ITEC 85 - INFORMATION ASSURANCE
AND SECURITY -
LESSON - 1 - Introduction to Information
Technology
Information assurance - the measures and
processes that ensure the confidentiality,
integrity, and availability of information.
Information security - focuses on
protecting information from unauthorized
access, use, disclosure, disruption,
modification, or destruction.
INFORMATION SECU. HISTORY
● Cryptography in Ancient Times
● Medieval Castles
● World War II and the Enigma
Machine
● Birth of Modern Computing and
Early Threats - 1940s - 50s
● Passwords and Access Controls -
1960s
● The Internet Era - 1970s - 80s
● The Morris Worm - 1988, Robert
Tappan Morris
● Public-Key Cryptography - by
Whitfield Diffie, Martin Hellman, and
Ralph Merkle in the mid-1970s
COMPONENTS OF INFO. SYSTEM
➔ People - creating, managing, and
using data and information.
➔ Processes - activities and
procedures
➔ Data - raw material
➔ Software - computer programs and
applications
➔ Hardware - physical components
➔ Network - communication
infrastructure / data transmission
BALANCING INFO. SECU. AND ACCESS
1. Implement Access Controls - restrict
access to information based on user roles
and permissions.
2. Use Multi-Factor Authentication -
provide two or more types of authentication
factors.
3. Educate Users - practices can help to
reduce the likelihood of accidental data
breaches.
4. Use Encryption - encoding information
so that it can only be read by authorized
users.
5. Monitor User Activity - detect and
prevent security breaches.
APPROACHES TO INFO. SECU.
❖ Risk-based Approach - identifying
and assessing risks
❖ Compliance-based Approach -
comply with regulatory requirements.
❖ Defense-in-Depth Approach -
multiple layers of security
❖ Human-centric Approach - people
in information security
❖ Technology-focused Approach -
use of technology to protect
information.
SECU. IN THE System Development Life
Cycle
1. Planning
2. Analysis
3. Design
4. Implementation
5. Testing
6. Deployment
7. Maintenance
LESSON - 2 - The Need for Security
1. Cyberattacks - through the internet or
other digital channels
2. Physical attacks - carried out in person.
3. Terrorism - violence and intimidation to
achieve political or ideological goal
4. Threats of violence - verbal threats,
written threats, or online threats
5. Natural disasters - hurricanes,
earthquakes, and floods
6. Financial fraud - deception or
misrepresentation to obtain money.
Types of threats and attacks in
information security
1. Malware - harm or disrupt computer
systems
2. Phishing - social engineering attack that
uses email, phone calls, or clicking on a
malicious link.
3. Denial-of-service (DoS) attacks - DoS
attacks are designed to overload a system
or network with traffic
4. Password attacks - guess or crack a
user's password to gain unauthorized
access
5. Insider threats - employees or
contractors steal or compromise sensitive
information.
6. Physical attacks - physically accessing
an organization's facilities or equipment to
steal or damage data.
➢ Compromises to intellectual
property
- when someone uses, steals, or
shares protected information or ideas
without permission or proper authorization.
1. Copyright infringement - someone
uses, reproduces, or distributes copyrighted
material without permission.
2. Patent infringement - someone uses or
sells an invention or process protected by
patent.
3. Trademark infringement - uses a logo,
brand name, or other symbol that is
protected by a trademark
4. Trade secret theft - steals confidential
information, such as customer lists,
formulas, or manufacturing processes, from
a business.
5. Counterfeiting - creates or sells fake
versions of products that are protected by IP
laws.
➢ Espionage or trespass
- illegal or unauthorized access to
confidential information or property
1. Corporate espionage - when a company
or individual steals.
2. Cyber espionage - when a foreign
government or group uses hacking or other
digital methods
3. Trespassing - when someone enters a
property without permission or
authorization.
4. Physical espionage - when someone
gains access to confidential information by
physically stealing
5. Economic espionage - when a foreign
government or group steals information
about a company's finances.
➢ Human error or failure
- mistakes or errors made by
individuals or groups that result in
unintended consequences or negative
outcomes
1. Mistakes in healthcare - medication
errors, misdiagnosis
2. Errors in aviation - pilot error, air traffic
control mistakes, or mechanical failures.
3. Manufacturing errors - mistakes in the
production process
4. Cybersecurity breaches - when
individuals or groups gain unauthorized
access to sensitive data or systems
5. Environmental disasters - oil spills or
industrial accidents.
➢ Information extortion
- cybercrime in which the attacker
threatens to publish or withhold sensitive or
confidential information unless a ransom or
other demand is met.
1. Ransomware attacks - involve the use
of malware to encrypt a victim's demand
payment in exchange for the decryption key.
2. Doxxing - involves the publication of an
individual's personal information
3. DDoS attacks: Distributed denial of
service (DDoS) attacks involve flooding a
target's servers with traffic
4. Insider threats - involve employees or
contractors who have access to sensitive
information.
➢ Sabotage or vandalism
- intentional damage or destruction
of property, equipment, or information with
the aim of causing harm
1. Physical damage - acts of vandalism,
such as graffiti or destruction of property, or
sabotage of equipment or machinery.
2. Cyberattacks - hacking, denial of service
attacks, or the introduction of malware or
viruses into a network.
3. Environmental sabotage - acts of
eco-terrorism, such as the destruction of oil
pipelines or logging equipment.
4. Intellectual property theft - include the
theft or destruction of proprietary
information or trade secrets.
➢ Software attacks
- cyberattacks that exploit
vulnerabilities in software applications or
systems to gain unauthorized access
➢ Technological obsolescence
- the state where technology
becomes outdated or no longer useful due
to the emergence of newer, more advanced
technologies.
1. Outdated hardware - become obsolete
as newer, more powerful devices are
released.
2. Obsolete software - no longer supported
by the vendor.
3. Disruptive technologies - offering new
and more efficient solutions.
4. Changing market demands - changes
in consumer behavior or market demand
can render certain technologies or products
obsolete
➢ Theft
- act of taking someone else's
property without their consent or
permission.
1. Physical theft - stealing tangible items,
2. Identity theft - stealing someone's
personal information
3. Intellectual property theft - stealing
someone's creative work
4. Cyber theft - stealing data or information
from computer systems or networks
Understand the terms in Intellectual
Property
PATENT TRADEMARK
COPYRIGHT TRADE SECRET
INFRINGEMENT LICENSING
FAIR USE