Joenan Decandolo

BS InfoTech 2-A
UNIT 4
Information Systems Security
Assess your Knowledge :
1. Describe one method of multi-factor authentication that you have
experienced and discuss the pros and cons of using multi-factor
authentication.
 Cloud Services (Google)- Goodle also offer two-factor authentication
for users with a google account. Since many people use their google
accounts for more than one purpose, thislevel of protection is
essential. For everday users, Google employs a knowledge factor
followed by a possession factor. So first, the user enters their
password and then they type in one-time SMS code.
 Pros of Multi-factor Authentication
 Makes your account secure
 Easy to use
 Creates another roadblock
 Cons
 Smart phones and physical tokens can be stolen
 Must carry a mobile phone

2. What are some of the latest advances in encryption technologies? Conduct

some independent research on encryption using scholarly or practitioner
resources, then write a two- to three-page paper that describes at least two
new advances in encryption technology.
 Advanced Encryption Standard – The Advanced Encryption
Standard or AES is a symmetric key cipher that uses a 128-bit,
192-bit, or 256-bit key for encryption and decryption. It was
developed by the US National Institute of Standards and
Technology (NIST) as a successor to the DES cipher

 Example DATA MINING

DATA MINING -Data mining,the extraction of hidden predictive information
from large databases ,is a powerful new technology with great potential to help
companies focus on the most important information in their data warehouses. Data
mining algorithms techniques that have existed for atl east 10 years, but have only
recently been implemented as nature,reliable,understandable tools that consistently
outperform older statistical methods.
 Example1
Banking System: Banks have the problem of predicting the credit-worthiness of
new clients on the basis of historic data of past clients. The credit worthiness also
influences the interest rate of a credit. The sequel describes how can be applied to
this problem: A bank has data about clients to whom it gave credits in the past. The
clients are divided into four classes . The first class contains all those clients who
payed back the credit without any problems; the second class those who payed
back with little problem here and there; thethrid contains those who should only
get a credit after detailed checks because substantial problem of payback occurred
in the past.
 Example2:
Marketing Acompany wants to launch an advertising campaign for a product.

3. Find favorable and unfavorable articles about both blockchain and bitcoin.
Report your findings, then state your own opinion about these technologies.
-The author Henry Miller once said, “Confusion is a word we have invented for an
order which is not understood.” And confusion seems to run rampant in many
articles that are critical of blockchain, while the real problem is with Bitcoin and
cryptocurrencies.There are key differences between Bitcoin and blockchain.
Blockchain is a digitized, distributed and secure ledger that guarantees immutable
transactions and solves the trust problem when two parties exchange value.
Cryptocurrencies like Bitcoin rely on blockchain to conduct transactions. Yet
blockchain transcends cryptocurrencies and offers many solutions that are likely to
disrupt numerous industries with some profound implications. In a simple
metaphoric comparison, blockchain is like an engine that can be used in airplanes,
vehicles, elevators, escalators, washers and dryers. Bitcoin, meanwhile, is like the
first Ford Model T car that was manufactured in 1908. This fundamental difference
helps in understanding the polymorphic value of blockchain and the problems with
bitcoin and most cryptocurrencies.
For me my opinion would be -understanding removes confusion, and
understanding the difference between Bitcoin (the car) and blockchain (the engine)
will shed some light on the real problems and the likely future of Bitcoin,
cryptocurrencies and blockchain.

4. What is the password policy at your place of employment or study? Do you

have to change passwords every so often? What are the minimum
requirements for a password?
 A password policy at my place must have minimum of 10 characters.
must have at least two special characters. I usually not changing my
password because I forgot it and confuses my mind.

What I learned from this unit

1. Briefly define each of the three members of the information security triad.
-CIA - Confidentiality, Integrity and Availability.
The CIA Triad is actually a security model that has been developed to help people think
about various parts of IT security.

Confidentiality

It's crucial in today's world for people to protect their sensitive, private information from
unauthorized access.

Protecting confidentiality is dependent on being able to define and enforce certain access
levels for information. In some cases, doing this involves separating information into various
collections that are organized by who needs access to the information and how sensitive
that information actually is - i.e. the amount of damage suffered if the confidentiality was
breached.

Some of the most common means used to manage confidentiality include access control
lists, volume and file encryption, and Unix file permissions.

Integrity

Data integrity is what the "I" in CIA Triad stands for. This is an essential component of the
CIA Triad and designed to protect data from deletion or modification from any
unauthorized party, and it ensures that when an authorized person makes a change that
should not have been made the damage can be reversed.

Availability

This is the final component of the CIA Triad and refers to the actual availability of your data.
Authentication mechanisms, access channels and systems all have to work properly for the
information they protect and ensure it's available when it is needed.

High availability systems are the computing resources that have architectures that are
specifically designed to improve availability. Based on the specific HA system design, this
may target hardware failures, upgrades or power outages to help improve availability, or it
may manage several network connections to route around various network outages.

2. What does the term authentication mean?

 Authentication can be accomplished by identifying someone through one or

more of three factors:
 1. Something they know,
2. Something they have, or
3. Something they are.
3. What is multi-factor authentication?
 something only the legitimate user knows, like a password or a PIN
4.What is role-based access control?
 allows permissions to be assigned to roles, as shown in the middle grid, and
then in the third grid each user is assigned a role. Although not modeled in
the image, each user can have multiple roles such as Reader and Editor.
5.What is the purpose of encryption?
 transmission or storage so that only authorized individuals can read it
6.What are two good examples of a complex password?
 require the use of a minimum of eight characters, at least one upper-case
letter, one special character, and one digit.
-Nopassword00!
-@Password11

7. What is pretexting?
 occurs when an attacker calls a helpdesk or security administrator and
pretends to be a particular authorized user having trouble logging in.

8. What are the components of a good backup plan?

 Full understanding of the organization’s information resources. What information
does the organization actually have? Where is it stored? Some data may be stored
on the organization’s servers, other data on users’ hard drives, some in the cloud,
and some on third-party sites. An organization should make a full inventory of all
of the information that needs to be backed up and determine the best way to back it
up.
Regular backups of all data. The frequency of backups should be based on how
important the data is to the company, combined with the ability of the company to
replace any data that is lost. Critical data should be backed up daily, while less
critical data could be backed up weekly. Most large organizations today use data
redundancy so their records are always backed up.
 Offsite storage of backup data sets. If all backup data is being stored in the same
facility as the original copies of the data, then a single event such as an earthquake,
fire, or tornado would destroy both the original data and the backup. It is essential
the backup plan includes storing the data in an offsite location.
 Test of data restoration. Backups should be tested on a regular basis by having
test data deleted then restored from backup. This will ensure that the process is
working and will give the organization confidence in the backup plan.

9. What is a firewall?
 Firewalls are another method that an organization can use for increasing
security on its network.
10. What does the term physical security mean?
 is the protection of the actual hardware and networking components that
store and transmit information resources.