digital information security
TRANSCRIPT
Digital Information Security
Sayed Ahmad Sahim
Kandahar [email protected]
May 20, 2015
Sayed Ahmad Sahim (Kandahar University) Digital Information Security May 20, 2015 1 / 21
Table of Contents
1 Introduction
2 Information vs Data
3 Three objectives of information security
4 Security Policy
5 90/10 RuleITIC/KnowBe4 2013-14 Survey
6 Security Violation
7 Security ObjectivesGood Computing Practices
8 Conclusion
Sayed Ahmad Sahim (Kandahar University) Digital Information Security May 20, 2015 2 / 21
introduction
SecuritySecurity is a continuous process of protecting an object from attack (Rizza,2005).
Figure : Security Definition
Sayed Ahmad Sahim (Kandahar University) Digital Information Security May 20, 2015 3 / 21
Information SecurityInformation Security refers to the protection of information from unautho-rized access, use, misuse, disclosure, destruction, modification, or disrup-tion. (Afshin Rezakhani, 2011)
Figure : Information Security
Sayed Ahmad Sahim (Kandahar University) Digital Information Security May 20, 2015 4 / 21
Information vs Data
Data is unprocessed facts and figures without any added interpretationor analysis (Dutcher, 2015).Information is data that has been interpreted so that it has meaningfor the user (Dutcher, 2015).Knowledge is a combination of information, experience and insightthat may benefit the individual or the organisation (Dutcher, 2015).
Figure : Information vs Data
Sayed Ahmad Sahim (Kandahar University) Digital Information Security May 20, 2015 5 / 21
Three objectives of information security
Confidentiality
Integrity
Availability
Sayed Ahmad Sahim (Kandahar University) Digital Information Security May 20, 2015 6 / 21
Confidentiality
Confidentiality: Confidentiality is the term used to prevent the disclosure ofinformation to unauthorized individuals or systems (Y. and hoon Kim, 2007).
Figure : Confidentiality
Sayed Ahmad Sahim (Kandahar University) Digital Information Security May 20, 2015 7 / 21
Integrity
Integrity refers to the protection of information from unauthorized modifi-cation or destruction. Ensuring integrity is ensuring that information andinformation systems are accurate, complete and uncorrupted (Y. and hoonKim, 2007).
Figure : Integrity
Sayed Ahmad Sahim (Kandahar University) Digital Information Security May 20, 2015 8 / 21
Availability
Availability refers to the protection of information and information systemsfrom unauthorized disruption. Ensuring availability is ensuring timely andreliable access to and use of information and information systems(Y. andhoon Kim, 2007).
Figure : Availability
Sayed Ahmad Sahim (Kandahar University) Digital Information Security May 20, 2015 9 / 21
CIA
Figure : cia
Sayed Ahmad Sahim (Kandahar University) Digital Information Security May 20, 2015 10 / 21
Security Policy
Security policies are the foundation and the bottom line of information se-curity in an organization.
A well written and implemented policy contains sufficient informationon what must be done to protect information and people in theorganization (SAAN, 2015).
Security policies also establish computer usage guidelines for staff inthe course of their job duties (SAAN, 2015).
Information Security policy defines framework for how to useinformation and information systems.
Sayed Ahmad Sahim (Kandahar University) Digital Information Security May 20, 2015 11 / 21
Question
You may ask.
Why do I need to learn about Security?”Isn’t this just an IT Problem?”
Good Security Standards follow the 90 / 10 Rule (University ofCalifornia):
10% of security safeguards are technical.90% of security safeguards rely on the computer user YOU toadhere to good computing practices.
Sayed Ahmad Sahim (Kandahar University) Digital Information Security May 20, 2015 12 / 21
Question
You may ask.
Why do I need to learn about Security?”Isn’t this just an IT Problem?”
Good Security Standards follow the 90 / 10 Rule (University ofCalifornia):
10% of security safeguards are technical.90% of security safeguards rely on the computer user YOU toadhere to good computing practices.
Sayed Ahmad Sahim (Kandahar University) Digital Information Security May 20, 2015 12 / 21
ITIC/KnowBe4 2013-14 Survey
ITIC/KnowBe4 2013 - 2014 Security Deployment Trends Survey, 80percent of companies identified ”end user carelessness” as thegreatest security threat to their network and data. Link
Sayed Ahmad Sahim (Kandahar University) Digital Information Security May 20, 2015 13 / 21
What are the consequences for Security violation?
Risk to integrity of confidential information
Risk to security of personal information
Loss of valuable business information
Loss of Reputation
Loss of client interest
Internal disciplinary action
Penalties
Sayed Ahmad Sahim (Kandahar University) Digital Information Security May 20, 2015 14 / 21
Security Objectives
Learn and practice good computer security practices.
Top 12 practices
Report anything unusual
If it sets off a warning in your mind, it just may be a problem!
Sayed Ahmad Sahim (Kandahar University) Digital Information Security May 20, 2015 15 / 21
Good Computing Practices
1 Unique User ID or Log-In Name2 Password Protection3 Workstation Security Physical Security4 Security for Workstations, Portable Devices & Laptops5 Data Management ”backup, archive, restore, disposal”6 Prevent the spread of viruses, Worm, Trojan and time bomb.
Sayed Ahmad Sahim (Kandahar University) Digital Information Security May 20, 2015 16 / 21
Good Computing Practices
7 Secure Remote Access8 E-Mail Security9 Safe Internet Use
10 Reporting Security Incidents / Breaches11 Your Responsibility to Adhere to Information Security Policies.12 Do not use Cracked or unlicensed softwares.
Sayed Ahmad Sahim (Kandahar University) Digital Information Security May 20, 2015 17 / 21
Conclusion
To achieve better security:
IT personnels are responsible for creating necessary security policywhich include rules for end users
Educating End Users
End Users are required to adopt and not violate security rules
Sayed Ahmad Sahim (Kandahar University) Digital Information Security May 20, 2015 18 / 21
Refrences
N. M. Afshin Rezakhani, AbdolMajid Hajebi. Standardization of allinformation security management systems. March 2011.
J. Dutcher. How to define data, information and knowledge. May 2015.URL http://searchdatamanagement.techtarget.com/feature/
Defining-data-information-and-knowledge.
J. M. Rizza. Computer network security. In University ofTennessee-Chattanooga Chattanooga, TN, U. S.A., April 2005.
S. I. I. R. R. SAAN. Security Policy Roadmap - Process for CreatingSecurity Policies. http://www.sans.org/reading-room/whitepapers/policyissues/
security-policy-roadmapprocess-creating-security-policies-494,2015. Accessed: 20-May-2015.
S. F. Y. and P. hoon Kim. It security review: Privacy, protection, accesscontrol, assurance and system security. April 2007.
Sayed Ahmad Sahim (Kandahar University) Digital Information Security May 20, 2015 20 / 21