LESSON - 1 - Introduction to Information BALANCING INFO. SECU. AND ACCESS
Technology 1. Implement Access Controls - restrict Information assurance - the measures and access to information based on user roles processes that ensure the confidentiality, and permissions. integrity, and availability of information. 2. Use Multi-Factor Authentication - provide two or more types of authentication Information security - focuses on factors. protecting information from unauthorized 3. Educate Users - practices can help to access, use, disclosure, disruption, reduce the likelihood of accidental data modification, or destruction. breaches. 4. Use Encryption - encoding information INFORMATION SECU. HISTORY so that it can only be read by authorized users. ● Cryptography in Ancient Times 5. Monitor User Activity - detect and ● Medieval Castles prevent security breaches. ● World War II and the Enigma Machine APPROACHES TO INFO. SECU. ● Birth of Modern Computing and Early Threats - 1940s - 50s ❖ Risk-based Approach - identifying ● Passwords and Access Controls - and assessing risks 1960s ❖ Compliance-based Approach - ● The Internet Era - 1970s - 80s comply with regulatory requirements. ● The Morris Worm - 1988, Robert ❖ Defense-in-Depth Approach - Tappan Morris multiple layers of security ● Public-Key Cryptography - by ❖ Human-centric Approach - people Whitfield Diffie, Martin Hellman, and in information security Ralph Merkle in the mid-1970s ❖ Technology-focused Approach - use of technology to protect COMPONENTS OF INFO. SYSTEM information.
➔ People - creating, managing, and SECU. IN THE System Development Life
using data and information. Cycle ➔ Processes - activities and procedures 1. Planning ➔ Data - raw material 2. Analysis ➔ Software - computer programs and 3. Design applications 4. Implementation ➔ Hardware - physical components 5. Testing ➔ Network - communication 6. Deployment infrastructure / data transmission 7. Maintenance LESSON - 2 - The Need for Security 2. Patent infringement - someone uses or sells an invention or process protected by 1. Cyberattacks - through the internet or patent. other digital channels 3. Trademark infringement - uses a logo, 2. Physical attacks - carried out in person. brand name, or other symbol that is 3. Terrorism - violence and intimidation to protected by a trademark achieve political or ideological goal 4. Trade secret theft - steals confidential 4. Threats of violence - verbal threats, information, such as customer lists, written threats, or online threats formulas, or manufacturing processes, from 5. Natural disasters - hurricanes, a business. earthquakes, and floods 5. Counterfeiting - creates or sells fake 6. Financial fraud - deception or versions of products that are protected by IP misrepresentation to obtain money. laws.
Types of threats and attacks in ➢ Espionage or trespass
information security - illegal or unauthorized access to confidential information or property 1. Malware - harm or disrupt computer systems 1. Corporate espionage - when a company 2. Phishing - social engineering attack that or individual steals. uses email, phone calls, or clicking on a 2. Cyber espionage - when a foreign malicious link. government or group uses hacking or other 3. Denial-of-service (DoS) attacks - DoS digital methods attacks are designed to overload a system 3. Trespassing - when someone enters a or network with traffic property without permission or 4. Password attacks - guess or crack a authorization. user's password to gain unauthorized 4. Physical espionage - when someone access gains access to confidential information by 5. Insider threats - employees or physically stealing contractors steal or compromise sensitive 5. Economic espionage - when a foreign information. government or group steals information 6. Physical attacks - physically accessing about a company's finances. an organization's facilities or equipment to steal or damage data. ➢ Human error or failure - mistakes or errors made by ➢ Compromises to intellectual individuals or groups that result in property unintended consequences or negative - when someone uses, steals, or outcomes shares protected information or ideas without permission or proper authorization. 1. Mistakes in healthcare - medication errors, misdiagnosis 1. Copyright infringement - someone 2. Errors in aviation - pilot error, air traffic uses, reproduces, or distributes copyrighted control mistakes, or mechanical failures. material without permission. 3. Manufacturing errors - mistakes in the ➢ Software attacks production process - cyberattacks that exploit 4. Cybersecurity breaches - when vulnerabilities in software applications or individuals or groups gain unauthorized systems to gain unauthorized access access to sensitive data or systems 5. Environmental disasters - oil spills or ➢ Technological obsolescence industrial accidents. - the state where technology becomes outdated or no longer useful due ➢ Information extortion to the emergence of newer, more advanced - cybercrime in which the attacker technologies. threatens to publish or withhold sensitive or confidential information unless a ransom or 1. Outdated hardware - become obsolete other demand is met. as newer, more powerful devices are released. 1. Ransomware attacks - involve the use 2. Obsolete software - no longer supported of malware to encrypt a victim's demand by the vendor. payment in exchange for the decryption key. 3. Disruptive technologies - offering new 2. Doxxing - involves the publication of an and more efficient solutions. individual's personal information 4. Changing market demands - changes 3. DDoS attacks: Distributed denial of in consumer behavior or market demand service (DDoS) attacks involve flooding a can render certain technologies or products target's servers with traffic obsolete 4. Insider threats - involve employees or contractors who have access to sensitive ➢ Theft information. - act of taking someone else's property without their consent or ➢ Sabotage or vandalism permission. - intentional damage or destruction of property, equipment, or information with 1. Physical theft - stealing tangible items, the aim of causing harm 2. Identity theft - stealing someone's personal information 1. Physical damage - acts of vandalism, 3. Intellectual property theft - stealing such as graffiti or destruction of property, or someone's creative work sabotage of equipment or machinery. 4. Cyber theft - stealing data or information 2. Cyberattacks - hacking, denial of service from computer systems or networks attacks, or the introduction of malware or viruses into a network. Understand the terms in Intellectual 3. Environmental sabotage - acts of Property eco-terrorism, such as the destruction of oil pipelines or logging equipment. PATENT TRADEMARK 4. Intellectual property theft - include the COPYRIGHT TRADE SECRET theft or destruction of proprietary INFRINGEMENT LICENSING information or trade secrets. FAIR USE