Professional Documents
Culture Documents
Confidentiality
Confidentiality is the term used to prevent information from being
disclosed to unauthorized persons. For example, using a credit card in
commercial transactions on a network requires entering the credit card
number to be transmitted from the buyer to the merchant and from the
merchant to complete and process transactions on the network. The
system attempts to enforce confidentiality by encrypting the card
number during transmission, by restricting access to the places where the
card number is stored or the sequence of the card number appears (in
databases, file history, backups, and printed receipts), by restricting
access to the places where the number and data are stored. . However, if
the unauthorized party obtains the card number in any way, this is a
violation of the principle of confidentiality in saving and storing data.
Breach of confidentiality takes many forms. Someone spying on a
computer screen to steal login passwords, or seeing confidential data
without its owner knowing, could be a breach of confidentiality. If the
laptop contains sensitive information about company employees, stealing
or selling it could result in a breach of confidentiality. Giving confidential
information via telephone call is a violation of the principle of
confidentiality if the caller is not authorized to receive the information.
Integration (safety)
In the field of information security, integrity means keeping data from
being changed or modified by unauthorized people. When a person,
intentionally or unintentionally, deletes, violates the integrity of or
damages important data files, and is not authorized to do so, this is a
data integrity violation. When a virus infects a computer and modifies or
destroys its data, this is a violation of data integrity. Likewise, when an
(unauthorized) employee is able to modify his salary in the database and
salaries, and when an (unauthorized) user sabotages a website, all of this
is considered a violation. Data integrity violation. Data integrity also
means that changes in data are constant. When a bank customer
withdraws or deposits, this should be reflected in his balance in the bank.
A breach of data integrity is not necessarily the result of an act of
sabotage. For example, an interruption in the system may result in
unintended changes or not save changes that have already been made.
Data availability
Any information system aims to serve its purpose, to have information
available when it is needed. This means that the following system
elements work properly and continuously:
Computer systems used to store and process information.
Security controls used to protect the system.
Communication channels used for access.
Highly confidential systems aiming to ensure continuity of protection at
all times.
Prevent service interruptions due to power outages, hardware failure, or
system upgrades and updates.
Ensure prevention of denial of service attacks.
Risk Management
A comprehensive treatment of the topic of risk management is beyond
the scope of this article. However, it will provide a useful definition of risk
management as well as some basic terms commonly used in the risk
management process.
Risk is the possibility that something bad will happen causing harm to an
information asset (or loss of the asset). A vulnerability is a weakness that
can be used to compromise or cause damage to an information asset.
Threat Any action (man-made or act of nature) that has the potential to
cause harm.
risk assessment
Security policy.
Information security regulation,
asset management.
Human resources security.
Physical environmental security.
Communications and operations management,
Access control.
Acquiring, developing and maintaining information systems, or what is
called modernization,
Information security incident management.
Business continuity management
Regulatory compliance.
Risk Management
The risk management process consists of:
Replication: The process of multiplying the virus occurs when the virus is
attached to a file. Here, the number of operations that take place
increases to millions, which causes slowness in work or the computer
stops working.
Stealth: The virus must be hidden so that it is not exposed and becomes
ineffective. In order to hide, it uses several methods, including, for
example, reducing the size of the virus so that it can successfully hide in
memory or another file.
Causing harm: The harm caused by the virus may range from merely
emitting a musical sound or erasing all of your stored information. Other
examples of causing harm include deleting some system files, shutting
down the computer on its own when accessing the Internet, for example,
or canceling the program written in the BIOS.
DoS attack
This type of service in which the hacker or attacker performs special
actions that lead to the disruption of devices that provide the server
service in networks.
Internet
Networks that use the public telephone network
Total control attack
In this type, the hacker takes complete control of the victim’s device and
controls all his files as if they were on his own device, and the hacker can
monitor the victim completely. The attack occurs after the hacker places
a small file on the victim's device (via email or any other means) or by
exploiting vulnerabilities in operating systems.
Disinformation attack
In which the hacker impersonates a public website. A hacker can also
impersonate a trusted user to obtain unauthorized information.