IS define: well-informed sense of assurance that the information risks and controls are in balance History of IS: computer security began after first mainframes were developed Rand Report R-609 computer security(physical security) into information security:safety of data, limiting unauthorized access to data, involvement of personnel from multiple levels of an organization Key words and concepts: multiple layers of executes: physical, personnel, operations, communications, network, Information
Information security: protection of information and its critical elements: systems and hardware’s that use, store and transmit information Component of Info.
System: software, hardware, people, data, procedures, networks CIA triangle(industry standard for computer security): confidentiality, integrity, availability Some key words: object, access, asset, attack, exploit, loss, exposure, protection profile, subject, control, risk, threat, threat agent, vulnerability Concepts:security should be a balance between protection and availability Information’s characteristics: availability, accuracy, authenticity, confidentiality, (the value of information comes from) integrity, utility, possession Approaches to is implementation: bottom-up: advantage:technical expertise of (less use) individual administrator ad’s: lack participant support and organizational staying power management cycle top-down: initiated by upper (widely use) also called systems development life Security systems life cycle: investigation
Protect tech assets: add infrastructure base on the company’s scope and size Threats posed to IS and their attacks: Threat: an entity represents a constant danger to an asset divided by respective activity security is improving CSS/FBI: organization of 64% mallard infection in it 14% penetration by outsider threat agent do threat and result in risk 1 . Damage intellectual property: IP is ownership ideas and their tangible or virtual Representations Contain: trade secret, copyright, trademark, patent Most common breaches: software piracy Prevent: digital watermark, embedded code, copyright code enforce law. Inline registration, license agreement(most) ASIA, BAS 2.
Deliberate software attack: mallard: viruses: piece of codes Attach existing program Most common method: email Boot virus: system files Memory, space, network bandwidth Own replication and attacks Macro virus: office software Worms: replication by themselves Trojan horses: hide nature until activated access the system with privilege Back door: can caused by viruses and worm Polymorphism: change shape, avoid detect Virus and worm hoaxes: more money, time 3. Deviations in quality of service: product or service not delivered as expected Three major service: Internet service, communication, power irregularity: excesses shortage loss 4. Espionage or trespass: unauthorized access to the secret info. Shoulder surfing, competitive intelligence Trespass: Control mark the boundaries help attacker Forces of nature: Expert, unskilled hacker(crime), cracker(crime), partaker 5. 6.