it security cs5493(74293). it security q: why do you need security? a: to protect assets

IT Security

CS5493(74293)

IT Security

Q: Why do you need security?A: To protect assets.

What are assets?

• Any item that has value:– People– Intellectual property– Physical property– Data– Services– Reputation

• Assets are the things you want to protect

The SA and Assets

• People– Employees– Shareholders– Customers– Contractors

The SA and Assets

• Physical- The information computing system (hardware,

software)

The SA and Assets

• Intellectual property– Patents– Proprietary source code.– Formulas– plans

The SA and Assets

• Data– Financial data– Customer database– Inventory– Scientific data

The SA and Assets

• Services– Availability of services– Productivity of employees

SA and Services

• Reputation– Brand image

Attacks, Threats, &Vulnerabilities

• Assets are subject to– Threats– Vulnerabilities– Attacks

SA: Threats

• A threat is a potential action that could compromise an asset.

SA: Vulnerabilities

• A vulnerability is a weakness in a system that makes it possible for a threat to cause harm.

SA: Attacks

• An attack is an action that compromises an asset.

Risks

• All risk cannot be eliminated.• Risk is managed analytically through risk

analysis.

Risk Analysis

• Quantifying (in monetary terms) the impact of attacks, threats, and vulnerabilities upon assets.

Security Summary

• Protect your assets• Understand the threats• Eliminate the vulnerabilities• Reach an acceptable level of risk