100%(13)13 out of 13 people found this document helpful
This preview shows page 1 - 4 out of 12 pages.
Running Head: Final Project- Briefing1Final Project- Briefing Tracy Lindsey15 July 2018CCJS 390 Cyber Crime and Security
Final Project- Briefing2Final Project- BriefingThe continuous rate of evolution that information technology and information systems increases the importance of remaining alert and taking all necessary steps to safeguard all digital information. The increasing amount of cyber security data breacheshas caused a heightened responsibility of the CSO to implement cyber security countermeasures. It is the responsibility of all personnel within the organization to ensure the proper handling and safeguarding of information systems. The purpose of this presentation is to provide the new CSO with an informative brief over cyber securityand concepts of information systems. Additionally, this presentation will provide information on best practices assisting with the safeguarding of company data and networks. What is cyber security? Cybersecurity is the implementation of countermeasures to protect systems, networks, and programs from digital attacks. Cyber security applies to multiple interconnected communication devices on a network physically, in addition toconcepts of cyber defense. The five concepts of cyber security is authentication, confidentiality, information integrity, availability, and non-repudiation. Authentication is in place to ensure that personnel have proper credentials within the database of authorized users or the authentication server. Each individual’s credentials must only beused by the designated user in order for them to gain access to the network. Some examples of network authentication are passwords, biometrics, electronic tokens, and two factor authentication. Confidentiality is the privacy of information. Confidentiality is used to ensure personally identifiable information (PII) is kept safeguarded at all times. Policies should be implemented specifying that only authorized users with the need to
Final Project- Briefing3know should be allowed access to the sensitive information. Some methods of confidentiality is symmetric and asymmetric encryption. Symmetric encryption consists of same key for encryption/decryption: RC4, DES, Blowfish, Twofish. Asymmetric encryption consists of different keys for encryption/description: PGP, PKI, GnuPG. (Soatome, 2015). Information integrity covers the accuracy and consistency of the network data. This ensures that countermeasures are taken in order to mitigate the chances of data changes. Methods of information integrity consists of the hash algorithm and digital signature. Availability ensures that the data is available for the intended user. This entails the proper handling and maintenance of hardware, software including computer system updates. The importance of data recovery plans will make it a necessity for systems to be down for small periods of time, little to no data loss, or anyservice interruptions after an event. Methods of availability are denial of service attacks and guard against DOS and sabotage. Denial of service attacks are via internet, errant