Cyber Ethics and Policy Management (Lecture 2) Flashcards
What is Risk Management?
A process of identifying factors damaging or disclosing data
To sustain a secure environment
To develop and implement information security strategies to reduce risk and support the organisational mission and objectives
What is professionalism?
Acting to meet the standards set by a profession in terms of individual conduct, competence and integrity
What is the CIA Triad?
Forms the basis of Information Security and stands for Confidentiality, Integrity and Availability.
Also includes Authentication and Nonrepudiation
Explain what each of the 3 CIA components mean
Confidentiality ensures only authorised users have access to information. For it to be maintained on a network data must be protected from unauthorised access or disclosure while stored, in process and in transit
Integrity provides assurances that the information is accurate and not changed by unauthorised users. Controls must be in place to restrict access to data and resources. Activity logging should be employed to ensure only authorised users can access their respective resources
Availability provides that there is timely, reliable access to the information to those who have authorised access
What is COBIT?
Control Objectives for Information and related Technologies
Provides a framework for good practice and enables clear policy development and puts an emphasis on regulatory compliance
What challenges are faced with Information Security? (5)
Privacy
Data breaches
Identification of threats and vulnerabilities
Risk assessments
Compliance
What is a policy?
A policy is a business requirement on actions or processes performed by an organisation.
Security policies require placement of controls in processes specific to the system
COBIT 5 specifically relates to Information Security
What does good security policy management consist of? (9)
Standards Policies Risk frameworks Legislation Guidelines Codes of practice/conduct Professional Ethics Codes of Ethics (ACM)
Enforcement of policies, codes and procedures
List some challenges in Security Policy Management?
Complex technologies create more vulnerabilities and disruptions especially with more reliance on it
Cost of keeping up to date with technology
Keeping policies up to date
Technical and human challenges faced with implementing policies
Understanding the risks
Enforcement issues
Struggle between government control and individual rights
Name some current and future challenges with Cloud technology (6)
Landscape of cyberspace constantly changing
Artificial Intelligence
Internet of Things
Terrorist threats
Cyber bullying and social media
Cryptowar
What should assist practitioners in maintaining professional standards?
Formal Codes of Conduct
Codes of Ethics
Organisational Policies
What groups create policy
World Wide Web Consortium - International standards setting body
Internet Engineering Task Force (IETF) - develops technical standards such as communication protocols
What can cause breaches in Confidentiality (5)
failing to properly encrypt a transmission
failing to authenticate a remote system before transferring data
leaving open otherwise secure access points
accessing malicious code which opens a backdoor
documents left on printers
What type of attacks focus on violating confidentially? (5)
Capturing network traffic
Stealing password files
Social engineering
Port scanning
Sniffing
What type of attacks focus on violating integrity (5)
viruses
logic bombs
Unauthorised access
errors in coding and applications
malicious modification or replacement