Chapter 1: Information Security Overview ( Terms in Information System…
Information Security Overview
Also known as INFOSEC
Refers to the processes and methodologies involved with keeping information confidential, available, and assuring its integrity.
The need of Information Security
Purpose : Protect Assets
Physically : Strong walls, well-guarded door to secure access – closed network
Emerging technologies, LANs and WANs :
e-business, mobile commerce, wireless networks – creating untold number of security risks
Firewall : intrusion detection, authentication, authorization and vulnerability assessment system
Information System Security
Confidentiality is defined as the level of protection of transmitted data from passive attacks. It means that the assets of communication network are accessible only by authorized users. The types of access include: reading, viewing, printing and transferring of information within the network itself.
Information integrity means the information being transferred in free from modifications.
Availability is defined as the state of the network where the resources are always available to authorized users upon demand.
Information System Security
Accidental data loss
Data loss is an error condition in information systems in which information is destroyed by failures or neglect in storage, transmission, or processing.
Information systems implement backup and disaster recovery equipment and processes to prevent data loss or restore lost data.
Data loss is distinguished from data unavailability, which may arise from a network outage. Although the two have substantially similar consequences for users, data unavailability is temporary, while data loss may be permanent.
Exposure data or file which consists of valuable information.
Revealing system data or debugging information helps an adversary learn about the system and form a plan of attack.
An information leak occurs when system data or debugging information leaves the program through an output stream or logging function.
The use of information, and attacks on information, as a tool of warfare.
The use of electronic communications and the internet to disrupt a country's telecommunications, power supply, transport system, etc.
Information warfare is comprised of giving the enemy propaganda to convince them to give up and denying them information that might lead to their resistance.
Modifying the actual data stored in system
An act which aiming at achieving objectives that will benefits some parties, or
It can be an act of sabotage to the existing functional network.
To disclose information to an individual who is not authorized to receive it.
An event(s) involving the exposure of information to entities not authorized access to the information.
Communication or physical transfer of classified national intelligence, including personal information or any valuable information to an unauthorized recipient/receiver.
Data is to be available at a required level of performance in all situations.
Can be accessed by authorized users at anytime.
Ready to be used by intended / authorized users.
Network eavesdropping can lead to information theft.
The theft can occur as data is transmitted over the internal or external network
The network intruder can also steal data from networked computers by gaining unauthorized access.