Information Systems & Security Review

These flashcards cover key concepts, definitions, and principles related to Information Systems and Security as discussed in the lecture.

CIA Security Model

A guiding model in information security focusing on Confidentiality, Integrity, and Availability.

Confidentiality

Protecting sensitive information from unauthorized disclosure through techniques like encryption and access controls.

Integrity

Ensuring that information is not tampered with or modified in an unauthorized way.

Availability

Ensuring that information and systems are accessible to authorized users when needed.

Computer Security

The protection of computer systems and information from harm, theft, and unauthorized use.

Cyber Espionage

The act of spying to steal confidential information, particularly in the context of digital or networked environments.

Privacy

The rights individuals have to control their personal information and how it is used.

Software Piracy

The illegal duplication and distribution of software.

Denial of Service

Threats that render a system inoperative or limit its capability to operate.

Social Engineering

A technique used to trick individuals into giving out security information.

Ethics in Computer Crime

A set of moral principles guiding behavior in the field of computing.

Preventive Controls

Measures taken to stop or limit security threats.

Detective Controls

Measures used to find or discover security threats.

Corrective Controls

Actions taken to repair damages after a security incident has occurred.

Intellectual Property

Legal rights that give creators exclusive rights to their creations.

Computer Ethics

A code of conduct that binds professionals to behave ethically within the field.

Three Layers of Security

Physical security- like actual gates and guards and shit

logical (technical) security-password, encryption, firewalls

administrative security - laws and policies

measures used to protect information.

Data Breaches

Incidents where unauthorized access to data occurs, leading to exposure of sensitive information.

What is the purpose of software updates?

Software updates often include security patches that fix vulnerabilities, preventing potential exploits by cybercriminals.

Information security

preventing unauthorized access, use, disclosure, disruption, modification, inspection, recording or destruction of information.

IT Security

•Information Technology Security (IT Security): The methods, tools and personnel used to defend an organization's digital assets.

Security vs Privacy

Security is how your personal info is protected

Privacy is the right you have to control your information and how its used

CIA components

Confidentiality- protecting sensitive info from unauthorized beings

Integrity -protecting the data so it doesn’t get manipulated.

Availability -information made available only when needed.

Confidentiality techniques used

•encryption, access controls, and data masking.

How to keep intergrity of info

OTP’s and Digital signatures

Making sure info is avalable only when its neeeded

Load balancing, redundancy, distater recovery plans.

Layers of security (securing data through many gates)

1. Security measueres - ie Data access policies and controls (like least privellege )

2. Protet the device that stores the data - protect hardware/software

3. Protect the network the computers use like using firewalls (protects against unauthorized access)