UC Home Maps A-Z Index Web Search People Search UC Tools  
University of Cincinnati - UCit   University of Cincinnati - Home
 
 

From the AVP - The Ten Domains of Information Security



Information Security is not just the security of information systems or IT resources. It is a much more comprehensive than that. Information security must consider each of these 10 different areas:

  1. Security Management Practices
  2. Access Control Systems and Methodology
  3. Law, Investigation, Ethics
  4. Physical Security
  5. Business Continuity & Disaster Recovery Planning
  6. Security Architecture & Models
  7. Cryptography
  8. Telecommunications & Network Security
  9. Applications & Systems Development
  10. Operations Security

These domains contain these areas:

  1. Security Management Practices
    • Concepts & Objectives, Risk Management, Policies & Procedures
    • Information Classification, IS Awareness, IS Roles and Responsibilities
    • Handling Incidents
  2. Access Control Systems and Methodology
    • Identification & Authentication, Single Sign On
    • Centralized vs. Distributed Access Control
    • Control access by applying the appropriate concepts/methodologies/techniques
    • Identify, evaluate and respond to access control attacks (Brute Force, Dictionary Spoofing, Denial of Service)
    • Design coordinate and evaluate penetration and vulnerability tests
  3. Law, Investigation, Ethics
    • HIPAA, FERMA, GLB, other Laws and Regulations
  4. Physical Security
    • Facilities Management, Personnel Security, Physical Controls
  5. Business Continuity & Disaster Recovery Planning
    • Concepts: BC vs DR
    • Recovery Planning Process, Plan Development & Maintenance, Testing
    • Program Management, Vulnerability Assessment, Prevention
  6. Security Architecture & Models
    • CS and Architecture, Security & Control Concepts, Security Models, Evaluation Criteria
    • Host-based Security, Client-Server Security, Network Security
    • Network and IP Security Architecture
  7. Cryptography
    • History, Definitions, Applications & Uses of Cryptography, Protocols and Standards
    • Basic Technologies, Encryption Systems, Symmetric/Asymmetric Cryptography,
    • Digital Signatures, Email Sec, Internet Sec, Key Management,
    • Public Key Infrastructure (PKI), cryptanalysis & Attacks, Export Issues
  8. Telecommunications & Network Security
    • Communications Security Management, Network Protocols
    • Identification & Authentication, Data Communication, Internet & Web Security
    • Attack Methods, Multimedia Security, Incident Response Management
  9. Applications & Systems Development
    • Definitions, Security Goals & Threats, System Life Cycle, Security Architecture
    • Change Control, Application Development & Security Measures,
    • Databases & Data Warehousing, Knowledge Based Systems
  10. Operations Security
    • Resources, Privileges, Control Mechanisms, Potential Abuses, Principles
  
InfoSec Home
Free Anti-Virus
PSS Help
Report an Incident
Security Update
 
 

Featured Article

 
 

It's all UC Footer rule line
 
Contact Us | University of Cincinnati | 2600 Clifton Ave., Cincinnati, Ohio 45221
Undergraduate Admission: 513-556-1100 | Graduate Admission: 513-556-4335
University Information: 513-556-6000 | Copyright Information © 2006