Professional Documents
Culture Documents
INFORMATION SECURITY
1
CHAPTER 1
Learning Outcomes
2
Information security:
1. Tasks of guarding digital information,
which is typically processed by a computer
(such as a personal computer), stored on a
magnetic or optical storage device (such
as a hard drive or DVD), and transmitted
over a network spacing
What is Information Security? (Cont)
7
Physical Security
Operational Security
Management and Policies
Physical Security
13
1. Confidentiality CIA
Protection of data from unauthorized
disclosure to a third party
2. Integrity
Assurance that data is not altered or destroyed
in an unauthorized manner
3. Availability
Continuous operation of computing systems
Information Security Organisation
18
CERT/CC
US-CERT
SANS Institute
ISC2
Common Criteria
FIPS
ICSA
CERT/CC
19
Information Theft:
Attacks that allow an attacker to get data without ever having to directly use
your computers.
How:
dumpster diving
- What people throw in the trash
(i) Personal information
(ii) Passwords
(iii) Good doughnuts
***Many enterprises now shred all white paper trash
steal your e-mail
Used for:
to access bank account
to make loans (car, real estate)
Attack Definition (Cont)
28
Unauthorised disclosure :
An organization suspects some of its employees
of leaking confidential information to its
competitor.
It is also usually believed that its competitor
actually planted spies within the organization in
order to target and steal new product plan.
How:
planting virus, trojan horse
snooping software
Attack Definition (Cont)
29
Information warfare:
Is the use and management of information in
pursuit of a competitive advantage over an
opponent.
Remotely disabling target using software (e.g.;
television and radio disinformation)
Disinformation: false or inaccurate information
that is spread deliberately.
Attack Definition (Cont)
30
Categories::
Data disclosure:
Exposure of data to third parties. Key point to consider is
whether the disclosure is relevant and necessary.
Data modification:
• A modification attack is an attempt to modify information
that an attacker is not authorized to modify.
Data availability:
Describe products and services that continues to be available
at a required level of performance in situations ranging from
normal through "disastrous."
Security Threats (Cont)
32
Activities:
Hacking: (solution)
showing computer expertise
Black Hats – the Bad Guys
White Hats – Professional Security Experts
Cracking: (malicious)
breaching security on software or systems
Security Threats (Cont)
33
Spoofing:
A method of attacking a computer program, in
which the program is modified so as to appear to be
working normally when in reality it has been
modified with the purpose to circumvent security
mechanisms.
34
Sniffing:
A method that a network device, like the Nintendo
DS, uses to identify available wireless networks in
the area.
37
dgame
passwd:
########
SNIFFER
Summary
39
Activities
42