Professional Documents
Culture Documents
Ias101 Prelim Reviewer
Ias101 Prelim Reviewer
ASSURANCE STRATEGY
BSIT-3A | INFORMATION ASSURANCE AND SECURITY 1
COMPREHENSIVE
- Understanding the organization to be effective and should be
relatable, practical, and address the organization entirely.
- Strategic, Tactic, and Operational
INDEPENDENT
- Development of the organization’s info assurance strategy, it should be
detailed, refined, and independent content meticulously aligned to its
mission and vision and other concerns.
LIVING DOCUMENT
- Must be well documented and updated in a regular interval, to comply
w/ changing business requirements as law is being amended.
RISK-BASED APPROACH
- Organizations must identify their risk profile and prioritize them.
- Strategy must take consideration of the midterm and short-term plan.
ORGANIZATIONALLY SIGNIFICANT
- Part of the organization is significant in all aspects of the
organization's existence and operation.
1
STRATEGIC, TAKTIC, AND OPERATIONAL
- Provides a framework for organization’s top management
_______
HACKERS
➔ White
➔ Black
➔ Gray
SECURITY
SECURITY SERVICES INFORMATION STATES COUNTERMEASURES
DEFENSE IN DEPTH
CONFIDENTIALITY
- Sensitive info being shared to the intended receiver only.
- Cannot be disclosed to anyone even during transit.
- Only “Authorized User” can modify this info.
INTEGRITY
- State of trueness of the info by insuring that the info is not tampered,
modified unless by APO (Authorized Personnel Only).
2
NON REPUDIATION
- The owner of a signature key pair that could generate an existing signature
corresponding to certain data.
AUTHENTICATION
- Process of identifying or recognizing user’s identity.
AVAILABILITY
- It is a security feature, which ensures the info is available for use in a timely
manner if not always.
- Storage and Hardware maintenance are observed.
COMMON THREATS
THREATS - potential events that may cause the loss of info assets.
- Threat maybe natural, deliberate, or accidental.
1. SOFTWARE ATTACKS
- Malicious application programs like viruses, worms to solicit info
for illegal purposes or activities.
- Can be taken from using EXTERNAL DRIVES, MEMORY STICKS,
VISITING PORNOGRAPHIC SITES, UNTRUSTED WEBSITE.
- A piece of code or software program that is hostile, intrusive,
malicious or at least annoying.
- It penetrates the system resulting in damage to the system.
3
- Stolen intellectual property can have a big impact on the
business; it can even result in loss of business.
3. IDENTITY THEFT
- Fraudulent acquisition by pretending someone's identity.
- Using it usually for financial gain or to enforce entry to a
secured/restricted area.
5. SABOTAGE
- Relationship within an organization can become excessively
competitive resulting in severed relationships with co-workers.
- Managing relationships within and outside the organization is
also an important aspect of information assurance.
6. INFORMATION EXTORTION
- Cyber extortion - it is an online crime in which hackers hold your
data, website, computer system, or other sensitive information
hostage until you meet their demand for payment.
4
CONTROL
1. MANAGEMENT CONTROL
● Security controls that are strategic and suitable for planning and
monitoring purposes.
Example:
○ Information assurance policy
○ information assurance risk management exercises
2. OPERATIONAL CONTROLS
● Controls used in day-to-day operations to ensure the secure
execution of business activities.
Example:
○ Mechanisms or Tools for IT support and operation
○ Physical and Environmental security controls
○ Information security incident-handling process and
○ procedures
3. TECHNICAL CONTROLS
● Possible technical and physical implementation of information
assurance solution and recommendation.
Example:
○ Access Controls
○ Security Audit
○ Monitoring Tool
5
CRYPTOLOGY
CRYPTOLOGY
- In the earliest type, folks are trying to HIDE INFORMATION that they wished to stay
in their own possessions.
- By work component replacing w/ Symbols, Numbers, and Images.
Caesar’s Substitution: