Model Information Security Planning

dashingincestuousSecurity

Feb 22, 2014 (3 years and 6 months ago)

65 views

Model Information Security
Planning


By

Mohammed Ashfaq Ahmed



Adopt multilayered security
model



Follow defense
-
in
-
depth strategy


Defense
-
in
-
depth:

design from inside out
but tested from the outside in,

Information lies at core and most reliable
protection element lie close to it

Penetration of attackers occurs from
outside in


Seven layer security model…


It covers both the security of information as well as
the security of the information system

The layers of the model are


Information at the core


Cryptographic method layer


Verification and authentication layer


OS hardening layer


Information system architecture and design


Web services layer


The 8 ps of security layer


Benefits of this model..


vigorously protects information


Will slow down perpetrators as they
attempt any attack


Discourage attackers


Assist in identification of hackers


Low cost and effective



1.
Information at the core..


Information reside at the core of the model



Why information at the core why not
information system

Reason..

The information system is too vast and
cannot be narrowed sufficiently





Information has many properties like
disguise, protect, authenticate, test..


The most important and interesting quality of
information is changing state and still retaining
all of its semantic value


These factors allows us to effectively manage the

information



2. Cryptographic method layer..


It is the second layer and actually the
most important from a security
countermeasure point


It represents a formidable barrier that
coats and protects information


It uses the properties of information

Advantages..


Cryptography disguises information


Cryptographic methods are extremely
complex and require significant time
and cost to break



it provides an elegant linkage to the
authentication and verification layer


Cryptographic layers are many and
varied

3.Authentication and verification layer..


It is closely related to cryptographic layer


It has two distinct parts

1.
The inner authentication and verification
which pertains to the information
exclusively
Ex. Digital signatures, code signing, etc.

2.
The outer half which provides an
authentication and verification for the
information system


Ex. Password, access controls, etc





Authentication is the process of determining if
the information presented is real or fake


Authentication techniques usually take
advantage of any of the following four
factors to authenticate access to
information

1.
Possession factor: something you have that
grant access to information




ex: smartcard, token etc.

2.
Biometric factor: something that you are
that identifies you uniquely



ex: finger print, face print, DNA etc.



3. Knowledge factor: something you
know that is secret

Ex. Password, username etc.

4. Integrity factor: something that allows
the authentication routines to
authenticate your actions after you are
admitted access

Ex. Message authentication code( mac’s)


Authentication techniques can be used
either directly with information or as a
part of information system


Verification

is the one
-
to
-
one process of
matching the user by name against an
authentication template, maintained by
trusted third party and provide the
authentication status


My Question……?



Answer



The model is design from the inside out
and tested from outside in. It mean that
information is at the core to the model
ant the most reliable protection
elements of the plan are placed closest
to it. penetration by attackers occurs
from outside in, this concept is known
as
defense in depth
.