IAS REVIEWER

LESSON 1

INFORMATION SECURITY
What is Security?
-The quality or state of being secure—to be free from danger

Physical security - to protect the physical items, objects, or areas of an

organization from unauthorized access and misuse.

Personal security – to protect the individual or group of individuals who

are authorized to access the organization and its operations.

Operations security – to protect the details of a particular operation or

series of activities.

Communications security – to protect an organization’s communications media, technology, and

content.

Network security – to protect networking components, connections,

and contents.

What Is Information Security?

The protection of information

Critical Characteristics of Information

Availability - enables users who need to access

information to do so without interference or obstruction and in the required format

Accuracy- free from mistake or error

Authenticity - the quality or state of being genuine or original,

Confidentiality - the quality or state of preventing disclosure or exposure to unauthorized individuals or

systems.

Integrity - the quality or state of being whole, complete, and uncorrupted.

Utility - the quality or state of having value for some purpose or end.

Possession - the quality or state of having ownership or control of some object or item.
Components of an Information System
Software - is an integral part of an IS.

Hardware - includes computers and servers.

Networks - such as local area networks (LANs), wide area networks (WANs),

Data - This includes structured data stored in databases

People - play a key role in any IS, from administrators

Procedures/Processes - governing how components work together

History of Information Security

Began immediately after the first mainframes were developed

Groups developing code-breaking computations during

World War II created the first modern computers

1960s
Advanced Research Procurement Agency (ARPA)

Larry Roberts developed ARPANET

Managing information systems

System security - is critical for an IS

Data management - maintaining the accuracy,

Network management - monitoring and maintaining the network

System maintenance - IS administrators must make sure that the system is running smoothly

User support - Users rely on the IS

Approaches to Information Security Implementation

Top Down Approach- This type of approach is known to be most successful

bottom up approach- implementing security measures and reporting the findings to the top-level senior
employees.

Information Security: Organization Structure, Roles, and Responsibilities

Executive Management- Assigned overall responsibility for information security

Information System Security Professionals- Responsible for the design, implementation, management,

Data Owners- Owners (data owners

Data Custodians- A function that has custody of the system/databases, not necessarily belonging to
them, for any period of time.

Users- Responsible for using resources

IS Auditors- Responsible for Providing independent assurance to management

LESSON 2
DOS ATTACK
What is DOS ATTACK Denial-Of-Service Attack?
DoS - when a single host attack

DDoS (Distributed Denial of Service) - when multiple hosts attack simultaneously

Idea of DOS ATTACKS- Purpose is to shut down a site, not penetrate it.

Denial of Service Attack Typical Connection

HISTORY Morris Worm (November 2, 1988)

Types of Dos Attacks

Penetration- Attacker gets inside your machine

Eavesdropping- Attacker gains access to same network

Man-In-The-Middle- Attacker listens to output and controls output

Flooding- Attacker sends an overwhelming number of messages at your machine; great congestion

How to defend DoS?

Firewalls - prevent users from launching

Switches - provide automatic and/or system- wide rate limiting

Routers- add rules to take flow statistics