Presentaton of Computer Security For Basic

The document outlines a structured approach to formulating an information security policy, emphasizing the importance of risk assessment, legal compliance, and continuous training. It highlights key goals of information security, including data confidentiality, integrity, and availability, while detailing technical measures such as audits, encryption, and access control. Additionally, it discusses case studies and the development of policies in educational institutions, underscoring the need for collaboration among all stakeholders in managing information security.

Uploaded by

cypunk sevenfold

We take content rights seriously. If you suspect this is your content, claim it here.

Available Formats

Download as PDF, TXT or read online on Scribd

0% found this document useful (0 votes)

27 views18 pages

Presentaton of Computer Security For Basic

Uploaded by

cypunk sevenfold

We take content rights seriously. If you suspect this is your content, claim it here.

Available Formats

Download as PDF, TXT or read online on Scribd

You are on page 1/ 18

How to Proceed to Formulate Policy

of Information Security

Advanced Computer Security (44165)

Week 4
TEAM D Members
232d8639 HAN, Si Thu - - - - - - - - - - - - - - - - - - 2-7
231d8715 KAWAGUCHI, Souta - - - - - - - - - - - - 8-9
233d8678 FIKRI, Achmad Akmal - - - - - - - - - - 13-15
234d 8638 OO, Patamyar - - - - - - - - - - - - - - - - 10-12
231d8651 RAHIM, Afwan - - - - - - - - - - - - - - - 15-17

1
How to proceed to formulate policy that addresses
information security
1. Start with an assessment. Often, organizations will want to begin with a
risk assessment
2. Consider applicable laws and guidelines
3. Include all appropriate elements. ...
4. Learn from others
5. Develop an implementation and communication plan
6. Conduct regular security training

2
Goal setting and how to proceed that information
security measures

All information security measures try to address at least one of three

goals:
• Protect the confidentiality of data
• Preserve the integrity of data
• Promote the availability of data for authorized use

3
Integrity Models
Integrity models keep data pure and trustworthy by protecting system data
from intentional or accidental changes. Integrity models have three goals:
• Prevent unauthorized users from making modifications to data or
programs
• Prevent authorized users from making improper or unauthorized
modifications
• Maintain internal and external consistency of data and programs

4
Baseline of information security:
It will continue to ensure a baseline of information security.
● Measures to script kiddies
● Establishment of a confidentiality(to prevent internal attacks from outside the
organization to first)
Reasonable measures to:

It then performs the necessary and sufficient measures.

● Maintaining Availability
● Level of confidentiality up(to prevent leakage to the outside from the
organization))

5
Technical measures for information security
Audit
Audit to monitor refers to the entire hierarchy the other five, and whether you are using as the rule information systems or user,
whether there is a misconfiguration in the server itself or PC security appliance information was introduced to record the audit trail
refers to the appliance or service. Various logs (aggregate of the log message firewall, file server, such as word processing and
spreadsheet program, analysis), the diagnosis of vulnerability in a system, and monitoring intrusion detection (IDS), e-mail, such
as verifying the consistency of the data file contains.

Encryption
It refers to using technology such as encryption VPN IPsec, the file, the appliance and its services as a measure against security
breaches.

Privilege Definition or Single Sign On

Authorization refers to the appliance and services to management and operation of system access privileges that are defined for
the (affiliation and identification) of individual attributes. For the user is authenticated, to provide services that are specific to each
user. Specifically, etc. (SSO) is equivalent to this single sign-on.

Authentication
When accessing the network and servers, etc., refers to the appliance and services to confirm the identity. According to the needs
of users, advances in technology in the current digital certificate, biometric authentication to one-time path, from one-time path
from a fixed password.

6
Access Control
When accessing the network and servers, etc., refers to the appliance and services to confirm the identity. According to
the needs of users, advances in technology in the current digital certificate, biometric authentication to one-time path,
from one-time path from a fixed password.

Data Protection / Integrity

It refers to the services required and their firewall appliance at the connection point of the Internet and the organization.
In recent years and is not possible access control of inter-VLAN (L3 switch not only connecting point organization and
the Internet, the introduction of a firewall is progressing in between each department and each department, to prevent
worms from denial of service attacks is difficult).

7
Actual implementation of technical
measures for information security

8
Management of information security
measures
Management of information security, you must not just a matter of administrative and
technical personnel of information security, including work by all users. For this reason, it is
necessary to clarify the operations of the business of the person who used in conjunction
with the technical administrator.
Technical administrator Business of the person
・Computer management ・Computer management
・ID and password managements ・Password management
・Consideration, introduction, and operation of ・Utilization of E-mail
security tools ・Utilization of the network
・Vulnerability research ・Anti virus
・Auditing tools
・Operational management Establishment
・Information gathering

9
Case Study in Development of Information Security Policy

The Ministry of Education, Culture, Sports, and Science had made a direct request for
information security measures due to concerns about cyberattacks on government
websites, including the former Science and Technology Agency's website where
attacks occurred from January 24, 2001, to 2002.
The request includes two documents:
1.Guidelines for Information Security Policy
2.Information Security Policy for the Ministry of Education, Culture, Sports, and
Science

10
Case Study in Development of Information Security Policy

Contents of the documents include

1. •Promotion of information security measures: This likely involves strategies and
actions aimed at improving information security within the ministry and affiliated
organizations.
2. •Information security awareness and use of information systems administrator:
This could be about raising awareness among staff and administrators
regarding information security best practices and guidelines for using
information systems securely.

11
•In early August 2001, the Director of the University Computer Center at Kumamoto University, Professor Nakamura,
instructed a more detailed investigation following a report on the lecture contents related to information security.
•On April 1, 2002, Kumamoto University abolished its Information Processing Center and established the Information
Technology Center.
•On October 4, 2002, Professor Takai from the University of Toyama distributed a document titled "(proposed) security
policy formulation and its implementation in the University" at a conference, which involved contacting Computer
Centers and academic and research exchanges.
•Information security officers at universities published the "concept of information security policy at the University" in
HTML/PDF format from the National Institute of Informatics (NII) on March 29, 2002.
•At the time, the information security policy aimed to comply with the ISO17799 standard based on the BS7799. While
the policy was designed to align with ISO17799, it needed to be customized to fit the unique security needs of university
information policy.
The concept of aligning information security policies with international standards like ISO17799 is important and has
evolved into a conformity assessment system known as "Information Security Management System (ISMS)" by the Japan
Information Processing Development Corporation (JIPDEC).

12
Goal of Information Security Policy
• In terms of information assets and their classification based on
severity (include budget)
• The prevention of unauthorized access to information assets
(encryption technology and access control measures are
implemented to protect against information disclosure)
• Prevent unauthorized individuals both within and outside the
organization from compromising the integrity and security of
information assets (to discourage both internal and external
individuals from compromising information asset)
• Gather information regarding the support for information security
(as new techniques and vulnerabilities continuously emerge)

13
Subject and Scope of Information and
Security Policy
Involve determining the targets and extent of protection
• Related Parties (Faculty, Students, Scholars, etc)
It is necessary to ensure that faculty, students, and invited scholars who participate in
conferences and lectures comply with the security policy. This helps prevent unauthorized
access, tampering, and disclosure of information.
• System Administrators (administrators of laboratories and PCs)
Those responsible for operating information assets must adhere to the information security
policy in its entirety
• External Equipment Connected to the Network
Consideration should be given to devices brought from outside the network, such as notebook
PCs, as they may introduce viruses or worms that can compromise information security.
• Information Systems
Given that information systems, such as web and email servers, operate continuously
throughout the year, they are highly vulnerable to information leakage, tampering, and Denial
of Service (DoS) attacks. Therefore, it is crucial to implement appropriate technologies and
practices to protect these systems

14
A Policy that Addresses Information
Security Measures
• Organisation and Structure
Outline the organizational structure necessary to address information security measures (CISO,
CERT, departments responsible for information security, system administrators, DMZ administrators)
• Classification and Management of Information
Describe the method of the disposition of assets of public and private information
• Physical and Personnel Security
Ensure safe operation of equipment and information networks (secure location, human security,
system administrators)
• Technical Security
Secure connections between the internal and external networks (Guidelines and Regulations).
Include rules for the installation, configuration, and design of network equipment, as well as the
permitted range of network services
• Evaluation and Review
Need to be consistently updated due to the rapid advancements in technology and security

15
Creating a Draft of the Information
Security Policy
University promotion committee information (Technical Committee of
the University Information Committee) was held on September 17, 2002,
has been discussed "in the Kumamoto University Information Security
Policy (draft)" about.The points will be as follows:
1. The goal:Prevent information security breaches.
2. Target and scope:Faculty, students and scholars come and
outsourcing organization, etc.
3. Prevention Guidelines:Classification and management of information.
4. Future Plans and Challenges:Create and procedures,The operation of
information security policy, etc.

16
Fixing and Approval of the Draft of the
Information Security Policy
Fix "Kumamoto University Information Security Policy" based on the
opinion from the Information Promotion Committee and the author
information Promotion Committee.
"Kumamoto University Information Security Policy" was approved by
describing the fundamental part so as to avoid the description of concrete
content.
→A detailed description of the content is decided by another
"implementation procedure".
→The full-scale approach at this point was not unique information security
measures of the university.

17
Thank you for your your attention!
Any Question!

Whiz Cheat Sheet AZ 500 v2
100% (1)
Whiz Cheat Sheet AZ 500 v2
103 pages
Go1 SuccessFactors Integration
100% (1)
Go1 SuccessFactors Integration
21 pages
Unit 5 Notes
No ratings yet
Unit 5 Notes
23 pages
Exchange Migration
No ratings yet
Exchange Migration
11 pages
A Novel Reconfigurable Intelligent Surface For Wide-Angle Passive Beamforming Researchgate
No ratings yet
A Novel Reconfigurable Intelligent Surface For Wide-Angle Passive Beamforming Researchgate
13 pages
INE Active Directory Penetration Testing Course File
No ratings yet
INE Active Directory Penetration Testing Course File
107 pages
Kim 2018
No ratings yet
Kim 2018
6 pages
Advanced Computer Security 20223
No ratings yet
Advanced Computer Security 20223
15 pages
INS Unit-1
No ratings yet
INS Unit-1
95 pages
OULMS User Guide - Ver 1.0
No ratings yet
OULMS User Guide - Ver 1.0
7 pages
Vulnerabilities and Countermeasures of The OS and Application Server
No ratings yet
Vulnerabilities and Countermeasures of The OS and Application Server
6 pages
Audio Streaming Using Li-Fi Communication
No ratings yet
Audio Streaming Using Li-Fi Communication
8 pages
Varsha - Patel Product Support
No ratings yet
Varsha - Patel Product Support
3 pages
Unit 1
No ratings yet
Unit 1
103 pages
Elements of Information Security Policy
No ratings yet
Elements of Information Security Policy
12 pages
What Will Our World Be Like in 10 Years Book 1 Emerging Trends
No ratings yet
What Will Our World Be Like in 10 Years Book 1 Emerging Trends
54 pages
Shaizan Alam Final
No ratings yet
Shaizan Alam Final
35 pages
Cisco Finesse Rest Api With SSO Guide Release 12.6
No ratings yet
Cisco Finesse Rest Api With SSO Guide Release 12.6
16 pages
Jawapan GCT
No ratings yet
Jawapan GCT
9 pages
SIM Module 1
No ratings yet
SIM Module 1
44 pages
Security in Applications EJE 2 PDF
No ratings yet
Security in Applications EJE 2 PDF
9 pages
Implementation of A Security Policy
No ratings yet
Implementation of A Security Policy
3 pages
Cs205 Information Security
No ratings yet
Cs205 Information Security
12 pages
Bravo IAS102 Module7
No ratings yet
Bravo IAS102 Module7
15 pages
IT Security Frameworks
No ratings yet
IT Security Frameworks
11 pages
Coding and Digital Metamaterials
No ratings yet
Coding and Digital Metamaterials
10 pages
B.Tech Project: 2FA Security System
No ratings yet
B.Tech Project: 2FA Security System
77 pages
Acronyms
No ratings yet
Acronyms
2 pages
Cyb208 Note Final 2
No ratings yet
Cyb208 Note Final 2
28 pages
CC 5
No ratings yet
CC 5
17 pages
Virus and Vurnabilty of The Computer
No ratings yet
Virus and Vurnabilty of The Computer
22 pages
Week 8 of Presentation of Computer Security
No ratings yet
Week 8 of Presentation of Computer Security
8 pages
Cisco Prime Infrastructure 3.9 Administrator Guide
No ratings yet
Cisco Prime Infrastructure 3.9 Administrator Guide
422 pages
Week 4 - Security Policies
No ratings yet
Week 4 - Security Policies
29 pages
The Official Guideto Wakelet
No ratings yet
The Official Guideto Wakelet
10 pages
Week 10-Information Security
100% (1)
Week 10-Information Security
62 pages
Chapter 2IS Handout
No ratings yet
Chapter 2IS Handout
13 pages
Lecture 3
No ratings yet
Lecture 3
28 pages
ARIS Functional Product Matrix
No ratings yet
ARIS Functional Product Matrix
23 pages
Blockchain Rewards Browser
No ratings yet
Blockchain Rewards Browser
28 pages
Lecture-1A Information Security
No ratings yet
Lecture-1A Information Security
39 pages
Ais 7 - C5
No ratings yet
Ais 7 - C5
7 pages
Sample
No ratings yet
Sample
88 pages
Int To Cyber Sec.
No ratings yet
Int To Cyber Sec.
23 pages
InfoSec Training for IT Professionals
No ratings yet
InfoSec Training for IT Professionals
44 pages
Power BI User Guide For Report Authors
100% (1)
Power BI User Guide For Report Authors
39 pages
Topic13 - Securing Is
No ratings yet
Topic13 - Securing Is
23 pages
Information Security Blueprint
No ratings yet
Information Security Blueprint
29 pages
1-Computer Security EENG-524 Lecture-01
No ratings yet
1-Computer Security EENG-524 Lecture-01
25 pages
Lec 1
No ratings yet
Lec 1
29 pages
13 Security Policies
No ratings yet
13 Security Policies
50 pages
Ais 7 - Reviewer - Midterm
No ratings yet
Ais 7 - Reviewer - Midterm
17 pages
Is 3
No ratings yet
Is 3
8 pages
Information Security
No ratings yet
Information Security
189 pages
Is Security Policy 15 Point Checkup
No ratings yet
Is Security Policy 15 Point Checkup
14 pages
Policies-Standards and Planning
No ratings yet
Policies-Standards and Planning
53 pages
Administration Guide For SAP S/4HANA For Financial Products Subledger 1812
100% (1)
Administration Guide For SAP S/4HANA For Financial Products Subledger 1812
56 pages
Intro to Info Security Basics
No ratings yet
Intro to Info Security Basics
26 pages
Zoho People Plus Features Overview
No ratings yet
Zoho People Plus Features Overview
29 pages
Lesson 1 Introduction To Information Security
No ratings yet
Lesson 1 Introduction To Information Security
42 pages
Information Security
100% (5)
Information Security
44 pages
CHAPTER 4. Information Security
No ratings yet
CHAPTER 4. Information Security
44 pages
Aveva Intouch Access Anywhere User Guide
No ratings yet
Aveva Intouch Access Anywhere User Guide
38 pages
CIS Apple OSX 10.8 Benchmark v1.3.0 PDF
No ratings yet
CIS Apple OSX 10.8 Benchmark v1.3.0 PDF
107 pages
Lecture 2
No ratings yet
Lecture 2
17 pages
Iam V11.6
No ratings yet
Iam V11.6
674 pages
Platform Services Controller Administration PDF
No ratings yet
Platform Services Controller Administration PDF
177 pages
Information Security Policy: Establishing Rules and Standards of Use Among Employees
No ratings yet
Information Security Policy: Establishing Rules and Standards of Use Among Employees
6 pages
Lecture 3
No ratings yet
Lecture 3
25 pages
INFORMATION SECURITY - Information Security Unit 1-5
No ratings yet
INFORMATION SECURITY - Information Security Unit 1-5
35 pages
Lecture 3
No ratings yet
Lecture 3
70 pages
Building A Secure Ecosystem For Laserfiche
No ratings yet
Building A Secure Ecosystem For Laserfiche
29 pages
Lecture 2 - IT Policy and Planning
No ratings yet
Lecture 2 - IT Policy and Planning
35 pages
Lo 3
No ratings yet
Lo 3
15 pages
InfoSec Planning & Governance Guide
No ratings yet
InfoSec Planning & Governance Guide
7 pages
F5 Operations Guide
100% (1)
F5 Operations Guide
222 pages
Azure Interview Questions
No ratings yet
Azure Interview Questions
19 pages
Microsoft 365 Security Essentials Guide
100% (1)
Microsoft 365 Security Essentials Guide
152 pages
RGHS Reimbursement Software Application User Guide For Beneficiaries
No ratings yet
RGHS Reimbursement Software Application User Guide For Beneficiaries
15 pages
Developing Secure Information System
No ratings yet
Developing Secure Information System
27 pages
Chapter 4
No ratings yet
Chapter 4
94 pages
3 Module 3 20 Aug 2020material I 20 Aug 2020 Module 3
No ratings yet
3 Module 3 20 Aug 2020material I 20 Aug 2020 Module 3
75 pages
15 - Information Security Policy
100% (1)
15 - Information Security Policy
10 pages
Threats To Information Security and What We Can Do About It
No ratings yet
Threats To Information Security and What We Can Do About It
34 pages
Organizational Security Guide
No ratings yet
Organizational Security Guide
11 pages
Basics of Information Security, Part 1
No ratings yet
Basics of Information Security, Part 1
13 pages
Chapter 2
No ratings yet
Chapter 2
17 pages
Information Assurance and Security (GOVERNANCE and RISK MANAGEMENT - Module5)
No ratings yet
Information Assurance and Security (GOVERNANCE and RISK MANAGEMENT - Module5)
5 pages
Implementation of Policies and Reactions To Information Security in Financial Organizations
No ratings yet
Implementation of Policies and Reactions To Information Security in Financial Organizations
10 pages
Information Security: INFOSEC Lecture Course (Short Version) - Polytechnic of Rijeka
No ratings yet
Information Security: INFOSEC Lecture Course (Short Version) - Polytechnic of Rijeka
29 pages
Advtyus
No ratings yet
Advtyus
89 pages
Information Security Chapter 1
No ratings yet
Information Security Chapter 1
44 pages
Proj
No ratings yet
Proj
200 pages
Unit 3 (A)
No ratings yet
Unit 3 (A)
70 pages
Issue Specific Security Policies
No ratings yet
Issue Specific Security Policies
20 pages
Information Security Issues, Threats, Solution & Standrads
No ratings yet
Information Security Issues, Threats, Solution & Standrads
46 pages