Partial preview of the text
Download Information system and security and more Study notes Computer science in PDF only on Docsity!
Key Information Security Concepts What is Information System lvformation o e@ @ What is Information System ‘ ‘ 1 w os h s x Business Organization J é - Workers Suppliers Or Shahzada Khurram Components of Information System There are 6 components of Information System 1) Hardware : - Desktops - Laptops -Mobile 2) Software : - Operating systems - Application programs 3) Data : - (Information)Facts and figure entered into computers 6, Procedures : - How the other components are used 5) People: - users - Technologists - IS support. Networks: LAN - WAN - internet Each component of the Information System also has its own security requirements. ® Shahzada Khurram Key Concepts O Subject vs Object O Asset O Risk O Control, Safeguard, or Countermeasure O Vulnerability O Threat b O Threat Agent O Attack O Exploit © Exposure O Loss O Protection profile or Security posture Dr Shohzocia Ehuram 2 Subject vs Object © Subjects: Active entity that require to access to an Object, A computer can be both the subject and object of an attack, for example, it is compromised by an attack (object), and is then used to attack other systems (subject). Or Shahzada Khurram © The probability that something unwanted will happen. Organizations must minimize risk to match their risk appetite—the quantity and nature of risk the organization is willing to accept. Thunderstorm . o- Rs Office without Security Guards Flood Dr Shaheda Khurram 5 Control, Safeguard, or Countermeasure © Security mechanisms, policies, or procedures that can successfully counter attacks, reduce risk, resolve vulnerabilities, and otherwise improve the security within an organization, ii i | Or Shatvodoa Khurram Threat and Threat Agent © Acategory of objects, persons, or other entities that presents a danger to an asset. Threats are always present and can be purposeful or undirected. © Threat agent: The specific instance or a component of a threat. Tt Computer without updated patches Or Shahveda Khurram 8 © Anintentional or unintentional act that can cause damage to or otherwise compromise information and/or the systems that support it. Attacks can be active or passive, intentional or unintentional, and direct or indirect. Passive Attack | | Message(plain text) | text) — > | Attacker - Tom Or Shatveda Khurram 9 © Asingle instance of an information asset suffering damage or unintended or unauthorized modification or disclosure. When an organization’s information is stolen, it has suffered a loss. Protection profile or security posture © The entire set of controls and safeguards, including policy, education, training and awareness, and technology, that the organization implements (or fails to implement) to protect the asset. *2 , Ve Oy Shahwede Khurram I