.c
om
cu
u
du
o
ng
th
an
co
ng
Introduction To Information Systems Security
CuuDuongThanCong.com
/>
.c
om
Contents
an
co
Information Systems Security.
ng
History of information security.
ng
th
Risks, Threats, and Vulnerabilities.
du
o
Tenets of Information Systems Security.
cu
u
The Seven Domains of a Typical IT Infrastructure.
CuuDuongThanCong.com
/>
.c
om
cu
u
du
o
ng
th
an
co
ng
1. History of information security
CuuDuongThanCong.com
/>
.c
om
History of information security
ng
The 1960s
co
The 1970s and 80s
th
an
The 1990s
cu
u
du
o
ng
2000 to Present
CuuDuongThanCong.com
/>
.c
om
History of information security (cont.)
ng
The history of information security begins with computer security
cu
u
du
o
ng
th
an
co
Secure physical locations, hardware, and software from threats
CuuDuongThanCong.com
/>
.c
om
History of information security (cont.)
ng
The 1960s:
co
During the Cold War, many more mainframes were brought online to
th
an
accomplish more complex and sophisticated tasks.
du
o
ng
Larry Roberts, known as the founder of the Internet, developed the project
cu
u
which was called ARPANET
CuuDuongThanCong.com
/>
ng
The 1970s and 80s: Network security
.c
om
History of information security (cont.)
co
ARPANET became popular and more widely used, and the potential for its
th
an
misuse grew:
ng
protect data from unauthorized remote users
du
o
lack of safety procedures for dial-up connections
cu
u
nonexistent user identification and authorization to the system
CuuDuongThanCong.com
/>
.c
om
ng
co
an
th
ng
du
o
u
cu
CuuDuongThanCong.com
/>
.c
om
History of information security (cont.)
ng
The 1990s:
co
The Internet has become an interconnection of millions of networks
th
an
Industry standards for interconnection of networks: de facto standards
cu
u
du
o
ng
e-mail encryption
CuuDuongThanCong.com
/>
.c
om
History of information security (cont.)
ng
2000 to Present
co
Today, the Internet brings millions of unsecured computer networks into
th
an
continuous communication with each other.
cu
u
du
o
ng
Security?
CuuDuongThanCong.com
/>
.c
om
cu
u
du
o
ng
th
an
co
ng
2. Information Systems Security
CuuDuongThanCong.com
/>
.c
om
Information system
An information system consists of the hardware, operating system, and
cu
u
du
o
ng
th
an
for individuals and organizations.
co
ng
application software that work together to collect, process, and store data
CuuDuongThanCong.com
/>
cu
u
du
o
ng
th
an
co
ng
.c
om
The Components of Information Systems
CuuDuongThanCong.com
/>
.c
om
The Components of Information Systems
Hardware: Information systems hardware is the part of an information
co
ng
system you can touch – the physical components of the technology.
th
an
Computers, keyboards, disk drives, network devices.
ng
Software: is a set of instructions that tells the hardware what to do.
cu
Applications,
u
du
o
Software is not tangible – it cannot be touched.
Operating systems
CuuDuongThanCong.com
/>
.c
om
The Components of Information Systems
Data: as a collection of facts. For example, your street address, the city
co
ng
you live in, and your phone number are all pieces of data. Like software,
th
an
data is also intangible.
ng
People: help-desk workers, systems analysts, programmers. The people
cu
u
du
o
involved with information systems are an essential element
CuuDuongThanCong.com
/>
.c
om
The Components of Information Systems
Procedures: Procedures are written instructions for accomplishing a
co
ng
specific task.
th
an
Networks: A network is a connected collection of devices that can
cu
u
du
o
ng
communicate with each other
CuuDuongThanCong.com
/>
.c
om
Information systems security
Information systems security is the collection of activities that protect the
cu
u
du
o
ng
th
an
co
ng
information system and the data stored in it
CuuDuongThanCong.com
/>
.c
om
cu
u
du
o
ng
th
an
co
ng
3. Risk, Threat, and Vulnerabilitie
CuuDuongThanCong.com
/>
.c
om
Risk
Risk is the likelihood that something bad will happen to an asset.
co
ng
In the context of IT security, an asset can be a computer, a database, or a
th
an
piece of information.
du
o
Losing data
ng
Examples:
cu
u
Losing business because a disaster has destroyed your building
Failing to comply with laws and regulations
CuuDuongThanCong.com
/>
.c
om
Threat
ng
A threatis any action that could damage an asset.
co
Information systems face both natural and human-induced threats
u
cu
Virus, DDOS
du
o
ng
Flood, earthquake, fire, …
th
an
Examples:
CuuDuongThanCong.com
/>
.c
om
The most common threats
Malicious software
co
ng
Hardware or software failure
an
Internal attacker
th
Equipment theft
Natural disaster
cu
Industrial espionage
u
du
o
ng
External attacker
Terrorism
CuuDuongThanCong.com
/>
.c
om
Threat Types
Disclosure threats: occurs any time unauthorized users access private or
co
ng
confidential information that is stored on a network resource or while it is
th
an
in transit between network resources.
du
o
ng
Two techniques
u
Sabotage: the destruction of property or obstruction of normal operations
cu
Espionage: the act of spying to obtain secret information
CuuDuongThanCong.com
/>
.c
om
Threat Types (cont.)
ng
Alteration threats: making unauthorized changes to data on a system
co
Example: modify database files, operating systems, application software,
cu
u
du
o
ng
th
an
and even hardware devices
CuuDuongThanCong.com
/>
.c
om
Threat Types (cont.)
co
resources unavailable or unusable.
ng
Denial or Destruction Threats: Denial or destruction threats make assets or
cu
u
du
o
ng
th
an
Example: DOS/DDOS
CuuDuongThanCong.com
/>
.c
om
Vulnerability
A vulnerabilityis a weakness that allows a threat to be realized or to have
co
ng
an effect on an asset.
th
an
Examples:
du
o
u
cu
IIS Error
ng
Buffer overflow.
CuuDuongThanCong.com
/>