Lesson 1 Flashcards
__________ is the study of how to protect your information assets from destruction, degradation, manipulation and exploitation. But also, how to recover should any of those happen.
Information Assurance (IA)
Aspects of information needed protection:
: timely, reliable access to data and information services for authorized users;
Availability
Aspects of information needed protection:
: protection against unauthorized modification or destruction of information;
Integrity
Aspects of information needed protection:
: assurance that information is not disclosed to unauthorized persons;
Confidentiality
Aspects of information needed protection:
: security measures to establish the validity of a transmission, message, or originator.
Authentication
Aspects of information needed protection:
: assurance that the sender is provided with proof of a data delivery and recipient is provided with proof of the sender’s identity, so that neither can later deny having processed the data.
Non-repudiation
Four major categories of Information Assurance:
- Physical security
- Personnel security
- IT security
- Operational security
Proper Practice of Information Assurance:
- enforcing hard-to-guess passwords
- encrypting hard drives
- locking sensitive documents in a safe
- assigning security clearances to staffers
- using SSL for data transfers
- having off-site backup of documents
It refers to the protection of hardware, software, and data against physical threats to reduce or prevent disruptions to operations and services and loss of assets.
Physical security
It is a variety of ongoing measures taken to reduce the likelihood and severity of accidental and intentional alteration, destruction, misappropriation, misuse, misconfiguration, unauthorized distribution, and unavailability of an organization’s logical and physical assets, as the result of action or inaction by insiders and known outsiders, such as business partners.
Personnel security
______ is the inherent technical features and functions that collectively contribute to an IT infrastructure achieving and sustaining confidentiality, integrity, availability, accountability, authenticity, and reliability.”
IT security
This involves the implementation of standard operational security procedures that define the nature and frequency of the interaction between users, systems, and system resources, the purpose of which is to:
* achieve and sustain a known secure system state at all times, and
* prevent accidental or intentional theft, release, destruction, alteration, misuse, or sabotage of system resources.
Operational security
According to _______, a computing environment is made up of five continuously interacting components: activities, people, data, technology, and networks. IA includes computer and information security.
Raggad’s taxonomy of information security
According to Blyth and Kovacich, IA can be thought of as protecting information at three distinct levels:
Physical
Information infrastructure
Perceptual
Level: data and data processing activities in physical space
physical
Level: information and data manipulation abilities in cyberspace
information infrastructure
Level: knowledge and understanding in human decision space.
perceptual
The lowest level focus of IA is the _________.
Physical level
Computers, physical networks, telecommunications and supporting systems such as power, facilities and environmental controls. Also at this level are the people who manage the systems.
Physical level
What level:
Desired Effects: to affect the technical performance and the capability of physical systems, to disrupt the capabilities of the defender.
Attacker’s Operations: physical attack and destruction, including: electromagnetic attack, visual spying, intrusion, scavenging and removal, wiretapping, interference, and eavesdropping.
Defender’s Operations: physical security, OPSEC, TEMPEST. Thus, IA includes aspects of COMPSEC, COMSEC, ITSEC, OPSEC
Physical level
The second level focus of IA is the ___________.
Information Infrastructure Level
This covers information and data manipulation ability maintained in cyberspace, including: data structures, processes and programs, protocols, data content and databases.
Information Infrastructure Level
What level:
Desired Effects: to influence the effectiveness and performance of information functions supporting perception, decision making, and control of physical processes.
Attacker’s Operations: impersonation, piggybacking, spoofing, network attacks, malware, authorization attacks, active misuse, and denial of service attacks.
Defender’s Operations: information security technical measures such as: encryption and key management, intrusion detection, anti-virus software, auditing, redundancy, firewalls, policies and standards.
Information Infrastructure Level
The third level focus of IA is the _______, also called social engineering:
Perceptual level