SlideShare una empresa de Scribd logo

Introduction to InfoSec Fundamentals

R
richarddxd
1 de 14
Descargar para leer sin conexión
Introduction to Information Security Module 1
Objectives Definitions of information technology and information security Fundamental Security Concepts Ethics of IT Security
Definitions Information Technology Term used to describe computers and automated data processing Information Security Protection of information and information systems from unauthorized access, use, disclosure, disruption, modification, or destruction in order to provide confidentiality, integrity, and availability
CIA Triad Fundamental Characteristics Confidentiality Only those that should have access to data do Integrity Ensures the data has not be changed Availability Data is accessible when needed http://en.wikipedia.org/wiki/CIA_triad
Confidentiality Assurance of data privacy Only the intended and authorized recipients (individuals, processes, or devices) may access and read the data. Disclosure to unauthorized entities, for example using unauthorized network sniffing, is a confidentiality violation. Often provided through the use of cryptographic techniques http://en.wikipedia.org/wiki/CIA_triad
Integrity Data integrity Assurance that the information has not been altered or corrupted in transmission from source to destination, willfully or accidentally, before it is read by its intended recipient. Source integrity Assurance the sender of the information is who it is supposed to be. Source integrity may be compromised when an agent spoofs its identity and supplies incorrect information to a recipient. Digital Signatures and hash algorithms are mechanisms used to provide data integrity http://en.wikipedia.org/wiki/CIA_triad
Availability Timely and reliable access to data services by authorized users It ensures information or resources are available when needed; at a rate which is fast enough for the system to perform its intended task While confidentiality and integrity can be protected, an attacker may cause resources to become less available than required, or not available at all Robust protocols and operating systems, redundant network architectures, and system hardware without any single points of failure help to ensure system reliability and robustness A Denial of Service (DoS) attack is an attack against availability http://en.wikipedia.org/wiki/CIA_triad
Ethics of IT Security Ten Commandments of Computer Ethics 1. Thou shalt not use a computer to harm other people. 2. Thou shalt not interfere with other people's computer work. 3. Thou shalt not snoop around in other people's computer files. 4. Thou shalt not use a computer to steal. 5. Thou shalt not use a computer to bear false witness. 6. Thou shalt not copy or use proprietary software for which you have not paid. 7. Thou shalt not use other people's computer resources without authorization or proper compensation. 8. Thou shalt not appropriate other people's intellectual output. 9. Thou shalt think about the social consequences of the program you are writing or the system you are designing. 10.Thou shalt always use a computer in ways that insure consideration and respect for your fellow humans. http://www.sans.org/reading_room/whitepapers/legal/legal-system-ethics-information-security_54
Ethics of IT Security Be a Good Online Citizen Safer for me, more secure for all: What you do online has the potential to affect everyone – at home, at work and around the world. Practicing good online habits benefits the global digital community. Respect other online citizens: Post only about others as you would have them post about you. Reference and Acknowledgment: Represent authorship and reference others when using their ideas. Help the authorities fight cyber crime: Report stolen finances or identities and other cybercrime to www.ic3.gov (Internet Crime Complaint Center), the Federal Trade Commission at http://www.onguardonline.gov/file-complaint. http://www.staysafeonline.org/sites/default/files/resource_documents/STC%20tips%20and%20advice_0.pdf
Ethics of IT Security For more on online safety http://www.staysafeonline.org/ http://www.cybercrime.gov/cyberethics.htm http://www.onguardonline.gov/topics/net-cetera-heads-up- introduction.aspx http://www.getnetwise.org/ http://xblock.isafe.org/ http://www.ikeepsafe.org/digital-citizenship/ethical-use/
True or False 1. Information security describes non-repudiation, availability, and confidentiality of computer systems. 2. An IT Security professional with authorized access is expected to snoop around their coworker’s personal computer files. 3. Confidentiality, integrity, and availability are the fundamental concepts behind information security. 4. If data is not accessible, it is still secure as long as it has not been altered or deleted. 5. It is the responsibility of people who create and use the technology to make sure that it is utilized in a responsible and ethical manner. 6. Validation of sender is not necessary, as long as data is sent over a secure channel.
True or False 1. Information security describes non-repudiation, availability, and confidentiality of computer systems. TRUE 2. An IT Security professional with authorized access is expected to snoop around their coworker’s personal computer files. FALSE 3. Confidentiality, integrity, and availability are the fundamental concepts behind information security. TRUE 4. If data is not accessible, it is still secure as long as it has not been altered or deleted. FALSE 5. It is the responsibility of people who create and use the technology to make sure that it is utilized in a responsible and ethical manner. TRUE 6. Validation of sender is not necessary, as long as data is sent over a secure channel. FALSE
Summary Provided background on fundamental security concepts creating a framework of how to protect information systems Defined information technology and information security Discussed IT Ethics
List of References http://en.wikipedia.org/wiki/CIA_triad http://www.sans.org/reading_room/whitepapers/policyissues/498 .php http://www.sharepointsecurity.com/content-130.html http://media.wiley.com/product_data/excerpt/29/07645393/0764 539329.pdf http://www.sans.org/reading_room/whitepapers/legal/legal- system-ethics-information-security_54 http://www.staysafeonline.org/sites/default/files/resource_docum ents/STC%20tips%20and%20advice_0.pdf

Recomendados

Ethical hacking ppt
Ethical hacking pptEthical hacking ppt
Ethical hacking pptVallapureddy Sravani
 
Introduction to Information security
Introduction to Information securityIntroduction to Information security
Introduction to Information securityRashad Aliyev
 
Introduction To Information Security
Introduction To Information SecurityIntroduction To Information Security
Introduction To Information Securitybelsis
 
Network Security
Network SecurityNetwork Security
Network SecurityManoj Singh
 
Network security (vulnerabilities, threats, and attacks)
Network security (vulnerabilities, threats, and attacks)Network security (vulnerabilities, threats, and attacks)
Network security (vulnerabilities, threats, and attacks)Fabiha Shahzad
 
Ethical hacking
Ethical hackingEthical hacking
Ethical hackingRajan Chhangani
 
Information Security Lecture #1 ppt
Information Security Lecture #1 pptInformation Security Lecture #1 ppt
Information Security Lecture #1 pptvasanthimuniasamy
 
CYBER SECURITY : NEED OF THE HOUR
CYBER SECURITY : NEED OF THE HOURCYBER SECURITY : NEED OF THE HOUR
CYBER SECURITY : NEED OF THE HOURDr. Sushma H.B
 

Recomendados

Ethical hacking ppt
Ethical hacking pptEthical hacking ppt
Ethical hacking pptVallapureddy Sravani
 
Introduction to Information security
Introduction to Information securityIntroduction to Information security
Introduction to Information securityRashad Aliyev
 
Introduction To Information Security
Introduction To Information SecurityIntroduction To Information Security
Introduction To Information Securitybelsis
 
Network Security
Network SecurityNetwork Security
Network SecurityManoj Singh
 
Network security (vulnerabilities, threats, and attacks)
Network security (vulnerabilities, threats, and attacks)Network security (vulnerabilities, threats, and attacks)
Network security (vulnerabilities, threats, and attacks)Fabiha Shahzad
 
Ethical hacking
Ethical hackingEthical hacking
Ethical hackingRajan Chhangani
 
Information Security Lecture #1 ppt
Information Security Lecture #1 pptInformation Security Lecture #1 ppt
Information Security Lecture #1 pptvasanthimuniasamy
 
CYBER SECURITY : NEED OF THE HOUR
CYBER SECURITY : NEED OF THE HOURCYBER SECURITY : NEED OF THE HOUR
CYBER SECURITY : NEED OF THE HOURDr. Sushma H.B
 
Introduction to security
Introduction to securityIntroduction to security
Introduction to securityMostafa Elgamala
 
Ethical hacking and cyber security intro
Ethical hacking and cyber security introEthical hacking and cyber security intro
Ethical hacking and cyber security introAbhilash Ak
 
Presentation on ethical hacking
Presentation on ethical hackingPresentation on ethical hacking
Presentation on ethical hackingSunny Sundeep
 
Computer Security
Computer SecurityComputer Security
Computer SecurityKlynveld Peat Marwick Goerdeler Global Services
 
ETHICAL HACKING
ETHICAL HACKINGETHICAL HACKING
ETHICAL HACKINGmiltonnancy
 
Ethical hacking
Ethical hackingEthical hacking
Ethical hackingkawsarahmedchoudhuryzzz
 
TYPES OF HACKING
TYPES OF HACKINGTYPES OF HACKING
TYPES OF HACKINGSHERALI445
 
Cyber security # Lec 1
Cyber security # Lec 1Cyber security # Lec 1
Cyber security # Lec 1Kabul Education University
 
Information security and other issues
Information security and other issuesInformation security and other issues
Information security and other issuesHaseeb Ahmed Awan
 
Cyber attack
Cyber attackCyber attack
Cyber attackManjushree Mashal
 
Computer security and privacy
Computer security and privacyComputer security and privacy
Computer security and privacyeiramespi07
 
Ethical Hacking
Ethical HackingEthical Hacking
Ethical HackingAdnan Mansha
 
1 security goals
1 security goals1 security goals
1 security goalsdrewz lin
 
Seminar (network security)
Seminar (network security)Seminar (network security)
Seminar (network security)Gaurav Dalvi
 
Hacking
HackingHacking
HackingLutfulM
 
Ethical hacking
Ethical hackingEthical hacking
Ethical hackingarohan6
 
System Security
System SecuritySystem Security
System SecurityReddhi Basu
 
Computer Security Threats
Computer Security ThreatsComputer Security Threats
Computer Security ThreatsQuick Heal Technologies Ltd.
 
Network security
Network securityNetwork security
Network securitynafisarayhana1
 
Network security
Network securityNetwork security
Network securitymena kaheel
 
4 threatsandvulnerabilities
4 threatsandvulnerabilities4 threatsandvulnerabilities
4 threatsandvulnerabilitiesricharddxd
 
Step1 validation system configuration
Step1 validation system configurationStep1 validation system configuration
Step1 validation system configurationricharddxd
 

Más contenido relacionado

La actualidad más candente

Ethical hacking and cyber security intro
Ethical hacking and cyber security introEthical hacking and cyber security intro
Ethical hacking and cyber security introAbhilash Ak
 
Presentation on ethical hacking
Presentation on ethical hackingPresentation on ethical hacking
Presentation on ethical hackingSunny Sundeep
 
TYPES OF HACKING
TYPES OF HACKINGTYPES OF HACKING
TYPES OF HACKINGSHERALI445
 
Information security and other issues
Information security and other issuesInformation security and other issues
Information security and other issuesHaseeb Ahmed Awan
 
Computer security and privacy
Computer security and privacyComputer security and privacy
Computer security and privacyeiramespi07
 
1 security goals
1 security goals1 security goals
1 security goalsdrewz lin
 
Seminar (network security)
Seminar (network security)Seminar (network security)
Seminar (network security)Gaurav Dalvi
 
Ethical hacking
Ethical hackingEthical hacking
Ethical hackingarohan6
 
Network security
Network securityNetwork security
Network securitymena kaheel
 

La actualidad más candente (20)

Introduction to security
Introduction to securityIntroduction to security
Introduction to security
 
Ethical hacking and cyber security intro
Ethical hacking and cyber security introEthical hacking and cyber security intro
Ethical hacking and cyber security intro
 
Presentation on ethical hacking
Presentation on ethical hackingPresentation on ethical hacking
Presentation on ethical hacking
 
Computer Security
Computer SecurityComputer Security
Computer Security
 
ETHICAL HACKING
ETHICAL HACKINGETHICAL HACKING
ETHICAL HACKING
 
Ethical hacking
Ethical hackingEthical hacking
Ethical hacking
 
TYPES OF HACKING
TYPES OF HACKINGTYPES OF HACKING
TYPES OF HACKING
 
Cyber security # Lec 1
Cyber security # Lec 1Cyber security # Lec 1
Cyber security # Lec 1
 
Information security and other issues
Information security and other issuesInformation security and other issues
Information security and other issues
 
Cyber attack
Cyber attackCyber attack
Cyber attack
 
Computer security and privacy
Computer security and privacyComputer security and privacy
Computer security and privacy
 
Ethical Hacking
Ethical HackingEthical Hacking
Ethical Hacking
 
1 security goals
1 security goals1 security goals
1 security goals
 
Seminar (network security)
Seminar (network security)Seminar (network security)
Seminar (network security)
 
Hacking
HackingHacking
Hacking
 
Ethical hacking
Ethical hackingEthical hacking
Ethical hacking
 
System Security
System SecuritySystem Security
System Security
 
Computer Security Threats
Computer Security ThreatsComputer Security Threats
Computer Security Threats
 
Network security
Network securityNetwork security
Network security
 
Network security
Network securityNetwork security
Network security
 

Destacado

4 threatsandvulnerabilities
4 threatsandvulnerabilities4 threatsandvulnerabilities
4 threatsandvulnerabilitiesricharddxd
 
Step1 validation system configuration
Step1 validation system configurationStep1 validation system configuration
Step1 validation system configurationricharddxd
 
Step2 download and load 7-zip and win mds applications
Step2 download and load 7-zip and win mds applicationsStep2 download and load 7-zip and win mds applications
Step2 download and load 7-zip and win mds applicationsricharddxd
 
Step5 unzipping and installing a competition image
Step5 unzipping and installing a competition imageStep5 unzipping and installing a competition image
Step5 unzipping and installing a competition imagericharddxd
 
Step6 troubleshooting
Step6 troubleshootingStep6 troubleshooting
Step6 troubleshootingricharddxd
 
7 unixsecurity
7 unixsecurity7 unixsecurity
7 unixsecurityricharddxd
 

Destacado (8)

4 threatsandvulnerabilities
4 threatsandvulnerabilities4 threatsandvulnerabilities
4 threatsandvulnerabilities
 
Step1 validation system configuration
Step1 validation system configurationStep1 validation system configuration
Step1 validation system configuration
 
2 v mware
2 v mware2 v mware
2 v mware
 
Step2 download and load 7-zip and win mds applications
Step2 download and load 7-zip and win mds applicationsStep2 download and load 7-zip and win mds applications
Step2 download and load 7-zip and win mds applications
 
Step5 unzipping and installing a competition image
Step5 unzipping and installing a competition imageStep5 unzipping and installing a competition image
Step5 unzipping and installing a competition image
 
Step6 troubleshooting
Step6 troubleshootingStep6 troubleshooting
Step6 troubleshooting
 
Kleshuset
KleshusetKleshuset
Kleshuset
 
7 unixsecurity
7 unixsecurity7 unixsecurity
7 unixsecurity
 

Similar a Introduction to InfoSec Fundamentals

Information Systems.pptx
Information Systems.pptxInformation Systems.pptx
Information Systems.pptxKnownId
 
Computer Security Chapter 1
Computer Security Chapter 1Computer Security Chapter 1
Computer Security Chapter 1Temesgen Berhanu
 
Introduction To Ethical Hacking
Introduction To Ethical HackingIntroduction To Ethical Hacking
Introduction To Ethical Hackingchakrekevin
 
Introduction to Ethical Hacking
Introduction to Ethical HackingIntroduction to Ethical Hacking
Introduction to Ethical HackingKevin Chakre
 
Top 20 cyber security interview questions and answers in 2023.pdf
Top 20 cyber security interview questions and answers in 2023.pdfTop 20 cyber security interview questions and answers in 2023.pdf
Top 20 cyber security interview questions and answers in 2023.pdfAnanthReddy38
 
Cyber Security
Cyber SecurityCyber Security
Cyber SecurityRamiro Cid
 
Legal and Ethical Considerations in Nursing Informatics
Legal and Ethical Considerations in Nursing InformaticsLegal and Ethical Considerations in Nursing Informatics
Legal and Ethical Considerations in Nursing InformaticsKimarie Brown
 
Introduction to security
Introduction to securityIntroduction to security
Introduction to securityMukesh Chinta
 
Cybersecurity Interview Questions and Answers.pdf
Cybersecurity Interview Questions and Answers.pdfCybersecurity Interview Questions and Answers.pdf
Cybersecurity Interview Questions and Answers.pdfJazmine Brown
 
Top Cyber Security Interview Questions and Answers 2022.pdf
Top Cyber Security Interview Questions and Answers 2022.pdfTop Cyber Security Interview Questions and Answers 2022.pdf
Top Cyber Security Interview Questions and Answers 2022.pdfCareerera
 
Ashar Shaikh A-84 SEMINAR.pptx
Ashar Shaikh A-84 SEMINAR.pptxAshar Shaikh A-84 SEMINAR.pptx
Ashar Shaikh A-84 SEMINAR.pptxasharshaikh8
 
Security and Ethical Challenges Contributors Kim Wanders.docx
Security and Ethical Challenges Contributors Kim Wanders.docxSecurity and Ethical Challenges Contributors Kim Wanders.docx
Security and Ethical Challenges Contributors Kim Wanders.docxedgar6wallace88877
 
Security and Ethical Challenges Contributors Kim Wanders.docx
Security and Ethical Challenges Contributors Kim Wanders.docxSecurity and Ethical Challenges Contributors Kim Wanders.docx
Security and Ethical Challenges Contributors Kim Wanders.docxfathwaitewalter
 
cyber security presentation.pptx
cyber security presentation.pptxcyber security presentation.pptx
cyber security presentation.pptxkishore golla
 
Tutorial 09 - Security on the Internet and the Web
Tutorial 09 - Security on the Internet and the WebTutorial 09 - Security on the Internet and the Web
Tutorial 09 - Security on the Internet and the Webdpd
 
CIA = Confidentiality of information, Integrity of information, Avai.pdf
CIA = Confidentiality of information, Integrity of information, Avai.pdfCIA = Confidentiality of information, Integrity of information, Avai.pdf
CIA = Confidentiality of information, Integrity of information, Avai.pdfannaielectronicsvill
 
Cyber Security Matters a book by Hama David Bundo
Cyber Security Matters a book by Hama David BundoCyber Security Matters a book by Hama David Bundo
Cyber Security Matters a book by Hama David Bundohdbundo
 
Cyber Security Part-I.pptx
Cyber Security Part-I.pptxCyber Security Part-I.pptx
Cyber Security Part-I.pptxRavikumarVadana
 
cyber secuirty.pptx
cyber secuirty.pptxcyber secuirty.pptx
cyber secuirty.pptxGodwin585235
 

Similar a Introduction to InfoSec Fundamentals (20)

Information Systems.pptx
Information Systems.pptxInformation Systems.pptx
Information Systems.pptx
 
Computer Security Chapter 1
Computer Security Chapter 1Computer Security Chapter 1
Computer Security Chapter 1
 
Introduction To Ethical Hacking
Introduction To Ethical HackingIntroduction To Ethical Hacking
Introduction To Ethical Hacking
 
Introduction to Ethical Hacking
Introduction to Ethical HackingIntroduction to Ethical Hacking
Introduction to Ethical Hacking
 
Top 20 cyber security interview questions and answers in 2023.pdf
Top 20 cyber security interview questions and answers in 2023.pdfTop 20 cyber security interview questions and answers in 2023.pdf
Top 20 cyber security interview questions and answers in 2023.pdf
 
Cyber Security
Cyber SecurityCyber Security
Cyber Security
 
Legal and Ethical Considerations in Nursing Informatics
Legal and Ethical Considerations in Nursing InformaticsLegal and Ethical Considerations in Nursing Informatics
Legal and Ethical Considerations in Nursing Informatics
 
Introduction to security
Introduction to securityIntroduction to security
Introduction to security
 
Cybersecurity Interview Questions and Answers.pdf
Cybersecurity Interview Questions and Answers.pdfCybersecurity Interview Questions and Answers.pdf
Cybersecurity Interview Questions and Answers.pdf
 
Top Cyber Security Interview Questions and Answers 2022.pdf
Top Cyber Security Interview Questions and Answers 2022.pdfTop Cyber Security Interview Questions and Answers 2022.pdf
Top Cyber Security Interview Questions and Answers 2022.pdf
 
Ashar Shaikh A-84 SEMINAR.pptx
Ashar Shaikh A-84 SEMINAR.pptxAshar Shaikh A-84 SEMINAR.pptx
Ashar Shaikh A-84 SEMINAR.pptx
 
Security and Ethical Challenges Contributors Kim Wanders.docx
Security and Ethical Challenges Contributors Kim Wanders.docxSecurity and Ethical Challenges Contributors Kim Wanders.docx
Security and Ethical Challenges Contributors Kim Wanders.docx
 
Security and Ethical Challenges Contributors Kim Wanders.docx
Security and Ethical Challenges Contributors Kim Wanders.docxSecurity and Ethical Challenges Contributors Kim Wanders.docx
Security and Ethical Challenges Contributors Kim Wanders.docx
 
cyber security presentation.pptx
cyber security presentation.pptxcyber security presentation.pptx
cyber security presentation.pptx
 
security IDS
security IDSsecurity IDS
security IDS
 
Tutorial 09 - Security on the Internet and the Web
Tutorial 09 - Security on the Internet and the WebTutorial 09 - Security on the Internet and the Web
Tutorial 09 - Security on the Internet and the Web
 
CIA = Confidentiality of information, Integrity of information, Avai.pdf
CIA = Confidentiality of information, Integrity of information, Avai.pdfCIA = Confidentiality of information, Integrity of information, Avai.pdf
CIA = Confidentiality of information, Integrity of information, Avai.pdf
 
Cyber Security Matters a book by Hama David Bundo
Cyber Security Matters a book by Hama David BundoCyber Security Matters a book by Hama David Bundo
Cyber Security Matters a book by Hama David Bundo
 
Cyber Security Part-I.pptx
Cyber Security Part-I.pptxCyber Security Part-I.pptx
Cyber Security Part-I.pptx
 
cyber secuirty.pptx
cyber secuirty.pptxcyber secuirty.pptx
cyber secuirty.pptx
 

Más de richarddxd

Step4 downloading and installing vm ware target image
Step4 downloading and installing vm ware target imageStep4 downloading and installing vm ware target image
Step4 downloading and installing vm ware target imagericharddxd
 
Step3 downloading and installing v mware player software
Step3 downloading and installing v mware player softwareStep3 downloading and installing v mware player software
Step3 downloading and installing v mware player softwarericharddxd
 
8 passwordsecurity
8 passwordsecurity8 passwordsecurity
8 passwordsecurityricharddxd
 
5 howtomitigate
5 howtomitigate5 howtomitigate
5 howtomitigatericharddxd
 
3 windowssecurity
3 windowssecurity3 windowssecurity
3 windowssecurityricharddxd
 

Más de richarddxd (6)

Step4 downloading and installing vm ware target image
Step4 downloading and installing vm ware target imageStep4 downloading and installing vm ware target image
Step4 downloading and installing vm ware target image
 
Step3 downloading and installing v mware player software
Step3 downloading and installing v mware player softwareStep3 downloading and installing v mware player software
Step3 downloading and installing v mware player software
 
8 passwordsecurity
8 passwordsecurity8 passwordsecurity
8 passwordsecurity
 
6 networking
6 networking6 networking
6 networking
 
5 howtomitigate
5 howtomitigate5 howtomitigate
5 howtomitigate
 
3 windowssecurity
3 windowssecurity3 windowssecurity
3 windowssecurity
 

Introduction to InfoSec Fundamentals

  • 2. Objectives Definitions of information technology and information security Fundamental Security Concepts Ethics of IT Security
  • 3. Definitions Information Technology Term used to describe computers and automated data processing Information Security Protection of information and information systems from unauthorized access, use, disclosure, disruption, modification, or destruction in order to provide confidentiality, integrity, and availability
  • 4. CIA Triad Fundamental Characteristics Confidentiality Only those that should have access to data do Integrity Ensures the data has not be changed Availability Data is accessible when needed http://en.wikipedia.org/wiki/CIA_triad
  • 5. Confidentiality Assurance of data privacy Only the intended and authorized recipients (individuals, processes, or devices) may access and read the data. Disclosure to unauthorized entities, for example using unauthorized network sniffing, is a confidentiality violation. Often provided through the use of cryptographic techniques http://en.wikipedia.org/wiki/CIA_triad
  • 6. Integrity Data integrity Assurance that the information has not been altered or corrupted in transmission from source to destination, willfully or accidentally, before it is read by its intended recipient. Source integrity Assurance the sender of the information is who it is supposed to be. Source integrity may be compromised when an agent spoofs its identity and supplies incorrect information to a recipient. Digital Signatures and hash algorithms are mechanisms used to provide data integrity http://en.wikipedia.org/wiki/CIA_triad
  • 7. Availability Timely and reliable access to data services by authorized users It ensures information or resources are available when needed; at a rate which is fast enough for the system to perform its intended task While confidentiality and integrity can be protected, an attacker may cause resources to become less available than required, or not available at all Robust protocols and operating systems, redundant network architectures, and system hardware without any single points of failure help to ensure system reliability and robustness A Denial of Service (DoS) attack is an attack against availability http://en.wikipedia.org/wiki/CIA_triad
  • 8. Ethics of IT Security Ten Commandments of Computer Ethics 1. Thou shalt not use a computer to harm other people. 2. Thou shalt not interfere with other people's computer work. 3. Thou shalt not snoop around in other people's computer files. 4. Thou shalt not use a computer to steal. 5. Thou shalt not use a computer to bear false witness. 6. Thou shalt not copy or use proprietary software for which you have not paid. 7. Thou shalt not use other people's computer resources without authorization or proper compensation. 8. Thou shalt not appropriate other people's intellectual output. 9. Thou shalt think about the social consequences of the program you are writing or the system you are designing. 10.Thou shalt always use a computer in ways that insure consideration and respect for your fellow humans. http://www.sans.org/reading_room/whitepapers/legal/legal-system-ethics-information-security_54
  • 9. Ethics of IT Security Be a Good Online Citizen Safer for me, more secure for all: What you do online has the potential to affect everyone – at home, at work and around the world. Practicing good online habits benefits the global digital community. Respect other online citizens: Post only about others as you would have them post about you. Reference and Acknowledgment: Represent authorship and reference others when using their ideas. Help the authorities fight cyber crime: Report stolen finances or identities and other cybercrime to www.ic3.gov (Internet Crime Complaint Center), the Federal Trade Commission at http://www.onguardonline.gov/file-complaint. http://www.staysafeonline.org/sites/default/files/resource_documents/STC%20tips%20and%20advice_0.pdf
  • 10. Ethics of IT Security For more on online safety http://www.staysafeonline.org/ http://www.cybercrime.gov/cyberethics.htm http://www.onguardonline.gov/topics/net-cetera-heads-up- introduction.aspx http://www.getnetwise.org/ http://xblock.isafe.org/ http://www.ikeepsafe.org/digital-citizenship/ethical-use/
  • 11. True or False 1. Information security describes non-repudiation, availability, and confidentiality of computer systems. 2. An IT Security professional with authorized access is expected to snoop around their coworker’s personal computer files. 3. Confidentiality, integrity, and availability are the fundamental concepts behind information security. 4. If data is not accessible, it is still secure as long as it has not been altered or deleted. 5. It is the responsibility of people who create and use the technology to make sure that it is utilized in a responsible and ethical manner. 6. Validation of sender is not necessary, as long as data is sent over a secure channel.
  • 12. True or False 1. Information security describes non-repudiation, availability, and confidentiality of computer systems. TRUE 2. An IT Security professional with authorized access is expected to snoop around their coworker’s personal computer files. FALSE 3. Confidentiality, integrity, and availability are the fundamental concepts behind information security. TRUE 4. If data is not accessible, it is still secure as long as it has not been altered or deleted. FALSE 5. It is the responsibility of people who create and use the technology to make sure that it is utilized in a responsible and ethical manner. TRUE 6. Validation of sender is not necessary, as long as data is sent over a secure channel. FALSE
  • 13. Summary Provided background on fundamental security concepts creating a framework of how to protect information systems Defined information technology and information security Discussed IT Ethics