The Need for Information Assurance and Security (Week 2)

reviewer

IAS helps to protect businesses' sensitive information from unauthorized access, use, disclosure, disruption, modification, or destruction. This information could include customer data, financial information, intellectual property, and other confidential information

BUSINESS NECESSITY FOR IAS
Information Sensitivity

Many industries and sectors are subject to specific laws, regulations, and standards that mandate how sensitive information should be handled, protected, and secured. Non-compliance can lead to legal penalties, reputational damage, and loss of trust

BUSINESS NECESSITY FOR IAS
Compliance with Regulations

__________ is a fundamental concept in the realm of information assurance and security. It involves taking proactive measures to minimize the potential negative impacts of threats and vulnerabilities on an organization's information assets.

BUSINESS NECESSITY FOR IAS
Risk Reduction

IAS can help businesses to improve their operations by reducing downtime, improving efficiency, and increasing productivity.

BUSINESS NECESSITY FOR IAS
Enhancement of Business Operations

Businesses that implement strong IAS can gain a ________________ by protecting their information assets and demonstrating their commitment to security

BUSINESS NECESSITY FOR IAS
Gaining Competitive Advantage

Involves implementing safeguards such as encryption, firewalls, monitoring tools, and user training to mitigate risks like unauthorized access, malware, or data breaches

BUSINESS NECESSITY FOR IAS
Protection Against Cyber Threats

Ensuring privacy protection is essential to maintaining individuals' rights and trust, as well as complying with privacy regulations.This involves safeguarding personal information from unauthorized access and misuse, thereby fostering a secure environment for data handling.

BUSINESS NECESSITY FOR IAS
Preservation of Privacy

Data breaches can lead to significant financial, legal, and reputational damage. Robust security measures help prevent unauthorized access to databases and sensitive information.

BUSINESS NECESSITY FOR IAS
Mitigation of Data Breaches

Organizations invest heavily in research, development, and innovation. Information security protects intellectual property, trade secrets, and proprietary information from theft and unauthorized access.

BUSINESS NECESSITY FOR IAS
Safeguarding Intellectual Property

Involves maintaining essential functions during and after a disaster or disruption, ensuring that operations can continue with minimal impact.

BUSINESS NECESSITY FOR IAS
Ensuring Business Continuity

Invaluable assets that organizations can build and maintain through effective information assurance and security practices. They foster customer loyalty and confidence, essential for long-term success.

BUSINESS NECESSITY FOR IAS
Trust and Reputation

Refers to the interconnectedness of people, organizations, devices, and systems across the world through various communication networks and technologies

BUSINESS NECESSITY FOR IAS
Global Connectivity

Refers to the delivery of computing services, such as storage, processing power, and applications, over the internet. Also known as telecommuting or teleworking, it involves employees technologies. working outside the traditional office environment, often enabled by cloud

BUSINESS NECESSITY FOR IAS
Cloud Computing and Remote Work

In Information Access Systems (IAS) it occur when unauthorized access, misuse, or mismanagement of data leads to direct or indirect monetary consequences

BUSINESS NECESSITY FOR IAS
Preventing Financial Losses

Requires a comprehensive approach that involves government agencies, law enforcement, intelligence organizations, military forces, and private sector partners. It's a dynamic and evolving effort that adapts to emerging threats and technologies

BUSINESS NECESSITY FOR IAS
Protecting National Security

Involve informing individuals about the importance of security measures, risks, and best practices in protecting information assets. The goal is to reduce the likelihood of security incidents and foster a security-conscious culture.

BUSINESS NECESSITY FOR IAS
Education and Awareness

MITIGATION: Implement security awareness training for employees and naïve end users.

IDENTIFYING RISKS AND THREATS TO IAS
Human error
THREATS: Human error is the most common cause of security breaches. This can include mistakes made by employees, contractors, or customers.

MITIGATION: Implement security controls, such as firewalls, intrusion detection systems, and antivirus software

IDENTIFYING RISKS AND THREATS TO IAS
Malicious Attacks

THREATS: Malicious attacks are intentional attempts to gain unauthorized access to information systems or to disrupt operations

MITIGATION: Keep software up to date with the latest security patches.

IDENTIFYING RISKS AND THREATS TO IAS
Technical vulnerabilities
THREATS: Technical vulnerabilities are weaknesses in software, hardware, or firmware that can be exploited by attackers

MITAGATION: Implement data protection policies, security controls and risk-reduction plan to mitigate the risks.

IDENTIFYING RISKS AND THREATS TO IAS
Business risks
THREATS: These risks can be caused by a variety of factors, such as financial losses, regulatory compliance issues, or reputational damage

MITAGATION: Enact and implement laws and policies, and cyber security measures governing national information and other related assets.

IDENTIFYING RISKS AND THREATS TO IAS
National risks
THREATS: National risks impact national interests as well as governmental hierarchy.

Weaknesses in the physical security of an organization that can be exploited by attackers to gain unauthorized access to sensitive information or systems

IDENTIFYING RISKS AND THREATS TO IAS
Physical Security Vulnerabilities

Security risks that arise from malicious or unintentional actions by individuals who have authorized access to an organization's systems and data. Insider threats can be costly and disruptive, and they can damage an organization's resources.

IDENTIFYING RISKS AND THREATS TO IAS
Insider Threats

Can be installed on a computer through a variety of means, such as clicking on a malicious link, opening an infected attachment, or downloading a file from an untrusted source

IDENTIFYING RISKS AND THREATS TO IAS
Malware

Attaches itself to a legitimate program or file and spreads when the infected program is executed. It can corrupt or delete files and spread to other systems.

IDENTIFYING RISKS AND THREATS TO IAS
Virus

Cybercriminals use deceptive tactics to manipulate individuals into revealing sensitive information or performing actions that compromise security.

IDENTIFYING RISKS AND THREATS TO IAS
Phishing and Social Engineering

An incident in which sensitive, confidential, or protected data is exposed to an unauthorized individual or entity. Unauthorized access to sensitive data, either through cyberattacks or human error, can result in data leaks and financial losses.

IDENTIFYING RISKS AND THREATS TO IAS
Data Breaches

Sophisticated attackers target specific organizations over a prolonged period, aiming to gain unauthorized access and exfiltrate sensitive data.

IDENTIFYING RISKS AND THREATS TO IAS
Advanced Persistent Threats (APTs)

An attempt to make a computer system or network unavailable to its intended users

IDENTIFYING RISKS AND THREATS TO IAS
Denial of Service (DoS) Attacks

Failing to regularly update and patch software and systems can leave vulnerabilities that attackers exploit

IDENTIFYING RISKS AND THREATS TO IAS
Unpatched Software

Often rely on easily guessed passwords or other easily compromised factors, such as security questions. Inadequate password policies and lack of multi-factor authentication can lead to unauthorized access

IDENTIFYING RISKS AND THREATS TO IAS
Weak Authentication

These are weaknesses in the design or implementation of mobile devices that can be exploited by attackers to gain unauthorized access to the device or its data

IDENTIFYING RISKS AND THREATS TO IAS
Mobile Device Vulnerabilities

Weaknesses in the design or implementation of IoT devices that can be exploited by attackers to gain unauthorized access to the device or its data.

IDENTIFYING RISKS AND THREATS TO IAS
IoT Vulnerabilities

The potential for harm that can come from using social media platforms

IDENTIFYING RISKS AND THREATS TO IAS
Social media risks

Software developers need to understand the _____________ for IAS activities in order to develop effective solutions.

CHALLENGES FACED BY SOFTWARE DEVELOPERS
Understanding the business

IAS technologies are constantly evolving, so software developers need to _______________ in order to develop effective solutions.

CHALLENGES FACED BY SOFTWARE DEVELOPERS
Staying up-to-date on the latest technologies

IAS solutions need to meet a variety of __________. Software developers need to be aware of these requirements and develop solutions that meet them

CHALLENGES FACED BY SOFTWARE DEVELOPERS
Meeting compliance requirements

IAS solutions can introduce new risks to an organization, such as security breaches and compliance violations. Software developers need to ______ by employing appropriate security controls in the software

CHALLENGES FACED BY SOFTWARE DEVELOPERS
Managing risks

IAS activities can be complex and require a deep understanding of the underlying technologies

CHALLENGES FACED BY ADMINS
Complexity

IAS activities often involve sensitive data, which requires strong _____ measures to protect it from unauthorized access.

CHALLENGES FACED BY ADMINS
Security

IAS activities need to have ______ to meet the needs of a growing business.

CHALLENGES FACED BY ADMINS
Scalability

IAS activities need to comply with a variety of laws and regulations.

CHALLENGES FACED BY ADMINS
Compliance

IAS activities can be costly to implement and maintain

CHALLENGES FACED BY ADMINS
Costs