FUNDAMENTAL ASPECT

avatar
Created by
Shaira <3

Cards (67)

  • Information Assurance and Security
    Encompasses processes, technologies, and practices to safeguard digital information and systems from unauthorized access, alteration, or destruction. It ensures confidentiality, integrity, and availability of data assets. Information Assurance manages risks, while Security protects against threats like cyberattacks, data breaches, and malware. Key components include encryption, access control, intrusion detection, and incident response. These measures are crucial for protecting sensitive data and ensuring reliable system operation in the digital age.
  • History of Information Assurance and Security
    1. 1960s-1970s: Information security primarily focused on physical security measures for mainframe computers and data centers. Limited networking and relatively closed systems meant threats were less sophisticated but still significant.
    2. 1980s: The advent of personal computing and early networking technologies spurred interest in securing communication channels and protecting data from unauthorized access. Encryption techniques started to gain traction.
    3. 1990s: The widespread adoption of the internet and e-commerce brought new security challenges. Concerns about identity theft, phishing, and cyberattacks grew as digital communication became mainstream.
    4. 2000s: Information Assurance and Security became a critical priority for governments, businesses, and individuals as cyber threats became more sophisticated. Advanced Persistent Threats (APTs), malware, and data breaches posed significant risks, prompting increased investment in cybersecurity measures.
    5. 2010s: The proliferation of mobile devices, cloud computing, and Internet of Things (IoT) further expanded the attack surface, requiring comprehensive security strategies. Ransomware attacks surged, and regulatory frameworks like GDPR (General Data Protection Regulation) were introduced to enforce data protection and privacy.
  • Significant events in Information Assurance and Security
    • Snowden & The NSA, 2013. Edward Snowden – a former CIA employee and contractor for the US Government – copied and leaked classified information from the National Security Agency (NSA), highlighting the fact that the government was effectively 'spying' on the public. He is controversially thought of as a hero to some, and a traitor to others.
    • Yahoo, 2013 – 2014. Hackers broke into Yahoo, jeopardising the accounts and personal information of all their three billion users. They were fined $35 million for failing to disclose news of the breach in a timely manner, and Yahoo's sale price decreased by $350 million as a result.
    • WannaCry, 2017. More widely known as the first 'ransomworm', WannaCry targeted computers running the Microsoft Windows operating system and demanded ransom payments in the Bitcoin cryptocurrency. In only one day, the worm infected over 230,000 computers across 150 countries.
  • Present: Information Assurance and Security continue to evolve rapidly as technology advances and cyber threats become increasingly complex. Artificial intelligence, machine learning, and automation are being leveraged for threat detection and response, while organizations strive to stay ahead of emerging risks and compliance requirements.
  • Terminologies in Information Assurance and Security
    • Encryption
    • Access Control
    • Authentication
    • Intrusion Detection
    • Vulnerability Management
    • Incident Response
    • Security Policies and Procedures
    • Malware
    • Firewall
    • Patch Management
    • Two-Factor Authentication (2FA)
    • Risk Management
  • Encryption
    The process of converting plaintext data into ciphertext to protect it from unauthorized access. It ensures confidentiality by making data unreadable without the appropriate decryption key.
  • Access Control
    The practice of restricting access to information systems or resources based on the identity or authorization level of users. It prevents unauthorized users from accessing sensitive data or functionalities.
  • Authentication
    The process of verifying the identity of a user, device, or system attempting to access resources. It ensures that only authorized entities can access protected information or services.
  • Intrusion Detection
    The process of monitoring network or system activities to detect and respond to unauthorized access attempts, suspicious behavior, or security policy violations.
  • Vulnerability Management

    The practice of identifying, assessing, and mitigating vulnerabilities in software, hardware, or systems to prevent potential security breaches or exploits.
  • Incident Response
    The organized approach to addressing and managing the aftermath of a security breach or cyberattack. It involves detecting, analyzing, containing, and recovering from security incidents to minimize damage and restore normal operations.
  • Security Policies and Procedures
    Formalized guidelines, rules, and protocols established by an organization to define and enforce security practices, responsibilities, and behaviors. They help ensure consistency and compliance with security objectives.
  • Malware
    Malicious software designed to disrupt, damage, or gain unauthorized access to computer systems or data. Common types include viruses, worms, Trojans, ransomware, and spyware.
  • Firewall
    A network security device or software that monitors and controls incoming and outgoing network traffic based on predetermined security rules. It acts as a barrier between trusted internal networks and untrusted external networks.
  • Patch Management
    The process of identifying, deploying, and managing software updates or patches to address security vulnerabilities, software bugs, or performance issues in computer systems or applications.
  • Two-Factor Authentication (2FA)

    A security mechanism that requires users to provide two different authentication factors (e.g., password, fingerprint, security token) to verify their identity before accessing a system or service.
  • Risk Management
    The process of identifying, assessing, prioritizing, and mitigating risks to an organization's information assets, systems, or operations. It involves analyzing potential threats, vulnerabilities, and impacts to make informed decisions about risk treatment strategies.
  • Threats
    Potential dangers or harmful events that can exploit vulnerabilities in systems or networks
  • Vulnerabilities
    Weaknesses or flaws in systems, networks, or applications that can be exploited by threats to compromise security
  • Countermeasures
    Protective measures or controls implemented to mitigate vulnerabilities and defend against potential threats
  • Attacks
    When threats exploit vulnerabilities to breach security defenses and compromise information assets or systems
  • Compromises
    When attackers successfully breach security defenses and gain unauthorized access to systems or data
  • Remediation
    The process of addressing and resolving security vulnerabilities, mitigating the impact of attacks, and restoring systems to a secure state
  • Servers
    • Countermeasure: Servers can act as countermeasures by hosting security software such as firewalls, antivirus programs, and intrusion detection systems. They can also implement access controls and encryption to protect sensitive data stored on the server.
    • Vulnerability: Servers may become vulnerabilities if they are not properly configured or patched. For example, outdated server software or misconfigured settings can create security weaknesses that attackers exploit to gain unauthorized access or launch attacks.
    • Threat: Servers can pose threats if they are compromised by attackers. They may be used to host malware, serve as command-and-control servers for botnets, or facilitate denial-of-service attacks against other systems.
  • Routers
    • Countermeasure: Routers can serve as countermeasures by implementing access control lists (ACLs), packet filtering, and network segmentation to control the flow of traffic and prevent unauthorized access to the network.
    • Vulnerability: Routers may become vulnerabilities if they contain security flaws or are not properly configured. For example, default passwords or outdated firmware can make routers susceptible to exploitation by attackers.
    • Threat: Routers can pose threats if they are compromised or misconfigured. Attackers may exploit router vulnerabilities to intercept or manipulate network traffic, conduct man-in-the-middle attacks, or launch distributed denial-of-service (DDoS) attacks.
  • People
    • Countermeasure: People can act as countermeasures by practicing good security hygiene, such as using strong passwords, avoiding phishing scams, and following security policies and procedures. Security awareness training can also help educate individuals about potential threats and how to mitigate them.
    • Vulnerability: People may become vulnerabilities if they fall victim to social engineering attacks or engage in risky behavior, such as clicking on malicious links or downloading untrusted software. Insider threats, where employees intentionally or unintentionally misuse their access privileges, can also pose significant risks.
    • Threat: People can pose threats if they engage in malicious activities, such as insider attacks, data theft, or sabotage. Disgruntled employees, malicious insiders, or attackers who exploit human weaknesses through social engineering tactics can all pose threats to the security of IT systems.
  • Software
    • Countermeasure: Security software, such as antivirus programs, intrusion detection systems, and encryption tools, can serve as countermeasures to detect and prevent malware infections, unauthorized access, and data breaches.
    • Vulnerability: Software may become vulnerabilities if they contain coding errors, security flaws, or vulnerabilities that can be exploited by attackers. For example, buffer overflow vulnerabilities or insecure authentication mechanisms can allow attackers to compromise software systems.
    • Threat: Software can pose threats if it is maliciously designed or exploited by attackers to compromise systems or steal sensitive information. Malware, ransomware, and exploits targeting software vulnerabilities are all examples of software-based threats.
  • Security mindset
    A proactive approach to cybersecurity that prioritizes vigilance, skepticism, and a constant awareness of potential threats and vulnerabilities. Individuals with a security mindset view security as an ongoing process rather than a one-time task and recognize the importance of staying ahead of evolving threats.
  • Paranoia
    Thinking and feeling like you are being threatened in some way, even if there is no evidence, or very little evidence, that you are. Paranoid thoughts can also be described as delusions. There are lots of different kinds of threat you might be scared and worried about.
  • Role of "PARANOIA" in the security mindset
    • Encourages individuals to:
    • Question everything
    • Assume compromise
    • Stay informed
    • Prepare for the worst
  • Information assurance and security must be "built in" to the design and architecture of systems from the beginning
  • Reasons why information assurance and security must be built in from the beginning
    • Cost-effectiveness
    • Better protection
    • Reduced complexity
    • Enhanced resilience
    • Compliance and regulation
  • Examples of why information assurance and security must be built in from the beginning
    • Secure software development
    • Network infrastructure
    • IoT devices
    • Cloud services
  • System life-cycle
    • Planning
    • Analysis
    • Design
    • Implementation
    • Testing & Integration
    • Maintenance
  • Relationship between system life-cycle and security
    Security is considered and integrated at each stage of the system life-cycle to ensure effective security measures are implemented and maintained throughout the system's development and operation.
  • MSR (Management, Services, and Requirements) model

    • Management: Overarching governance and oversight of security within an organization.
    • Services: Security services and mechanisms deployed to protect information assets and support organizational objectives.
    • Requirements: Security requirements and objectives that must be met to ensure the confidentiality, integrity, and availability of information assets.
  • Security services in the MSR model
    • Availability: Ensuring accessibility and uptime of information systems and resources.
    • Integrity: Maintaining the accuracy, completeness, and trustworthiness of information.
    • Confidentiality: Protecting sensitive information from unauthorized access or disclosure.
    • Authentication: Verifying the identity of users, devices, or systems.
    • Authorization: Controlling and managing access privileges to information and resources.
    • Non-repudiation: Ensuring that actions or events cannot be denied by the responsible party.
  • Security services
    • authentication
    • access control
    • encryption
    • intrusion detection
    • incident response
  • Security services
    Designed to address specific security requirements and mitigate risks associated with unauthorized access, data breaches, and other security threats
  • Security requirements in the MSR model
    • Defining security controls, standards, and best practices
    • Identifying and prioritizing security risks
    • Establishing security metrics
    • Continuously evaluating and improving security posture