Week 2 - Introduction to Information Security

avatar
Created by
Daniel Shogun

Cards (48)

  • Computer Security - This term specified the need to secure the physical location of computer technology from outside threads.
  • Computer Security - This term later came to represent all actions taken to preserve computer systems from losses.
  • The three scope expansion of protecting information in an organization: Securing the data, Limiting random and unauthorized access to that data, Involving personnel from multiple levels of the organization in information security.
  • 1940s-1950s - In what years was information security was a straightforward process composed predominantly of physical security and simple document classifcation schemes.
  • 1940s-1950s - In what years when the primary threats to security were physical theft of equipment, espionage against products of the systems, and sabotage.
  • 1968 - When was the development of ARPANET?
  • Advanced Research Projects Agency - ARPA stands for?
  • 1973 - In what year did Robert M. Metcalfe identified fundamental problems with ARPANET Security?
  • 1978 - In what year did Richard Bisbey and Dennis Hollingworth, study entitle: "Protection Analysis: Final Report."
  • 1990s and 2000 to Present - What years the internet was made available to general public?
  • 1990s - In what year when technology became pervasive, reaching almost every corner of the globe with an expanding array of uses?
  • 1990s - In what year when an early internet deployment treaded security as a low priorty. In fact, many problems that plague email on the internet today result from this early lack of security.
  • 1990s-2000s - In what years when many large corporation began publicly integrating security into their organizations. Antivirus products became extremely popular.
  • Security - It is a state of being secure and free from danger or harm. Or the actions taken to make someone or something security
  • Information Security - It is the protection of the confidentiality, integrity, and availability of information assets, wheter in storage, processing, or transmission, via the application of policy, education, training and awareness, and technology.
  • CIA Triangle - It is the industry standard for computer security since the development of the mainframe
  • The three characteristics that describe the utility of information; Confidentiality, Integrity, Availability
  • Confidentiality - An attribute that describes how data is protected from disclosure or exposure to unauthorized individuals or systems.
  • Integrity - It describes how data is whole, complete, and uncorrupted
  • Availabity - It describes how data is accessible and correctly formatted for use without interference or obstruction.
  • The key information security concepts are; Access, Asset, Attack, Control Safeguard and Countermeasure, Exploit, Exposure, Loss, Subjects and Objects, Threat, Threat Agent, Vulnerability
  • Access - It is a subject or objects ability to use, manipulate, modify, another subject or object.
  • Access - The authorized users have legal access to a system, whereas must gain illegal access to a system or can access controls regulate this ability.
  • Asset - These are the organizational resource that is being protected.
  • Asset - These can be logical, such as a website, software, or data, or an asset can be physical, such as a person, computer system, hardware, or other tangible object.
  • Asset - These are the focus of what security efforts are attempting to protect.
  • Control Safeguard or Countermeasure - These are the security mechanisms, policies, or procedures that can successfully counter attacks, reduce risk, resolve vulnerabilities, and otherwise improve security within an organization.
  • Exploit - This is a technique used to compromise a system.
  • Exploit - Threat agents may attempt to exploit a system or other information asset by using it illegally for their personal gain.
  • Exposure - These are the condition or state being exposed
  • Attack - It is an intention or unintentional act that can damage or otherwise compromise information and the systems that support it.
  • Loss - It is a single instance of an information asset suffering damage or destruction, unintended or unauthorized modification or disclosure, or denial of use
  • Subjects and Objects - A computer can be either the subject of an attack or an agent entity used to conduct the attack or the object of an attack
  • Threat - It is a category of objects, people, or other entities that reprensents a danger to an asset; can be purposeful or undirected
  • Threat Agent - It is a specific instance or a component of a threat.
  • Vulnerability - It is the weakness or fault in a system or protection mechanism that opens it to attack or damage
  • 6 Components of Information System; Hardware, Data, People, Procedures, Networks, Software
  • Hardware - It is the physical technology that houses and executes the software, stores, and transports data, and provides interfaces for the entry and removal of information from the system.
  • Data - It should be stored, processed, and transmitted by a computer system must be protected
  • Data - This is the valuable asset of an organization and therefore is the main target of intentional attacks.