Professional Documents
Culture Documents
Into which of these would you put the following? A comprehensive security plan must take all of
● enforcing hard-to-guess passwords these into account.
● encrypting your hard drive How do these map onto the previous scheme?
● locking sensitive documents in a safe Does protecting a computing environment merely
stationing a marine guard outside an embassy mean protecting these five components?
assigning security clearances to staffers
● using SSL for data transfers IA includes computer and information security, but
● having an off-site backup of documents more besides.
Quotes from Debra Herrmann, Complete Guide to According to Blyth and Kovacich, IA can be thought of
Security and Privacy Metrics: as protecting information at three distinct levels:
“Physical security refers to the protection of physical: data and data processing activities in
hardware, software, and data against physical threats physical space; information
to reduce or prevent disruptions to operations and infrastructure: information and data manipulation
services and loss of assets.” abilities in cyberspace;
perceptual: knowledge and understanding in
“Personnel security is a variety of ongoing measures human decision space.
taken to reduce the likelihood and severity of
accidental and intentional alteration, destruction, The lowest level focus of IA is the physical level:
misappropriation, misuse, misconfiguration, computers, physical networks, telecommunications,
unauthorized distribution, and unavailability of an and supporting systems such as power, facilities, and
organization’s logical and physical assets, as the environmental controls. Also at this level are the
result of action or inaction by insiders and known people who manage the systems.
outsiders, such as business partners.”
Desired Effects: to affect the technical performance
“IT security is the inherent technical features and and the capability of physical systems, to disrupt the
functions that collectively contribute to an IT capabilities of the defender.
infrastructure achieving and sustaining
confidentiality, integrity, availability, Attacker’s Operations: physical attack and
accountability, authenticity, and reliability.” destruction, including electromagnetic attack, visual
spying, intrusion, scavenging and removal,
“Operational security involves the implementation of wiretapping, interference, and eavesdropping.
standard operational security procedures that define
the nature and frequency of the interaction between Defender’s Operations: physical security, OPSEC,
users, systems, and system resources, the purpose of TEMPEST.
which is to achieve and sustain a known secure
system state at all times, and prevent accidental or
The second level focus of IA is the information A recent headline in the AAS read: “The Biggest
structure level: This covers information and data Threat to Computer Security? Carelessness”
manipulation ability maintained in cyberspace, Principle of Easiest Penetration: An attacker on any
including data structures, processes, programs, information system will use the simplest means of
protocols, data content, and databases. subverting system security.
Desired Effects: to influence the effectiveness and Different view in Information Assurance
performance of information functions supporting
perception, decision making, and control of physical ● Physical security
processes. ● Personnel security
● IT security
Attacker’s Operations: impersonation, piggybacking, ● Operational security
spoofing, network attacks, malware, authorization
Module 3 & 4: Introduction to
attacks, active misuse, and denial of service attacks.
Information Security
Defender’s Operations: information security
3.1 Understanding what is an information security
technical measures such as: encryption and key
management, intrusion detection, anti-virus software, The history of information security begins with the
auditing, redundancy, firewalls, policies and standards. concept of computer security. This is a process as
well as tried-and-true methods needed to maintain
The third level focus of IA is the perceptual level, data confidentiality.
also called social engineering. This is abstract and
concerned with the management of perceptions of the CIA: The industry standard for computer security
target, particularly those persons making security since the development of the mainframe. The standard
decisions. is based on three characteristics that describe the
utility of information: confidentiality, integrity, and
Desired Effects: to influence decisions and behaviors. availability.
Attacker’s Operations: psychological operations
such as: deception, blackmail, bribery and corruption, Information security: Protection of the
social engineering, trademark and copyright confidentiality, integrity, and availability of
infringement, defamation, diplomacy, creating distrust. information assets, whether in storage, processing, or
transmission, via the application of policy, education,
Defender’s Operations: personnel security including training and awareness, and technology.
psychological testing, education, and screening such as
biometrics, watermarks, keys, passwords. Communications security: The protection of all
communications media, technology, and content.
Thus, IA includes aspects of:
● COMPSEC: computer security; Network security: A subset of communications
● COMSEC: communications and network security; the protection of voice and data networking
security; ITSEC: (which includes both COMPSEC components, connections, and content.
and COMSEC);
● OPSEC: operations security. Security: A state of being secure and free from danger
or harm. Also, the actions are taken to make someone
Compare Blyth and Kovacich’s view of IA with the or something secure.
government view and Herrmann’s views described
previously. Information security
If you entrench yourself behind strong fortifications, you Information security, sometimes abbreviated to
compel the enemy to seek a solution elsewhere. –Carl infosec, is a set of practices intended to keep data
von Clausewitz secure from unauthorized access or alterations, both
when it's being stored and when it's being transmitted
from one machine or physical location to another. You Integrity - means maintaining data in its correct state
might sometimes see it referred to as data security. and preventing it from being improperly modified,
either by accident or maliciously. Frequent backups
Information security refers to the processes and can help restore data to a correct state if need be.
methodologies which are designed and implemented Integrity also covers the concept of
to protect the print, electronic, or any other form of non-repudiation: you must be able to prove that
confidential, private, and sensitive information or data you've maintained the integrity of your data, especially
from unauthorized access, use, misuse, disclosure, in legal contexts.
destruction, modification, or disruption.
Availability - is the mirror image of confidentiality:
Information security vs. cybersecurity while it is needed to make sure that data can't be
accessed by unauthorized users, it also needs to
Cybersecurity is the broader practice of defending ensure that it can be accessed by those who have the
IT assets from attack, and information security is a proper permissions. Ensuring data availability means
specific discipline under the cybersecurity umbrella. matching network and computing resources to the
Network security and application security are sister volume of data access that is expected and
practices to infosec, focusing on networks and implementing a good backup policy for disaster
application, respectively. recovery purposes.
Information security principles In an ideal world, your data should always be kept
The basic components of information security are confidential, in its correct state, and available; in
most often summed up by the so-called CIA triad: practice, of course, you often need to make choices
confidentiality, integrity, and availability. about which information security principles to
emphasize, and that requires assessing your data. If
you're storing sensitive medical information, for
instance, you'll focus on confidentiality, whereas a
financial institution might emphasize data integrity to
ensure that nobody's bank account is credited or
debited incorrectly.
● Authentication ● Backup
● Security Policies
Confidentiality - Data is confidential when only those
people who are authorized to access it can do so; to Information security policy
ensure confidentiality, you need to be able to identify
who is trying to access data and block attempts by The means by which these principles are applied to an
those without authorization. Passwords, encryption, organization take the form of a security policy. This
authentication, and defense against penetration isn't a piece of security hardware or software; rather,
attacks are all techniques designed to ensure it's a document that an enterprise draws up, based on
confidentiality. its own specific needs to establish what data needs to
be protected and in what ways. These policies guide
the organization's decisions around procuring
cybersecurity tools and also mandate employee (IDS/IPS), and penetration testing. Key duties include
behavior and responsibilities. managing security measures and controls, monitoring
security access, doing internal and external security
Among other things, your company's information audits, analyzing security breaches, recommending
security policy should include: tools and processes, installing software, teaching
security awareness, and coordinating security with
● A statement describing the purpose of the infosec outside vendors.
program and your overall objectives
● Definitions of key terms used in the document to Information security certifications
ensure shared understanding If you're already in the field and are looking to stay
● An access control policy, determining who has up-to-date on the latest developments—both for your
access to what data and how they can establish own sake and as a signal to potential employers—you
their rights might want to look into an information security
● A password policy certification. Among the top certifications for
● Data support and operations plan to ensure that information security analysts are:
data is always available to those who need it
● Employee roles and responsibilities when it ● Systems Security Certified Practitioner (SSCP)
comes to safeguarding data, including who is ● Certified Cyber Professional (CCP)
ultimately responsible for information security ● Certified Information System Security
Professional (CISSP)
One important thing to keep in mind is that, in a world ● Certified Ethical Hacker (CEH)
where many companies outsource some computer ● GCHQ Certified Training (GCT)
services or store data in the cloud, your security policy
needs to cover more than just the assets you own. You 3.2 Computer Security
need to know how you'll deal with everything from
personally identifying information stored on AWS What is computer security?
Computer security is the protection of computer systems
instances to third-party contractors who need to be
and information from harm, theft, and unauthorized
able to authenticate to access sensitive corporate info. use. It is the process of preventing and detecting
unauthorized use of your computer system.
Information security measures
There are various types of computer security which
Technical measures - include the hardware and are widely used to protect the valuable information of
software that protects data — everything from an organization.
encryption to firewalls.
Organizational measures - include the creation of an What are Computer Security and its types?
internal unit dedicated to information security, along One way to ascertain the similarities and differences in
with making infosec part of the duties of some staff in Computer Security is by asking what is being secured.
every department For example,
Human measures - include providing awareness
● Information security is securing information
training for users on proper infosec practices
from unauthorized access, modification &
Physical measures - include controlling access to the deletion
office locations and, especially, data centers ● Application Security is securing an
application by building security features to
Information security analyst: Duties prevent Cyber Threats such as SQL injection,
DoS attacks, data breaches, etc.
Security analysts typically deal with information ● Computer Security means securing a
standalone machine by keeping it updated
protection (data loss protection [DLP] and data
and patched
classification) and threat protection, which includes ● Network Security is by securing both the
security information and event management (SIEM), software and hardware technologies
user and entity behavior analytics [UEBA], intrusion
detection system/intrusion prevention system
● Cybersecurity is defined as protecting
computer systems, which communicate over Viruses - A computer virus is a malicious
the computer networks program that is loaded into the user’s
computer without the user’s knowledge. It
It’s important to understand the distinction between replicates itself and infects the files and
these words, though there isn’t necessarily a clear programs on the user’s PC. The ultimate goal of a virus
consensus on the meanings and the degree to which is to ensure that the victim’s computer will never be
they overlap or are interchangeable. able to operate properly or even at all.
Ransomware - In a ransomware
attack, the victim's computer is
locked, typically by encryption, which
keeps the victim from using the
device or data that's stored on it. To
regain access to the device or data, the victim has to
pay the hacker a ransom, typically in a virtual currency
such as Bitcoin. Ransomware can be spread via
malicious email attachments, infected software apps,
infected external storage devices and compromised Keylogger - Also known as a keystroke
websites. logger, keyloggers can track the real-time
activity of a user on his computer. It keeps
Denial of Service - A denial of service a record of all the keystrokes made by the
(DoS) is a type of cyber attack that user keyboard. Keylogger is also a very
floods a computer or network so it powerful threat to steal people’s login credentials such
can’t respond to requests. A distributed as username and password.
DoS (DDoS) does the same thing, but
the attack originates from a computer network. Cyber
attackers often use a flood attack to disrupt the
“handshake” process and carry out a DoS. Several These are perhaps the most common security threats
other techniques may be used, and some cyber that you’ll come across. Apart from these, there are
attackers use the time that a network is disabled to others like spyware, wabbits, scareware,
launch other attacks. A botnet is a type of DDoS in bluesnarfing, and many more. Fortunately, there are
which millions of systems can be infected with ways to protect yourself against these attacks.
malware and controlled by a hacker, according to Jeff
Melnick of Netwrix, an information technology
security software company. Botnets, sometimes called Why is Computer Security Important?
zombie systems, target and overwhelm a target’s
processing capabilities. Botnets are in different
geographic locations and hard to trace. In this digital era, we all want to keep our computers
and our personal information secure and hence
Social engineering attacks - Social engineering is the computer security is important to keep our personal
term used for a broad range of information protected. It is also important to maintain
malicious activities accomplished our computer security and its overall health by
through human interactions. It preventing viruses and malware which would impact
uses psychological manipulation the system performance.
to trick users into making
security mistakes or giving away Computer Security Practices
sensitive information. Computer security threats are becoming relentlessly
inventive these days. There is much need for one to
Social engineering attacks happen in one or more arm oneself with information and resources to
steps. A perpetrator first investigates the intended safeguard against these complex and growing
victim to gather necessary background information, computer security threats and stay safe online. Some
such as potential points of entry and weak security preventive steps you can take include:
protocols, needed to proceed with the attack. Then, the
attacker moves to gain the victim’s trust and provide ● Secure your computer physically by:
stimuli for subsequent actions that break security o Installing reliable, reputable security
practices, such as revealing sensitive information or and anti-virus software
granting access to critical resources. o Activating your firewall, because a
firewall acts as a security guard
Homograph attacks - attackers create between the internet and your local
fake websites with very similar web area network
addresses to legitimate websites. Users ● Stay up-to-date on the latest software and
access these fake websites without news surrounding your devices and
noticing the slight difference in URL, and may submit perform software updates as soon as they
their credentials or other sensitive information to an become available
attacker. ● Avoid clicking on email attachments unless
you know the source
● Change passwords regularly, using a unique
combination of numbers, letters, and case
types
● Use the internet with caution and ignore
pop-ups, and drive-by downloads while
surfing
● Taking the time to research the basic Biometrics authentication devices rely on physical
aspects of computer security and educate characteristics such as a fingerprint, facial patterns,
yourself on evolving cyber-threats or iris or retinal patterns to verify user identity.
● Perform daily full system scans and create a Biometrics authentication is becoming popular for
periodic system backup schedule to ensure many purposes, including network logon. A
your data is retrievable should something biometrics template or identifier (a sample known to
happen to your computer. be from the authorized user) must be stored in a
database for the device to compare to a new sample
Apart from these, there are many ways you can protect given during the logon process. Biometrics are often
your computer system. Aspects such as encryption and used in conjunction with smart cards in high-security
computer cleaners can assist in protecting your environments. The most popular types of biometrics
computers and their files. devices are the following:
Unfortunately, the number of cyber threats is ● Fingerprint scanners: These are widely
increasing at a rapid pace and more sophisticated available for both desktop and portable
attacks are emerging. So, having a good foundation in computers from a variety of vendors,
cyber security concepts will allow you to protect your connecting via a USB or Personal Computer
computer against ever-evolving cyber threats. Memory Card International Association
(PCMCIA, or PC Card) interface.
4.1 Smart Cards and Biometrics Security intrusion
Detection Prevention ● Facial pattern recognition devices: These
devices use facial geometry analysis to verify
Smart cards provide ways to securely identify and
identity.
authenticate the holder and third parties who
want access to the card. For example, a cardholder ● Hand geometry recognition devices: These
can use a PIN code or biometric data for are similar to facial pattern devices but analyze
authentication. They also provide a way to securely hand geometry.
store data on the card and protect communications ● Iris scan identification devices: Iris scanners
with encryption. analyze the trabecular meshwork tissue in the
iris, which is permanently formed during the
Smart cards contain unique features that bring many
eighth month of human gestation.
benefits to both consumers and issuing
organizations. ● Retinal scan identification devices: Retina
scanners analyze the patterns of blood vessels
Smart cards provide: on the retina.