IAS Flashcards
is the study of how to protect your information assets from destruction, degradation, manipulation and exploitation
Information Assurance (IA)
study on how to recover should any of those happen.
Information Assurance
5 aspects of information needed protection
Availability, Integrity, Confidentiality, Authentication, Non-repudiation
timely, reliable access to data and information services for authorized users;
Availability
protection against unauthorized modification or destruction of information;
integrity
assurance that information is not disclosed to unauthorized persons;
Confidentiality
security measures to establish the validity of a transmission, message, or originator.
Authentication
assurance that the sender is provided with proof of a data delivery
Non- repudiation
True or False: IT security cannot be accomplished in a vacuum
TRUE
Four Major categories of Information Assurance
Physical Security, personnel security, IT security, Operational Security
refers to the protection of hardware, software, and data against physical threats to reduce or prevent disruptions to operations and services and loss of assets.
Physical Security
6 Proper Practice of Information Assurance
-enforcing hard-to-guess passwords
- encrypting hard drives
- locking sensitive documents in a safe
- assigning security clearances to staffers
- using SSL for data transfer
- having off-site back up of documents
is a variety of ongoing measures taken to reduce the likelihood and severity of accidental and intentional alteration, destruction,
Personnel Security
action or inaction by insiders and known outsiders, such as business partners.
Personnel Security
is the inherent technical features and functions that collectively contribute to an IT infrastructure
IT security
involves the implementation of standard operational security procedures
Operational Security
Purpose of operational security
achieve and sustain a known secure system state at all times
-prevent accidental or intentional theft, release, destruction, alteration, misuse, or sabotage of system resources.
According to _________, a computing environment is made up of five continuously interacting components
Raggad’s taxonomy of information security
5 continuously interacting components
activities, people, data. technology and network
According to ______, IA can be thought of as protecting information at three distinct levels
Blyth and Kovacich
3 distinct levels
Physical
-information infrastructure
- perceptual
data and data processing activities in physical space;
Physical
information and data manipulation abilities in cyberspace;
information infrastructure
knowledge and understanding in human decision space.
Perceptual
What is the lowest level focus of IA?
Physical Level
Computers, physical networks, telecommunications and supporting systems such as power, facilities and environmental controls
Physical Level
At this level people are the one who manage the systems.
Physical Level
to affect the technical performance and the capability of physical systems, to disrupt the capabilities of the defender.
Desired effects(Physical level)
physical attack and destruction, including: electromagnetic attack, visual spying, intrusion, scavenging and removal, wiretapping, interference, and eavesdropping.
Attackers Operations ( Physical level)
physical security, OPSEC, TEMPEST
Defenders Operations ( Physical Level)
COMPSEC meaning:
Computer security
COMSEC:
Communications and network security
ITSEC
both COMPSEC and COMSEC
What is the second level focus of IA?
Infrastructure level
OPSEC
operations security
This covers information and data manipulation ability maintained in cyberspace, including: data structures, processes and programs, protocols, data content and databases.
Infrastructure Level
to influence the effectiveness and performance of information functions supporting perception, decision making, and control of physical processes.
Desired effects ( IL)
impersonation, piggybacking, spoofing, network attacks, malware, authorization attacks, active misuse, and denial of service attacks.
Attackers Operation (IL)
information security technical measures such as: encryption and key management, intrusion detection, anti-virus software, auditing, redundancy, firewalls, policies and standards.
Defenders Operation (IL)
What is the third level of IA?
Perceptual Level
This is abstract and concerned with the management of perceptions of the target, particularly those persons making security decisions.
Perceptual Level
to influence decisions and behaviors
Desired effects ( PL)