Information security
Published on Nov 25, 2015
No Description
MORE DECKS TO EXPLORE
PRESENTATION OUTLINE
Table of contents
- General concepts
- Access control
- Security management
- Regulatory compliance
- Operation security
- Network security
- Application security
- Cryptography
Photo by epSos.de
General concepts
Photo by perspec_photo88
Untitled Slide
Untitled Slide
Plan - Establish the goals, objectives and processes.
Do - Implement the plan and execute the process.
Check - Study the actual results and compare against the expected results
Act - Make improvement when necessary, go back to plan
security management
Photo by Sharon Drummond
Untitled Slide
access control
Photo by CarbonNYC [in SF!]
Access control is all about managing how subjects interact with objects in authorized manner.
Photo by Peter aka anemoneprojectors
Subjects are the entities obtain or alter data, for example:
user, computer, program, process
and so on
Photo by Raido Kaldma
Objects are the entities provide or host data, for example:
files, database, media, printer
and so on
Photo by T a k
Access control principles
- Separation of Duties
- Least privilege
- Need to know
- Compartmentalization
Photo by Gideon Burton
Separation of Duties is aimed for preventing frauds and errors by distributing tasks and privileges (of a process) to multiple people
Photo by Roberto Trm
Least privilege is required for a subject to have no more access privilege than necessary for performing tasks, jobs or functions
Photo by benchilada
Need to know is used to define how much access privilege is needed (to know) based on job functions
Photo by Iztok Alf Kurnik
Compartmentalization is process of separating groups of people and isolating flow of information between them
Photo by EJP Photo
Untitled Slide
Untitled Slide
operation security
Photo by The U.S. Army
Untitled Slide
network security
Photo by CyberHades
Untitled Slide
application security
Photo by Shinji Nikaru
Untitled Slide
cryptography
Photo by Ryan Somma
