Information-Systems-Security-Controls Lesson 17

The document outlines various types of security controls, including technical, physical, and administrative measures to protect systems and data. It details specific controls such as firewalls, antivirus software, and access control systems, emphasizing the importance of confidentiality, integrity, and accountability. Additionally, it discusses encryption methods and the purpose of implementing security measures to safeguard sensitive information.

Uploaded by

roxieangel51

Available Formats

Download as PPTX, PDF, TXT or read online on Scribd

0% found this document useful (0 votes)

2 views

Information-Systems-Security-Controls Lesson 17

Uploaded by

roxieangel51

Available Formats

Download as PPTX, PDF, TXT or read online on Scribd

You are on page 1/ 12

Information

Systems Security
Controls
Types of Security Controls
Technical Physical Administrative
Controls Controls Controls
Use technology to protect Protect physical infrastructure. Policies and procedures
systems. Examples: firewalls, Examples: security guards, governing security practices.
antivirus software, intrusion locks, CCTV surveillance. Examples: security policies,
detection systems. training programs.
Technical Controls in Detail
1 Firewalls
Prevent unauthorized access to or from private networks.

2 Antivirus Software
Detects and removes malicious software from systems.

3 Intrusion Detection Systems

Monitor networks for malicious activity or policy
violations.
Physical Controls Explained

Security Guards Locks and Fences CCTV Surveillance

Prevent unauthorized Restrict access to buildings Monitor sensitive areas to
individuals from entering or server rooms. detect unauthorized physical
sensitive areas. access.
Administrative Controls
Overview
1 Security Policies
Define roles and responsibilities related to security.

2 Training Programs
Ensure staff can identify and respond to security
threats.

3 Incident Response Plans

Outline how to respond to security breaches or
attacks.

4 Audit and Monitoring

Regular reviews to ensure compliance with security
policies.
Access Control Systems
Discretionary Access Control (DAC)
Data owners decide who gets access.
Flexible but potentially risky.

Mandatory Access Control (MAC)

System enforces strict policies with predefined
access levels.
Access Control Systems
Role-Based Access Control (RBAC)
Access determined by user's role in the
organization.

Multi-factor Authentication (MFA)

Requires multiple forms of identification for
access.
Purpose of Access Control Systems

Confidentiality Integrity Accountability

Ensure only authorized Prevent unauthorized Track who accessed
users access specific users from modifying data and what changes
data or resources. information. they made.
Encryption Basics
Definition Converting plain text
into unreadable
ciphertext using
cryptographic
algorithms
Symmetric Encryption Single key for
encryption and
decryption (e.g., AES)
Asymmetric Encryption Public key for
encryption, private
key for decryption
(e.g., RSA)
Purpose of Encryption
1 Confidentiality
Prevents unauthorized individuals from
reading sensitive information.

2 Integrity
Ensures data is not altered during
transmission.
3 Authentication
Verifies that data comes from a trusted
source.
4 Non-repudiation
Ensures sender cannot deny sending the
message.
Implementing Security Measures

Secure Protocols Data Storage Communication

Use SSL/TLS for securing Encrypt sensitive data Encrypt emails or any
online transactions and stored on devices, communication containing
communications. databases, and cloud confidential information.
services.
Questions
???

AZURE AZ 500 STUDY GUIDE-1: Microsoft Certified Associate Azure Security Engineer: Exam-AZ 500
From Everand
AZURE AZ 500 STUDY GUIDE-1: Microsoft Certified Associate Azure Security Engineer: Exam-AZ 500
Mamta Devi
No ratings yet
OSED Exam Report
No ratings yet
OSED Exam Report
6 pages
User Defined Validation On 'Document Payee Bank Account Number' in Payment Method Definition Causes Incorrect Payment Schedule Hold
No ratings yet
User Defined Validation On 'Document Payee Bank Account Number' in Payment Method Definition Causes Incorrect Payment Schedule Hold
2 pages
IP Security Architecture
No ratings yet
IP Security Architecture
11 pages
CNS - UNIT I
No ratings yet
CNS - UNIT I
30 pages
ITS 302 Group2 Report
No ratings yet
ITS 302 Group2 Report
23 pages
DIS 2marks
No ratings yet
DIS 2marks
9 pages
Unit 1
No ratings yet
Unit 1
83 pages
Network Security
No ratings yet
Network Security
10 pages
Cyber Security PDF
No ratings yet
Cyber Security PDF
193 pages
FALLSEM2022-23 CSI3002 ETH VL2022230103582 2022-08-01 Reference-Material-I
No ratings yet
FALLSEM2022-23 CSI3002 ETH VL2022230103582 2022-08-01 Reference-Material-I
48 pages
INS QB
No ratings yet
INS QB
115 pages
Cryptography and Network Security
No ratings yet
Cryptography and Network Security
98 pages
ISExp1
No ratings yet
ISExp1
4 pages
Cryptography and Security in DS-1
No ratings yet
Cryptography and Security in DS-1
20 pages
Osi Security Architecture TCS 619
No ratings yet
Osi Security Architecture TCS 619
26 pages
NETWORK_SECURITY-1
No ratings yet
NETWORK_SECURITY-1
26 pages
security
No ratings yet
security
24 pages
Network Security and Cryptography
No ratings yet
Network Security and Cryptography
153 pages
CNS_UNIT 1
No ratings yet
CNS_UNIT 1
34 pages
Five_Pillars
No ratings yet
Five_Pillars
4 pages
Info Assurance Reviewer
No ratings yet
Info Assurance Reviewer
71 pages
UNIT-1 ch01
No ratings yet
UNIT-1 ch01
28 pages
Introduction Architecture
No ratings yet
Introduction Architecture
36 pages
Itec 100 l1 l3 Sir Jed
No ratings yet
Itec 100 l1 l3 Sir Jed
19 pages
ch6p
No ratings yet
ch6p
12 pages
Cpe 532 L2 - 014207
No ratings yet
Cpe 532 L2 - 014207
28 pages
CNS Miscellaneous Questions & Answers
No ratings yet
CNS Miscellaneous Questions & Answers
10 pages
CNS Vsaqs
No ratings yet
CNS Vsaqs
25 pages
COMPUTER NETWORK UNIT 4 MODULE 1 2
No ratings yet
COMPUTER NETWORK UNIT 4 MODULE 1 2
35 pages
CYB_201 FINAL
No ratings yet
CYB_201 FINAL
79 pages
Introduction To Computer & Systems Security
No ratings yet
Introduction To Computer & Systems Security
33 pages
CNS Assignment 1
No ratings yet
CNS Assignment 1
12 pages
Unit - I: Threats and Attacks (RFC 2828)
0% (1)
Unit - I: Threats and Attacks (RFC 2828)
42 pages
Imp
No ratings yet
Imp
85 pages
Unit - I Classical Cryptosystem 9
No ratings yet
Unit - I Classical Cryptosystem 9
26 pages
u3-1
No ratings yet
u3-1
4 pages
Introduction To Cybersecurity
No ratings yet
Introduction To Cybersecurity
8 pages
Group 2 Its302
No ratings yet
Group 2 Its302
15 pages
UNIT-1: Computer Security
No ratings yet
UNIT-1: Computer Security
84 pages
10. Data Privacy User Access Management Securing Remote Access
No ratings yet
10. Data Privacy User Access Management Securing Remote Access
16 pages
secnet
No ratings yet
secnet
12 pages
The Rise of Cyber Threats
No ratings yet
The Rise of Cyber Threats
8 pages
IS_ans
No ratings yet
IS_ans
15 pages
Unit 1 Ic
No ratings yet
Unit 1 Ic
16 pages
Unit-1 ICS
No ratings yet
Unit-1 ICS
73 pages
Computer Security Presentation
No ratings yet
Computer Security Presentation
11 pages
Information Security Introduction: By: Mitul Patel
No ratings yet
Information Security Introduction: By: Mitul Patel
28 pages
Cns Sem Prep
No ratings yet
Cns Sem Prep
37 pages
Is Cie 2 Q&a
No ratings yet
Is Cie 2 Q&a
24 pages
CNS R16 - UNIT-1
No ratings yet
CNS R16 - UNIT-1
26 pages
Unit 1
No ratings yet
Unit 1
40 pages
UNIT I CNS
No ratings yet
UNIT I CNS
16 pages
Introduction to Cyber Security
No ratings yet
Introduction to Cyber Security
8 pages
Ins Final QB
No ratings yet
Ins Final QB
66 pages
Unit 4 CN: Network Security
No ratings yet
Unit 4 CN: Network Security
7 pages
CH 01
No ratings yet
CH 01
29 pages
CNS-UNIT-1
No ratings yet
CNS-UNIT-1
24 pages
INS QB ANSWERS
No ratings yet
INS QB ANSWERS
12 pages
download-20171010115333
No ratings yet
download-20171010115333
46 pages
Secure Operating System Design
No ratings yet
Secure Operating System Design
28 pages
Cns Short Aqns (1)
No ratings yet
Cns Short Aqns (1)
25 pages
SQL Injection
No ratings yet
SQL Injection
27 pages
The Delta Lake Series Lakehouse 012921
No ratings yet
The Delta Lake Series Lakehouse 012921
19 pages
Cyber Security Q and A
100% (1)
Cyber Security Q and A
14 pages
Syllabus For M. Sc. (CS) IV-Semester: The Bhopal School of Social Sciences, Bhopal
No ratings yet
Syllabus For M. Sc. (CS) IV-Semester: The Bhopal School of Social Sciences, Bhopal
32 pages
Online MCA Brochure (3) (1)
No ratings yet
Online MCA Brochure (3) (1)
10 pages
IP Portal Secure Login Help File Edit
No ratings yet
IP Portal Secure Login Help File Edit
20 pages
05 - Data As A Product - IBM Watsonx - Data and IBM Cloud Pak For Data
No ratings yet
05 - Data As A Product - IBM Watsonx - Data and IBM Cloud Pak For Data
31 pages
Final Learning Journal
No ratings yet
Final Learning Journal
31 pages
SE Exams Questions With Answers
No ratings yet
SE Exams Questions With Answers
2 pages
Tableau Sequel
No ratings yet
Tableau Sequel
5 pages
Amit Goyal
No ratings yet
Amit Goyal
3 pages
Techies Act 2 News Report Script
100% (1)
Techies Act 2 News Report Script
5 pages
Partner Welcome Kit: For New Members of Avaya Edge
No ratings yet
Partner Welcome Kit: For New Members of Avaya Edge
20 pages
Ec2 Instances
No ratings yet
Ec2 Instances
38 pages
Alaska Xbase++ To PostgreSQL (Part 4)
No ratings yet
Alaska Xbase++ To PostgreSQL (Part 4)
103 pages
WFP Ito Gsu
No ratings yet
WFP Ito Gsu
4 pages
Web User Interface Development
No ratings yet
Web User Interface Development
4 pages
Supply Chain Assignment 3
No ratings yet
Supply Chain Assignment 3
5 pages
SAP Ariba Sourcing Overview
No ratings yet
SAP Ariba Sourcing Overview
2 pages
Hawaid Khan Network Engineer CV
No ratings yet
Hawaid Khan Network Engineer CV
4 pages
Inter-VLAN Routing: © 2008 Cisco Systems, Inc. All Rights Reserved. Cisco Confidential Presentation - ID
No ratings yet
Inter-VLAN Routing: © 2008 Cisco Systems, Inc. All Rights Reserved. Cisco Confidential Presentation - ID
33 pages
ApexOne Deployment Requirement
No ratings yet
ApexOne Deployment Requirement
34 pages
Hotel Industry - Report Final Final
No ratings yet
Hotel Industry - Report Final Final
24 pages
INTRODUCTION TO MS OFFICE Azri
No ratings yet
INTRODUCTION TO MS OFFICE Azri
3 pages
Srikanth Krishnapatnam
No ratings yet
Srikanth Krishnapatnam
4 pages
SQL Command
No ratings yet
SQL Command
4 pages
Linux 2
No ratings yet
Linux 2
12 pages
Object Oriented Programming
No ratings yet
Object Oriented Programming
3 pages

Information-Systems-Security-Controls Lesson 17

Uploaded by

Information-Systems-Security-Controls Lesson 17

Uploaded by

Information

3 Intrusion Detection Systems

Security Guards Locks and Fences CCTV Surveillance

3 Incident Response Plans

4 Audit and Monitoring

Mandatory Access Control (MAC)

Multi-factor Authentication (MFA)

Confidentiality Integrity Accountability

Secure Protocols Data Storage Communication

You might also like