Information Security: Module 1

Information Security

Strategies to protect digital and non-digital information.

Information Assurance

Ensuring information's integrity, availability, and confidentiality.

Threats

Potential causes of unwanted incidents affecting information.

Vulnerabilities

Weaknesses in a system that can be exploited.

Attacks

Deliberate attempts to compromise information security.

Controls

Measures implemented to mitigate risks to information.

Risk Management Process

Systematic approach to identifying and managing risks.

Morris Worm

First internet worm, infected 10% of systems in 1988.

Infosec

Short for Information Security, focuses on protecting data.

Unauthorized Access

Accessing information without permission or authorization.

Hacking

Illegally exploiting computer systems or networks.

Malware Attacks

Malicious software designed to harm or exploit systems.

Phishing

Fraudulent attempts to obtain sensitive information online.

Exploiting Software Vulnerabilities

Taking advantage of weaknesses in software for unauthorized access.

Confidentiality

Ensuring information is accessible only to authorized users.

Integrity

Maintaining accuracy and consistency of data over its lifecycle.

Availability

Ensuring information is accessible when needed.

Information Technology

Use of computers and software to manage information.

Sensitive Data

Information that must be protected from unauthorized access.

Cybercrime

Criminal activities conducted via the internet.

Physical Computing Infrastructure

Hardware and physical components supporting computing systems.

Information Security Certifications

Credentials validating expertise in information security practices.

Data Security

Protection of data from unauthorized access or loss.

Confidentiality

Ensures unauthorized access to information is prevented.

Integrity

Preserves accuracy and trustworthiness of data.

Availability

Ensures data is accessible for authorized users.

CIA Triad

Framework of confidentiality, integrity, and availability goals.

Information Security Principles

Guidelines to enhance organizational data protection.

Absolute Security

Concept that no security system is completely impenetrable.

Denial of Service (DoS)

Attack preventing legitimate access to services or data.

Confidentiality Controls

Measures like user IDs and passwords to protect data.

Disaster Recovery Plan

Strategy to maintain operations after a disaster.

Testing Software

Custom tools to evaluate network security effectiveness.

Governance Models

Policies and procedures for information security management.

Natural Disasters

Events like floods or earthquakes affecting data availability.

Human Actions

Intentional activities that can disrupt data access.

Equipment Failures

Malfunctions during normal use impacting data availability.

Encryption

Encoding information to protect it during transmission.

Unauthorized Personnel

Individuals without permission to access sensitive information.

Accidental Disclosure

Unintentional release of sensitive information.

User IDs

Unique identifiers for individuals accessing a system.

Passwords

Secret words or phrases for user authentication.

Security Goals

Objectives guiding the protection of information systems.

Information System Capabilities

Functional aspects of systems that must remain operational.

Defense in Depth

Layered security strategy to protect systems.

Security Layers

Multiple protective measures against attacks.

Intrusion Detection Systems (IDS)

Monitors network for suspicious activities.

Functional Requirements

Specifications of what a system should do.

Assurance Requirements

Standards for implementing and testing functions.

Identity Theft

Unauthorized use of someone's personal information.

Verification Testing

Checks if a system meets functional specifications.

Validation Testing

Confirms system performance under real-world conditions.

Traffic Analyzers

Tools for monitoring and analyzing network traffic.

Human Monitors

Personnel observing network for anomalies.

Automated Mechanisms

Systems that respond to detected intrusions automatically.

Security Decisions

Choices made regarding the protection of assets.

Malicious Attackers

Individuals attempting to exploit system vulnerabilities.

COTS Software

Commercial off-the-shelf software products.

Stress Tests

Evaluates system performance under extreme conditions.

Car Safety Testing

Evaluates vehicle safety features and performance.

Password Security

Protection of user credentials from unauthorized access.

Anomalies Detection

Identifying unusual patterns indicating potential breaches.

Security Vulnerabilities

Weaknesses that can be exploited by attackers.

Credentials

User information used for authentication purposes.

Probing

Gently questioning to extract sensitive information.

Security Layers' Strengths

Benefits of multiple defenses compensating for weaknesses.

Security through Obscurity

Hiding security details is insufficient for protection.

False Sense of Security

Obscuring security can lead to overconfidence in safety.

Defense in Depth

Multiple security mechanisms protect data and resources.

Intrinsic Value

Asset's worth determines the level of security investment.

Risk Management

Balancing risk level with resource expenditure for security.

Risk Analysis

Evaluating risks to determine appropriate security measures.

Risk Mitigation

Implementing measures to reduce identified risks.

Risk Acceptance

Acknowledging risks and managing their consequences.

Extreme Risk

Immediate action required to address critical threats.

High Risk

Requires attention from senior management for resolution.

Moderate Risk

Management responsibilities must be clearly defined.

Low Risk

Handled through routine management procedures.

Vulnerability

Known weaknesses within a system or program.

Exploit

A method to take advantage of a vulnerability.

Attacker

Individual with skill and intent to compromise systems.

Buffer Overflow

Common vulnerability where data exceeds allocated memory.

Economic Value

Assessing asset worth to prioritize security measures.

Insurance in Security

Protection against potential losses from security breaches.

Security Mechanism

Tools or processes designed to protect systems.

Consequences Management

Handling outcomes of accepted risks effectively.

Security Specifications

Detailed descriptions of security functions and protocols.

Trusted Individuals

People granted access to sensitive security information.

Risk Analysis

Evaluating potential threats to a system.

Attacker Profile

Identifying potential attackers and their capabilities.

Vulnerability Exploits

Availability of methods to exploit system weaknesses.

Intrinsic Value

Actual worth of an asset being protected.

Security Investment

Balancing cost of security against asset value.

Security Controls

Measures to prevent, detect, and respond to threats.

Preventative Controls

Measures to prevent unauthorized access or actions.

Detective Controls

Systems that identify and alert unusual activities.

Responsive Controls

Actions taken in response to detected security incidents.

Complexity in Security

Increased complexity makes systems harder to secure.

Fear, Uncertainty, Doubt (FUD)

Ineffective tactic for selling security solutions.

Justification of Security Spending

Need for solid rationale for security investments.