Module 1 & 2: Introduction to availability,
Information Assurance confidentiality, and non-repudiation. This includes
System Quality
According to (International Organization for
Standardization/International Electrotechnical
Commission)ISO/IEC Standard 9126-1 (Software
Engineering—Product Quality), the following are all
aspects of system quality:
● functionality ● reliability
● adequacy ● usability
● interoperability ● efficiency
● correctness ● maintainability
● security ● portability
Which of these do you think applies to Information
Assurance?
What is Information?
 
“Information is data endowed with relevance and
purpose. Converting data into information thus
requires knowledge. Knowledge by definition is
specialized.” (Blyth and Kovacich, p. 17)
What characteristics should information possess
to be useful?
It should be accurate, timely, complete, verifiable,
consistent, and available. According to Raggad (pp.
14ff)
Noise: raw facts with an unknown coding system
Data: raw facts with a known coding system
Information: processed data
Knowledge: accepted facts, principles, or rules of
thumb that are useful for specific domains. Knowledge
can be the result of inferences and implications
produced from simple information facts.
According to the U.S. Department of Defense, IA
involves:
Actions are taken that protect and defend information
and information systems by ensuring their
integrity, authentication,
providing for the restoration of information systems
by incorporating protection, detection, and reaction
capabilities.
What is Information Assurance?
Information Assurance (IA) is the study of how to
protect your information assets from destruction,
degradation, manipulation, and exploitation. But also,
how to recover should any of those happen. Notice that
it is both proactive and reactive.
According to the DoD definition, these are some
aspects of information needing protection:
● Availability: timely, reliable access to data and
information services for authorized users;
● Integrity: protection against unauthorized
modification or destruction of information;
● Confidentiality: assurance that information is
not disclosed to unauthorized persons;
● Authentication: security measures to establish
the validity of a transmission, message, or
originator.
● Non-repudiation: assurance that the sender is
provided with proof of data delivery and the
recipient is provided with proof of the sender’s
identity so that neither can later deny having
processed the data.
Information Assurance is such a broad field that
there is no universally accepted definition.
Researchers often give their spin to IA, usually
reflecting their concerns.
What is Information Assurance?
1.2 Different View of Information Assurance
According to Debra Herrmann (Complete Guide to
Security and Privacy Metrics), Information Assurance
should be viewed as spanning four security engineering
domains:
● Physical security ● IT security
● Personnel security ● Operational security
The simple truth is that IT security cannot be
accomplished in a vacuum, because there is a
multitude of dependencies and interactions among all
four security engineering domains. (Herrmann, p. 10)
So threats/risks to IA should be considered along
these dimensions as well.
According to Debra Herrmann, IA has four major
categories:
● Physical security ● IT security
● Personnel security ● Operational security
Into which of these would you put the following?
● enforcing hard-to-guess passwords
● encrypting your hard drive
● locking sensitive documents in a safe
stationing a marine guard outside an embassy
assigning security clearances to staffers
● using SSL for data transfers
● having an off-site backup of documents
Quotes from Debra Herrmann, Complete Guide to
Security and Privacy Metrics:
“Physical security refers to the protection of
hardware, software, and data against physical threats
to reduce or prevent disruptions to operations and
services and loss of assets.”
“Personnel security is a variety of ongoing measures
taken to reduce the likelihood and severity of
accidental and intentional alteration, destruction,
misappropriation, misuse, misconfiguration,
unauthorized distribution, and unavailability of an
organization’s logical and physical assets, as the
result of action or inaction by insiders and known
outsiders, such as business partners.”
“IT security is the inherent technical features and
functions that collectively contribute to an IT
infrastructure achieving and sustaining
confidentiality, integrity, availability,
accountability, authenticity, and reliability.”
“Operational security involves the implementation of
standard operational security procedures that define
the nature and frequency of the interaction between
users, systems, and system resources, the purpose of
which is to achieve and sustain a known secure
system state at all times, and prevent accidental or
intentional theft, release, destruction, alteration,
misuse, or sabotage of system resources.”
Are these domains purely defensive, or might they be
offensive? Compare and contrast Herrmann’s view of
IA with the government view outlined before.
According to Raggad’s taxonomy of information
security, a computing environment is made up of five
continuously interacting components: activities,
people, data, technology, networks.
A comprehensive security plan must take all of
these into account.
How do these map onto the previous scheme?
Does protecting a computing environment merely
mean protecting these five components?
IA includes computer and information security, but
more besides.
According to Blyth and Kovacich, IA can be thought of
as protecting information at three distinct levels:
physical: data and data processing activities in
physical space; information
infrastructure: information and data manipulation
abilities in cyberspace;
perceptual: knowledge and understanding in
human decision space.
The lowest level focus of IA is the physical level:
computers, physical networks, telecommunications,
and supporting systems such as power, facilities, and
environmental controls. Also at this level are the
people who manage the systems.
Desired Effects: to affect the technical performance
and the capability of physical systems, to disrupt the
capabilities of the defender.
Attacker’s Operations: physical attack and
destruction, including electromagnetic attack, visual
spying, intrusion, scavenging and removal,
wiretapping, interference, and eavesdropping.
Defender’s Operations: physical security, OPSEC,
TEMPEST.
The second level focus of IA is the information
structure level: This covers information and data
manipulation ability maintained in cyberspace,
including data structures, processes, programs,
protocols, data content, and databases.
Desired Effects: to influence the effectiveness and
performance of information functions supporting
perception, decision making, and control of physical
processes.
Attacker’s Operations: impersonation, piggybacking,
spoofing, network attacks, malware, authorization
attacks, active misuse, and denial of service attacks.
Defender’s Operations: information security
technical measures such as: encryption and key
management, intrusion detection, anti-virus software,
auditing, redundancy, firewalls, policies and standards.
The third level focus of IA is the perceptual level,
also called social engineering. This is abstract and
concerned with the management of perceptions of the
target, particularly those persons making security
decisions.
Desired Effects: to influence decisions and behaviors.
Attacker’s Operations: psychological operations
such as: deception, blackmail, bribery and corruption,
social engineering, trademark and copyright
infringement, defamation, diplomacy, creating distrust.
Defender’s Operations: personnel security including
psychological testing, education, and screening such as
biometrics, watermarks, keys, passwords.
Thus, IA includes aspects of:
● COMPSEC: computer security;
● COMSEC: communications and network
security; ITSEC: (which includes both COMPSEC
and COMSEC);
● OPSEC: operations security.
Compare Blyth and Kovacich’s view of IA with the
government view and Herrmann’s views described
previously.
If you entrench yourself behind strong fortifications, you
compel the enemy to seek a solution elsewhere. –Carl
von Clausewitz
A recent headline in the AAS read: “The Biggest
Threat to Computer Security? Carelessness”
Principle of Easiest Penetration: An attacker on any
information system will use the simplest means of
subverting system security.
Different view in Information Assurance
● Physical security
● Personnel security
● IT security
● Operational security
Module 3 & 4: Introduction to
Information Security
3.1 Understanding what is an information security
The history of information security begins with the
concept of computer security. This is a process as
well as tried-and-true methods needed to maintain
data confidentiality.
CIA: The industry standard for computer security
since the development of the mainframe. The standard
is based on three characteristics that describe the
utility of information: confidentiality, integrity, and
availability.
Information security: Protection of the
confidentiality, integrity, and availability of
information assets, whether in storage, processing, or
transmission, via the application of policy, education,
training and awareness, and technology.
Communications security: The protection of all
communications media, technology, and content.
Network security: A subset of communications
security; the protection of voice and data networking
components, connections, and content.
Security: A state of being secure and free from danger
or harm. Also, the actions are taken to make someone
or something secure.
Information security
Information security, sometimes abbreviated to
infosec, is a set of practices intended to keep data
secure from unauthorized access or alterations, both
when it's being stored and when it's being transmitted
from one machine or physical location to another. You
might sometimes see it referred to as data security.
Information security refers to the processes and
methodologies which are designed and implemented
to protect the print, electronic, or any other form of
confidential, private, and sensitive information or data
from unauthorized access, use, misuse, disclosure,
destruction, modification, or disruption.
Information security vs. cybersecurity
Cybersecurity is the broader practice of defending
IT assets from attack, and information security is a
specific discipline under the cybersecurity umbrella.
Network security and application security are sister
practices to infosec, focusing on networks and
application, respectively.
Information security principles
The basic components of information security are
most often summed up by the so-called CIA triad:
confidentiality, integrity, and availability.
Confidentiality - Data is confidential when only those
people who are authorized to access it can do so; to
ensure confidentiality, you need to be able to identify
who is trying to access data and block attempts by
those without authorization. Passwords, encryption,
authentication, and defense against penetration
attacks are all techniques designed to ensure
confidentiality.
Integrity - means maintaining data in its correct state
and preventing it from being improperly modified,
either by accident or maliciously. Frequent backups
can help restore data to a correct state if need be.
Integrity also covers the concept of
non-repudiation: you must be able to prove that
you've maintained the integrity of your data, especially
in legal contexts.
Availability - is the mirror image of confidentiality:
while it is needed to make sure that data can't be
accessed by unauthorized users, it also needs to
ensure that it can be accessed by those who have the
proper permissions. Ensuring data availability means
matching network and computing resources to the
volume of data access that is expected and
implementing a good backup policy for disaster
recovery purposes.
In an ideal world, your data should always be kept
confidential, in its correct state, and available; in
practice, of course, you often need to make choices
about which information security principles to
emphasize, and that requires assessing your data. If
you're storing sensitive medical information, for
instance, you'll focus on confidentiality, whereas a
financial institution might emphasize data integrity to
ensure that nobody's bank account is credited or
debited incorrectly.
Tools for Information Security
● Authentication ● Backup
● Access Control ● Firewalls
● Encryption ● Virtual Private Networks (VPN)
● Passwords ● Physical Security
● Security Policies
Information security policy
The means by which these principles are applied to an
organization take the form of a security policy. This
isn't a piece of security hardware or software; rather,
it's a document that an enterprise draws up, based on
its own specific needs to establish what data needs to
be protected and in what ways. These policies guide
the organization's decisions around procuring
cybersecurity tools and also mandate employee
behavior and responsibilities.
Among other things, your company's information
security policy should include:
● A statement describing the purpose of the infosec
program and your overall objectives
● Definitions of key terms used in the document to
ensure shared understanding
● An access control policy, determining who has
access to what data and how they can establish
their rights
● A password policy
● Data support and operations plan to ensure that
data is always available to those who need it
● Employee roles and responsibilities when it
comes to safeguarding data, including who is
ultimately responsible for information security
One important thing to keep in mind is that, in a world
where many companies outsource some computer
services or store data in the cloud, your security policy
needs to cover more than just the assets you own. You
need to know how you'll deal with everything from
personally identifying information stored on AWS
instances to third-party contractors who need to be
able to authenticate to access sensitive corporate info.
Information security measures
Technical measures - include the hardware and
software that protects data — everything from
encryption to firewalls.
Organizational measures - include the creation of an
internal unit dedicated to information security, along
with making infosec part of the duties of some staff in
every department
Human measures - include providing awareness
training for users on proper infosec practices
Physical measures - include controlling access to the
office locations and, especially, data centers
Information security analyst: Duties
Security analysts typically deal with information
protection (data loss protection [DLP] and data
classification) and threat protection, which includes
security information and event management (SIEM),
user and entity behavior analytics [UEBA], intrusion
detection system/intrusion prevention system
(IDS/IPS), and penetration testing. Key duties include
managing security measures and controls, monitoring
security access, doing internal and external security
audits, analyzing security breaches, recommending
tools and processes, installing software, teaching
security awareness, and coordinating security with
outside vendors.
Information security certifications
If you're already in the field and are looking to stay
up-to-date on the latest developments—both for your
own sake and as a signal to potential employers—you
might want to look into an information security
certification. Among the top certifications for
information security analysts are:
● Systems Security Certified Practitioner (SSCP)
● Certified Cyber Professional (CCP)
● Certified Information System Security
Professional (CISSP)
● Certified Ethical Hacker (CEH)
● GCHQ Certified Training (GCT)
3.2 Computer Security
What is computer security?
Computer security is the protection of computer systems
and information from harm, theft, and unauthorized
use. It is the process of preventing and detecting
unauthorized use of your computer system.
There are various types of computer security which
are widely used to protect the valuable information of
an organization.
What are Computer Security and its types?
One way to ascertain the similarities and differences in
Computer Security is by asking what is being secured.
For example,
● Information security is securing information
from unauthorized access, modification &
deletion
● Application Security is securing an
application by building security features to
prevent Cyber Threats such as SQL injection,
DoS attacks, data breaches, etc.
● Computer Security means securing a
standalone machine by keeping it updated
and patched
● Network Security is by securing both the
software and hardware technologies
 ● Cybersecurity is defined as protecting
computer systems, which communicate over
the computer networks
It’s important to understand the distinction between
these words, though there isn’t necessarily a clear
consensus on the meanings and the degree to which
they overlap or are interchangeable.
So, Computer security can be defined as controls that
are put in place to provide confidentiality, integrity,
and availability for all components of computer
systems. Let’s elaborate on the definition.
Components of computer system
The components of a computer system that needs to
be protected are:
● Hardware, the physical part of the computer,
like the system memory and disk drive
● Firmware, permanent software that is etched
into a hardware device’s nonvolatile memory
and is mostly invisible to the user
● Software, the programming that offers
services, like operating system, word
processor, the internet browser to the user  unfortunately very easy to execute. You are deluded
Computer security threats
Computer security threats are possible dangers that
can possibly hamper the normal functioning of your
computer. In the present age, cyberthreats are
constantly increasing as the world is going digital. The
most harmful types of computer security are:
Insider threats - An insider threat occurs
when individuals close to an organization
who have authorized access to its network
intentionally or unintentionally misuse that
access to negatively affect the organization's critical
data or systems.
Viruses - A computer virus is a malicious
program that is loaded into the user’s
computer without the user’s knowledge. It
replicates itself and infects the files and
programs on the user’s PC. The ultimate goal of a virus
is to ensure that the victim’s computer will never be
able to operate properly or even at all. 
Computer Worm - A computer worm is a
software program that can copy itself from
one computer to another, without human
interaction. The potential risk here is that it
will use up your computer's hard disk space because a
worm can replicate in greater volume and with great
speed.
Phishing - Disguising as a trustworthy person
or business, phishers attempt to steal sensitive
financial or personal information through
fraudulent email or instant messages. Phishing is
into thinking it’s legitimate mail and you may enter
your personal information.
Botnet - A botnet is a group of computers
connected to the internet, that have been
compromised by a hacker using a computer
virus. An individual computer is called a
‘zombie computer’. The result of this threat is the
victim’s computer, which is the bot that will be used
for malicious activities and a larger-scale attack like
DDoS.
Rootkit - A rootkit is a computer program
designed to provide continued privileged
access to a computer while actively hiding its
presence. Once a rootkit has been installed,
the controller of the rootkit will be able to remotely
execute files and change system configurations on the
host machine.
Ransomware - In a ransomware
attack, the victim's computer is
locked, typically by encryption, which
keeps the victim from using the
device or data that's stored on it. To
regain access to the device or data, the victim has to
pay the hacker a ransom, typically in a virtual currency
such as Bitcoin. Ransomware can be spread via
malicious email attachments, infected software apps,
infected external storage devices and compromised
websites.
Denial of Service - A denial of service
(DoS) is a type of cyber attack that
floods a computer or network so it
can’t respond to requests. A distributed
DoS (DDoS) does the same thing, but
the attack originates from a computer network. Cyber
attackers often use a flood attack to disrupt the
“handshake” process and carry out a DoS. Several
other techniques may be used, and some cyber
attackers use the time that a network is disabled to
launch other attacks. A botnet is a type of DDoS in
which millions of systems can be infected with
malware and controlled by a hacker, according to Jeff
Melnick of Netwrix, an information technology
security software company. Botnets, sometimes called
zombie systems, target and overwhelm a target’s
processing capabilities. Botnets are in different
geographic locations and hard to trace.
Social engineering attacks - Social engineering is the
term used for a broad range of
malicious activities accomplished
through human interactions. It
uses psychological manipulation
to trick users into making
security mistakes or giving away
sensitive information.
Social engineering attacks happen in one or more
steps. A perpetrator first investigates the intended
victim to gather necessary background information,
such as potential points of entry and weak security
protocols, needed to proceed with the attack. Then, the
attacker moves to gain the victim’s trust and provide
stimuli for subsequent actions that break security
practices, such as revealing sensitive information or
granting access to critical resources.
Homograph attacks - attackers create
fake websites with very similar web
addresses to legitimate websites. Users
access these fake websites without
noticing the slight difference in URL, and may submit
their credentials or other sensitive information to an
attacker.
Keylogger - Also known as a keystroke
logger, keyloggers can track the real-time
activity of a user on his computer. It keeps
a record of all the keystrokes made by the
user keyboard. Keylogger is also a very
powerful threat to steal people’s login credentials such
as username and password.
These are perhaps the most common security threats
that you’ll come across. Apart from these, there are
others like spyware, wabbits, scareware,
bluesnarfing, and many more. Fortunately, there are
ways to protect yourself against these attacks.
Why is Computer Security Important?
In this digital era, we all want to keep our computers
and our personal information secure and hence
computer security is important to keep our personal
information protected. It is also important to maintain
our computer security and its overall health by
preventing viruses and malware which would impact
the system performance.
Computer Security Practices
Computer security threats are becoming relentlessly
inventive these days. There is much need for one to
arm oneself with information and resources to
safeguard against these complex and growing
computer security threats and stay safe online. Some
preventive steps you can take include:
● Secure your computer physically by:
o Installing reliable, reputable security
and anti-virus software
o Activating your firewall, because a
firewall acts as a security guard
between the internet and your local
area network 
● Stay up-to-date on the latest software and
news surrounding your devices and
perform software updates as soon as they
become available
● Avoid clicking on email attachments unless
you know the source 
● Change passwords regularly, using a unique
combination of numbers, letters, and case
types
● Use the internet with caution and ignore
pop-ups, and drive-by downloads while
surfing
 ● Taking the time to research the basic
aspects of computer security and educate
yourself on evolving cyber-threats
● Perform daily full system scans and create a
periodic system backup schedule to ensure
your data is retrievable should something
happen to your computer.
Apart from these, there are many ways you can protect
your computer system. Aspects such as encryption and
computer cleaners can assist in protecting your
computers and their files.
Unfortunately, the number of cyber threats is
increasing at a rapid pace and more sophisticated
attacks are emerging. So, having a good foundation in
cyber security concepts will allow you to protect your
computer against ever-evolving cyber threats.
4.1 Smart Cards and Biometrics Security intrusion
Detection Prevention
Smart cards provide ways to securely identify and
authenticate the holder and third parties who
want access to the card. For example, a cardholder
can use a PIN code or biometric data for
authentication. They also provide a way to securely
store data on the card and protect communications
with encryption.
Smart cards contain unique features that bring many
benefits to both consumers and issuing
organizations.
Smart cards provide:
● Security (the physical layout of the chip is
designed to be tamper-resistant, and a large
portion of the operating-system code is
dedicated to self-protection.)
● Confidentiality (the card and its data are with
you, and YOU decide what to do with them.)
● Portability (you carry it in your wallet or
phone.)
● Convenience (a consequence of all the above)
Smart cards offer more security and confidentiality
than other financial information or transaction
storage vehicles, making them a perfect solution for
e-commerce transactions.
As they include a tamper-resistant microprocessor,
they have substantial processing power to protect
the information, encrypt and execute instructions
from specific programs.
Biometrics Authentication
Biometrics authentication devices rely on physical
characteristics such as a fingerprint, facial patterns,
or iris or retinal patterns to verify user identity.
Biometrics authentication is becoming popular for
many purposes, including network logon. A
biometrics template or identifier (a sample known to
be from the authorized user) must be stored in a
database for the device to compare to a new sample
given during the logon process. Biometrics are often
used in conjunction with smart cards in high-security
environments. The most popular types of biometrics
devices are the following:
● Fingerprint scanners: These are widely
available for both desktop and portable
computers from a variety of vendors,
connecting via a USB or Personal Computer
Memory Card International Association
(PCMCIA, or PC Card) interface.
● Facial pattern recognition devices: These
devices use facial geometry analysis to verify
identity.
● Hand geometry recognition devices: These
are similar to facial pattern devices but analyze
hand geometry.
● Iris scan identification devices: Iris scanners
analyze the trabecular meshwork tissue in the
iris, which is permanently formed during the
eighth month of human gestation.
● Retinal scan identification devices: Retina
scanners analyze the patterns of blood vessels
on the retina.
Intrusion Detection Prevention
What is IDS?
An intrusion detection system is a passive
monitoring solution for detecting cybersecurity
threats to an organization. If a potential intrusion is
detected, the IDS generates an alert that notifies
security personnel to investigate the incident and
take remediative action.
An IDS solution can be classified in a couple of ways.
One of these is its deployment location. An IDS can be
deployed on a particular host, enabling it to monitor
the host’s network traffic, running processes, logs,
etc., or at the network level, allowing it to identify
threats to the entire network. The choice between a
host-based intrusion detection system (HIDS) and a
network-based IDS (NIDS) is a tradeoff between
depth of visibility and the breadth and context that a
system receives.
IDS solutions can also be classified based upon how
they identify potential threats. A signature-based
IDS uses a library of signatures of known threats to
identify them. An anomaly-based IDS builds a model
of “normal” behavior of the protected system and
reports on any deviations. A hybrid system uses both
methods to identify potential threats.
What is IPS?
An intrusion prevention system (IPS) is an active
protection system. Like the IDS, it attempts to
identify potential threats based upon monitoring
features of a protected host or network and can use
signature, anomaly, or hybrid detection methods.
Unlike an IDS, an IPS takes action to block or
remediate an identified threat. While an IPS may
raise an alert, it also helps to prevent the intrusion
from occurring.
Why IDS and IPS are Crucial for Cybersecurity
limits the potential damage than an attack can cause.
An IPS is ideal for environments where any intrusion
could cause significant damage, such as databases
containing sensitive d
IDSs and IPSs both have their advantages and
disadvantages. When selecting a system for a
potential use case, it is important to consider the
tradeoffs between system availability and usability
and the need for protection. An IDS leaves a window
for an attacker to cause damage to a target system,
while a false positive detection by an IPS can
negatively impact system usability.
List of IPS & IDS tools:
● SolarWinds Security Event Manager
● SNORT
● Security Onion
● Bro Network Security Monitor
● WinPatrol
● Osquery

In the end, the intrusion prevention system vs

intrusion detection system comparison comes down
to what action they take if such an intrusion is
detected. An IDS is designed to only provide an alert
about a potential incident, which enables a security
operations center (SOC) analyst to investigate the
event and determine whether it requires further
action. An IPS, on the other hand, takes action itself
to block the attempted intrusion or otherwise
remediate the incident.

While their responses may differ, they serve similar

purposes, potentially making them seem redundant.
Despite this, both of them have benefits and
deployment scenarios to which one is better suited
than the other:

Intrusion Detection System: An IDS is designed to

detect a potential incident, generate an alert, and do
nothing to prevent the incident from occurring.
While this may seem inferior to an IPS, it may be a
good solution for systems with high availability
requirements, such as industrial control systems
(ICS) and other critical infrastructure. For these
systems, the most important thing is that the systems
continue running, and blocking suspicious (and
potentially malicious) traffic may impact their
operations. Notifying a human operator of the issue
enables them to evaluate the situation and make an
informed decision on how to respond.

Intrusion Prevention System: An IPS, on the other

hand, is designed to take action to block anything
that it believes to be a threat to the protected system.
As malware attacks become faster and more
sophisticated, this is a useful capability because it