Ch03 - Security Basics - Security Basics Chapter 3:...

Info iconThis preview shows pages 1–10. Sign up to view the full content.

View Full Document Right Arrow Icon
Security Basics Security+ Guide to Network Security Fundamentals Second Edition Chapter 3 :
Background image of page 1

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
2 Objectives Identify who is responsible for information security Describe security principles Use effective authentication methods Control access to computer systems Audit information security schemes
Background image of page 2
3 Identifying Who Is Responsible for Information Security When an organization secures its information, it completes a few basic tasks: It must analyze its assets and the threats these assets face from threat agents It identifies its vulnerabilities and how they might be exploited It regularly assesses and reviews the security policy to ensure it is adequately protecting its information Bottom-up approach: major tasks of securing information are accomplished from the lower levels of the organization upwards This approach has one key advantage: the bottom-level employees have the technical expertise to understand how
Background image of page 3

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
4 Identifying Who Is Responsible for Information Security (continued)
Background image of page 4
5 Identifying Who Is Responsible for Information Security (continued) Top-down approach starts at the highest levels of the organization and works its way down A security plan initiated by top-level managers has the backing to make the plan work Chief information security officer (CISO): helps develop the security plan and ensures it is carried out Human firewall: describes the security-enforcing role of each employee
Background image of page 5

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
6 Understanding Security Principles Ways information can be attacked: Crackers can launch distributed denial-of-service (DDoS) attacks through the Internet Spies can use social engineering Employees can guess other user’s passwords Hackers can create back doors Protecting against the wide range of attacks calls for a wide range of defense mechanisms
Background image of page 6
7 Layering Layered security approach has the advantage of creating a barrier of multiple defenses that can be coordinated to thwart a variety of attacks Information security likewise must be created in layers All the security layers must be properly coordinated to be effective
Background image of page 7

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
8 Layering (continued)
Background image of page 8
9 Limiting Limiting access to information reduces the threat against it Only those who must use data should have access to it Access must be limited for a subject (a person or a
Background image of page 9

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
Image of page 10
This is the end of the preview. Sign up to access the rest of the document.

Page1 / 34

Ch03 - Security Basics - Security Basics Chapter 3:...

This preview shows document pages 1 - 10. Sign up to view the full document.

View Full Document Right Arrow Icon
Ask a homework question - tutors are online