TOPCIT - Information Security

Information Security

protecting information administratively, physically, and technically in order to prevent leakage, alteration, and the leakage of information while being collected, processed, stored, and transmitted

Confidentiality

Main goal of information security where the original information is not exposed to unauthorised users while being stored and transmitted, and the leakage of information is prevented

Integrity

Main goal of information security where the original information is maintained while storing and transmitting it without illegal alteration, modification, or deletion

Availability

Main goal of information security where authorised users can access and use the requested information when necessary

Authentication

a method of verifying whether the information exchanged between the sender and receiver was sent from the source or if it was received without alteration

Non-repudiation of origin

security technologies that prevent the sender's claim that the message was not sent

Non-repudiation of delivery

security technologies that prevent the receiver's claim that the message was not delivered after actually receiving the message

Digital Signature

a method of providing origin data integrity and non-repudiation authentication. involves performing a hash operation on a specific document, using the sender's private key

First phase of the electric signature operation

The sender generates a message digest by applying a hash algorithm to the message to be sent

Second phase of the electric signature operation

The sender creates an electronic signature by encrypting the message digest using the sender's private key

Third phase of the electric signature operation

The sender sends the message digest and the electronic signature

Fourth phase of the electric signature operation

The receiver verifies the electronic signature by applying the sender's public key to decrypt the message digest

Fifth phase of the electric signature operation

The receiver generates a new message digest by applying the same hash algorithm as the sender to the received message

Sixth phase of the electric signature operation

The receiver compares the message digest retrieved from the sender with the newly generated message digest to determine if the electronic signature is valid

Hash Function

an algorithm or mathematical function that converts a variable-length input string into a fixed-length output string, called a hash value or hash code.

MD5

A type of hash algorithm that processes input in 512-bit blocks and outputs a 128-bit hash value8. However, it is frequently used for hash-based password verification, but the source states a server operator only stores the hash value, not the password itself, and the same hash value is returned when confirming if the password is correct. It is not recommended due to discovered vulnerabilities

Salting

A type of hash algorithm that adds a random string to the original message when generating a hash value. This makes dictionary attacks difficult, as the hash value will be different even for the same password if the salt is different

Malware

defined as malicious software or viruses designed to perform malicious actions against computers, file systems, or networks

Worm

A type of malware which that run independently and replicate to spread to other computers

Virus

A type of malware that require a host program to spread and are executed when the host program performs malicious behaviour or spreads its own

Trojan Horse

A type of malware that is a program that appears normal but contains hidden code designed to look like a normal program. Malicious code is executed when the user executes the program

Firewall

a security solution installed between a public network and a private network to protect the private network from external access. Different types exist, such as packet filtering, circuit-level gateway, application gateway, and hybrid

Packet-Filtering Firewall

A type of firewall which examines packets at the network layer (Layer 3) and transport layer (Layer 4) of the OSI model, filtering them based on attributes like source/destination IP addresses, port numbers, and protocol types.

Circuit-level Gateway Firewall

A type of firewall which operates at the session layer (Layer 5) of the OSI model, providing security by monitoring TCP handshakes and establishing connections between trusted and untrusted networks

Application-level Firewall

A type of firewall which operates at the application layer (Layer 7) of the OSI model. Unlike traditional firewalls that inspect packets based on IP addresses and ports, this type of firewall analyzes the content and behavior of network traffic at the application level.

Proxy server

A type of server provides authentication to specific hosts to access a private network and allows them to pass the packet

Intrusion Detection System (IDS)

security system that detects suspicious transactions and blocks abnormal financial transactions for the target system or network in real-time by distinguishing unauthorised and abnormal behaviours

Fraud Detection System (FDS)

a system that detects suspicious transactions and abnormal financial transactions. It does this by analysing electronic transactions, access information, and transaction details, and using electronic financial transaction history. The analysis relies on detecting abnormalities in user information and behaviour

Firewall

An entity where an IDS is integrated with which enables allowed packets to undergo real-time detection and blocking of illegal activities

Virtual Private Networks (VPN)

a technology that enables safe access control, authentication, and confidentiality services like a private network when using a public network

IPsec (Internet Protocol Security)

A type of technology that implements VPNs which a suite of protocols used to secure network communications over IP networks. It provides authentication, encryption, and integrity for data packets, making it a key technology for secure VPN connections and private communication across untrusted networks

SSL (Secure Sockets Layer)

A type of technology to implement VPNs which is a cryptographic protocol designed to provide secure communication over the internet. It ensures data confidentiality, integrity, and authentication between web browsers and servers.

Single Sign-On (SSO)

a security system that enables users to access multiple services or applications using a single set of login credentials. It is based on authentication between different systems and allows identity management across the network

Web Access Firewall (WAF)

A type of firewall which is located in front of the web server. It monitors traffic with the HTTP/HTTPS protocol and blocks attacks such as SQL injection and cross-site scripting (XSS). It protects web applications from common web attacks

Network Access Control (NAC)

a system that determines network access rights for users. It monitors network access according to the user's authentication, device, and security policies

Wireless Intrusion Prevention Systems (WIPS)

automatically detects and blocks access from unauthorised wireless devices by continuously monitoring the wireless LAN. It improves the stability of wireless LAN and prevents interference or jamming. It also helps prevent illegal AP use

Enterprise Security Management (ESM)

provides a consistent and effective administrative and user interface by integrating security management functions. It is used to build an integrated security management system by applying policies and providing efficient security based on the operational status of the system

Security Information and Event Management

an event warning and monitoring system for intelligent threats. It collects DNA from the security devices in the entire enterprise and analyses the data to provide an overview of security threats

Blockchain

A new form of IS which is described as a distributed ledger technology based on. All transactions are recorded in one public ledger that is distributed and stored across the network. This distributed ledger is designed with a secure hash algorithm. Blocks are typically chained together every 10 minutes (or a certain period). It uses a P2P network method instead of a central system for transaction verification.

FIDO (Fast Identity Online)

is a set of authentication standards designed to improve security and user experience by enabling passwordless authentication. focuses on reducing reliance on traditional passwords by using cryptographic techniques and multi-factor authentication.

FIDO 1.0

A classification of FIDO which uses A biometric authentication method that uses a user device (e.g., smartphone with biometric sensor) for authentication. It provides basic authentication methods. It does not store user personal information on the server

FIDO 2.0

A classification of FIDO which provides a convenient authentication and payment environment using bio information. It is a universal authentication technology designed to be applicable across platforms like browsers, operating systems, and devices. FIDO 2.0 requires either an authentication server or a FIDO private key on the user device, and it is provided via the UAF (Universal Authentication Framework) protocol

Network Segragation

practice of dividing a network into smaller, isolated segments to improve security, performance, and manageability. By limiting access between different sections of a network, organizations can reduce the risk of cyber threats spreading and enforce stricter security policies

Networking Linking

process of connecting multiple networks or network segments to facilitate communication, resource sharing, and data exchange. This can be achieved through various technologies and configurations, depending on the needs of an organization or system.

Quantum Cryptography

a cryptographic technology that uses the characteristics of mechanics unlike existing cryptography based on quantum. It is said to be impossible to copy or interrupt due to its quantum properties

Trusted Platform Modules (TPM)

a standard established by the TCG (Trusted Computing Group). It is a security module integrated into devices like motherboards. TPM provides strong security environments for stored important data like encryption keys, user information, passwords, and digital certificates

Reidentification

process or method of converting data in a way that an individual cannot be identified back into the original information

De-identification

process of modifying or removing personal data from a dataset to prevent an individual from being directly or indirectly identified

Pseudonymisation

A de-identification technique which replaces personal identifiers with artificial labels or pseudonyms, making it harder to trace the data back to an individual

Example: Instead of using "John Doe," the dataset might replace it with "User12345."

Aggregation

A de-identification technique which combines multiple data points into broad statistical groups to prevent individual identification

Example: Instead of showing individual ages, the dataset might group people into age ranges like "20–30 years old."

Data Reduction

A de-identification technique which removes certain details from a dataset to minimize the risk of identification.

Example: Instead of storing a full address, the dataset might only keep the city or region.

Data Suppression

A de-identification technique which completely removes sensitive information from a dataset when revealing it would pose a risk.

Example: A hospital report might eliminate small patient groups from public health statistics if they could be identified.

Data Masking

A de-identification technique which obscures sensitive data by altering its appearance without affecting its usability

Example: A credit card number might appear as "XXXX-XXXX-XXXX-1234", showing only the last digits.

General Data Protection Regulation (GDPR)

a personal information protection law of the European Union that took effect in May 2018. It aims to protect personal information and provide opportunities for the utilisation of personal information

Encryption

process of converting plaintext into ciphertext (an unintelligible form) using a cryptographic algorithm

Decryption

process of restoring the original plaintext from the ciphertext using a decryption key

Cryptographic Algorithm

uses a key to perform encryption and decryption

Cryptosystem

a set comprising the cryptographic algorithm and the key

Private Key Cryptography

A type of cryptography which uses the same secret key for both encryption and decryption. The sender and receiver must both know and manage the secret key

Block cipher algorithm

A type of private key cryptography which divides data into blocks and encrypts each block separately

Stream cipher algorithm

A type of private key cryptography which encrypts data bit by bit

Public Key Cryptography (Asymmetric Cryptography)

A type of cryptography which uses a pair of keys: a public key for encryption and a private key for decryption. The public key can be shared, but the private key must be kept secret by the owner. The sender encrypts the message with the receiver's public key, and the receiver decrypts it with their private key

RSA (Rivest-Shamir-Adleman)

relies on the mathematical difficulty of factoring large prime numbers. takes two large primes (p and q) are multiplied to form n. a public exponent (e) is chosen, along with a private exponent (d) derived using modular arithmetic.

To encrypt a message M, the sender applies the public key (n, e) using the formula C = M^e mod n, generating ciphertext C.

the recipient, possessing the private key (n, d), decrypts C using M = C^d mod n, retrieving the original message

ECC (Elliptic Curve Cryptosystem)

an asymmetric encryption technique that relies on mathematical properties of elliptic curves where a private key is chosen randomly, and a public key is derived using an elliptic curve equation.

Using a recipient’s public key to encode a message, which can only be decrypted using the corresponding private key.

Knowledge-based Authentication

A type of authentication method that is based on information the user knows, such as ID/Password, PIN, password, account number, etc. Passwords should meet criteria like minimum length, combination of characters, and should be changed regularly.

Countermeasures against password attacks include password aging, limiting login attempts, and implementing secure authentication methods

Ownership-based Authentication

A type of authentication method that is based on something the user possesses, such as a smart card, security key, or OTP (One-Time Password)

OTP (One-time Password)

A password generated for a single session. Can be synchronous (time-based) or asynchronous (challenge-response). Synchronous uses time as an input value, while asynchronous uses a challenge value from the server

Presence-Based Authentication

A type of authentication method which is based on the user's body or characteristics ("What you are"), such as fingerprint recognition, voice recognition, or face recognition.

Multi-factor Authentication

Combining multiple authentication methods (knowledge, ownership, presence) to supplement the weakness of a single method

Public Key Infrastructure (PKI)

a network structure of objects that provide information security services, such as public keys, private keys, and certificates. It consists of Certificate Authority (CA), Registration Authority (RA), and public certificates

Certificate Authority (CA)

A component of PKI which is a trusted entity responsible for issuing, verifying, and managing digital certificates used in encryption and authentication. they validate identities and ensure secure communication by signing certificates with their private keys, allowing users to trust that a website, server, or entity is legitimate

Registration Authority (RA)

A component of PKI which is an entity responsible for verifying user identities before a Certificate Authority (CA) issues digital certificates. It acts as an intermediary between users and the CA, ensuring that certificate requests are legitimate.

Public certificate

A component of PKI which is a cryptographic document issued by a Certificate Authority (CA) that validates the authenticity of a website, server, or entity. It contains a public key, identity details, and a digital signature from the CA, ensuring secure communication through encryption.

Access Control

process of controlling who can access a system and what they can do (permissions). It consists of three parts: identification (identifying the subject), authentication (verifying the subject), and authorization (granting permission based on verified identity

Minimum privilege policy

An access control policy where subjects should use the minimum amount of information necessary for their work. This aims to prevent leakage of information

Maximum privilege policy

An access control policy where individuals are granted access based on the principle of maximum availability, applied to increase the benefits of data exchange

Mandatory Access Control (MAC)

A type of access control policy where Access rights are determined by a security label assigned to the subject and object29. This is often used in military applications

Discretionary Access Control (DAC)

A type of access control policy where Access rights are determined by the owner of the object30. It is commonly used in Unix-like systems

Role-Based Access Control (RBAC)

A type of control policy where Access rights are granted based on the user's role within the organisation30. Roles are assigned permissions, and users are assigned roles

Bell-LaPadula Model

An access control model where follows two key rules: the "No Read Up" (Simple Security Rule) ensures that lower-level users cannot access higher-classified information, while the "No Write Down" (-Property)* prevents higher-clearance users from writing to lower-classified data, reducing the risk of accidental leaks. This structure is widely used in government and military systems

Biba model

An access control model which operates on the principle of "No Write Up, No Read Down," meaning users at lower integrity levels cannot modify higher-integrity data, and higher-integrity users cannot read lower-integrity data to avoid corruption. This ensures that critical system information remains accurate and unaltered

Clark-Wilson model

An access control model which enforces security through access control rules, requiring users to interact with data using trusted procedures rather than direct modifications

Chinese Wall Model

An access control model which is designed for conflict-of-interest prevention by restricting access to sensitive data based on past interactions ensuring that once a user accesses data from one company, they are restricted from viewing conflicting data from another

Capability List Model

An access control model which grants users explicit rights on a per-object basis. Each capability acts like a secure "token," specifying what actions a user can take on a given resource. This approach is highly efficient in distributed systems

APT (Advanced Persistent Threat)

A security threat which are attacks targeting a specific entity for a long time using various techniques like social engineering. This attack typically involves several stages: information collection, infrastructure setup, attack execution, and data leakage32. A notable example mentioned is the leakage of personal information from a financial institution and a portal company in Korea in 2011

Phishing

A security threat where are Scams that involve obtaining financial or personal information by tricking users into revealing it, often via fake websites or emails

Spear phishing

A security threat which Targets a specific individual, company, or organisation by sending personalised phishing emails based on collected information

Cryptojacking

A security threat where Attackers use infected PCs or smartphones to mine cryptocurrency by consuming computing resources

Ransomware

A security threat which is Malware that encrypts data or systems and demands a ransom for their release35. Recent variants encrypt user data and backup files, making recovery difficult without the decryption key

Drive-by Download Attack

A security threat which Infects a user's PC with malware when they visit a compromised website36. It can occur without user interaction or knowledge

'Fileless' attack without malware installation

A security threat which Exploits system vulnerabilities using tools like PowerShell to run malicious code without installing malware files

AI Marketing

A security threat which uses Online advertising and marketing that can distribute malware to a large audience rapidly

IoT (Internet of Things) security

A security trend which focusing on the Security for interconnected devices37. Security should be considered during the design and development phases37. Key security priorities include device authentication, connection security, and service securit

Cloud Security

A security trend focusing on the Security for data and applications hosted in the cloud39 through methods such as: encrypting data before storing it, using strong authentication and access control, and deploying cryptographic algorithms

Big Data Security

A security trend which focuses on the Security for large volumes of data through anonymisation, aggregation, and data suppression techniques, K-anonymity, and differential privacy

Differential Privacy

a privacy-preserving technique that ensures statistical analyses on datasets do not reveal sensitive information about individual records. It achieves this by adding controlled noise to data queries, making it impossible to pinpoint a specific person’s data while still maintaining overall accuracy for analysis.

Mobile Security

A security trend that focus on the Security for mobile devices and applications through applying attack/threat prevention solutions and secure coding

Information Security Management System (ISMS)

a system that manages information security measures43. Its purpose is to maintain the confidentiality, integrity, and availability of information assets43. It involves continuous improvement through implementing security measures and operating related processes43. includes establishing the system, risk management, security system operation, and management system rejection and improvement43

Risk Management

A process of identifying risks to information assets, estimating their value, identifying legal, administrative, physical, and technical threats, assessing the risk level, and implementing protective measures44. This can be quantitative or qualitative