Notes
Slide Show
Outline
1
Information Systems Security
  • IS 460 Notes
    by Thomas Hilton
2
Overview
  • What is an Information System
  • Personnel Security
  • Procedural Security
  • Facilities Security
  • Technical Security
  • Security Implementation
3
Security Perspective:
What is an Information System
  • The General Systems View…
  • Intended Output
  • Unintended Output
  • Main Input
  • Spurious Input
  • Transformation Processes
  • Output Interface
  • Input Interface
  • Control Processes
4
Security Perspective:
What is an Information System
  • Intended Output: High Quality Information
  • Unintended Output: Mis-, Dis-, Untimely, Irrelevant, Unknown Origin
  • Main Input: High Quality Data
  • Spurious Input: Mis-, Dis-, Untimely, Irrelevant, Unknown Origin
  • Transformation Processes: Hardware, Software, Procedures, People
  • Output Interface: Video/Print/Audio/Tactile-Kinesthetic/Olfactory, Email/IM/Website/Telnet/Disks/Cable/Wireless, Conversations/Phone/Notes/Memos/Terminations/Departures
  • Input Interface: Tactile-Kinesthetic/Audio/Video/Print/Olfactory, Email/IM/Web/Telnet/Disks/Cable/Wireless, Conversations/Phone/Notes/Memos/Hires/Arrivals
  • Control Processes: …?
5
Scope of Security Subsystem
  • a lá U.S. Department of Defense…


  • Personnel
  • Procedural
  • Facilities
  • Technical
6
Personnel Security
  • Security Organization
    • Steering Committee
    • CSO
    • Other security personnel
    • Security responsibilities of all personnel
  • Human Resources
    • Hiring and Remuneration
    • Vacation
    • Termination
7
Procedural Security
  • Risk Assessment
  • Security Audit
  • Security Policy
  • Business Continuity Plan
  • Training Plan
8
Facilities Security
  • Proximity (Each other, Users, Threats)
  • Perimeters (Boundaries, Access)
  • Power (Electricity Availability, Quality)
  • Etc. (Cooling, Hardening, …)
9
Technical Security
  • Information “C.I.A.”
    • Confidentiality
    • Integrity
    • Availability
10
Security Implementation
  • Individual Workstation
  • Workgroup LAN
  • Enterprise WAN / Intranet
  • E-Commerce Internet
11
Security Implementation
Individual / Workstation
  • Operating Systems and Applications
  • User Account Management
  • Data File Management
  • Anti-Virus Software
  • Personal Firewall
  • Other Utilities
12
Security Implementation
 Workgroup / LAN
  • All of the above
  • Server security
  • Eaves-dropping
  • Topologies
13
Security Implementation
 Enterprise / WAN
  • All of the above
  • DMZs (multiple firewalls)
  • Routers
  • Cold/Hot Site synchronization
  • VPNs
14
Security Implementation
 E-Commerce / Internet
  • All of the above
  • Internet visible systems
    • HTML
    • FTP
    • SMTP
    • Etc.