Week_1 - Click to edit Master subtitle style ECA256...

Info iconThis preview shows pages 1–10. Sign up to view the full content.

View Full Document Right Arrow Icon

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
This is the end of the preview. Sign up to access the rest of the document.

Unformatted text preview: Click to edit Master subtitle style ECA256 Contingency Planning within Information Security ECA256 Gabriela Rosu ECA256 Objectives n Define and explain information security n Define and explain the basic concepts of risk management n Identify and define the components of contingency planning n Know and understand the role of information security policy in the ECA256 22 ECA256 Introduction n The 9/11 disaster required many companies to put their disaster recovery plans into action n Information Week report (2004): n 25% of organizations surveyed had to invoke their disaster recovery or business continuity plans in 2003 n 70% reported the disaster as severe or extremely severe n Almost 80% of businesses affected by a major incident either never reopen or close within 18 months ECA256 33 ECA256 Introduction ( continued ) n Companies must create, implement, and test effective plans to deal with incidents and disasters n Information security: an umbrella term for many programs and activities that assure availability of information in organizations ECA256 44 ECA256 Information Security n Information security : n Defined by Committee on National Security Systems (CNSS) as the protection of information and its critical elements, including systems and hardware n Based on the C.I.A. triangle concept n C.I.A. triangle concept: based on three critical characteristics of information that give it value: n Confidentiality n Integrity n Availability ECA256 55 ECA256 Information Security ( continued ) ECA256 66 ECA256 ECA256 77 Information Security (continued) Confidentiality : When disclosure or exposure to unauthorized individuals or systems is prevented Ensures that only those with rights and privileges to access the information are able to do so Breaches of confidentiality may threaten the integrity of the information Integrity : Prevention of corruption, damage, destruction, or other disruption of information ECA256 Information Security (continued) n Availability : n Enables authorized users or systems to access information without interference or obstruction, in the required format n Information Security ( InfoSec ): n The protection of the confidentiality, integrity, and availability of information in storage, during processing, or in transmission ECA256 88 ECA256 ECA256 99 Key Information Security Concepts Threat : a category of objects, persons, or other entities that pose a potential risk of loss to an asset Asset : an organizational resource that is being protected Logical asset: Web site, information, or data Physical asset: person, computer system, other tangible object Attack : an intentional or unintentional attempt to cause damage or otherwise compromise information ECA256...
View Full Document

This note was uploaded on 09/04/2010 for the course CRIME 5787532790 taught by Professor Goe during the Spring '10 term at Stark State.

Page1 / 71

Week_1 - Click to edit Master subtitle style ECA256...

This preview shows document pages 1 - 10. Sign up to view the full document.

View Full Document Right Arrow Icon
Ask a homework question - tutors are online