Chapter-A_Lesson-1_The-Importance-of-Information-Protection.pptx
Document Details
Uploaded by AdorableRhodochrosite
Catanduanes State University
Tags
Full Transcript
INFORMATI CHAPTER A ON SECURITY OVERVIEW Abigail T. Delluza, Instructor I CHAPTER A | Information Security Overview Lesson 1 Lesson 2 Lesson 3 Lesson 4 Lesson 5 The Importance The Evolution Justifying Security How to Build of Information...
INFORMATI CHAPTER A ON SECURITY OVERVIEW Abigail T. Delluza, Instructor I CHAPTER A | Information Security Overview Lesson 1 Lesson 2 Lesson 3 Lesson 4 Lesson 5 The Importance The Evolution Justifying Security How to Build of Information of Information Security Methodology a Security Protection Security Investment Program Lesson 6 Lesson 7 Lesson 8 Lesson 9 The The Strategy and Business Impossible Weakest Tactics Processes Vs. Job Link Technical Controls Learning Outcomes for this Chapter CHAPTER A | Information Security Overview Recount the history of Explain the role of Computer Security, and security in the explain how it evolved Into systems information security development life cycle Define key terms and Define critical concepts of Information Security information security in the systems development life cycle Lesson 1 THE IMPORTANCE OF INFORMATION PROTECTION CHAPTER A | Information Security Overview What is Information? portion of the content of a signal or message which conveys meaning. Information is not knowledge itself, but rather the representation of it. CHAPTER A: Information Security Overview | Lesson 1: The Importance of Information Protection Information is an Important Asset The more information you have at your command, The better you can adapt to world around you CHAPTER A: Information Security Overview | Lesson 1: The Importance of Information Protection Information can be classified into different categories This is typically done in order to control access to information in different ways. CHAPTER A: Information Security Overview | Lesson 1: The Importance of Information Protection Organizations classify Labeling information in Distribution different ways in Duplication order to differently manage aspects Release of its handling Storage Encryption Disposal Methods of transmission CHAPTER A: Information Security Overview | Lesson 1: The Importance of Information Protection Information intended for internal use only is usually meant to be seen by employees, contractors, and service providers, but not by the general Internal Memos public Correspondence General E-mail Instant message discussions Company Announcements Meeting requests General Presentation CHAPTER A: Information Security Overview | Lesson 1: The Importance of Information Protection Companies may have confidential information that is intended for internal use on a need-to-know basis, such as: research and development plans manufacturing processes strategic corporate information product roadmaps process descriptions customer lists and contact information financial forecasts earnings announcements CHAPTER A: Information Security Overview | Lesson 1: The Importance of Information Protection Specialized Information or Secret information may include trade secrets, such as: Formulas production details other intellectual property, proprietary methodologies, and practices that describe how services are provided research plans electronic codes Passwords encryption keys CHAPTER A: Information Security Overview | Lesson 1: The Importance of Information Protection In some business sectors, the protection of information is not just desirable, it’s mandatory. CHAPTER A: Information Security Overview | Lesson 1: The Importance of Information Protection Laws and Regulations that protects Information Health care organizations are heavily regulated and must comply with the security requirements of the Health Insurance Portability and Accountability Act of 1996 (HIPAA) They are required by HIPAA to ensure robust security over Protected Health Information (PHI) that consists of medical data and Personally Identifiable Information (PII) Financial institutions are also required by regulations to protect customer information, PII, and financial records. These regulations include security rules defined by the Federal Financial Institutions Examination Council (FFIEC), and the Gramm-Leach-Bliley Act (GLBA), also known as the Financial Services Modernization Act of 1999. Regulations such as the Sarbanes-Oxley Act of 2002 (also known as SOX or Sarbox) also apply to many companies that are publicly traded, to protect shareholders against the dissemination of false financial information CHAPTER A: Information Security Overview | Lesson 1: The Importance of Information Protection Laws and Regulations that protects Information Other legal regulations include SB 1386 and SB 24, which are California laws requiring companies to protect personal information. All of these regulations carry penalties, some of which are strong, for failure to properly protect information. “The better your security controls are that protected, all these different types of data, the greater the level of access that you can safely provide to authorized parties who need to use that data.” CHAPTER A: Information Security Overview | Lesson 1: The Importance of Information Protection EGG ON THEIR FACES: A CASE STUDY Egghead Software was a well-known software retailer that discovered in 2000 that Internet attackers might have stolen as many as 3.7 million credit card numbers from its website, housed offsite at an e-commerce service provider that lacked good security. This information quickly made the news, and as a result, Egghead’s corporate identity was more than just tarnished—it was destroyed. Customers fled in droves. The media coverage ruined the company’s reputation. Egghead’s stock price dropped dramatically, along with its sales. Cost-cutting measures, including layoffs, followed. The chain reaction finally concluded with Egghead’s bankruptcy and subsequent acquisition by Amazon.com. Were the consequences of inattention to security too extreme? But could those consequences have been avoided with good security practices? CHAPTER A: Information Security Overview | Lesson 1: The Importance of Information Protection Recitation In your own words, explain the following: 1.What is Information? 2.What is a Confidential Information? 3.What is a Specialized Information?