model information security planning by mohammed ashfaq ahmed
DESCRIPTION
Model Information Security Planning By Mohammed Ashfaq Ahmed. Adopt multilayered security model. Follow defense-in-depth strategy Defense-in-depth: design from inside out but tested from the outside in, Information lies at core and most reliable protection element lie close to it - PowerPoint PPT PresentationTRANSCRIPT
Model Information Security Planning
By Mohammed Ashfaq Ahmed
• Adopt multilayered security model
Follow defense-in-depth strategy
Defense-in-depth: design from inside out but tested from the outside in,
Information lies at core and most reliable protection element lie close to it
Penetration of attackers occurs from outside in
Seven layer security model… It covers both the security of information as
well as the security of the information systemThe layers of the model are Information at the core Cryptographic method layer Verification and authentication layer OS hardening layer Information system architecture and design Web services layer The 8 ps of security layer
Benefits of this model..
vigorously protects information Will slow down perpetrators as they
attempt any attack Discourage attackers Assist in identification of hackers Low cost and effective
1. Information at the core..
Information reside at the core of the model
Why information at the core why not information system
Reason..The information system is too vast and
cannot be narrowed sufficiently
Information has many properties like disguise, protect, authenticate, test..
The most important and interesting quality of information is changing state and still retaining all of its semantic value
These factors allows us to effectively manage the
information
2. Cryptographic method layer..
It is the second layer and actually the most important from a security countermeasure point
It represents a formidable barrier that coats and protects information
It uses the properties of information
Advantages..
Cryptography disguises information
Cryptographic methods are extremely complex and require significant time and cost to break
it provides an elegant linkage to the authentication and verification layer
Cryptographic layers are many and varied
3.Authentication and verification layer..
It is closely related to cryptographic layer It has two distinct parts1. The inner authentication and verification
which pertains to the information exclusively Ex. Digital signatures, code signing, etc.
2. The outer half which provides an authentication and verification for the information system
Ex. Password, access controls, etc
Authentication is the process of determining if the information presented is real or fake
Authentication techniques usually take advantage of any of the following four factors to authenticate access to information
1. Possession factor: something you have that grant access to information
ex: smartcard, token etc.2. Biometric factor: something that you are
that identifies you uniquely ex: finger print, face print, DNA etc.
3. Knowledge factor: something you know that is secret
Ex. Password, username etc.4. Integrity factor: something that
allows the authentication routines to authenticate your actions after you are admitted access
Ex. Message authentication code( mac’s)
Authentication techniques can be used either directly with information or as a part of information system
Verification is the one-to-one process of matching the user by name against an authentication template, maintained by trusted third party and provide the authentication status
My Question……?
Answer
The model is design from the inside out and tested from outside in. It mean that information is at the core to the model ant the most reliable protection elements of the plan are placed closest to it. penetration by attackers occurs from outside in, this concept is known as defense in depth.