Lesson 1 Flashcards
study of how to protect information from destruction, degradation, manipulation, and exploitation, and also how to recover it
information assurance
what are the aspects of information needing protection
availability, integrity, confidentiality, authentication, non-repudiation
timely, reliable access to data and information for authorized users
availability
protection against unauthorized modification of information
integrity
assurance that information is not disclosed to unauthorized persons
confidentiality
assurance that the sender is provided with proof of a data delivery and recipient is provided with proof of sender’s identity
non-repudiation
four major categories of information assurance
physical security, personnel security, it security, operational security
give examples of proper practice of information assurance
- hard to guess passwords
- encrypting hard drives
- locking sensitive documents
- assigning security clearances to staffers
- using SSL for data transfers
- having off-site backup of documents
what does SSL mean
secure socket layer protocol; websites that are safe or have https
category of IA: protection of hardware, software, and data against physical threats to prevent loss of assets
physical security
variety of ongoing measures taken to reduce the likelihood and severity of accidental and intentional alteration, destruction,
misappropriation, misuse, misconfiguration, unauthorized distribution, and
unavailability of an organization’s logical and physical assets, as the result
of action or inaction by insiders and known outsiders, such as business
partners.
personnel security
inherent technical features and functions that collectively contribute to an IT infrastructure
IT security
involves the implementation of standard operational security procedures that define the nature and frequency of interaction between users, systems, and system resources
operational security
the objective of operational security is to
- achieve a known secure system state at all times
- prevent accidental or intentional theft, release destruction, alteration, misuse, or sabotage of system resources
according to raggad’s taxonomy of information security, what are the five interacting components in a computing envi
activities, people, data, technology, networks
three levels of information security
physical, information infrastructure, perceptual
desired effect: to affect the technical performance and the capability of physical systems, to disrupt the capabilities of the defender
physical level
attacker’s operation: physical attack and destruction–electromagnetic attack, visual spying, intrusion, scavenging and removal, wiretapping, interference, eavesdropping
physical level
defender’s operation: COMPSEC, COMSEC (communications and network security), ITSEC, OPSEC
physical level
covers information and data manipulation ability maintained in cyberspace
information infrastructure level
desired effects: influence the effectiveness and performance of information functions
information infrastructure level
attackers operations: impersonation, piggybacking, spoofing, network attacks, malware, authorization attacks, active misuse, and denial of service
information infrastructure level