Please enable JavaScript.
Coggle requires JavaScript to display documents.
CHAPTER 1=INTRODUCTION TO SECURITY - Coggle Diagram
CHAPTER 1=INTRODUCTION TO SECURITY
Information Security
The term information security is frequently used to describe the tasks of securing information that is in a digital format
This digital information is manipulated by a microprocessor (such as on a personal computer)
Information security can be best understood by examining its goals and the process of how it is accomplished
The term “information security” also can be defined as protecting information and information systems from unauthorized access, use, disclosure, disruption, modification, or destruction in order to provide;
• CONFIDENTIALITY
Preserving authorized restrictions on access and disclosure, including means for protecting personal privacy and proprietary information.
Confidentiality ensures that only authorized parties can view the information.
• integrity
Guarding against improper information modification or destruction, and includes ensuring information nonrepudiation and authenticity.
Integrity ensures that the information is correct and no unauthorized person or malicious software has altered the data
• availability,
Ensuring timely and reliable access to and use
of information
Availability ensures that data is accessible to
authorized users.
1.2 SECURITY THREATS
A threat, in the context of computer security, refers to anything that has the potential to cause serious harm to a computer system.
Threats can lead to attacks on computer
systems, networks and more.
Risk of network intrusion
Once the hacker gains access to the
network, four types of threat may arise:
• Information theft
Breaking into a computer to obtain confidential
information. Information can be used or sold fo various purpose. Example: stealing an
organization’s proprietary information, such as research and development information
• Identity theft
A form of information theft where personal
information is stolen for the purpose of taking over someone’s identity. Using this information an
individual can obtain legal documents, apply for credit and make authorized online purchases.
• Data loss/ manipulation
Breaking into a computer to destroy or after
data records. Example of data loss: sending a virus that reformats a computer hard drive.
Example of data manipulation: breaking into a records system to change information, such
as the price of an item.
• Disruption of service
Preventing legitimate users from accessing
services to which they should be entitled.
Differentiate between Attackers and
Hackers
Cracker/ Intruder/ Attacker
Work for themselves
Can easily be identified because their
actions are malicious
Referred as Black Hat
Hackers
Hired by companies
Obtain advanced knowledge of operating systems and programming languages
Referred as White Hat
Various threats to computer security
Hacking
Hackers may use a modem or cable to
hack the targeted computers
Hacking is a source of threat to security in
computer. It is defined as unauthorized access to the computer system by a hacker
Natural Disaster
Computers are also threatened by natural or
environmental disaster. Be it at home, stores, offices and also automobiles. Examples of
natural or environmental disasters:
Fire
Earthquakes, storms and tornados
Flood
Excessive heat
Inadequate power supply
Malicious code
The effect is caused by an agent, with the
intention to cause damage.
The agent for malicious code is the writer of
the code, or any person who causes its distribution.
Theft
Two types of computer theft
Computer is used to steal money, goods,
information and resources.
Stealing of computer, especially notebook and
PDAs.