Information assurance PowerPoint Presentation, PPT - DocSlides

Information assurance PowerPoint Presentation, PPT - DocSlides

2016-10-20 116K 116 0 0

Description

usna. . si110. LT Brian Kiehl. MIch. 373 | 410.293.0938. kiehl@usna.edu. What are we protecting?. Network?. If so, disconnect it from the Internet. Computers?. …then, turn it off and store in a waterproof/ fireproof safe. ID: 478515

Direct Link: Embed code:

Download this presentation

DownloadNote - The PPT/PDF document "Information assurance" is the property of its rightful owner. Permission is granted to download and print the materials on this web site for personal, non-commercial use only, and to display it on your personal computer provided you do not modify the materials and that you retain all copyright notices contained in the materials. By downloading content from our website, you accept the terms of this agreement.

Presentations text content in Information assurance

Slide1

Information assuranceusna si110

LT Brian Kiehl

MIch

373 | 410.293.0938

kiehl@usna.edu

Slide2

What are we protecting?

Network?If so, disconnect it from the InternetComputers?…then, turn it off and store in a waterproof/ fireproof safeData?Disconnect the hard drive and store in a waterproof/fireproof safe Then what?

Information Assurance

Slide3

Data vs. Information

Data: raw facts with no contextOften stored in a databaseJust numbers and text stored on diskExample:Is 70301?The date 7/03/01$70,301The zip code for Thibodaux, LAData is only useful when put into contextData with context is information

Information Assurance

Slide4

Information Systems

Systems that store, process, and transmit dataData can beSummarizedOrganizedAnalyzedProcessing of data adds contextThe resulting information has value to the organizationThe goal: protect the informationProtect key attributes of the information

Information Assurance

Slide5

Information Assurance

Information Assurance is defined as the set of measures intended to protect and defend information and information systems by ensuring their availability, integrity, authentication, confidentiality, and non-repudiation. This includes providing for restoration of information systems by incorporating protection, detection, and reaction capabilities. 

Information Assurance

Slide6

Pillars of InformationAssurance (IA)

C – ConfidentialityI – IntegrityA – AvailabilityN – Non-repudiationA – AuthenticationFundamental properties of informationthat must be maintained!

Information Assurance

This is CIANA. She will help you remember the pillars of IA.

Slide7

Information Assurance

Risk managementAssess the risk(s) against an information system’sConfidentialityIntegrityAvailabilityNon-repudiationAuthenticationMitigate risk to maintain the above attributesRisks can includeMalicious threatsHuman errorAccidentsNatural disasters

Information Assurance

Slide8

Confidentiality

Assurance that information is not disclosed to unauthorizedIndividualsProcessesDevices

Information Assurance

A

B

Nice! I can use this info.

Slide9

Integrity

Information is not subject to unauthorized modification or destructionMust ensure information isCorrectCompleteConsistent

Information Assurance

A

B

I’ll go ahead change that target coordinate for

ya

!

Slide10

Availability

Authorized users have timely, reliable access to the information

Information Assurance

A

B

Let me redirect you! I do not want B to have this info.

?

Slide11

Non-repudiation

Assurance thatRecipient of information is provided proof of the sender’s identitySender is provided proof the information was deliveredNeither can deny having processed the information

Information Assurance

A

B

That packet was from A, had his credentials right?

Slide12

Authentication

Measures to ensure/verifyValidity of a transmission or messageThe identity of the originator or recipient of informationIncludes an individual’s authorization to originate or receive information

Information Assurance

A

B

Don’t worry A,

That packet made it there safe and sound.

Slide13

Categorizing an Attack

Attackers often target one (or more) IA pillarsUnderstanding an attack requires understanding which pillar(s) is violatedScenariosXSS injection to always redirect a pageAvailabilityTrick user into posting “My SI110 instructor is a doofus” on the message board by clicking a bad URLNon-repudiationUsing Wireshark to view HTTP traffic transiting a networkConfidentialityUsing XSS to steal a user’s login credentialsAuthenticationError in program causes all values of “5” to be changed to “6”Integrity

Information Assurance

Slide14

Security vs. Usability

Fundamental tension between security and usabilityComputer is a fireproof/waterproof safe is very secureNot very usableThe more services available → more opportunities for an attackerRisk management approachMust weigh the value of a service against the security implications of allowing it

Information Assurance

Slide15

Risk

Risk = Likelihood x ImpactRisk requiresVulnerabilityThreatCapability

Information Assurance

Impact

Likelihood

Slide16

Vulnerability vs. Threat

VulnerabilityWeakness or defect in a system that could be exploitedThreatAn actor who wants to exploit a vulnerability in a systemActor has the ability (is capable) to exploit a vulnerability

Information Assurance

Slide17

Slide18


About DocSlides
DocSlides allows users to easily upload and share presentations, PDF documents, and images.Share your documents with the world , watch,share and upload any time you want. How can you benefit from using DocSlides? DocSlides consists documents from individuals and organizations on topics ranging from technology and business to travel, health, and education. Find and search for what interests you, and learn from people and more. You can also download DocSlides to read or reference later.