IT Security CS5493(74293). IT Security Q: Why do you need security? A: To protect assets.
-
Upload
frank-owen -
Category
Documents
-
view
215 -
download
0
description
Transcript of IT Security CS5493(74293). IT Security Q: Why do you need security? A: To protect assets.
IT Security
CS5493(74293)
IT Security
Q: Why do you need security?A: To protect assets.
What are assets?
• Any item that has value:– People– Intellectual property– Physical property– Data– Services– Reputation
• Assets are the things you want to protect
The SA and Assets
• People– Employees– Shareholders– Customers– Contractors
The SA and Assets
• Physical- The information computing system (hardware,
software)
The SA and Assets
• Intellectual property– Patents– Proprietary source code.– Formulas– plans
The SA and Assets
• Data– Financial data– Customer database– Inventory– Scientific data
The SA and Assets
• Services– Availability of services– Productivity of employees
SA and Services
• Reputation– Brand image
Attacks, Threats, &Vulnerabilities
• Assets are subject to– Threats– Vulnerabilities– Attacks
SA: Threats
• A threat is a potential action that could compromise an asset.
SA: Vulnerabilities
• A vulnerability is a weakness in a system that makes it possible for a threat to cause harm.
SA: Attacks
• An attack is an action that compromises an asset.
Risks
• All risk cannot be eliminated.• Risk is managed analytically through risk
analysis.
Risk Analysis
• Quantifying (in monetary terms) the impact of attacks, threats, and vulnerabilities upon assets.
Security Summary
• Protect your assets• Understand the threats• Eliminate the vulnerabilities• Reach an acceptable level of risk