Information Assurance 1 Flashcards
is the overarching approach for identifying, understanding, and managing risk through an organization’s use of information and information systems.
Information Assurance
is to protect and defend the information and
information systems by ensuring their availability, integrity, authentication, confidentiality, and nonrepudiation.
Information Assurance
FUNDAMENTAL CONCEPTS IN PROTECTING
ORGANIZATIONS’ INFORMATION ASSETS
- INFORMATION ASSURANCE
- INFORMATION SECURITY
- INFORMATION PROTECTION
- CYBERSECURITY
is a subdomain of information assurance. Focused on CIA triad, Confidentiality, Integrity, Availability
Information Security
- is best viewed as a subset of information security.
- It is often defined in terms of protecting the confidentiality and integrity of information through a variety of means such as policy, standards, physical controls, technical controls, monitoring, and information classification or categorization
INFORMATION PROTECTION
used to describe the measures taken to protect electronic information systems against unauthorized access or attack, protection
of networks and electronic information systems and focuses on the vulnerabilities and threats of an information system at the tactical
level.
CYBERSECURITY
It is to ensure the permanent inviolability of our national territory and its effective control by the Government and the State.
2011-2016 National Security
Laws in force relating to cyber information security
- 2011-2016 National Security Policy
- R.A. 8792 (E-commerce act)
- R.A. 9775 (Anti-Child Pornography Act of 2009)
- R.A. 9995 (Anti-Photo and Video Voyeurism Act of 2009
- R.A. 10173 (Data Privacy Act of 2012)
- R.A. 10175 (Cybercrime Prevention Act of 20120
- M.O. 37, s2001 (Providing for the Fourteen Pillars of Policy and Action of the Government Against Terrorism – critical infrastructure is defined in this document and requires the preparation of a comprehensive security plan [1][a] above)
- E.O. 810, s2009 (Institutionalizing the Certification Scheme for Digital Signature)
- A.O. 39, s2013 (Government Web hosting Service of DOST ICT Office
- PNS ISO/IEC 270001:2005 (Information technology — Security techniques — Information security management systems – Requirements)
- PNS ISO/IEC 27002:2005 (Information technology — Security techniques — Code of practice for information security management)
- recognizes use of electronic commercial and non-commercial transactions and electronic signature
- legal recognition to electronic data messages, electronic documents and electronic signatures
R.A. 8792 (E-commerce act)
protects the victims who are made to believe that they are performing sexual acts in private
R.A. 9995 (Anti-Photo and Video Voyeurism Act of 2009
aims to protect personal data in information and communications systems both in the government and the private sector
R.A. 10173 (Data Privacy Act of 2012)
“Child” refers to a person below eighteen (18) years of age or over but is unable to fully take care of, or protect, himself/herself from abuse, neglect, cruelty, exploitation or discrimination because of a physical or mental disability or condition.
R.A. 9775 (Anti-Child Pornography Act of 2009)
completely address crimes committed against and by means of computer system
R.A. 10175 (Cybercrime Prevention Act of 20120
PROVIDING FOR THE FOURTEEN PILLARS OF POLICY AND ACTION OF THE GOVERNMENT AGAINST TERRORISM
Memorandum Order No. 37, s. 2001
```
MANDATING GOVERNMENT AGENCIES TO MIGRATE TO THE GOVERNMENT WEB HOSTING SERVICE (GWHS) OF THE DEPARTMENT OF SCIENCE AND TECHNOLOGY-INFORMATION AND COMMUNICATIONS TECHNOLOGY OFFICE (DOST-ICTO)
Administrative Order No. 39, s. 2013
