Security+ Guide to Network Security Fundamentals, 2e
Chapter 1 Information Security Fundamentals
At a Glance Instructor’s Notes
♦ ♦ ♦ ♦ ♦ ♦ ♦ Chapter Overview Chapter Objectives Technical Notes Lecture Notes Quick Quizzes Discussion Questions Additional Activities
The amount of subject matter to be covered can be covered in anywhere between a 2to 4-hour period.Security+ Guide to Network Security Fundamentals. Students will also explore the CompTIA Security+ certification for IT professionals and survey the types of careers open in the information security field.
After reading this chapter. if possible. It begins by examining the current challenges in network security. students will be able to: ♦ ♦ ♦ ♦ ♦ ♦ Identify the challenges for information security Define information security Explain the importance of information security List and define information security terminology Describe the CompTIA Security+ certification exam Describe information security careers
HANDS-ON PROJECTS Project 1-1 Project 1-2 Project 1-3 Project 1-4 HARDWARE DEVICES REQUIRED Computer PC Computer PC Computer PC Computer PC OPERATING SYSTEM REQUIRED Windows XP Windows XP Windows XP Windows XP OTHER RESOURCES Internet connectivity and installation permissions set Microsoft Baseline Security Analyzer and Internet connectivity Internet connectivity and Gibson Research’s ShieldsUp! ShieldsUp! Program
This chapter should not be completed in one class session. A number of trends illustrate why security is becoming increasingly difficult. 2e
Instructor’s Notes Chapter Overview
This chapter introduces the fundamentals of Security+ network security. These include: ♦ ♦ ♦ Speed of attacks Faster detection of weaknesses Difficulties in patching ♦ Sophistication of attacks ♦ Distributed attacks
. It is recommended that you split the chapter into at least two class sessions.
Lecture Notes Identifying the Challenges for Information Security
The challenge of keeping networks and computers secure has never been greater. Students will see why network security is important and learn to define information security and its associated terminology. plus any at-home exercises you wish to assign.
Understanding the Importance of Information Security
Information security is important to businesses and individuals because it can prevent data theft.
Preventing Data Theft
Security is often associated with theft prevention. The theft of data is the single largest cause of financial loss due to a security breach.
Certain trends have resulted in security attacks growing at an alarming rate. Three of the characteristics of information that must be protected by information security are: ♦ ♦ ♦ Integrity Confidentiality Availability
Information security involves more than protecting the information itself. Table 1-2 on pages 4 and 5 of the text shows the explosive growth of these incidences.
. and transmitted over a network. One of the most important objectives of information security is to protect important business and personal data from theft. Information security is intended to protect information. 2e
Discuss the different delays between patches and attacks as illustrated in Table 1-1 on page 4 of the text. and 1-4 at the end of this chapter. stored on a magnetic or optical storage device (such as a hard drive or DVD).Security+ Guide to Network Security Fundamentals. and thwart identity theft. maintain productivity. The same is true with information security—businesses often cite preventing data theft as the primary goal of information security. The third objective of information security is illustrated in Figure 1-1 on page 7 of the text. foil cyberterrorism. which is information. The center of the diagram shows what needs to be protected. avoid the legal consequences of not securing information.
To apply the concepts in this topic. The Computer Emergency Response Team (CERT) security organization compiles statistics regarding the number of reported incidents of attacks. which is typically processed by a computer (such as a personal computer). Drivers install security systems on their cars to prevent the cars from being stolen. 1-3.
Defining Information Security
The term information security describes the tasks of guarding digital information. Information security ensures that protective measures are properly implemented. see Hands-On Projects 1-2.
each attack costs a company an average of $213. ANSWER: patches _____________ ensures that only authorized parties can view information. ANSWER: Integrity _____________ is often associated with theft prevention. ANSWER: business. For example. and local legislation continues to be enacted to deal with the growing problem of identity theft. Such an attack is called cyberterrorism. such as social security numbers. 3. the Fair and Accurate Credit Transactions Act of 2003 is a federal law that addresses identity theft. ANSWER: day zero One of the primary defenses against attacks is applying _____________. to establish bank or credit card accounts that are then left unpaid.
. Table 1-3 on page 10 of the text provides an estimate of lost salary and productivity during a virus attack and cleanup for businesses with 100. These attacks could cripple a nation’s electronic and commercial infrastructure.
An area of growing concern among many defense experts is surprise attacks by terrorist groups using computer technology and the Internet. ANSWER: Security One of the most important objectives of information security is to protect important __________ and __________ data from theft.
Thwarting Identity Theft
Identity theft involves using someone’s personal information. and 1000 employees. Some federal and state laws that have been enacted to protect the privacy of electronic data include the following: ♦ ♦ ♦ ♦ The Health Insurance Portability and Accountability Act of 1996 (HIPAA) The Sarbanes-Oxley Act of 2002 (Sarbox) The Gramm-Leach-Bliley Act (GLBA) USA PATRIOT Act 2001
Discuss the different laws that have been enacted as listed on pages 8 and 9 of the text in more detail. 4. One of the looming fears is the increasing number of ____________ attacks. 2e
After an attack on information security. leaving the victim with the debts and ruining their credit rating. 2. clean-up efforts divert resources. 500. software that repairs security flaws and other problems in an application or operating system.Security+ Guide to Network Security Fundamentals.000 man-hours lost. 250. According to a Corporate IT Forum survey of major corporations.000 in lost man-hours and related costs. One challenge in combating cyberterrorism is that many prime targets are not owned and managed by the federal government. National. state. away from normal activities. while one-third of the corporations reported an average of more than 3. 5. personal
Avoiding Legal Consequences
Businesses that fail to protect data may face serious penalties. such as time and money.
information security has its own terminology. ANSWER: risk ___________ help employers determine who has the skills and knowledge necessary to secure their systems and data. 2e
Understanding Information Security Terminology
As with many advanced subjects. Symantec. which lists information security terminology.Security+ Guide to Network Security Fundamentals. and communicating with executive management about security issues. such as VeriSign. providing education and awareness. The ___________ requires banks and financial institutions to alert customers of their policies and practices in disclosing customer information. IBM. 2. ANSWER: Certifications
. 3. 5.
1. Also. ANSWER: cyberterrorism A(n) ____________ is a person or thing that has the power to carry out a threat. The scenario in the text helps to illustrate information security terms and how they are used. The exam was designed with input from security industry leaders. As information attacks increase. A security manager focuses on developing corporate security plans and policies.
Surveying Information Security Careers
One of the fastest growing career fields is information security. CompTIA is also the world’s largest developer of vendorneutral IT certification exams. and Motorola. RSA Security. Microsoft. the Computing Technology Industry Association (CompTIA) has been working to advance the growth of the IT industry and those people working within it. 4. The CompTIA Security+ certification tests for mastery in security concepts and practices. Security engineers design. The Security+ exam is designed to cover a broad range of security topics. examine Table 1-4 on page 13. security engineering. The topics are categorized into five areas or domains. Information security jobs are sometimes divided into three general roles: security management. companies are becoming more aware of their vulnerabilities and are looking for ways to reduce their risks and liabilities. and test security solutions to meet the policies while still addressing business needs. build. Table 1-5 on page 14 of the text lists the domains and the percentage of questions from each domain.
Exploring the CompTIA Security+ Certification Exam
Since 1982. Security administrators configure and maintain security solutions to ensure proper service levels and availability.
Discuss the scenario on pages 11 through 13 of the text that helps illustrate information security terms and how they are used. and security administration. Sun. ANSWER: Gramm-Leach-Bliley Act or GLBA One challenge in combating __________ is that many prime targets are not owned and managed by the federal government. Novell. ANSWER: threat agent A(n) ___________ is the likelihood that something will happen.
Have students take a CompTIA Security exam and discuss the results. 2. Have students conduct research looking for software and hardware that can prevent data theft.Security+ Guide to Network Security Fundamentals. 2e
1. Discuss several different strategies that can be used to pass the CompTIA Security+ exam. 2.
. Discuss the different methods used to steal data.