Information assurance PowerPoint Presentation, PPT - DocSlides
usna. . si110. LT Brian Kiehl. MIch. 373 | 410.293.0938. firstname.lastname@example.org. What are we protecting?. Network?. If so, disconnect it from the Internet. Computers?. …then, turn it off and store in a waterproof/ fireproof safe. ID: 478515Direct Link: Embed code:
Download this presentation
DownloadNote - The PPT/PDF document "Information assurance" is the property of its rightful owner. Permission is granted to download and print the materials on this web site for personal, non-commercial use only, and to display it on your personal computer provided you do not modify the materials and that you retain all copyright notices contained in the materials. By downloading content from our website, you accept the terms of this agreement.
Presentations text content in Information assurance
Information assuranceusna si110
LT Brian Kiehl
373 | 410.293.0938
What are we protecting?
Network?If so, disconnect it from the InternetComputers?…then, turn it off and store in a waterproof/ fireproof safeData?Disconnect the hard drive and store in a waterproof/fireproof safe Then what?
Data vs. Information
Data: raw facts with no contextOften stored in a databaseJust numbers and text stored on diskExample:Is 70301?The date 7/03/01$70,301The zip code for Thibodaux, LAData is only useful when put into contextData with context is information
Systems that store, process, and transmit dataData can beSummarizedOrganizedAnalyzedProcessing of data adds contextThe resulting information has value to the organizationThe goal: protect the informationProtect key attributes of the information
Information Assurance is defined as the set of measures intended to protect and defend information and information systems by ensuring their availability, integrity, authentication, confidentiality, and non-repudiation. This includes providing for restoration of information systems by incorporating protection, detection, and reaction capabilities.
Pillars of InformationAssurance (IA)
C – ConfidentialityI – IntegrityA – AvailabilityN – Non-repudiationA – AuthenticationFundamental properties of informationthat must be maintained!
This is CIANA. She will help you remember the pillars of IA.Slide7
Risk managementAssess the risk(s) against an information system’sConfidentialityIntegrityAvailabilityNon-repudiationAuthenticationMitigate risk to maintain the above attributesRisks can includeMalicious threatsHuman errorAccidentsNatural disasters
Assurance that information is not disclosed to unauthorizedIndividualsProcessesDevices
Nice! I can use this info.Slide9
Information is not subject to unauthorized modification or destructionMust ensure information isCorrectCompleteConsistent
I’ll go ahead change that target coordinate for
Authorized users have timely, reliable access to the information
Let me redirect you! I do not want B to have this info.
Assurance thatRecipient of information is provided proof of the sender’s identitySender is provided proof the information was deliveredNeither can deny having processed the information
That packet was from A, had his credentials right?Slide12
Measures to ensure/verifyValidity of a transmission or messageThe identity of the originator or recipient of informationIncludes an individual’s authorization to originate or receive information
Don’t worry A,
That packet made it there safe and sound.Slide13
Categorizing an Attack
Attackers often target one (or more) IA pillarsUnderstanding an attack requires understanding which pillar(s) is violatedScenariosXSS injection to always redirect a pageAvailabilityTrick user into posting “My SI110 instructor is a doofus” on the message board by clicking a bad URLNon-repudiationUsing Wireshark to view HTTP traffic transiting a networkConfidentialityUsing XSS to steal a user’s login credentialsAuthenticationError in program causes all values of “5” to be changed to “6”Integrity
Security vs. Usability
Fundamental tension between security and usabilityComputer is a fireproof/waterproof safe is very secureNot very usableThe more services available → more opportunities for an attackerRisk management approachMust weigh the value of a service against the security implications of allowing it
Risk = Likelihood x ImpactRisk requiresVulnerabilityThreatCapability
Vulnerability vs. Threat
VulnerabilityWeakness or defect in a system that could be exploitedThreatAn actor who wants to exploit a vulnerability in a systemActor has the ability (is capable) to exploit a vulnerability