Chapter 2
Cards (100)
- Information security ensures systems and contents stay the same
- Attacks on information systems are a daily occurrence
- Information security performs four important functions for an organization:
- Protects the organization’s ability to function
- Enables safe operation of applications implemented on its IT systems
- Protects data the organization collects and uses
- Safeguards technology assets in use
- Management is responsible for the implementation of information security
- Information security is both a management issue and a people issue
- Organization should address information security in terms of business impact and cost
- Protecting data in motion and data at rest are critical aspects of information security
- Organizations must have secure infrastructure services based on size and scope of enterprise
- Threats to information security include:
- Compromises to Intellectual Property
- Deliberate Software Attacks
- Deviations in Quality of Service
- Espionage or Trespass
- Forces of Nature
- Human Error or Failure
- Information Extortion
- Missing, Inadequate, or Incomplete Organizational Policy or Planning and Controls
- Sabotage or Vandalism
- Theft
- Technical Hardware Failures or Errors
- Technical Software Failures or Errors
- Technological Obsolescence
- Types of attacks include:
- Malicious code
- Hoaxes
- Back door
- Password crack
- Brute force
- Dictionary
- Denial-of-service (DoS)
- Distributed denial-of-service (DDoS)
- Spoofing
- Man-in-the-middle
- Mail bombing
- Sniffers
- Phishing
- Pharming
- Social engineering
- Timing attack
- Primary mission of information security is to ensure systems and contents stay the same
- If no threats existed, resources could be focused on improving systems, resulting in vast improvements in ease of use and usefulness
- Attacks on information systems are a daily occurrence
- Information security is unlike any other aspect of information technology
- The primary mission of information security is to ensure things stay the way they are
- The first phase, investigation, provides an overview of the environment in which security must operate and the problems that security must address
- Information security performs four important functions for an organization
- Protects the organization’s ability to function
- Enables safe operation of applications implemented on its IT systems
- Protects data the organization collects and uses
- Safeguards technology assets in use
- Management (general and IT) is responsible for the implementation of protecting the functionality of an organization
- Information security is both a management issue and a people issue
- Organization should address information security in terms of business impact and cost
- Organization needs environments that safeguard applications using IT systems
- Management must continue to oversee infrastructure once in place—not relegate to IT department
- Organization, without data, loses its record of transactions and/or ability to deliver value to customers
- Protecting data in motion and data at rest are both critical aspects of information security
- Organizations must have secure infrastructure services based on size and scope of enterprise
- Additional security services may be needed as organization grows
- More robust solutions may be needed to replace security programs the organization has outgrown
- Threat: an object, person, or other entity that represents a constant danger to an asset
- Management must be informed of the different threats facing the organization
- Intellectual property (IP): “ownership of ideas and control over the tangible or virtual representation of those ideas”
- The most common IP breaches involve software piracy
- Two watchdog organizations investigate software abuse: Software & Information Industry Association (SIIA) and Business Software Alliance (BSA)
- Malicious software (malware) is designed to damage, destroy, or deny service to target systems
- Includes: Viruses, Worms, Trojan horses, Logic bombs, Polymorphic threats, Rootkit, Man-in-The-Middle, Ransomware, Adware, Bot
- Includes situations where products or services are not delivered as expected
- Information system depends on many interdependent support systems