澳大利亚TAFE课程信息安全管理InfoSecCh.ppt

Management of Information Security Management of Information SecurityChapter 1: Introduction to the Management ofInformation Security If this is the information superhighway, it’s going through a lot of bad, bad neighborhoods. -- DORIAN BERGER, 1997 Introduction Information technology is critical to business and society Computer security is evolving into information security Information security is the responsibility of every member of an organization, but managers play a critical role Introduction Information security involves three distinct communities of interest: Information security managers and professionals Information technology managers and professionals Non-technical business managers and professionals Communities of Interest InfoSec community: protect information assets from threats IT community: support business objectives by supplying appropriate information technology Business community: articulates organizational policy and allocates resources What Is Security? “The quality or state of being secure—to be free from danger” Security is achieved using several strategies simultaneously Specialized Areas of Security Physical security Personal security Operations security Communications security Network security Each contributes to the information security program as a whole Information Security InfoSec is the protection of information and its critical elements, including the systems and hardware that use, store, and transmit that information InfoSec includes information security management, computer security, data security, and network security Policy is central to all information security efforts CIA Triangle The C.I.A. triangle is made up of: Confidentiality Integrity Availability Over time the list of characteristics has expanded, but these three remain central Figure 1-2 NSTISSC Security Model Key Concepts of Information SecurityConfidentiality Confidentiality Confidentiality of information ensures that only those with sufficient privile