Please enable JavaScript.
Coggle requires JavaScript to display documents.
Chapter 1: Information Security Overview (TERMS IN ISS (information theft,…
Chapter 1: Information Security Overview
DEFINITION
INFORMATION SYSTEM SECURITY known as ISS or INFOSEC
to protect access information from unauthorized user
to prevent people from entering our mobile
THE NEED FOR ISS
protect system from hacker
protect personal data
EXPECTATION OF SECURITY MEASURES
users can perform only authorized tasks
users can obtain only authorized information
cannot cause damage to the data
NETWORK SECURITY
prevent unauthorized access to the network that is of the potential threat to the network resources
ensure that the authentic users can effectively access the network and its services
applications that can protect the network from unauthorized access are in place
POTENTIAL RISK TO NETWORK SECURITY
hostile nations/state
terrorist
criminal elements
hackers or corporate competitors
CHARACTERISTICS OF ISS - CIA
CONFIDENTIALITY
defined as the level of protection of transmitted data from passive attacks
protecting the information from disclosure to unauthorized parties
INTEGRITY
the information being transferred in free from modifications
protecting information from being modified by unauthorized parties
AVAILABILITY
the state of the network where the resources are always available to authorized users upon demand
to ensuring that authorized parties are able to access the information when needed
POTENTIAL RISKS OF ISS
ASSET IDENTIFICATION
identify the resources used in network for various applications
network devices such as routers, switches and firewalls should be taken care
network resources should be able to identify users' privacy
VULNERABILITY ASSESSMENT
the process of identifying, quantifying and prioritizing the vulnerabilities in the system
to ensure configurations are correctly set and the proper security patches are applied
THREAT IDENTIFICATION
to identify a threat in the system
unauthorized access to information through networks
TERMS IN ISS
information theft
unauthorized disclosure
information warfare
accidental data loss
data disclosure
data modification
data availability
SECURITY MODEL FOR ISS
open security model
restrictive security model
closed security model