Free Information Security Powerpoint Template

Create your presentation by reusing a template from our community or transition your PowerPoint deck into a visually compelling Prezi presentation.

Information Security

Transcript: Presented By k Gopi Krishna Information security means protecting information and information systems from unauthorized access, use, disclosure, disruption, modification, perusal, inspection, recording or destruction. Risk management is the process of identifying vulnerabilities and threats to the information resources used by an organization in achieving business objectives, and deciding what countermeasures, if any, to take in reducing risk to an acceptable level, based on the value of the information resource to the organization." The terms reasonable and prudent person, due care and due diligence have been used in the fields of Finance, Securities, and Law for many years. •An enterprise-wide issue •Leaders are accountable •Viewed as a business requirement •Risk-based •Roles, responsibilities, and segregation of duties defined •Addressed and enforced in policy •Adequate resources committed •Staff aware and trained •A development life cycle requirement •Planned, managed, measurable, and measured •Reviewed and audited Information security is the ongoing process of exercising due care and due diligence to protect information, and information systems, from unauthorized access, use, disclosure, destruction, modification, or disruption or distribution. Conclusion A comprehensive treatment of the topic of risk management is beyond the scope of this article. Essentially, procedures or policies are implemented to tell people (administrators, users and operators)how to use products to ensure information security within the organizations. Computer security can focus on ensuring the availability and correct operation of a computer system without concern for the information stored or processed by the computer. Confidentiality Business Continuity Process In 2002, Donn Parker proposed an alternative model for the classic CIA triad that he called the six atomic elements of information. Introduction Availability Contents Abstract Basic Principles Risk Management Security governance Abstract Authenticity Information Security Attributes: or qualities, i.e., Confidentiality, Integrity and Availability (CIA). Conclusion Integrity Basic Principles Business continuity is the mechanism by which an organization continues to operate its critical business units, during planned or unplanned disruptions that affect normal business operations, by invoking planned and managed procedures. Business continuity Introduction Risk Management Process

Information Security

Transcript: The Research about The Information Security of Jetsum Tech -Da Gong -Chen Chen -Sami Alharti what is the goal? To research and analysis the information security of the Jetsum Tech. Information about Jetsum Tech Jetsum Tech is located in Wuhan city, Hubei province, China. It was established in March 2001. This company specializes in Internet professional services (ISP) and systems and systems integration services. Jetsum Tech is a professional information services provider, which combines research, development, integration, services and consulting together. The Result of Research The security Grade is: 78 Security Assessment And Recommendation Security Areas 1 SECURITY POLICY 2 ORGANIZING INFORMATION SECURITY 3 ASSET MANAGEMENT 4 HUMAN RESOURCES SECURITY 5 PHYSICAL AND ENVIRONMENTAL SECURITY 6 COMMUNICATIONS AND OPERATIONS MANAGEMENT 7 ACCESS CONTROL 8 INFORMATION SYSTEMS ACQUISITION, DEVELOPMENT AND MAINTENANCE 9 INFORMATION SECURITY INCIDENT MANAGEMENT 10 BUSINESS CONTINUITY MANAGEMENT 11 COMPLIANCE Contact with authorities:Appropriate contacts with relevant authorities should be maintained. They need about four weeks to do that. Inventory of assets All assets should be clearly identified and an inventory of all important assets drawn up and maintained.Jetsum Tech should identify all assets and document the importance of these assets. They maybe need three months to do this. Roles and responsibilities: Security roles and responsibilities of employees, contractors and third party users should be defined and documented in accordance with Jetsum Tech's information security policy. They need six months to do that. Jetsum Tech should use Security perimeters to protect areas that contain information and information processing facilities. They need eight months to do that. Responsibilities and procedures for the management and operation of all information processing facilities should be established. Planning and preparation are required to ensure the availability of adequate capacity and resources to deliver the required system performance. Executing mobile code in a logically isolated environment and activating technical measures as available on a specific system to ensure mobile code is managed. Try their best to prevent unauthorized access to information held in application systems. Application systems should: a) Control user access to information and application system functions, in accordance with a defined access control policy; b) Provide protection from unauthorized access by any utility, operating system software, and malicious software that is capable of overriding or bypassing system or application controls; c) Not compromise other systems with which information resources are shared. In correct processing in applications, they should to prevent errors, loss, unauthorized modification or misuse of information in applications. And in cryptographic controls and security in development and support processes, they need to protect the confidentiality, authenticity or integrity of information by cryptographic means and to maintain the security of application system software and information. Then, the company will ensure that security is an integral part of information systems. Produces to handle different type of information security incidents, eg: information system failures and loss of service, malicious code, denial of service analysis and identification of the cause of the incident, containment, planning and implementation of corrective action to prevent recurrence identify and consider the implementation of additional preventive and mitigating controls identify sufficient financial, organizational, technical, and environmental resources to address the identified information security requirements safeguard operational systems and audit tools during information systems audits safeguard the integrity and prevent misuse of audit tools ensure compliance with legislative, regulatory, and contractual requirements References Text of ISO/IEC FDIS 17799: 2005-02-11 ― Information techniques ― Security techniques ― Code of practice for information security management (2nd edition), (2005). Questions ? Thank you! COMMUNICATIONS AND OPERATIONS MANAGEMENT ACCESS CONTROL HUMAN RESOURCES SECURITY BUSINESS CONTINUITY MANAGEMENT INFORMATION SYSTEMS ACQUISITION, DEVELOPMENT AND MAINTENANCE COMPLIANCE INFORMATION SECURITY INCIDENT MANAGEMENT ORGANIZING INFORMATION SECURITY PHYSICAL AND ENVIRONMENTAL SECURITY SECURITY POLICY ASSET MANAGEMENT

Information Security

Transcript: Availability assures that the resources that need to be accessed are accessible to authorized parties in the ways they are needed. Availability is a natural result of the other two concepts. The concept of Confidentiality in information security pertains to the protection of information and prevention of unauthorized access or disclosure. Threats to confidentiality  Integrity deals with prevention of unauthorized modification of intentional or accidental modification. Integrity Which is the quality of being honest and having strong moral principles; moral uprightness. Information Security Which means protecting information and information systems from unauthorized access, use, disruption, modification or destruction Basically Trying to keep something a secret. Confidentiality Information Security Security is a compromise between opening the systems up to the world and locking them down so no one can use them.  Authentication and Availability Authentication is the process by which the information system assures that you are who you say you are; how you prove your identity is authentic.

Information Security

Transcript: Data Information Security Stating the bleedin’ obvious Information is a valuable resource therefore we must protect it from Loss, Corruption, Unauthorised Access or Modification Why is this important? £60,000 £100,000 How is information kept? Paper PC Server Laptop USBs/memory sticks External hard drives CD Rom The Cloud How is information transferred? Face to face Phone Fax Post Through websites Emails Controls Staff training Staff training Over access to rooms Over access to PCs/servers Laptops/USBs/CDs IT system 3 stages Incoming information Storage of information/utilisation at the College Outgoing information Sending information out – post, website, email Taking information offsite/home Disposal – paper/IT IT controls Firewall Anti virus Blocking access to certain websites Filtering emails Not allow staff/students to load software Back ups – not C drive IT user guide Spring 2008

Free information

Transcript: On social media One more question: Uno Langmann Collection Digital archives Our other goal: to not confuse you. Jefferson vs. Brandeis Our goal: to connect Christen to one of RBSC's digital archives (photographs from the Uno Langmann family collection) Now you talk! We don't see the First Nations people as they would portray themselves, but instead through the filter of the white settler photographer Photos used for Western interest and knowledge-gathering Archival silence - they can be seen, but their voices are not heard Our account is always through the colonizer, not first-hand Public? Private? Christen asks if open access and the research commons can exist “side-by-side with those alternative systems of knowledge production that rely instead on social relations maintained and forged through negotiated interdependencies”? (2880) ...in other words, can we use digital archives in combination with other forms that rely on a relationship between the archived and the archive user? (And what about when that relationship is contentious? "Openness is valued in Western societies." (2877) “assumption that information freedom will be a social and political benefit in all cases” (2878) "Unrestricted sharing" Her main focus: digitally 'archived' information, how it's collected, and how it relates to the "information wants to be free" meme (in particular, indigenous communities) Issue of accessibility Is this information "free" so it can be exploited for Western benefit? Openness and colonization (not neutral space) Taking things out of context “We can create both movements and tools that allow for an expansive notion of openness and access, but do so without sacrificing diversity or appealing to universal goals and generalized needs’ (2889) Some Christen quotes: “The universal goal of “unrestricted sharing” defines a terrain where any type of access control or differing notions of sharing are incompatible and must be overcome.” (2878) Justice Louis Brandeis: "the noblest of human productions – knowledge, truths ascertained, conceptions, and ideas – become, after voluntary communication to others, free as the air to common use" (2876) “We are stuck thinking about open or closed, free or proprietary, public or private, and so on, even though in such common online experiences as using social media platforms Facebook and Twitter, or when reading through legal parameters for the use and reuse of digital information, these binaries rarely exist.” (2874) First Nations photographs Notion that "information wants to be free" Digital rights management, intellectual property rights Knowledge as a public resource (accessibility) and information spread Christen on "free information"; digital archives Introduction to Christen Do you agree or disagree? "Free" information - Kimberly Christen and First Nations photographs "Openness" and freedom Do you think there is a 'public or private' binary now that we sign our lives away to social media 'terms and conditions'? In particular, how do you foresee this changing as social media becomes the norm? Do you agree with Vaidhyanathan's claim that we are "blind to the ways in which Google exerts control over its domain?" (2878) Finally, what about apps like Snapchat and the accusation that all photos are saved somewhere in its database? Is anything private anymore? Edward Curtis connection Thomas Jefferson: "ideas should freely spread from one to another over the globe" (2876)

Information Security

Transcript: Thesis - Integrity - Applets/Active-X Controls Conclusion - Performance of Partial Encryption Comparatively weak in security Kind of Partial Encryption 2) entire encryption - http://msdn.microsoft.com/ko-kr/netframework/default.aspx - http://cafe.naver.com/i2sec.cafe?iframe_url=/ArticleRead.nhn%3Farticleid=198 - http://cafe.naver.com/jjang12pro.cafe?iframe_url=/ArticleRead.nhn%3Farticleid=190 - http://www.cert.org/secure-coding/ 3. Conclusion - Application program using transmitted data 2006270067 - Confidentiality - Managing tools Background - Kind of Partial Encryption 2) Encryption of based on Quadtree 2006270043 Performance of Partial Encryption Information Security 3) partial encryption 2. Main Subject Advatage of partial encryption - Server (deamon / service) - Partial encryption Secure Coding in image processing - Secure coding in image processing - Definition of security - Entire encryption - Solving electricity consumption problem Definition of Security - Background - Situation asked security - Saving time in encryption, decryption - Web application - Kyung-In Ryu, A Study on Secure Partial Encryption for Mobile Contents - Myung-Mook Han, An efficient image ecryption algorithm - Si-Chan Park, Partial image encryption system design for secure of images - Young-Ho Seo, Selectively partial encryption of images in wavelet domain - Image compression and encryption Joo Young-min Situation asked security 1) original Lee Hwa-yeon - More methodology is needed - Importance of information security Secure Coding Image encryption - Availability 1) Block encryption Contents 1. Introduction Reference Secure coding - Extension of Internet

Information Security

Transcript: Users shall not have the expectation that their email or other electronic communications are private. CHS may capture user activity such as web sites visited. CHS reserves the right, at any time and without prior notice, to examine email, files, and other information stored on CHS information systems. Content of electronic communications should be accurate, sent to recipients with the minimum necessary information based on a need-to-know and sent or posted with appropriate security measures Every user has a responsibility to protect CHS’ public image. Users must avoid communicating anything that might appear inappropriate or misconstrued as inappropriate Do not download any non-standard/non-approved applications to CHS devices. Do not open unknown email attachments. Do not use instant messaging features Shall not copy, release, transmit, sell, loan, alter, purge or destroy any confidential information except as properly authorized Communications Content Ensuring that PHI is exchanged only with properly authorized entities, and that electronic transmissions containing PHI are properly encrypted and secured Security Policies Information Security Promptly reporting any privacy or security concerns to your Facility Security Officer Users are prohibited from installing, distributing, copying or modifying any software programs Confidential Information Single Sign On Never share or disclose user IDs or passwords, nor ask others to do so. Personal Conduct Users are prohibited from installing software from outside sources on their CHS workstations. Such software is not licensed for use by CHS, or may interfere with the operation of other company resources Must be a least 5 characters but no more than 8 long. Passwords Work Station Security Users are responsible for protecting information on their computers, and must use precautions to physically protect equipment and information Dispose of confidential information utilizing company-provided secure receptacles The following behaviors are strictly prohibited: Accessing obscene, sexually explicit, or pornographic material from company resources. Sending harassing, libelous, and disruptive, threatening, racially harassing, or sexually harassing messages, or using any language that could be construed to make the work environment a hostile workplace. Tying up computer resources by downloading music, movies, software or other applications, or using excessive amounts of storage or sending large file attachments. This could cause congestion, delay, or disruption of service to company systems, and degrades the performance of the entire network. Using company systems to advertise, provide services, or sell commercial products. Use of any company information technology resources for personal gain or profit is prohibited. Using company resources in a manner that interferes with performance of employment responsibilities; for example, tying up printers doing non-company related work. Sending messages with religious, racial, political, or sexual overtones; expressing bigotry, hatred, harassment, abuse, or threats of harm to anyone. Creating, copying, or sending frivolous or excessive messages, including chain letters, junk mail, advertising material, or spam. Must be reset every 90 days. Users are responsible for protecting information on their computers, and must use precautions to physically protect equipment and information Must begin with a letter. Case sensitive. Password history. Passwords may not be reused. Complying with use and disclosure processes as if electronic information were paper Removable Media Personal Responsibilities for Security Users should not move or relocate company-provided computing equipment. All computing equipment moves are to be scheduled through the IS Department Stay away from special characters. Do not leave programs running or data visible when computer is unattended. Lock system (press Window key + L) when leaving the computer for any length of time. Use screen savers with activated passwords, and position screens away from public view Laptops shall not be left unattended and unsecured (for example, left on the desk when not in use or overnight in the workplace); they must be locked up. Laptops must not be left in a car, exposed to weather, magnetic fields or radiation. Individually identifiable PHI (protected health information) should not be stored on mobile electronics All personnel must ensure that confidential information is being appropriately protected, in accordance with existing HIPAA federal laws and company policies and associated information security policies and standards. Adhering to all Security policies, standards, procedures, and CHS Code of Conduct No Expectation of Privacy INFORMATION SYSTEMS Non-compliance Important data should not be stored on the local hard drive (the C: drive). Local hard drives are not backed up, and in the case of a hardware failure or theft, the data would be lost. All important data should be stored

(Security)Information

Transcript: Thank You D R M Lim sang joon 3. DRM Finger Print (2) 2. Developing a enough secure watermark to endure for the conversion of a variety of compression. Security Threats (2) Security Threats 3. Non-compliant watermarking algorithm. Ryu seung hun 1. It is difficult to cath the file exchange between individuals daily on the Internet Finger Print (1) About DRM Copyright Security Issues 2. Finger Print Algorithm Team Members 2. It is difficult to insert a finger print at P2P List of survey contents Finger Print 3. It is possible to use contents infinitely without DRM 2. DRM will be compliant. Information Security About Finger Print (3) Close Cooperation Improvement (4) (1) Team Name : Vitality 1. Increasing server load Watermark Conclusion 1. All responsibility in the Browser Lack of awareness (3) (1) (4) Algorithm 2. When converting compressed music files and image files, to change the new compression (Ex. MP3 -> WMA, JPG -> JYP), Watermark may be damaged. D R M Algorithm 2. The cracker can decrypt a key. Improvement 1. Only use the compression methods that play or view contents to avoid modification 1. Enhance security and stability of the browser About Watermark 1. Watermark Watermark Improvement D R M D R M Watermark Purpose of the survey (4) 3. Developing devices compliant official watermark algorithm. 2. Uploading fake files 1. Building more server Finger Print (2) Watermark 3. Fingerprint technology can only prevent the first outflow. (3) Security Threats