INFORMATION PROTECTION AND SECURITY Flashcards
a person who breaks in to a security system only with a malicious intent. A person who breaks in to a computer system for the purpose of earning profit, finding security loopholes of the system, showing protest or just for the sake of challenge is called a hacker. In recent times the differentiation between the definitions of the two terms has become vague due to the misuse of them by the mass media and the existence of the people belonging to both
categories.
Cracker(BREAK)
_______ build, while crackers break.
Hackers(BUILD)
FRAUD TYPES
Skimming
Phishing
Pharming
where the card is cloned
Skimming
technique used to obtain your card and personal details
through a fake email
Phishing
a similar technique using fake websites, such as imitating a
bank’s website
Pharming
Attack through which a person can render a system unusable or significantly slow down the system for legitimate users by overloading the system so that no one else can use it.
Denial of Service (DOS) Attack
ACTS OF UNLAWFUL INTERFERENCE (7)
Unlawful seizure of aircraft,
Destruction of an aircraft in service,
Hostage-taking on board aircraft or on aerodromes,
Forcible intrusion on board an aircraft, at an airport or on the premises of an aeronautical facility,
Introduction on board an aircraft or at an airport of a weapon or hazardous device or material
intended for criminal purposes,
Use of an aircraft in service for the purpose of causing death, serious bodily injury, or serious
damage to property or the environment,
Communication of false information such as to jeopardize the safety of an aircraft in
flight or on the ground, of passengers, crew, ground personnel on the general public,
at an airport or on the premises of a civil aviation facility.
has dual requirements of protection of the ATM system against threats and vulnerabilities and the provision of ATM security services in support of organizations and authorities engaged in aviation security, national security, defense, and law enforcement.
ATM security
ATM SYSTEM INFRASTUCTURE PROTECTION
Facility physical security and access control
(ATM facility design considerations, NAVAIDs, etc.)
Personnel security program
(position risk categorization, personnel screening and vetting, third-party personnel security, etc.)
Information and Communication Technology (ICT)
system security (unauthorized access, tampering with the systems, attacks on the systems)
Contingency planning for ATM security
(planning, system degradation to a safe/secure situation, service continuity, recovery, maintenance of plans)
ATM SECURITY OPERATIONS
ATM contribution to safeguarding against unlawful
interference
ATM support for law enforcement
(e.g. laser threats, man portable air defence system threats)
Disasters and public health emergencies
(e.g. disaster response and recovery, communicable disease and other public health risks on board aircraft)
Airspace management for ATM security
(monitoring and reporting over security identification zones, emergency security control of air traffic, creation and monitoring of temporary airspace/flight restrictions)
ICAO HEADQUARTES AND BRANCHES
MONTREAL, CANADA (HEADQUARTERS)
MEXICO CITY (NORTHAMERICA AND CARIBBEAN)
LIMA (SOUTH AMERICA)
PARIS (EUROPEAN AND NORTHATLANTIC)
DAKAR (WESTERN AFRICA)
CAIRO (MIDDLE EAST)
NAIROBI (EASTERN AFRICA)
BEIJING (ASIA-PACIFIC SUB OFFICE)
BANGKOK (ASIA-PACIFIC)
The Aviation Cybersecurity Strategy (7)
International Cooperation
Governance
Effective Legislation & Regulations
Cybersecurity Policy
Information Sharing
Incident Management & Emergency Planning
Capacity Building, Training, & Cybersecurity Culture
Cyber Threats are ______, _______ and ________
BORDERLESS, COMPLEX, and AGILE
Digitalization is _____ to Civil Aviation ________ and Future Development Across _______
KEY, INTEROPERABILITY , ALL DOMAINS
a set of principles and practices designed to safeguard your computing assets and online information against THREATS
CYBERSECURITY
refers to criminal activities that specifically target a computer or network for damage orinfiltration.
CYBERCRIME
is a deliberate exploitation of computer systems, technology dependent enterprises, and networks.
it uses malicious code to alter computer code, logic, or data, resulting in disruptive consequences that can compromise data and lead to cyber-crimes, such as information and identity theft.
CYBERATTACK
The ability of an individual or group to seclude themselves or information about themselves, and thereby express themselves selectively. When something is private to a person, it usually means that something is inherently special or sensitive to them.
PRIVACY
WAYS OF PROTECTING INFORMATIONS
ANTI VIRUS SOFTWARE
TRUSTED SOFTWARE
UPDATED SOFTWARE
FIREWALL
BACKUP FILES
also known as internet privacy or digital privacy, refers to how much of your personal, financial and browsing information remains private when you’re online.
ONLINE PRIVACY
is the need to preserve and protect any personal data being collected by any organization.
DATA PRIVACY
information or an opinion forming part of a database, whether true or not, and whether recorded in a material form or not, about an individual whose identity is apparent,
or can reasonably be ascertained, from the information.
PERSONAL INFORMATION
DATA PRIVACY RIGHTS
THE RIGHT TO:
INFORM
ACCESS
OBJECT
ERASE OR BLOCK
RECTIFY
DAMAGES
FILE A COMPLAINT
CYBERSECURITY SCOPE:
-Physical Security
-Data Security
-Security roles, responsibilities,
and accountabilities
-Risk Management
-Education and
training
-Monitoring
-Recovery
AIR TRANSPORT ECOSYSTEM:
ATM, AIRCRAFT AND AIRPORT
GLOBAL CYBER TRENDS:
More users and devices
Wider networks and faster connections
Easier data storage and new efficient data types
More usages and new services
Less isolated architectures
Quick adoption of new technologies
WHAT ARE THE COMMON CYBERTHREATS?
-Malware
-Hacking
-Social Engineering
-Ransomware
-Man in the Middle ( MitM)
-phishing
-The DOS (Denial of Service)
- Identity Theft
-Sextortion
-Password Attack
1. brute force attack
2. dictionary attack
3. keylogging
malicious software intended to damage or disable computers and computer systems.
Malware
unauthorized access to data in a system, to steal information, exchange of data, and damage data.
Hacking
is an art of exploiting human psychology, rather than technical hacking techniques, to gain access to buildings, systems or data.
Social Engineering
is a subset of malware in which the data on a victim’s computer is locked, typically by encryption, and payment is demanded before the ransomed data is decrypted and access returned to the victim.
Ransomware
attack is when an attacker intercepts communications between two parties either to secretly eavesdrop or modify traffic traveling between the two. Attackers might use MitM attacks to steal login credentials or personal information, spy on the victim, or sabotage communications or corrupt data.
Man in the Middle ( MitM)
involves running through as many combinations
of potential passwords as necessary to hit on the right one.
brute force attack
common passwords is used to attempt to gain access to a user’s computer and network
dictionary attack
relies on getting a piece of malware onto your
computer that watches what you’re doing and keeps track of what you type, sending that information to a hacker.
keylogging
trick users into clicking on malicious links or opening
unknown attachments for them to provide sensitive data, such as personal identifiable information, financial details, and passwords.
phishing
attack typically uses one computer and one internet connection to flood a targeted system or resource.
The DOS (Denial of Service)
is using other people’s personal identity without authorization for personal motives and do harm
Identity Theft
sexual exploitation in which threatened release of sexual
images or information is the means of coercion.
Sextortion
ELECTRONIC COMMERCE ACT OF 2000
aims to facilitate domestic and international dealings, transactions, arrangements agreements, contracts and exchanges and storage of information through the utilization of electronic, optical and similar medium, mode, instrumentality and technology to recognize the authenticity and reliability of electronic documents related to such activities and to promote the universal use of electronic transaction in the government and general public
REPUBLIC ACT NO. 8792
ANTI-CHILD PORNOGRAPHY ACT OF 2009
Guarantee the fundamental rights of every child from all forms of neglect, cruelty and other conditions prejudicial to their development;
Protect the child from all forms of exploitation and abuse including, but not limited to:
(1) the exploitative use of a child or children in pornographic performances and materials;
and
(2) the inducement or coercion of a child to engage in or perform any sexual activity or
practices, through whatever means;
REPUBLIC ACT NO. 9775
ANTI-PHOTO AND VIDEO VOYEURISM ACT OF 2009
The law prohibits recording videos or taking photos of a sexual act, the male or female genitalia, and of the female breast, among others, without consent of the persons featured in the material.
REPUBLIC ACT NO. 9995
DATA PRIVACY ACT OF 2012
To protect the fundamental human right of privacy, of communication while ensuring free flow of information to promote innovation and growth. An act protecting individual personal information in information and communications systems in the government and the private sector, creating for this purpose a national privacy commission, and for other purposes.
REPUBLIC ACT NO. 10173
CYBERCRIME PREVENTION ACT OF 2012
punishes content-related offenses such as cybersex, child pornography and libel which may be committed through a computer system. It also penalizes unsolicited commercial communication or content that advertises or sells products or services.
REPUBLIC ACT NO. 10175
Top Cyber Threats in the Philippines
during the Pandemic
FAKE NEWS
SOCIAL MEDIA SCAM
PHISHING