agile Leadership Compass by Hemang Patel
ANIn Ahmedabad April 2025 | The Agile Leadership Compass by Hemang Patel
AgileNetwork
 
ANIn Chennai March 2025 | Agile Living: Applying Principles for Working Women...
ANIn Chennai March 2025 | Agile Living: Applying Principles for Working Women...ANIn Chennai March 2025 | Agile Living: Applying Principles for Working Women...
ANIn Chennai March 2025 | Agile Living: Applying Principles for Working Women...
AgileNetwork
 
101 ENTERPRISE BUSINESS TRANSFORMATION CASE STUDIES_ChandanLalPatary.pdf
101 ENTERPRISE BUSINESS TRANSFORMATION CASE STUDIES_ChandanLalPatary.pdf101 ENTERPRISE BUSINESS TRANSFORMATION CASE STUDIES_ChandanLalPatary.pdf
101 ENTERPRISE BUSINESS TRANSFORMATION CASE STUDIES_ChandanLalPatary.pdf
Chandan Patary
 
Five Golden Tips for First-Time Managers.pdf
Five Golden Tips for First-Time Managers.pdfFive Golden Tips for First-Time Managers.pdf
Five Golden Tips for First-Time Managers.pdf
Groval Selectia
 
ANIn Chennai April 2025 | Beyond Automation: Crafting Purpose-Driven AI for R...
ANIn Chennai April 2025 | Beyond Automation: Crafting Purpose-Driven AI for R...ANIn Chennai April 2025 | Beyond Automation: Crafting Purpose-Driven AI for R...
ANIn Chennai April 2025 | Beyond Automation: Crafting Purpose-Driven AI for R...
AgileNetwork
 
The Last Tycoon_20250429_130924_0000.pdf
The Last Tycoon_20250429_130924_0000.pdfThe Last Tycoon_20250429_130924_0000.pdf
The Last Tycoon_20250429_130924_0000.pdf
ssmmalik619
 
Chapter 8 Leadership PPT Fundamental of Business
Chapter 8 Leadership PPT Fundamental of BusinessChapter 8 Leadership PPT Fundamental of Business
Chapter 8 Leadership PPT Fundamental of Business
Samantha682603
 
Church's Officers, 2025
Church's Officers, 2025 Church's Officers, 2025
Church's Officers, 2025
Smiling Lungs
 
October 12th, 2015
October 12th, 2015October 12th, 2015
October 12th, 2015
Smiling Lungs
 
Shane Windmeyer and The Everyday Power of Inclusion: Why DEI Begins With Us
Shane Windmeyer and The Everyday Power of Inclusion: Why DEI Begins With UsShane Windmeyer and The Everyday Power of Inclusion: Why DEI Begins With Us
Shane Windmeyer and The Everyday Power of Inclusion: Why DEI Begins With Us
Shane Windmeyer
 
1-.Teklay-EFFORT (PPT) -April-2025- Risk Mgnt Top Mgmnt -Breifing.PPTX
1-.Teklay-EFFORT (PPT) -April-2025- Risk Mgnt Top Mgmnt -Breifing.PPTX1-.Teklay-EFFORT (PPT) -April-2025- Risk Mgnt Top Mgmnt -Breifing.PPTX
1-.Teklay-EFFORT (PPT) -April-2025- Risk Mgnt Top Mgmnt -Breifing.PPTX
teklayweldegerima1
 
“Scott M. Graffius swings a wrecking ball at the farce of ‘corporate Agile co...
“Scott M. Graffius swings a wrecking ball at the farce of ‘corporate Agile co...“Scott M. Graffius swings a wrecking ball at the farce of ‘corporate Agile co...
“Scott M. Graffius swings a wrecking ball at the farce of ‘corporate Agile co...
Scott M. Graffius
 
Ad

Information Technology Security Basics

  • 2. WIIFY 1. Why Security? 2. What are the sources of compromise? 3. Four virtues of Security. 4. The 9 rules of Security. 5. What is Information Security, it’s goal and impact. 6. Common Security definitions/terms. 7. 10 Security Domains by ‘International Information Systems Security Certification Consortium’ (ISC)2. 8. 3 Steps to success in Security. 9. Resources on web. 10.What do I do as a user? 11.Q&A. 2
  • 3. Why Security? 3 • Case 1 The City of Joburg on 25 Oct night announced a breach of its network and shut down its website and all e-services as a precautionary measure. Key city systems were shut down, including online services, bill payments, and more. • Case 2 Database of Debit Card Payment System of Middle East Bank is hacked. The organized gang alters the available balances of card holders and duplicates the cards. The cash withdrawn from 17 countries is small amounts was in total US $18 Million in 2 days.
  • 4. Serious Matters We all are at risk. This statement is not meant to instill fear, but simply to properly represent the state of IT in our modern world. Security can no longer be a question. It can no longer be ignored, dismissed, or treated like thorn in our side. At any given moment, an adequate amount of security is all that stands between our precious data and that wave of relentless and talented intruders striking out at our valuable resources. “Why would anyone hack us?’ is no longer a defense, and, “Do we really need to secure ourselves?” is no longer a question. We all are targets. We all are vulnerable. We are under attack, and without security, the only questions are where and when will we be struck, and just how badly will it hurt. 4
  • 5. Don’t be so Sure! Usual pretext for not paying attention to Security. • I have antivirus installed. • I do not buy anything online. • We have nothing important stored except Client’s data. • It will never happen to me. • I am online for very short time just for checking emails. • Why someone will steal my data and what are they going to do with it. We’ll pull them in the court? 5
  • 6. IT Security Areas • Information Security • Network Security • Cyber/Internet Security • Physical Security • Application Security • Database Security • Cloud Security • Mobile Security • Telecom Security • Software Security • Storage Security • Web Security 6
  • 7. What are the sources of compromise? • Inside Job: 32% from internal employees, 28% ex-employees and partners and 50% from employees misusing access privileges. • Spyware: Most spyware comes in as direct result of user behavior. • Desktop/Laptop/Smart Devices: It’s like locking the doors and windows of the house - with the burglar still in the basement. • Put simply, to keep the burglar out of the basement, organizations need to remove the ability of employees to let the burglars in, in the first place. They need to implement tamper-proof solutions that users cannot easily evade – no matter what the external inducements. Do you know you are tracked? Big Data Analytics Organizations and Cyber criminals are watching. Install the Collusion for your browser and experience how you are tracked. 7
  • 8. The four virtues of Security 1. Daily Consideration – Security MUST be a daily consideration in every area. 2. Community Effort – Security MUST be a community effort. 3. Higher Focus – Security practices MUST maintain a generalized focus. 4. Education – Security practices MUST include some measure of training for everyone. How do we practice these virtues?  Make security a continual thought. Encourage others to be continually mindful of security. Formally include security in all new projects and project implementations.  Keep informed. Inform others. Keep up-to-date. Inform end-users. Make group- based decisions.  Learn and share the concepts. Think in terms of the bigger picture. Follow the practices of higher security. Follow the concept of the written practice.  Good software installation practices. Good awareness practice. Good web browsing practice. Good confidentiality practices. 8
  • 9. The nine rules of Security 1. Rule of Least Privilege. 2. Rule of Change. 3. Rule of Zero Trust. 4. Rule of the Weakest Link. 5. Rule of Separation. 6. Rule of the Three-Fold Process (IMM). 7. Rule of Preventive Action. 8. Rule of Immediate and Proper Response. 9. Rule of Encryption 9
  • 10. What is Information Security (InfoSec)? 10  InfoSec is the practice of defending information from unauthorized access, use, disclosure, disruption, modification, perusal, inspection, recording or destruction.  Program/Process and not a project.  Never is 100%.  Risk Management to maintain and improve Security Posture.  Changing Security Landscape.  Threats.  Countermeasures.
  • 11. GOAL and Impact of Information Security 11 GOAL - To ensure the Confidentiality, Integrity and Availability (CIA) of critical systems and confidential information. Impact due to information security failure:  Service Liability  Financial Liability  Legal Issues  Adverse impact on Image  Adverse impact on Brand  Adverse business impact
  • 12. Common Security Definitions 12 Vulnerability is a software, hardware, or procedural weakness that may provide an attacker the open door he is looking for to enter a computer or network and have unauthorized access to resources within the environment. Threat is any potential danger to information or systems. The threat is that someone or something, will identify a specific vulnerability and use it against the company or individual. Threat agent could be an intruder accessing the network through a port on the firewall, a process accessing data in a way that violates the security policy, a tornado wiping out a facility, or an employee making an unintentional mistake that could expose confidential information or destroy a file’s integrity. Risk is the likelihood of a threat agent taking advantage of a vulnerability and the corresponding business impact. Exposure is an instance of being exposed to losses from a threat agent. Countermeasure or safeguard, is put into place to mitigate the potential risk. .
  • 13. Common Security Terms • Anti-Virus - A security program that can run on a computer or mobile device and protects you by identifying and stopping the spread of malware on your system. • Drive-by Download - These attacks exploit vulnerabilities in your browser or it's plugins and helper applications when you simply surf to an attacker- controlled website. • Exploit Code that is designed to take advantage of a vulnerability. An exploit is designed to give an attacker the ability to execute additional malicious programs on the compromised system. • Firewall - A security program that filters inbound and outbound network connections. • Malware Stands for 'malicious software'. It is any type of code or program cyber attackers use to perform malicious actions. • Patch is an update to a vulnerable program or system. • Phishing is a social engineering technique where cyber attackers attempt to fool you into taking an action in response to an email. 13
  • 15. Security Domains - (ISC)2 15 1. Access Control. 2. Application Security. 3. Business Continuity and Disaster Recovery Planning. 4. Cryptography. 5. Information Security and Risk Management. 6. Legal, Regulations, Compliance, and Investigations. 7. Operations Security. 8. Physical (Environmental) Security. 9. Security Models and Architecture. 10. Telecommunications and Network Security.
  • 16. Access Control Access controls are security features that control how users and systems communicate and interact with other systems and resources. They protect the systems and resources from unauthorized access and can be components that participate in determining the level of authorization after an authentication procedure has successfully completed. Aim of Access Controls:  Identification : Method of establishing the subject (e.g. Username, any other public information, systems, etc). Authentication : Method of proving ones identify (e.g. use of biometric, passphrase token, private information, etc). Authorization : Determines that the proven identity has some set of characteristics associated with it that gives it the right to access the requested resources. Access Control Models: DAC, MAC, RBAC. Access Control Layers: Administrative, Physical, Technical/Logical. 16
  • 17. Access Control – Quick Test 1. The basic functionality of a malicious code is to… a. Upgrade the operating system b. Execute itself in the client system c. Spoof d. Denial of Service 2. What is AAA of access control system? a. Access, Accept and Apply. b. Authorization, Authentication and Accountability. c. Authentication, Authorization and Accountability. d. Application, Acceptance and Approval. 17
  • 18. Application Security 18 Applications are usually developed with functionality in mind and not security. Security and Functionality need to be incorporated during design and development. Both application and environment controls need to be used to ensure application security. ‘Security by Design’ should be the mantra for robust and secure applications. Application Controls Data modeling. Object oriented programming. Reusable and disturbed codes. Client/ Server Model. Data Types, Format and Length. Environment Controls Database modeling / Database management. Relational databases and database interfaces. DMZ – De military zones. Access restriction. Change Management. Software (code) Escrow.
  • 19. Application Security… 19 Application Life Cycle Phases Project initiation. Functional design analysis and planning. System design and specifications. Software development. Installation / implementation. Operations / maintenance. Disposal. Software development methods Waterfall method. Spiral method. Joint analysis development. Rapid application development. Clean room development.
  • 20. Application Security – Quick Test 1. An attack is a… a. Vulnerability b. Threat c. Technique d. Compromise 2. Encapsulation is a … a. Wrapper b. Threat c. Software application d. Class 20
  • 21. Business Continuity and Disaster Recovery Plan  Checklist review  Structured walk-through  Simulation test  Parallel test  Full interruption test 21 The goal of disaster recovery is to minimize the effects of a disaster and take the necessary steps to ensure that the critical resources, personnel, and business processes are able to resume operation in a timely manner. The goal of business continuity planning is to provide methods and procedures for dealing with longer-term outages and disasters to ensure business is back to normal. Business Impact Analysis (BIA) is the crucial first step for business continuity and disaster recovery planning. This encompasses a detailed risk assessment and risk analysis. Qualitative and quantitative information needed to gathered and then properly analyzed and interpreted. Phases of plan development : Phases of plan implementation:  Identify business critical resources  Estimate potential disasters  Selecting planning strategies  Implementing strategies  Testing and revising the plan
  • 22. Business Continuity and Disaster Recovery Plan – Quick test 22 1. The primary focus of the Business Continuity Plan is… a. Integrity b. Authenticity c. Availability d. Business growth 2. The Recovery Point Objective (RPO) estimates… a. The timeframe within which to resume operations b. The data recovery point c. The resources required for business continuity d. The time required to develop a BCP
  • 23. Cryptography 23 Cryptography is a method of storing and transmitting data in a form that only those it is intended for can read and process. It is considered a science of protecting information by encoding it into an unreadable format. Goal of Cryptosystems: Confidentiality : Unauthorized parties cannot access the information. Authenticity : Validating the source of the message to ensure that the sender is properly identified. Integrity : Provides an assurance that the data was not modified during transmission. Nonrepudiation : Prevents the denial of actions by sender and receiver. Cryptographic Standards: Encryption, Hashing, Digital Signatures, PKI. Common Cryptography Systems: TLS, SET, IPSec, PGP, S/MIME, SSH, S-HTTP, Kerberos, Steganography, Digital Watermarking, SecureID, WAP, WPA, WEP. The goal of designing an encryption technology is to make compromising it too expensive or too time consuming.
  • 24. Cryptography – Quick Test 1. IEEE 802.11 is a set of standards for … a. Wired Local Area Network b. Hyper Text Transport Protocol c. Secure Transport Layer d. Wireless Local Area Network 2. Steganography is a… a. Public Key Infrastructure b. Private Key c. Concealing Message d. Watermarking 24
  • 25. Information Security and Risk Management Information Security and Risk Management are analogous to each other. Information security is to preserve CIA of organizational assets. Risk Management is to identify the threats and vulnerabilities that could impact the information security and devise suitable controls to mitigate these risks. 25 To ensure that information and vital services are accessible for use when required. To ensure the accuracy and completeness of information to protect university business processes. To ensure protection against unauthorized access to or use of confidential information. transmission
  • 26. Information Security and Risk Management - 90/10 Rule Process Technology People 26 10% 90%
  • 27. Information Security and Risk Management – Quick Test 1. In order to have an effective security within the organization, it is important that the people or personnel are aware of… a. Security requirements b. Security policies and procedures c. Roles and responsibilities d. All of the above 2. Which one of the following is a common type of classification in Government as well as private/public sector organizations? a. Top secret b. Confidential c. Unclassified d. Public 27
  • 28. Legal, Regulations, Compliance, and Investigation 28 IT is need to be aware of various legal and regulatory requirements pertaining to the ethical usage of computers, compliance frameworks across the world, and investigative mechanisms to identify, protect, and preserve any evidence from computer crimes. The law and regulations depend on the state or country of operation. Laws are usually based on ethics and are put in place to ensure that others act in an ethical way. MOM of a Crime: Motive is the “Who” and “Why” of a crime. Opportunity is the “where” and “when” of a crime. Means is the capabilities a criminal would need to be successful. Some common types of computer crimes: Salami – Small crimes with the hope that the larger crime will go unnoticed. Data diddling – Alteration of existing data. Password sniffing – Sniff network traffic for passwords. IP Spoofing – Changing the attackers IP. Emanations capturing – Capturing electrical pulses and making meaning from them. Social reengineering – Faking somebody’s identity.
  • 29. Legal, Regulations, Compliance, and Investigation… 29 Assets that Organizations are trying to protect: Intellectual Property Trade Secrets Copyrights Trademark Patents Software piracy Privacy Some Acts you will come across: Health Insurance Portability and Accountability Act Sarbanes-Oxley Act (SOX) 2001 Gramm-Leach-Bliley Act (GLBA) 1999 Data Protection Act (DPA) Computer Fraud and Abuse Act Federal Privacy Act 1972
  • 30. Legal, Regulations, Compliance, and Investigation – Quick Test 1. Cyber Crime is using… a. Communication networks to perpetrate crime b. Phishing techniques c. Spam emails d. Unauthorized access 2. The primary objective of a Denial-of-Service attack is to… a. Authenticity b. Availability c. Authorization d. Access Control 30
  • 31. Operations Security 31 Operational security has to do with keeping up with implemented solutions, keeping track of changes, properly maintaining systems, continually enforcing necessary standards and following through with security practices and tasks. This includes the continual maintenance of an environment and the activities that should take place on a day-to-day basis. Administrative Management Separation of duties. Rotation of duties / Job rotation. Least privilege access / shared access. Mandatory vacations. Accountability Access revalidation. Health checks. Capturing and monitoring audit logs. Auditing.
  • 32. Operations Security… 32 Security Operations and Product Evaluation Operational assurance. Life cycle assurance. Change Management Control Request for change. Change approval. Change documentation. Change testing and presented. Change implementation. Change reporting. Media Controls : Media management “cradle to grave”. System Controls : Selected tasks can be performed only by “elevated access”. Trusted Recovery : System reboots and restarts. Input and Output Controls : Garbage In, Garbage Out.
  • 33. Operations Security – Quick Test 1. A systematic and procedural way of managing incidents in known as… a. Configuration management b. Incident management c. Change management d. System management 2. If an event could possibly violate information security, then such an event is known as … a. Problem b. Confidentiality breach c. Incident d. Integrity breach 33
  • 34. Physical (Environmental) Security 34 Physical and Environmental security encompasses a different set of threats, vulnerabilities and risks than the other types of security. Physical security mechanisms include site design and layout, environmental components, emergency response readiness, training, access control, intrusion detection, and power and fire protection. Physical security mechanisms protect people, data, equipment, systems, facilities and a long list of company assets. Type of threats:  Natural Environment : Floods, earthquake, storms, etc.  Supply System : Power distribution outages, interruptions, etc.  Man made : Unauthorized access, employee error and accidents, damage, etc.  Politically motivated : Strikes, riots, civil disobedience, etc. Solutions are planned and designed for:  Prevention  Detection  Suppression / Response
  • 35. 35
  • 36. Physical (Environmental) Security – Quick Test 1. Which of the following needs to be considered while designing controls for physical security… a. Physical facility b. Geographic location c. Supporting facilities d. All of the above 2. Evacuation procedures should primarily address… a. Network b. Furniture c. People d. Computers 36
  • 37. Security Architecture and Design 37 Two fundamental concepts in computers and information security are Policy and Security Model. While the Policy outlines how data is accessed, the level of security required and the actions that need to be taken when the requirements are not met, the Security Model is a statement that outlines the requirements necessary to properly support and implement the policy. Architecture defines how they are implemented. Some basic security models: Bell-LaPadula: [Protects Confidentiality] A subject cannot read data at a higher security level, a subject cannot write data to a lower security level, a subject that has read & write capability can perform these functions at the same security level. Biba: [Protects Integrity] A subject cannot read data at a lower security level, a subject cannot modify data to a higher security level, a subject cannot modify an object in a higher integrity level. Clark Wilson: Subjects can only access objects through authorized programs , separation of duties is enforced and auditing is required.
  • 38. Security Architecture and Design – Quick Test 1. A trusted computer system should have… a. A well-defined security policy b. Accountability c. Assurance mechanisms d. All the above three 2. A security label is NOT… a. A classification mechanism b. A labeling of low, medium, high based on security c. A computer model d. Used for defining protection mechanisms 38
  • 39. Telecommunications and Network Security 39 IT deals with the security of voice and data communications through local area, wide area, and remote access networking. The electrical transmission of data amongst systems, whether through analog, digital or wireless transmission types, various devices, software and protocols.
  • 40. Telecommunication and Network Security – Quick Test 1. A protocol is a … a. Data encryption standard b. Layered architecture c. Communication standard d. Data link 2. The Internet Protocol (IP) operates in the … a. Physical layer b. Network layer c. Application layer d. Communication layer 40
  • 41. The three steps to Success 1. Think about Security. 2. Do something (while still thinking about Security). 3. Continue to think about Security. Security cannot be afterthought. Do your best. Adopt good practices else trust in God! 41
  • 42. 10 Essentials of Security 1. THINK before you click. 2. Protect passwords. 3. Know if your job requires higher security standards. 4. Register all computers and devices used for business. 5. Connect to networks safely. 6. Manage and store client and company data securely. 7. Backup and encrypt data wherever it’s stored. 8. Keep your security settings and software up to date. 9. Manage your online privacy settings and THINK before sharing information. 10.Report security incidents immediately. 42
  • 43. What to do for Security? (No more No less) • Make security a headline everyday. • ManageMenTactfully, Totally, Thoughtfully, Talkatively, Task fully, Thankfully, with respect to Trust, Time, Technology. • Communicate, Follow-up, Document, and Update. • Lead by example. • Expect unexpected. • Respond promptly but thoughtfully. Avoid reaction. • Delegate however empower and support. 43
  • 44. Resources: • National Institute of Standards and Technology (NIST) – www.nist.gov • http://www.sourcesecurity.com/ • National Vulnerability Database http://web.nvd.nist.gov/view/vuln/search • Department of Electronics and Information Technology http://deity.gov.in/ • Latest IT News and Articles http://www.informationweek.in/home.aspx • IT Security Experts https://www.isc2.org/ • Information Systems Audit and Control Association http://www.isaca.org/about-isaca/Pages/default.aspx • https://www.us-cert.gov/about-us • https://www.nist.gov/ • https://www.cisecurity.org/ 44
  • 45. Homework An ISF Threat Horizon Report 2019-2021: Recommended read at your leisure time 45 ISF_Threat Horizon 2021_Report.pdf
  • 46. Summary  Why security is important and what are the sources of compromise.  Four virtues and eight rules of security.  What is information security, CIA and BIA.  Common security definitions and terms. 10 Security domains by (ISC)2.  3 Steps for success in security.  What to do for security. 46
  • 47. THANK YOU for Watching Securely! 47