Transcript AIC
IT Vocab • • • IT = information technology Server – Public – open access – Private – limited access Client or host – Thin - diskless – Workstation – fully functioning computer system
IT Vocab • A computing system : a configuration of one or more computers along with the software and data.
IT Vocab • • Subject – a person or process Object – assets like data, applications, documentation, hardware.
Tenets of IT Security CS5493
A I C • • • Availability – assets are available in a timeframe where it matters.
Integrity – assets remain in their legitimate expected state.
Confidentiality - assets are accessed only by authorized subjects.
What are assets?
• An asset is something of value: – Hardware – Software – Data – Employees – Equipment – Reputation – Infrastructure
AIC and Threat Categories • • • Denial or destruction threats Alteration threats Improper disclosure threats
The Domains of IT Infrastructure 1. User domain 2. Workstation domain 3. LAN domain 4. LAN-to-WAN domain 5. WAN domain 6. Remote Access domain 7. Server (System)/Application domain
Domain Breakdown • The IT infrastructure is broken into different domains so security policy can be organized effectively.
IT Domain Security Policy • • • A comprehensive security plan can be devised by considering each separate domain.
Identify the threats and vulnerabilities Devise a strategy for eliminating the vulnerabilities.
Vulnerabilities • • • • • • Examples: User – lack of awareness or concern for security policy.
Workstation domain – unauthorized access LAN – spreading of malicious software WAN – malicious attacks by anonymous sources Remote access – Data leakage due to loss or theft of electronic devise Server/App – Data loss due to software and hardware failures.
Domain Threat Targets 1. User – misuse of resources, social engineering 2. Workstation – OS, applications 3. LAN – hubs, cables, supporting software, etc.
4. WAN – routers, firewalls, supporting software, etc. 5. Remote Access – VPN 6. Server Application – e-mail, file services, database, etc.