SlideShare una empresa de Scribd logo

101 Basic concepts of information security

Descargar como PPTX, PDF
S
SsendiSamuel

101 Basic concepts of information security

Educación
1 de 32
www.huawei.com Copyright © 2018 Huawei Technologies Co., Ltd. All rights reserved. Huawei Certified ICT Associate Security v3.0 Professional Training Program
www.huawei.com Copyright © 2018 Huawei Technologies Co., Ltd. All rights reserved. Huawei Certified ICT Associate Security v3.0 Instructor: Ssendi Samuel
www.huawei.com Copyright © 2018 Huawei Technologies Co., Ltd. All rights reserved. Basic Concepts of Information Security
Page 3 Copyright © 2018 Huawei Technologies Co., Ltd. All rights reserved. Foreword  Information security is the process of ensuring safe data communication and preventing issues such as information leakage, modification, and disruption.  This document describes the basic concepts and protection measures of information security, as well as information security risks and associated assessment and avoidance methods.
Page 4 Copyright © 2018 Huawei Technologies Co., Ltd. All rights reserved. Objectives  Upon completion of this course, you will be able to:  Describe the definition and characteristics of information security.  Explain the characteristics and differences of security models.  Differentiate between security risks.
Page 5 Copyright © 2018 Huawei Technologies Co., Ltd. All rights reserved. Contents 1. Information and Information Security 2. Information Security Risks and Management
Page 6 Copyright © 2018 Huawei Technologies Co., Ltd. All rights reserved. Information  information created, received, and maintained as evidence and information by an organization or person, in pursuance of legal obligations or in the transaction of business. --- ISO/IEC Guidelines for the Management of IT Security (GMITS) What is information? Books/ Letters Emails Radar signals State secrets Test questions Transaction data
Page 7 Copyright © 2018 Huawei Technologies Co., Ltd. All rights reserved. Information Security  Information security refers to the preservation of the confidentiality, integrity, and availability of data through security technologies.  These technologies include computer software and hardware, network, and key technologies. Organizational management measures throughout the information lifecycle (generation, transmission, exchange, processing, and storage) are also essential.  The following will be affected if information assets are damaged:  The aim of information security is to protect data against threats through technical means and effective management. National security System operating and continuous development Personal privacy and property
Page 8 Copyright © 2018 Huawei Technologies Co., Ltd. All rights reserved. Information Security Development Limited communication technologies and dispersedly stored data Early 1900s Communication secrecy stage Information-based security replaces traditional security 1980s Information assurance stage Post-1960s Information security stage Internet development brings new challenges and threats to information security
Page 9 Copyright © 2018 Huawei Technologies Co., Ltd. All rights reserved. Photo or Information Leakage?  After the Chinese government invited bids for oil production equipment, Japanese intelligence experts used this simple photo to uncover the following secrets of the Daqing Oilfield:  Located between 46N and 48N, as indicated by the clothing of Wang Jinxi  Diameter of the oil well, inferred from the handle rack
Page 10 Copyright © 2018 Huawei Technologies Co., Ltd. All rights reserved. Communication Secrecy Stage  In the early 1900s, communication technologies were underdeveloped, and data was stored in different locations.  Information system security was limited to physical security of information and cipher- based security of communication (mainly stream cipher).  As long as information was in a relatively secure place and unauthorized users were prohibited from accessing the information, data security could be generally guaranteed.
Page 11 Copyright © 2018 Huawei Technologies Co., Ltd. All rights reserved. Information Security Stage  Since the 1990s, Internet technologies have developed rapidly, and information leaks have increased.  As a result, in addition to confidentiality, integrity and availability, information security began to focus on more principles and objectives, such as controllability and non- repudiation. Confidentiality Integrity Availability Controllability Non- repudiation
Page 12 Copyright © 2018 Huawei Technologies Co., Ltd. All rights reserved. Information Assurance Stage  Business-oriented information security assurance Different service traffic with various risks and protection methods Security system Cohesive security management and technical protection; proactive defense but not passive protection Management Talent development and system establishment for security management Business
Page 13 Copyright © 2018 Huawei Technologies Co., Ltd. All rights reserved. Case - WannaCry  In 2017, the WannaCry ransomware cryptoworm, propagated through EternalBlue, infected over 100,000 computers, causing a loss of US$8 billion. Energy Government Education Transportation
Page 14 Copyright © 2018 Huawei Technologies Co., Ltd. All rights reserved. Case - OceanLotus  Since April 2012, the OceanLotus group has carried out targeted penetration and attacks on important sectors of China, such as the government, scientific research institutes, maritime institutions, maritime construction, and shipping enterprises.  The attacks are intended to obtain confidential information, intercept intelligence sent out by attacked computers, and enable the computers to automatically send related intelligence.
Page 15 Copyright © 2018 Huawei Technologies Co., Ltd. All rights reserved. Discussion: What Are the Causes of Such Attacks? Direct Cause Indirect Cause  Virus  Vulnerability  Trojan horse  Backdoor program  DDoS attack  …  Information system complexity  Human and environment factors
Page 16 Copyright © 2018 Huawei Technologies Co., Ltd. All rights reserved. Increasing importance • The information network has become the foundation of economic prosperity, social stability, and national development. • Informatization profoundly influences the global economic integration, national strategy adjustment, and security priorities. • Information security has transformed from a technical issue into a matter of national security worldwide. Applicable to many technical fields For example: • Command, Control, Communications, Computers and Intelligence (C4I) system • E-commerce system • Biomedical system • Intelligent Transport System (ITS) Significance of Building Information Security Importance Applicability
Page 17 Copyright © 2018 Huawei Technologies Co., Ltd. All rights reserved. Contents 1. Information and Information Security 2. Information Security Risks and Management
Page 18 Copyright © 2018 Huawei Technologies Co., Ltd. All rights reserved. Risks Involved in Information Security Risks Physical risks Other risks System risks Information risks Management risks Application risks Network risks
Page 19 Copyright © 2018 Huawei Technologies Co., Ltd. All rights reserved. Physical Risks  Device theft and destruction  Link aging, man-made damage, and bite from animals  Network device fault  Network device unavailability due to power failure  Electromagnetic radiation in the equipment room
Page 20 Copyright © 2018 Huawei Technologies Co., Ltd. All rights reserved. Information Risks  Storage security  Transmission security  Access security
Page 21 Copyright © 2018 Huawei Technologies Co., Ltd. All rights reserved. Information Transmission Security Headquarters Branch Enterprise business information Tampered information Attacker
Page 22 Copyright © 2018 Huawei Technologies Co., Ltd. All rights reserved. Information Access Security Intranet Unauthorized user Illegal login Authorized user Authentication server on the network
Page 23 Copyright © 2018 Huawei Technologies Co., Ltd. All rights reserved. System Risks  Database system configuration security  Security database  Security of services running in the system
Page 24 Copyright © 2018 Huawei Technologies Co., Ltd. All rights reserved. Application Risks  Network virus  Operating system security  Email application security  Web service security  FTP service security  DNS service security  Business application software security
Page 25 Copyright © 2018 Huawei Technologies Co., Ltd. All rights reserved. Network Risks Security zone
Page 26 Copyright © 2018 Huawei Technologies Co., Ltd. All rights reserved. Management Risks  Determine whether the information system has management risks from the following aspects: National policy • Effective national information security regulations formulated • Specialized agency to manage information security • Security management rules and equipment room management system with clear responsibilities and rights • Enterprises can establish own security management organizations Enterprise system • Effective security policies and high-quality security management personnel • Effective supervision and inspection system, and adherence to rules and regulations Management system
Page 27 Copyright © 2018 Huawei Technologies Co., Ltd. All rights reserved. Significance of Information Security Management  According to statistics, 70% of enterprise information loss is caused by negligence or intentional leakage by internal staff.  Security technologies are only the means to control information security. They can only be effective with the appropriate support of management procedures. 70% Weak security awareness among employees Loose authorization rules Non- standard system operations Malicious data theft Technologies 30% Management 70%
Page 28 Copyright © 2018 Huawei Technologies Co., Ltd. All rights reserved. Current Development of Information Security Management Each country has introduced its own information security development strategy and plan. Introducing information security development strategies and plans Defining and standardizing information security work through laws is the strongest guarantee for effective implementation of security measures. Strengthening legislation to achieve unified and standardized management The era of standardized and systematized information security management began in the 1990s. ISO/IEC 27000 is the best known system. Entering the era of standardized and systematized management Information Security Management
Page 29 Copyright © 2018 Huawei Technologies Co., Ltd. All rights reserved. Quiz 1. Information security incidents frequently occur because of security attack methods, such as vulnerabilities, viruses, and backdoor programs. A. True B. False
Page 30 Copyright © 2018 Huawei Technologies Co., Ltd. All rights reserved. Summary  Information security development history  Basic concepts of information security
Page 31 Copyright © 2018 Huawei Technologies Co., Ltd. All rights reserved. Thank You www.huawei.com

Recomendados

Security policy
Security policySecurity policy
Security policyDhani Ahmad
 
Cyber attacks and IT security management in 2025
Cyber attacks and IT security management in 2025Cyber attacks and IT security management in 2025
Cyber attacks and IT security management in 2025Radar Cyber Security
 
Strategies for Managing OT Cybersecurity Risk
Strategies for Managing OT Cybersecurity RiskStrategies for Managing OT Cybersecurity Risk
Strategies for Managing OT Cybersecurity RiskMighty Guides, Inc.
 
Ethics in-information-security
Ethics in-information-securityEthics in-information-security
Ethics in-information-securityMilinda Wickramasinghe
 
Ethical hacking
Ethical hackingEthical hacking
Ethical hackingarohan6
 
Security Policies and Standards
Security Policies and StandardsSecurity Policies and Standards
Security Policies and Standardsprimeteacher32
 
Introduction to Cybersecurity
Introduction to CybersecurityIntroduction to Cybersecurity
Introduction to CybersecurityKrutarth Vasavada
 
Application Security | Application Security Tutorial | Cyber Security Certifi...
Application Security | Application Security Tutorial | Cyber Security Certifi...Application Security | Application Security Tutorial | Cyber Security Certifi...
Application Security | Application Security Tutorial | Cyber Security Certifi...Edureka!
 

Recomendados

Security policy
Security policySecurity policy
Security policyDhani Ahmad
 
Cyber attacks and IT security management in 2025
Cyber attacks and IT security management in 2025Cyber attacks and IT security management in 2025
Cyber attacks and IT security management in 2025Radar Cyber Security
 
Strategies for Managing OT Cybersecurity Risk
Strategies for Managing OT Cybersecurity RiskStrategies for Managing OT Cybersecurity Risk
Strategies for Managing OT Cybersecurity RiskMighty Guides, Inc.
 
Ethics in-information-security
Ethics in-information-securityEthics in-information-security
Ethics in-information-securityMilinda Wickramasinghe
 
Ethical hacking
Ethical hackingEthical hacking
Ethical hackingarohan6
 
Security Policies and Standards
Security Policies and StandardsSecurity Policies and Standards
Security Policies and Standardsprimeteacher32
 
Introduction to Cybersecurity
Introduction to CybersecurityIntroduction to Cybersecurity
Introduction to CybersecurityKrutarth Vasavada
 
Application Security | Application Security Tutorial | Cyber Security Certifi...
Application Security | Application Security Tutorial | Cyber Security Certifi...Application Security | Application Security Tutorial | Cyber Security Certifi...
Application Security | Application Security Tutorial | Cyber Security Certifi...Edureka!
 
Security architecture
Security architectureSecurity architecture
Security architectureDuncan Unwin
 
Vulnerability Management
Vulnerability ManagementVulnerability Management
Vulnerability Managementasherad
 
Malicious software
Malicious softwareMalicious software
Malicious softwareCAS
 
IT Security management and risk assessment
IT Security management and risk assessmentIT Security management and risk assessment
IT Security management and risk assessmentCAS
 
Cyber Crime and Security
Cyber Crime and Security Cyber Crime and Security
Cyber Crime and Security Sanguine_Eva
 
Cyber Threat Hunting Workshop
Cyber Threat Hunting WorkshopCyber Threat Hunting Workshop
Cyber Threat Hunting WorkshopDigit Oktavianto
 
ETHICAL HACKING
ETHICAL HACKING ETHICAL HACKING
ETHICAL HACKING Sweta Leena Panda
 
Cyber Security
Cyber SecurityCyber Security
Cyber SecurityHome
 
Cyber Security
Cyber SecurityCyber Security
Cyber SecurityArshad Khan
 
Ethics in IT Security
Ethics in IT SecurityEthics in IT Security
Ethics in IT Securitymtvvvv
 
Helping Utilities with Cybersecurity Preparedness: The C2M2
Helping Utilities with Cybersecurity Preparedness: The C2M2Helping Utilities with Cybersecurity Preparedness: The C2M2
Helping Utilities with Cybersecurity Preparedness: The C2M2Smart Grid Interoperability Panel
 
Cyber Security For Organization Proposal Powerpoint Presentation Slides
Cyber Security For Organization Proposal Powerpoint Presentation SlidesCyber Security For Organization Proposal Powerpoint Presentation Slides
Cyber Security For Organization Proposal Powerpoint Presentation SlidesSlideTeam
 
Security Information and Event Management (SIEM)
Security Information and Event Management (SIEM)Security Information and Event Management (SIEM)
Security Information and Event Management (SIEM)k33a
 
Information security management
Information security managementInformation security management
Information security managementUMaine
 
Inetsecurity.in Ethical Hacking presentation
Inetsecurity.in Ethical Hacking presentationInetsecurity.in Ethical Hacking presentation
Inetsecurity.in Ethical Hacking presentationJoshua Prince
 
Network Security: Attacks, Tools and Techniques
Network Security: Attacks, Tools and TechniquesNetwork Security: Attacks, Tools and Techniques
Network Security: Attacks, Tools and Techniqueswaqasahmad1995
 
Building a Cyber Security Operations Center for SCADA/ICS Environments
Building a Cyber Security Operations Center for SCADA/ICS EnvironmentsBuilding a Cyber Security Operations Center for SCADA/ICS Environments
Building a Cyber Security Operations Center for SCADA/ICS EnvironmentsShah Sheikh
 
12 security policies
12 security policies12 security policies
12 security policiesSaqib Raza
 
Threat Intelligence
Threat IntelligenceThreat Intelligence
Threat IntelligenceDeepak Kumar (D3)
 
Introduction to Intrusion detection and prevention system for network
Introduction to Intrusion detection and prevention system for networkIntroduction to Intrusion detection and prevention system for network
Introduction to Intrusion detection and prevention system for networkEng. Mohammed Ahmed Siddiqui
 
HCSCA101 Basic Concepts of Information Security.pptx
HCSCA101 Basic Concepts of Information Security.pptxHCSCA101 Basic Concepts of Information Security.pptx
HCSCA101 Basic Concepts of Information Security.pptxJordanKinobe1
 
106 Threat defense and information security development trends
106 Threat defense and information security development trends106 Threat defense and information security development trends
106 Threat defense and information security development trendsSsendiSamuel
 

Más contenido relacionado

La actualidad más candente

Security architecture
Security architectureSecurity architecture
Security architectureDuncan Unwin
 
Vulnerability Management
Vulnerability ManagementVulnerability Management
Vulnerability Managementasherad
 
Malicious software
Malicious softwareMalicious software
Malicious softwareCAS
 
IT Security management and risk assessment
IT Security management and risk assessmentIT Security management and risk assessment
IT Security management and risk assessmentCAS
 
Cyber Crime and Security
Cyber Crime and Security Cyber Crime and Security
Cyber Crime and Security Sanguine_Eva
 
Cyber Threat Hunting Workshop
Cyber Threat Hunting WorkshopCyber Threat Hunting Workshop
Cyber Threat Hunting WorkshopDigit Oktavianto
 
Cyber Security
Cyber SecurityCyber Security
Cyber SecurityHome
 
Ethics in IT Security
Ethics in IT SecurityEthics in IT Security
Ethics in IT Securitymtvvvv
 
Cyber Security For Organization Proposal Powerpoint Presentation Slides
Cyber Security For Organization Proposal Powerpoint Presentation SlidesCyber Security For Organization Proposal Powerpoint Presentation Slides
Cyber Security For Organization Proposal Powerpoint Presentation SlidesSlideTeam
 
Security Information and Event Management (SIEM)
Security Information and Event Management (SIEM)Security Information and Event Management (SIEM)
Security Information and Event Management (SIEM)k33a
 
Information security management
Information security managementInformation security management
Information security managementUMaine
 
Inetsecurity.in Ethical Hacking presentation
Inetsecurity.in Ethical Hacking presentationInetsecurity.in Ethical Hacking presentation
Inetsecurity.in Ethical Hacking presentationJoshua Prince
 
Network Security: Attacks, Tools and Techniques
Network Security: Attacks, Tools and TechniquesNetwork Security: Attacks, Tools and Techniques
Network Security: Attacks, Tools and Techniqueswaqasahmad1995
 
Building a Cyber Security Operations Center for SCADA/ICS Environments
Building a Cyber Security Operations Center for SCADA/ICS EnvironmentsBuilding a Cyber Security Operations Center for SCADA/ICS Environments
Building a Cyber Security Operations Center for SCADA/ICS EnvironmentsShah Sheikh
 
12 security policies
12 security policies12 security policies
12 security policiesSaqib Raza
 
Introduction to Intrusion detection and prevention system for network
Introduction to Intrusion detection and prevention system for networkIntroduction to Intrusion detection and prevention system for network
Introduction to Intrusion detection and prevention system for networkEng. Mohammed Ahmed Siddiqui
 

La actualidad más candente (20)

Security architecture
Security architectureSecurity architecture
Security architecture
 
Vulnerability Management
Vulnerability ManagementVulnerability Management
Vulnerability Management
 
Malicious software
Malicious softwareMalicious software
Malicious software
 
IT Security management and risk assessment
IT Security management and risk assessmentIT Security management and risk assessment
IT Security management and risk assessment
 
Cyber Crime and Security
Cyber Crime and Security Cyber Crime and Security
Cyber Crime and Security
 
Cyber Threat Hunting Workshop
Cyber Threat Hunting WorkshopCyber Threat Hunting Workshop
Cyber Threat Hunting Workshop
 
ETHICAL HACKING
ETHICAL HACKING ETHICAL HACKING
ETHICAL HACKING
 
Cyber Security
Cyber SecurityCyber Security
Cyber Security
 
Cyber Security
Cyber SecurityCyber Security
Cyber Security
 
Ethics in IT Security
Ethics in IT SecurityEthics in IT Security
Ethics in IT Security
 
Helping Utilities with Cybersecurity Preparedness: The C2M2
Helping Utilities with Cybersecurity Preparedness: The C2M2Helping Utilities with Cybersecurity Preparedness: The C2M2
Helping Utilities with Cybersecurity Preparedness: The C2M2
 
Cyber Security For Organization Proposal Powerpoint Presentation Slides
Cyber Security For Organization Proposal Powerpoint Presentation SlidesCyber Security For Organization Proposal Powerpoint Presentation Slides
Cyber Security For Organization Proposal Powerpoint Presentation Slides
 
Security Information and Event Management (SIEM)
Security Information and Event Management (SIEM)Security Information and Event Management (SIEM)
Security Information and Event Management (SIEM)
 
Information security management
Information security managementInformation security management
Information security management
 
Inetsecurity.in Ethical Hacking presentation
Inetsecurity.in Ethical Hacking presentationInetsecurity.in Ethical Hacking presentation
Inetsecurity.in Ethical Hacking presentation
 
Network Security: Attacks, Tools and Techniques
Network Security: Attacks, Tools and TechniquesNetwork Security: Attacks, Tools and Techniques
Network Security: Attacks, Tools and Techniques
 
Building a Cyber Security Operations Center for SCADA/ICS Environments
Building a Cyber Security Operations Center for SCADA/ICS EnvironmentsBuilding a Cyber Security Operations Center for SCADA/ICS Environments
Building a Cyber Security Operations Center for SCADA/ICS Environments
 
12 security policies
12 security policies12 security policies
12 security policies
 
Threat Intelligence
Threat IntelligenceThreat Intelligence
Threat Intelligence
 
Introduction to Intrusion detection and prevention system for network
Introduction to Intrusion detection and prevention system for networkIntroduction to Intrusion detection and prevention system for network
Introduction to Intrusion detection and prevention system for network
 

Similar a 101 Basic concepts of information security

HCSCA101 Basic Concepts of Information Security.pptx
HCSCA101 Basic Concepts of Information Security.pptxHCSCA101 Basic Concepts of Information Security.pptx
HCSCA101 Basic Concepts of Information Security.pptxJordanKinobe1
 
106 Threat defense and information security development trends
106 Threat defense and information security development trends106 Threat defense and information security development trends
106 Threat defense and information security development trendsSsendiSamuel
 
Aalto cyber-10.4.18
Aalto cyber-10.4.18Aalto cyber-10.4.18
Aalto cyber-10.4.18japijapi
 
L12. Digital Forensics BS.pptx
L12. Digital Forensics BS.pptxL12. Digital Forensics BS.pptx
L12. Digital Forensics BS.pptxtalhajann43
 
Cyber Security Intelligence
Cyber Security IntelligenceCyber Security Intelligence
Cyber Security Intelligenceijtsrd
 
Maloney slides
Maloney slidesMaloney slides
Maloney slidesOnkar Sule
 
102 Information security standards and specifications
102 Information security standards and specifications102 Information security standards and specifications
102 Information security standards and specificationsSsendiSamuel
 
Cyber Security Education Materials.pptx
Cyber Security Education Materials.pptxCyber Security Education Materials.pptx
Cyber Security Education Materials.pptxbentidiane21
 
Breaking down the cyber security framework closing critical it security gaps
Breaking down the cyber security framework closing critical it security gapsBreaking down the cyber security framework closing critical it security gaps
Breaking down the cyber security framework closing critical it security gapsIBM Security
 
Fundamentals of Information Systems Security Chapter 2
Fundamentals of Information Systems Security Chapter 2 Fundamentals of Information Systems Security Chapter 2
Fundamentals of Information Systems Security Chapter 2 Dr. Ahmed Al Zaidy
 
Cyber Security Awareness
Cyber Security AwarenessCyber Security Awareness
Cyber Security AwarenessRamiro Cid
 
Maloney Slides
Maloney SlidesMaloney Slides
Maloney Slidesecommerce
 
Cybersecurity: Connectivity, Collaboration and Security Controls
Cybersecurity: Connectivity, Collaboration and Security ControlsCybersecurity: Connectivity, Collaboration and Security Controls
Cybersecurity: Connectivity, Collaboration and Security ControlsKristian Alisasis Pura
 
Securing the Digital Economy: Reinventing the Internet
Securing the Digital Economy: Reinventing the InternetSecuring the Digital Economy: Reinventing the Internet
Securing the Digital Economy: Reinventing the Internetaccenture
 
Securing the Digital Economy: Reinventing the Internet
Securing the Digital Economy: Reinventing the InternetSecuring the Digital Economy: Reinventing the Internet
Securing the Digital Economy: Reinventing the Internetaccenture
 
Fundamental Areas of Cyber Security on Latest Technology
Fundamental Areas of Cyber Security on Latest TechnologyFundamental Areas of Cyber Security on Latest Technology
Fundamental Areas of Cyber Security on Latest Technologyijtsrd
 
2014 the future evolution of cybersecurity
2014 the future evolution of cybersecurity2014 the future evolution of cybersecurity
2014 the future evolution of cybersecurityMatthew Rosenquist
 

Similar a 101 Basic concepts of information security (20)

HCSCA101 Basic Concepts of Information Security.pptx
HCSCA101 Basic Concepts of Information Security.pptxHCSCA101 Basic Concepts of Information Security.pptx
HCSCA101 Basic Concepts of Information Security.pptx
 
106 Threat defense and information security development trends
106 Threat defense and information security development trends106 Threat defense and information security development trends
106 Threat defense and information security development trends
 
Aalto cyber-10.4.18
Aalto cyber-10.4.18Aalto cyber-10.4.18
Aalto cyber-10.4.18
 
L12. Digital Forensics BS.pptx
L12. Digital Forensics BS.pptxL12. Digital Forensics BS.pptx
L12. Digital Forensics BS.pptx
 
Cyber Security Intelligence
Cyber Security IntelligenceCyber Security Intelligence
Cyber Security Intelligence
 
Maloney slides
Maloney slidesMaloney slides
Maloney slides
 
102 Information security standards and specifications
102 Information security standards and specifications102 Information security standards and specifications
102 Information security standards and specifications
 
Chapter 5
Chapter 5Chapter 5
Chapter 5
 
Cyber Security Education Materials.pptx
Cyber Security Education Materials.pptxCyber Security Education Materials.pptx
Cyber Security Education Materials.pptx
 
Breaking down the cyber security framework closing critical it security gaps
Breaking down the cyber security framework closing critical it security gapsBreaking down the cyber security framework closing critical it security gaps
Breaking down the cyber security framework closing critical it security gaps
 
Fundamentals of Information Systems Security Chapter 2
Fundamentals of Information Systems Security Chapter 2 Fundamentals of Information Systems Security Chapter 2
Fundamentals of Information Systems Security Chapter 2
 
Cyber Security Awareness
Cyber Security AwarenessCyber Security Awareness
Cyber Security Awareness
 
Maloney Slides
Maloney SlidesMaloney Slides
Maloney Slides
 
Cybersecurity: Connectivity, Collaboration and Security Controls
Cybersecurity: Connectivity, Collaboration and Security ControlsCybersecurity: Connectivity, Collaboration and Security Controls
Cybersecurity: Connectivity, Collaboration and Security Controls
 
Securing the Digital Economy: Reinventing the Internet
Securing the Digital Economy: Reinventing the InternetSecuring the Digital Economy: Reinventing the Internet
Securing the Digital Economy: Reinventing the Internet
 
Securing the Digital Economy: Reinventing the Internet
Securing the Digital Economy: Reinventing the InternetSecuring the Digital Economy: Reinventing the Internet
Securing the Digital Economy: Reinventing the Internet
 
Class activity 4
Class activity 4 Class activity 4
Class activity 4
 
Fundamental Areas of Cyber Security on Latest Technology
Fundamental Areas of Cyber Security on Latest TechnologyFundamental Areas of Cyber Security on Latest Technology
Fundamental Areas of Cyber Security on Latest Technology
 
CCA study group
CCA study groupCCA study group
CCA study group
 
2014 the future evolution of cybersecurity
2014 the future evolution of cybersecurity2014 the future evolution of cybersecurity
2014 the future evolution of cybersecurity
 

Más de SsendiSamuel

105 Common information security threats
105 Common information security threats105 Common information security threats
105 Common information security threatsSsendiSamuel
 
104 Common network devices
104 Common network devices104 Common network devices
104 Common network devicesSsendiSamuel
 
103 Basic network concepts
103 Basic network concepts103 Basic network concepts
103 Basic network conceptsSsendiSamuel
 
Chapter 06: cloud computing trends
Chapter 06: cloud computing trendsChapter 06: cloud computing trends
Chapter 06: cloud computing trendsSsendiSamuel
 
Chapter 05: introduction to virtualization features
Chapter 05: introduction to virtualization featuresChapter 05: introduction to virtualization features
Chapter 05: introduction to virtualization featuresSsendiSamuel
 
Chapter 04: Storage virtualization basics
Chapter 04: Storage virtualization basicsChapter 04: Storage virtualization basics
Chapter 04: Storage virtualization basicsSsendiSamuel
 
Chapter 03: Network basics for cloud computing
Chapter 03: Network basics for cloud computingChapter 03: Network basics for cloud computing
Chapter 03: Network basics for cloud computingSsendiSamuel
 
Chapter 01: A brief introduction to cloud computing
Chapter 01: A brief introduction to cloud computingChapter 01: A brief introduction to cloud computing
Chapter 01: A brief introduction to cloud computingSsendiSamuel
 
Chapter 02: Introduction to compute virtualization
Chapter 02: Introduction to compute virtualizationChapter 02: Introduction to compute virtualization
Chapter 02: Introduction to compute virtualizationSsendiSamuel
 

Más de SsendiSamuel (9)

105 Common information security threats
105 Common information security threats105 Common information security threats
105 Common information security threats
 
104 Common network devices
104 Common network devices104 Common network devices
104 Common network devices
 
103 Basic network concepts
103 Basic network concepts103 Basic network concepts
103 Basic network concepts
 
Chapter 06: cloud computing trends
Chapter 06: cloud computing trendsChapter 06: cloud computing trends
Chapter 06: cloud computing trends
 
Chapter 05: introduction to virtualization features
Chapter 05: introduction to virtualization featuresChapter 05: introduction to virtualization features
Chapter 05: introduction to virtualization features
 
Chapter 04: Storage virtualization basics
Chapter 04: Storage virtualization basicsChapter 04: Storage virtualization basics
Chapter 04: Storage virtualization basics
 
Chapter 03: Network basics for cloud computing
Chapter 03: Network basics for cloud computingChapter 03: Network basics for cloud computing
Chapter 03: Network basics for cloud computing
 
Chapter 01: A brief introduction to cloud computing
Chapter 01: A brief introduction to cloud computingChapter 01: A brief introduction to cloud computing
Chapter 01: A brief introduction to cloud computing
 
Chapter 02: Introduction to compute virtualization
Chapter 02: Introduction to compute virtualizationChapter 02: Introduction to compute virtualization
Chapter 02: Introduction to compute virtualization
 

Último

The Most Excellent Way | 1 Corinthians 13
The Most Excellent Way | 1 Corinthians 13The Most Excellent Way | 1 Corinthians 13
The Most Excellent Way | 1 Corinthians 13Steve Thomason
 
The basics of sentences session 2pptx copy.pptx
The basics of sentences session 2pptx copy.pptxThe basics of sentences session 2pptx copy.pptx
The basics of sentences session 2pptx copy.pptxheathfieldcps1
 
The byproduct of sericulture in different industries.pptx
The byproduct of sericulture in different industries.pptxThe byproduct of sericulture in different industries.pptx
The byproduct of sericulture in different industries.pptxShobhayan Kirtania
 
Arihant handbook biology for class 11 .pdf
Arihant handbook biology for class 11 .pdfArihant handbook biology for class 11 .pdf
Arihant handbook biology for class 11 .pdfchloefrazer622
 
social pharmacy d-pharm 1st year by Pragati K. Mahajan
social pharmacy d-pharm 1st year by Pragati K. Mahajansocial pharmacy d-pharm 1st year by Pragati K. Mahajan
social pharmacy d-pharm 1st year by Pragati K. Mahajanpragatimahajan3
 
Measures of Central Tendency: Mean, Median and Mode
Measures of Central Tendency: Mean, Median and ModeMeasures of Central Tendency: Mean, Median and Mode
Measures of Central Tendency: Mean, Median and ModeThiyagu K
 
Paris 2024 Olympic Geographies - an activity
Paris 2024 Olympic Geographies - an activityParis 2024 Olympic Geographies - an activity
Paris 2024 Olympic Geographies - an activityGeoBlogs
 
APM Welcome, APM North West Network Conference, Synergies Across Sectors
APM Welcome, APM North West Network Conference, Synergies Across SectorsAPM Welcome, APM North West Network Conference, Synergies Across Sectors
APM Welcome, APM North West Network Conference, Synergies Across SectorsAssociation for Project Management
 
Sanyam Choudhary Chemistry practical.pdf
Sanyam Choudhary Chemistry practical.pdfSanyam Choudhary Chemistry practical.pdf
Sanyam Choudhary Chemistry practical.pdfsanyamsingh5019
 
Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...
Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...
Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...EduSkills OECD
 
Web & Social Media Analytics Previous Year Question Paper.pdf
Web & Social Media Analytics Previous Year Question Paper.pdfWeb & Social Media Analytics Previous Year Question Paper.pdf
Web & Social Media Analytics Previous Year Question Paper.pdfJayanti Pande
 
Disha NEET Physics Guide for classes 11 and 12.pdf
Disha NEET Physics Guide for classes 11 and 12.pdfDisha NEET Physics Guide for classes 11 and 12.pdf
Disha NEET Physics Guide for classes 11 and 12.pdfchloefrazer622
 
CARE OF CHILD IN INCUBATOR..........pptx
CARE OF CHILD IN INCUBATOR..........pptxCARE OF CHILD IN INCUBATOR..........pptx
CARE OF CHILD IN INCUBATOR..........pptxGaneshChakor2
 
Nutritional Needs Presentation - HLTH 104
Nutritional Needs Presentation - HLTH 104Nutritional Needs Presentation - HLTH 104
Nutritional Needs Presentation - HLTH 104misteraugie
 
mini mental status format.docx
mini mental status format.docxmini mental status format.docx
mini mental status format.docxPoojaSen20
 
Separation of Lanthanides/ Lanthanides and Actinides
Separation of Lanthanides/ Lanthanides and ActinidesSeparation of Lanthanides/ Lanthanides and Actinides
Separation of Lanthanides/ Lanthanides and ActinidesFatimaKhan178732
 
Interactive Powerpoint_How to Master effective communication
Interactive Powerpoint_How to Master effective communicationInteractive Powerpoint_How to Master effective communication
Interactive Powerpoint_How to Master effective communicationnomboosow
 
Organic Name Reactions for the students and aspirants of Chemistry12th.pptx
Organic Name Reactions for the students and aspirants of Chemistry12th.pptxOrganic Name Reactions for the students and aspirants of Chemistry12th.pptx
Organic Name Reactions for the students and aspirants of Chemistry12th.pptxVS Mahajan Coaching Centre
 
Advanced Views - Calendar View in Odoo 17
Advanced Views - Calendar View in Odoo 17Advanced Views - Calendar View in Odoo 17
Advanced Views - Calendar View in Odoo 17Celine George
 

Último (20)

The Most Excellent Way | 1 Corinthians 13
The Most Excellent Way | 1 Corinthians 13The Most Excellent Way | 1 Corinthians 13
The Most Excellent Way | 1 Corinthians 13
 
The basics of sentences session 2pptx copy.pptx
The basics of sentences session 2pptx copy.pptxThe basics of sentences session 2pptx copy.pptx
The basics of sentences session 2pptx copy.pptx
 
The byproduct of sericulture in different industries.pptx
The byproduct of sericulture in different industries.pptxThe byproduct of sericulture in different industries.pptx
The byproduct of sericulture in different industries.pptx
 
Arihant handbook biology for class 11 .pdf
Arihant handbook biology for class 11 .pdfArihant handbook biology for class 11 .pdf
Arihant handbook biology for class 11 .pdf
 
social pharmacy d-pharm 1st year by Pragati K. Mahajan
social pharmacy d-pharm 1st year by Pragati K. Mahajansocial pharmacy d-pharm 1st year by Pragati K. Mahajan
social pharmacy d-pharm 1st year by Pragati K. Mahajan
 
Measures of Central Tendency: Mean, Median and Mode
Measures of Central Tendency: Mean, Median and ModeMeasures of Central Tendency: Mean, Median and Mode
Measures of Central Tendency: Mean, Median and Mode
 
Paris 2024 Olympic Geographies - an activity
Paris 2024 Olympic Geographies - an activityParis 2024 Olympic Geographies - an activity
Paris 2024 Olympic Geographies - an activity
 
APM Welcome, APM North West Network Conference, Synergies Across Sectors
APM Welcome, APM North West Network Conference, Synergies Across SectorsAPM Welcome, APM North West Network Conference, Synergies Across Sectors
APM Welcome, APM North West Network Conference, Synergies Across Sectors
 
Sanyam Choudhary Chemistry practical.pdf
Sanyam Choudhary Chemistry practical.pdfSanyam Choudhary Chemistry practical.pdf
Sanyam Choudhary Chemistry practical.pdf
 
Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...
Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...
Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...
 
Web & Social Media Analytics Previous Year Question Paper.pdf
Web & Social Media Analytics Previous Year Question Paper.pdfWeb & Social Media Analytics Previous Year Question Paper.pdf
Web & Social Media Analytics Previous Year Question Paper.pdf
 
Disha NEET Physics Guide for classes 11 and 12.pdf
Disha NEET Physics Guide for classes 11 and 12.pdfDisha NEET Physics Guide for classes 11 and 12.pdf
Disha NEET Physics Guide for classes 11 and 12.pdf
 
CARE OF CHILD IN INCUBATOR..........pptx
CARE OF CHILD IN INCUBATOR..........pptxCARE OF CHILD IN INCUBATOR..........pptx
CARE OF CHILD IN INCUBATOR..........pptx
 
Nutritional Needs Presentation - HLTH 104
Nutritional Needs Presentation - HLTH 104Nutritional Needs Presentation - HLTH 104
Nutritional Needs Presentation - HLTH 104
 
Mattingly "AI & Prompt Design: The Basics of Prompt Design"
Mattingly "AI & Prompt Design: The Basics of Prompt Design"Mattingly "AI & Prompt Design: The Basics of Prompt Design"
Mattingly "AI & Prompt Design: The Basics of Prompt Design"
 
mini mental status format.docx
mini mental status format.docxmini mental status format.docx
mini mental status format.docx
 
Separation of Lanthanides/ Lanthanides and Actinides
Separation of Lanthanides/ Lanthanides and ActinidesSeparation of Lanthanides/ Lanthanides and Actinides
Separation of Lanthanides/ Lanthanides and Actinides
 
Interactive Powerpoint_How to Master effective communication
Interactive Powerpoint_How to Master effective communicationInteractive Powerpoint_How to Master effective communication
Interactive Powerpoint_How to Master effective communication
 
Organic Name Reactions for the students and aspirants of Chemistry12th.pptx
Organic Name Reactions for the students and aspirants of Chemistry12th.pptxOrganic Name Reactions for the students and aspirants of Chemistry12th.pptx
Organic Name Reactions for the students and aspirants of Chemistry12th.pptx
 
Advanced Views - Calendar View in Odoo 17
Advanced Views - Calendar View in Odoo 17Advanced Views - Calendar View in Odoo 17
Advanced Views - Calendar View in Odoo 17
 

101 Basic concepts of information security

  • 1. www.huawei.com Copyright © 2018 Huawei Technologies Co., Ltd. All rights reserved. Huawei Certified ICT Associate Security v3.0 Professional Training Program
  • 2. www.huawei.com Copyright © 2018 Huawei Technologies Co., Ltd. All rights reserved. Huawei Certified ICT Associate Security v3.0 Instructor: Ssendi Samuel
  • 3. www.huawei.com Copyright © 2018 Huawei Technologies Co., Ltd. All rights reserved. Basic Concepts of Information Security
  • 4. Page 3 Copyright © 2018 Huawei Technologies Co., Ltd. All rights reserved. Foreword  Information security is the process of ensuring safe data communication and preventing issues such as information leakage, modification, and disruption.  This document describes the basic concepts and protection measures of information security, as well as information security risks and associated assessment and avoidance methods.
  • 5. Page 4 Copyright © 2018 Huawei Technologies Co., Ltd. All rights reserved. Objectives  Upon completion of this course, you will be able to:  Describe the definition and characteristics of information security.  Explain the characteristics and differences of security models.  Differentiate between security risks.
  • 6. Page 5 Copyright © 2018 Huawei Technologies Co., Ltd. All rights reserved. Contents 1. Information and Information Security 2. Information Security Risks and Management
  • 7. Page 6 Copyright © 2018 Huawei Technologies Co., Ltd. All rights reserved. Information  information created, received, and maintained as evidence and information by an organization or person, in pursuance of legal obligations or in the transaction of business. --- ISO/IEC Guidelines for the Management of IT Security (GMITS) What is information? Books/ Letters Emails Radar signals State secrets Test questions Transaction data
  • 8. Page 7 Copyright © 2018 Huawei Technologies Co., Ltd. All rights reserved. Information Security  Information security refers to the preservation of the confidentiality, integrity, and availability of data through security technologies.  These technologies include computer software and hardware, network, and key technologies. Organizational management measures throughout the information lifecycle (generation, transmission, exchange, processing, and storage) are also essential.  The following will be affected if information assets are damaged:  The aim of information security is to protect data against threats through technical means and effective management. National security System operating and continuous development Personal privacy and property
  • 9. Page 8 Copyright © 2018 Huawei Technologies Co., Ltd. All rights reserved. Information Security Development Limited communication technologies and dispersedly stored data Early 1900s Communication secrecy stage Information-based security replaces traditional security 1980s Information assurance stage Post-1960s Information security stage Internet development brings new challenges and threats to information security
  • 10. Page 9 Copyright © 2018 Huawei Technologies Co., Ltd. All rights reserved. Photo or Information Leakage?  After the Chinese government invited bids for oil production equipment, Japanese intelligence experts used this simple photo to uncover the following secrets of the Daqing Oilfield:  Located between 46N and 48N, as indicated by the clothing of Wang Jinxi  Diameter of the oil well, inferred from the handle rack
  • 11. Page 10 Copyright © 2018 Huawei Technologies Co., Ltd. All rights reserved. Communication Secrecy Stage  In the early 1900s, communication technologies were underdeveloped, and data was stored in different locations.  Information system security was limited to physical security of information and cipher- based security of communication (mainly stream cipher).  As long as information was in a relatively secure place and unauthorized users were prohibited from accessing the information, data security could be generally guaranteed.
  • 12. Page 11 Copyright © 2018 Huawei Technologies Co., Ltd. All rights reserved. Information Security Stage  Since the 1990s, Internet technologies have developed rapidly, and information leaks have increased.  As a result, in addition to confidentiality, integrity and availability, information security began to focus on more principles and objectives, such as controllability and non- repudiation. Confidentiality Integrity Availability Controllability Non- repudiation
  • 13. Page 12 Copyright © 2018 Huawei Technologies Co., Ltd. All rights reserved. Information Assurance Stage  Business-oriented information security assurance Different service traffic with various risks and protection methods Security system Cohesive security management and technical protection; proactive defense but not passive protection Management Talent development and system establishment for security management Business
  • 14. Page 13 Copyright © 2018 Huawei Technologies Co., Ltd. All rights reserved. Case - WannaCry  In 2017, the WannaCry ransomware cryptoworm, propagated through EternalBlue, infected over 100,000 computers, causing a loss of US$8 billion. Energy Government Education Transportation
  • 15. Page 14 Copyright © 2018 Huawei Technologies Co., Ltd. All rights reserved. Case - OceanLotus  Since April 2012, the OceanLotus group has carried out targeted penetration and attacks on important sectors of China, such as the government, scientific research institutes, maritime institutions, maritime construction, and shipping enterprises.  The attacks are intended to obtain confidential information, intercept intelligence sent out by attacked computers, and enable the computers to automatically send related intelligence.
  • 16. Page 15 Copyright © 2018 Huawei Technologies Co., Ltd. All rights reserved. Discussion: What Are the Causes of Such Attacks? Direct Cause Indirect Cause  Virus  Vulnerability  Trojan horse  Backdoor program  DDoS attack  …  Information system complexity  Human and environment factors
  • 17. Page 16 Copyright © 2018 Huawei Technologies Co., Ltd. All rights reserved. Increasing importance • The information network has become the foundation of economic prosperity, social stability, and national development. • Informatization profoundly influences the global economic integration, national strategy adjustment, and security priorities. • Information security has transformed from a technical issue into a matter of national security worldwide. Applicable to many technical fields For example: • Command, Control, Communications, Computers and Intelligence (C4I) system • E-commerce system • Biomedical system • Intelligent Transport System (ITS) Significance of Building Information Security Importance Applicability
  • 18. Page 17 Copyright © 2018 Huawei Technologies Co., Ltd. All rights reserved. Contents 1. Information and Information Security 2. Information Security Risks and Management
  • 19. Page 18 Copyright © 2018 Huawei Technologies Co., Ltd. All rights reserved. Risks Involved in Information Security Risks Physical risks Other risks System risks Information risks Management risks Application risks Network risks
  • 20. Page 19 Copyright © 2018 Huawei Technologies Co., Ltd. All rights reserved. Physical Risks  Device theft and destruction  Link aging, man-made damage, and bite from animals  Network device fault  Network device unavailability due to power failure  Electromagnetic radiation in the equipment room
  • 21. Page 20 Copyright © 2018 Huawei Technologies Co., Ltd. All rights reserved. Information Risks  Storage security  Transmission security  Access security
  • 22. Page 21 Copyright © 2018 Huawei Technologies Co., Ltd. All rights reserved. Information Transmission Security Headquarters Branch Enterprise business information Tampered information Attacker
  • 23. Page 22 Copyright © 2018 Huawei Technologies Co., Ltd. All rights reserved. Information Access Security Intranet Unauthorized user Illegal login Authorized user Authentication server on the network
  • 24. Page 23 Copyright © 2018 Huawei Technologies Co., Ltd. All rights reserved. System Risks  Database system configuration security  Security database  Security of services running in the system
  • 25. Page 24 Copyright © 2018 Huawei Technologies Co., Ltd. All rights reserved. Application Risks  Network virus  Operating system security  Email application security  Web service security  FTP service security  DNS service security  Business application software security
  • 26. Page 25 Copyright © 2018 Huawei Technologies Co., Ltd. All rights reserved. Network Risks Security zone
  • 27. Page 26 Copyright © 2018 Huawei Technologies Co., Ltd. All rights reserved. Management Risks  Determine whether the information system has management risks from the following aspects: National policy • Effective national information security regulations formulated • Specialized agency to manage information security • Security management rules and equipment room management system with clear responsibilities and rights • Enterprises can establish own security management organizations Enterprise system • Effective security policies and high-quality security management personnel • Effective supervision and inspection system, and adherence to rules and regulations Management system
  • 28. Page 27 Copyright © 2018 Huawei Technologies Co., Ltd. All rights reserved. Significance of Information Security Management  According to statistics, 70% of enterprise information loss is caused by negligence or intentional leakage by internal staff.  Security technologies are only the means to control information security. They can only be effective with the appropriate support of management procedures. 70% Weak security awareness among employees Loose authorization rules Non- standard system operations Malicious data theft Technologies 30% Management 70%
  • 29. Page 28 Copyright © 2018 Huawei Technologies Co., Ltd. All rights reserved. Current Development of Information Security Management Each country has introduced its own information security development strategy and plan. Introducing information security development strategies and plans Defining and standardizing information security work through laws is the strongest guarantee for effective implementation of security measures. Strengthening legislation to achieve unified and standardized management The era of standardized and systematized information security management began in the 1990s. ISO/IEC 27000 is the best known system. Entering the era of standardized and systematized management Information Security Management
  • 30. Page 29 Copyright © 2018 Huawei Technologies Co., Ltd. All rights reserved. Quiz 1. Information security incidents frequently occur because of security attack methods, such as vulnerabilities, viruses, and backdoor programs. A. True B. False
  • 31. Page 30 Copyright © 2018 Huawei Technologies Co., Ltd. All rights reserved. Summary  Information security development history  Basic concepts of information security
  • 32. Page 31 Copyright © 2018 Huawei Technologies Co., Ltd. All rights reserved. Thank You www.huawei.com