Wk 3 Flashcards
Define security
The protection of information against being stolen or used wrongly or
illegally
Types of security (5)
- Physical security: protection of physical objects belonging to the
organisation - Personal security: protection of the organisation’s members of staff
- Communications security: protection of communications media, technology and content
- Network security: protection of networking components, connections and content
- Information security: protection of information assets
define cyber security
the practice of protecting systems, networks, and programs from digital attacks.
Types of cyber security (3)
- Communications security: protection of communications media, technology and content
- Network security: protection of networking components, connections and content
- Information security: protection of information assets
Potential motivations for attacker (4)
1) Just for fun / bragging rights
2) Ideological (“Hacktivists”), e.g. animal/human rights activists, ecowarriors, etc
3) Monetary gain / criminal activity:
* Ransomware attacks
* Credit card fraud
* Data theft
* Industrial espionage
* Disruption (DDoS)
4) State-sponsored attacks (cyber warfare) are also on the increase:
* Stuxnet: allegedly by USA/Israel to attack Iran’s nuclear programme
* German Bundestrojaner: malware on a suspect’s computer to spy on them
* NSA: Edward Snowden’s documents revealed spying on a massive scale
* Critical National Infrastructure is a natural target
components of an information system (6)
The components of an IS are made up of:
* Hardware
* Software
* Data
* Procedures
* People
* Network/Telecommunications
any assets we possess may… (5)
- lost: accidental deletion, laptop/dossier left on train
- damaged: fire/flood/accidents
- tampered with: butter-fingered employee, trojan, virus, rootkit, ransomware
- stolen: break-in, malicious insider
- unavailable: denial of service
what does CIA stand for
- Confidentiality
- Integrity
- Availability
define confidentiality
ensures that only those with the rights and privileges to access information are able to do so
define integrity
- ensures that information is whole, complete and uncorrupted
define availability
enables authorised users person/computer systems) to access
information without interference or obstruction and to receive it in the
required format
what assets may require confidentiality?
- passwords
- customer details including
credit card numbers - personnel files
- trade secrets, eg your secret
fizzy drink formula
what assets may require integrity?
- your bank balance
- any evidence in a court case
- contractual documents
what assets may require availability?
web servers
* database servers
* network access
* emergency shutdown
What are the 5 steps Bruce Schneier gives to analyse/evaluate security systems?
- What assets are you trying to protect?
- What are the risks to these assets?
- How well does the proposed security solution mitigate those risks?
- What other risks does the security solution cause?
- What costs and trade-offs does the security solution impose?
define asset
an object of value to an organisation
define threat
any potential event that might have an undesirable or unwanted outcome for an organisation or for a specific asset. Threats can originate from people, organisation, systems or nature
define vulnerability
A weakness in an asset or a weakness in a safeguard or countermeasure
define impact
the impact on an organisation of an asset being lost or damaged (often expressed in monetary terms)
define risk
a combination of: (1) the likelihood that a threat will exploit a vulnerability to cause harm to an asset and (2) its impact
define Control/Safeguard/Countermeasure:
anything that removes or reduces a
vulnerability or protects against one or more threats
CASE STUDY:
Asset:
STUDENT RECORDS
threats to confidentiality?
- Unauthorised access to data
- Inappropriate relaying of data
- Data leakage
CASE STUDY:
Asset:
STUDENT RECORDS
threats to integrity?
Data tampering
CASE STUDY:
Asset:
STUDENT RECORDS
threats to availability?
- Power outage
- Theft/fire/flood
- Hardware failure e.g. disk crash
- Ransomware
- Denial of Service
