Module 1 - Reviewer IAS

avatar
Created by
MistySyrup25581

Cards (46)

  • Information security
    The practice of protecting information by mitigating information risks
  • Information security
    • Encompasses various strategies, technologies, and practices designed to safeguard data from unauthorized access, use, disclosure, disruption, modification, or destruction
  • Methods like encryption and physical security were used to protect sensitive information
    Ancient civilizations
  • Hieroglyphs were used as a form of cryptographic communication
    Ancient Egypt
  • Cryptography
    Played a crucial role in military and diplomatic communication during the Middle Ages
  • Notable cryptographic methods
    • Substitution ciphers
    • Transposition ciphers
  • Enigma machine
    A pivotal advancement in cryptography, used by the German military during World War II to encrypt messages with complex algorithms
  • The field of information security saw significant advancements, driven by increasing reliance on computers and electronic communication
    Post-World War II
  • National Security Agency (NSA)
    Marked a new era of government involvement in information security
  • Cybersecurity
    A distinct discipline focusing on protecting networks, systems, and data from cyber threats such as malware, hackers, and cyber espionage
  • Notable cyber attacks
    • Stuxnet worm
    • WannaCry ransomware attack
    • Equifax data breach
  • Modern information security practices
    • Encryption
    • Firewalls
    • Intrusion detection systems
    • Security awareness training
  • Future trends in information security
    • Emerging technologies such as artificial intelligence, quantum computing, and the Internet of Things (IoT)
    • Importance of proactive security measures and collaboration between industry, government, and academia
  • Confidentiality
    Ensuring that information is accessible only to those authorized to view it
  • Methods to maintain confidentiality
    • Encryption
    • Access controls
    • Data classification
  • Integrity
    Ensuring that information remains accurate, complete, and unaltered
  • Techniques to maintain data integrity
    • Checksums
    • Digital signatures
    • Version control
  • Availability
    Ensuring that information is accessible and usable when needed
  • Ensuring availability
    • Redundancy
    • Backups
    • Disaster recovery plans
    • Fault-tolerant systems
  • Authentication
    Verifying the identity of users or systems attempting to access information
  • Authorization
    Determining what actions users or systems are allowed to perform after they have been authenticated
  • Authorization mechanisms
    • Role-based access control (RBAC)
    • Permissions
    • Access control lists (ACLs)
  • Encryption
    Transforming plaintext data into ciphertext to protect it from unauthorized access
  • Types of encryption
    • Symmetric encryption uses a single key for both encryption and decryption
    • Asymmetric encryption uses a public-private key pair
  • Firewalls
    Network security devices that monitor and control incoming and outgoing network traffic
  • Firewalls
    • Can be implemented as hardware appliances, software programs, or cloud-based services
  • Intrusion Detection Systems (IDS) and Intrusion Prevention Systems (IPS)
    Monitor network traffic for signs of malicious activity or policy violations
  • IDS and IPS
    • IDS detects and alerts on suspicious activity, while IPS can take automated actions to block or prevent such activity
  • Security policies and procedures
    Define the rules, guidelines, and procedures for protecting information assets
  • Security policies and procedures
    • Acceptable use policies
    • Data handling procedures
    • Incident response plans
  • Security awareness training
    Educates users about security risks and best practices
  • Security awareness training topics
    • Phishing awareness
    • Password security
    • Social engineering prevention
  • Software security
    Protecting software from unauthorized access, modification, or destruction
  • Software security components
    • Secure coding practices
    • Regular software updates and patches
    • Antivirus and antimalware software
    • Application firewalls
  • Hardware security
    Safeguarding physical components of the information system
  • Hardware security components
    • Secure hardware design
    • Physical access controls (locks, biometric scanners)
    • Hardware encryption modules
    • Tamper-resistant components
  • People security
    Addressing the human element in information security
  • People security components
    • Security awareness training
    • User access controls and authentication mechanisms
    • Employee background checks
    • Security policies and procedures
  • Data security
    Protecting sensitive information from unauthorized access, use, disclosure, or destruction
  • Data security components
    • Encryption of data at rest and in transit
    • Data classification and access controls
    • Data loss prevention (DLP) solutions
    • Backup and recovery mechanisms