cybersecurity.ppt 1996KB Jun 23 2011 12:05:48 PM
Center of Excellence for IT at Bellevue
College
Cyber security and information assurance
refer to measures for protecting computer
systems, networks, and information
systems from disruption or unauthorized
access, use, disclosure, modification, or
destruction.
Cyber security often refers to safety of the
infrastructure and computer systems with a
strong emphasis on the technology
Information assurance tends to have a
boarder focus with emphasis on information
management and business practices
The two areas overlap strongly and the
terms are sometimes used interchangeably
Information assurance (IA) is the practice
of managing information-related risks. More
specifically, IA practitioners seek to protect
and defend information and information
systems by ensuring confidentiality, data
integrity, authentication, availability, and
non-repudiation. IA measures include
providing for restoration of information
systems by incorporating protection,
detection, and reaction capabilities.
Confidentiality has been defined by the
International Organization for
Standardization (ISO) as "ensuring that
information is accessible only to those
authorized to have access" and is one of the
cornerstones of information security.
Confidentiality is one of the design goals for
many cryptosystems, made possible in
practice by the techniques of modern
cryptography.
Data integrity means that the data is "whole"
or complete, and is identically maintained
during any operation (such as transfer, storage
or retrieval). Data integrity is the assurance
that data is consistent and correct.
Loss of integrity can result from:
Malicious altering, such as an attacker altering
an account number in a bank transaction, or
forgery of an identity document
Accidental altering, such as a transmission
error, or a hard disk crash
Authentication is a security measure
designed to establish the validity of a
transmission, message, document or
originator, or a means of verifying an
individual's authorization to receive specific
categories of information.
Authentication technologies include:
passwords, digital signatures, keys and
passports, biometrics
Availability means that the information, the
computing systems used to process the
information, and the security controls used
to protect the information are all available
and functioning correctly when the
information is needed = timely, reliable
access to data and information services for
authorized users.
Non-repudiation is the assurance the
sender of data is provided with proof of
delivery and the recipient is provided with
proof of the sender's identity, so neither can
later deny having processed the data.
Technologies include:
Digital certificates and signatures
The global recession will lead to a rise of
cybercrime worldwide according to 2009
cybercrime forecasts from leading IT security
firms.
Approximately 1.5 million pieces of unique
malware will have been identified by the end of
the year, more than in the previous five years
combined.
The optimal way to prevent malicious files from
infecting PCs and corporate networks is active
real-time content inspection technologies.
www.securitymanagement.com/print/4969
The United States has bypassed China as
the biggest purveyor of malware as well as
sends the most spam worldwide, says
Sophos Security Threat Report: 2009.
Not only is the USA relaying the most spam
because too many of its computers have
been compromised and are under the
control of hackers, but it's also carrying the
most malicious webpages.
www.securitymanagement.com/print/4969
Cybercriminals will continue to exploit the
best Web 2.0 technologies, such as Trojan
technologies.
Cybercriminals are increasingly relying on
Adobe PDF and Flash files, normally
considered safe, to infect victims with
malware.
Hackers have been breaking into Facebook
and MySpace and implanting malware to
distribute to a victim's social network.
www.securitymanagement.com/print/4969
Increasing complexity of IT systems and networks
Convergence of IT and communication systems
Expanding wireless connectivity and multiplicity
of wireless devices
Increasing amount of digital information collected
Increasing connectivity and accessibility of digital
information systems
Globalization of IT and information systems
Increased web access to a wide range of web
services and web applications
Increase in all forms of digital commerce
Trends towards data-marts and hosted data
warehousing services
Network security
Disaster recovery
Information system security technologies
Wireless system security
Internet security
Legal issues, standards and compliance
Cybercrime
Information management
Information audit and risk analysis
Digital forensics
Secure electronic commerce
Types of intrusion and intrusion detection
systems
Firewalls and access control
Cryptography
Digital certificates
Biometrics
Digital authentication and Public Key
Infrastructure (PKI)
Data assurance and disaster recovery
Cryptography systems
Identification and authentication systems
Operating system security
E-commerce security tools and strategies
Firewalls and proxy servers
Anti-malware and anti-spyware technology
Anti-piracy techniques
Network traffic analysis tools
en.wikipedia.org/wiki/Cyber_security
en.wikipedia.org/wiki/Information_assurance
www.cssia.org/
www.afei.org/news/NCES/NCES_Information_Assurance.pdf
www.nitrd.gov/pubs/csia/csia_federal_plan.pdf
www.sis.uncc.edu/LIISP/slides00/GAIL.pdf
www.cnss.gov/Assets/pdf/cnssi_4009.pdf
www2.cs.uidaho.edu/~oman/CS336_F08_syllabus.pdf
www.coastline.edu/degrees/page.cfm?LinkID=786
bii.mc.maricopa.edu/degrees/checklists/CCLInformationAssurance5227.pdf
College
Cyber security and information assurance
refer to measures for protecting computer
systems, networks, and information
systems from disruption or unauthorized
access, use, disclosure, modification, or
destruction.
Cyber security often refers to safety of the
infrastructure and computer systems with a
strong emphasis on the technology
Information assurance tends to have a
boarder focus with emphasis on information
management and business practices
The two areas overlap strongly and the
terms are sometimes used interchangeably
Information assurance (IA) is the practice
of managing information-related risks. More
specifically, IA practitioners seek to protect
and defend information and information
systems by ensuring confidentiality, data
integrity, authentication, availability, and
non-repudiation. IA measures include
providing for restoration of information
systems by incorporating protection,
detection, and reaction capabilities.
Confidentiality has been defined by the
International Organization for
Standardization (ISO) as "ensuring that
information is accessible only to those
authorized to have access" and is one of the
cornerstones of information security.
Confidentiality is one of the design goals for
many cryptosystems, made possible in
practice by the techniques of modern
cryptography.
Data integrity means that the data is "whole"
or complete, and is identically maintained
during any operation (such as transfer, storage
or retrieval). Data integrity is the assurance
that data is consistent and correct.
Loss of integrity can result from:
Malicious altering, such as an attacker altering
an account number in a bank transaction, or
forgery of an identity document
Accidental altering, such as a transmission
error, or a hard disk crash
Authentication is a security measure
designed to establish the validity of a
transmission, message, document or
originator, or a means of verifying an
individual's authorization to receive specific
categories of information.
Authentication technologies include:
passwords, digital signatures, keys and
passports, biometrics
Availability means that the information, the
computing systems used to process the
information, and the security controls used
to protect the information are all available
and functioning correctly when the
information is needed = timely, reliable
access to data and information services for
authorized users.
Non-repudiation is the assurance the
sender of data is provided with proof of
delivery and the recipient is provided with
proof of the sender's identity, so neither can
later deny having processed the data.
Technologies include:
Digital certificates and signatures
The global recession will lead to a rise of
cybercrime worldwide according to 2009
cybercrime forecasts from leading IT security
firms.
Approximately 1.5 million pieces of unique
malware will have been identified by the end of
the year, more than in the previous five years
combined.
The optimal way to prevent malicious files from
infecting PCs and corporate networks is active
real-time content inspection technologies.
www.securitymanagement.com/print/4969
The United States has bypassed China as
the biggest purveyor of malware as well as
sends the most spam worldwide, says
Sophos Security Threat Report: 2009.
Not only is the USA relaying the most spam
because too many of its computers have
been compromised and are under the
control of hackers, but it's also carrying the
most malicious webpages.
www.securitymanagement.com/print/4969
Cybercriminals will continue to exploit the
best Web 2.0 technologies, such as Trojan
technologies.
Cybercriminals are increasingly relying on
Adobe PDF and Flash files, normally
considered safe, to infect victims with
malware.
Hackers have been breaking into Facebook
and MySpace and implanting malware to
distribute to a victim's social network.
www.securitymanagement.com/print/4969
Increasing complexity of IT systems and networks
Convergence of IT and communication systems
Expanding wireless connectivity and multiplicity
of wireless devices
Increasing amount of digital information collected
Increasing connectivity and accessibility of digital
information systems
Globalization of IT and information systems
Increased web access to a wide range of web
services and web applications
Increase in all forms of digital commerce
Trends towards data-marts and hosted data
warehousing services
Network security
Disaster recovery
Information system security technologies
Wireless system security
Internet security
Legal issues, standards and compliance
Cybercrime
Information management
Information audit and risk analysis
Digital forensics
Secure electronic commerce
Types of intrusion and intrusion detection
systems
Firewalls and access control
Cryptography
Digital certificates
Biometrics
Digital authentication and Public Key
Infrastructure (PKI)
Data assurance and disaster recovery
Cryptography systems
Identification and authentication systems
Operating system security
E-commerce security tools and strategies
Firewalls and proxy servers
Anti-malware and anti-spyware technology
Anti-piracy techniques
Network traffic analysis tools
en.wikipedia.org/wiki/Cyber_security
en.wikipedia.org/wiki/Information_assurance
www.cssia.org/
www.afei.org/news/NCES/NCES_Information_Assurance.pdf
www.nitrd.gov/pubs/csia/csia_federal_plan.pdf
www.sis.uncc.edu/LIISP/slides00/GAIL.pdf
www.cnss.gov/Assets/pdf/cnssi_4009.pdf
www2.cs.uidaho.edu/~oman/CS336_F08_syllabus.pdf
www.coastline.edu/degrees/page.cfm?LinkID=786
bii.mc.maricopa.edu/degrees/checklists/CCLInformationAssurance5227.pdf