Professional Documents
Culture Documents
IT
Information Assurance And Security
2 Introduction
To begin with;
“Information is data endowed with
relevance and purpose.
Data/information is a valuable resource
that must be strictly controlled and
managed, as with any corporate resource.
Like many other technologies,
information technology can be used both
to promote stability and security and to
10/13/2022
10/13/2022
4 Introduction…
10/13/2022
IA…
AI8 should be viewed as spanning four security
engineering domains:
Physical security: protection of hardware, software, and
data against physical threats to reduce disruptions to
operations and services and loss of assets.
Personnel security: measures taken to reduce the
likelihood of accidental and intentional altération,
destruction, mis-use and unauthorized distribution, as the
result of action or inaction by insiders and known
outsiders, such as business partners.”
10/13/2022
9 IA…
IT security: inherent technical features and functions that
collectively contribute to an IT infrastructure achieving
and sustaining confidentiality, integrity, availability,
accountability, authenticity, and reliability.
Operational security: implementation of standard
operational security procedures that define the nature and
frequency of the interaction between users, systems, and
system resources,
10/13/2022
10 IA…
10/13/2022
11 IA…
10/13/2022
12 IA
10/13/2022
13 IA Technologies
10/13/2022
16 IA Technologies …
NOTE;
Among the three generations of IA technologies, each
generation is crucial in achieving the goals of
Information Assurance, and no one can replace another.
10/13/2022
17 What is Security
Security: mechanisms that protect an organizational
assets against intentional or accidental threats/attack.
It also refers to the state of being free from any form of
danger.
In other words it is protection against adversaries who
would do harm intentionally or otherwise.
Information security: The protection of information
asset against unauthorized disclosure, transfer,
modification, or destruction, whether accidental or
intentional
10/13/2022
18 Asset
An asset is the resource being protected, including:
physical assets: devices, computers, people;
logical assets: information, data (in transmission, storage,
or processing), and intellectual property;
system assets: any software, hardware, data,
administrative, physical, communications, or personnel
resource within an information system.
Assets have value so are worth protecting against threats
10/13/2022
19 Threat
A category of entities, or a circumstance, that poses a potential danger to an asset
10/13/2022
20 Forms of threats
10/13/2022
Attack
21
10/13/2022
24 Information Security goals
Availability: Enables authorized users, persons or
computer systems to access information without
interference or obstruction, and to receive it in the
required format.
Accuracy: Ensure information is free from mistakes or
errors and it has the value that the end user expects.
If information has been intentionally or
unintentionally modified, it is no longer accurate.
10/13/2022
25 Information Security goals …
Authenticity : security measures to establish the validity
of a transmission channel, message, or originator.
Information only is authentic when it is in the same
state in which it was created, placed, stored, or
transferred.
Confidentiality : Not disclosed or exposed to
unauthorized individuals or systems.
Confidentiality ensures that only those with the rights
and privileges to access information are able to do so.
10/13/2022
26 Information Security goals…
10/13/2022
28 Threats to information…
Phishing’: sending out ‘scam’ e-mails
with the criminal intent of deceit and
extortion
Phishing is a technique used by
strangers to "fish" for information about
you, information that you would not
normally disclose to a stranger, such as
your bank account number, PIN e.t.c
Spam: unsolicited and/or undesired bulk
e-mail messages, often ‘selling’ a product.
10/13/2022
Threats to information…
29
Malware: Malicious Software deliberately created to
damage, disrupt or destroy network services, computer
software and data.
Types of Malware;
1. Viruses: programs that conceal themselves, infect a
computer & information and keep on replicating
2. Worms: Programs that are capable of independently
propagating throughout a computer network.
They replicate fast and consume large amounts of the
host computers memory.
10/13/2022
30 Malware...
10/13/2022
31 Threats to information…
10/13/2022
32 Threats to information…
Social Problems
People can be just as dangerous as
unprotected computer systems
People can be lied to, manipulated,
bribed, threatened, harmed, tortured,
etc. to give up valuable information
Most humans will breakdown once
they are at the “harmed” stage, unless
they have been specially trained 10/13/2022
33 Who is vulnerable?
10/13/2022
37 Counter Measures to
Threats/Attacks…
Turn On Your Browser's Security Features
Install the Latest Version of Web Browser and Keep It
Up To Date
Update Windows Automatically
Use a Standard User Account: Although an
administrator account provides complete control over a
computer, using a standard account prevents other people
(hackers) from tampering with your computer security
settings
There are three different types of user accounts:
10/13/2022
38 Counter Measures to
Threats/Attacks…
Standard
Administrator
Guest
10/13/2022
39 levels of impact
10/13/2022
40 Low level
The loss could be expected to have a limited adverse
effect on organizational operations, organizational assets,
or individuals.
A limited adverse effect means that, for example, the loss
of confidentiality, integrity, or availability might
Cause a degradation in mission capability to an extent
and duration that the organization is able to perform its
primary functions, but the effectiveness of the
functions is noticeably reduced;
Result in minor damage to organizational assets;
10/13/2022
41 Low level…
10/13/2022
42 Moderate Level Impact
The loss could be expected to have a serious adverse
effect on organizational operations, organizational assets,
or individuals.
A serious adverse effect means that, for example, the loss
might
Cause a significant degradation in mission capability
to an extent and duration that the organization is able
to perform its primary functions, but the effectiveness
of the functions is significantly reduced;
10/13/2022
43 Moderate Level Impact…
10/13/2022
44 High level
The loss could be expected to have a severe or
catastrophic adverse effect on organizational operations,
organizational assets, or individuals.
A severe or catastrophic adverse effect means that, for
example, the loss might
Cause a severe degradation in or loss of mission
capability to an extent and duration that the
organization is not able to perform one or more of its
primary functions;
Result in major damage to organizational assets;
10/13/2022
45 High level …
10/13/2022
46 PROACTIVE AND REACTIVE
10/13/2022