Please enable JavaScript.
Coggle requires JavaScript to display documents.
Information security for unit 2. - Coggle Diagram
Information security for unit 2.
CIA Triad.
Confidentiality
:
Confidentiality builds trust between employer and employee and business owners have an obligation to keep staff information secure and trusted. To have their information shared is not only a breach in privacy, but it will destroy employee trust, confidence and loyalty. It will also cause a loss in productivity.
Integrity
:
Integrity involves maintaining the consistency, accuracy and trustworthiness of data over its entire lifecycle. Data must not be changed in transit, and steps must be taken to ensure data cannot be altered by unauthorized people (for example, in a breach of confidentiality).
Availability
:
Availability means information should be consistently and readily accessible for authorized parties. This involves properly maintaining hardware and technical infrastructure and systems that hold and display the information.
Types of risk: (Unintended/Accidental)
Unauthorised or unintended access:
Definition
: A data breach (also known as data spill or data leak) is unauthorized access and retrieval of sensitive information by an individual, group, or software system. It is a cybersecurity mishap that happens when data, intentionally or unintentionally, falls into the wrong hands without the knowledge of the user or owner.
Example
: Accounting and professional services firm PKF and the Queensland Rugby Union (QRU) are the latest Australian organisations to fall victim to ransomware hackers, battling to contain breaches as new landmark legislation to increase the government’s role in cyber defences was set to pass the Senate.
Accidental loss of data:
Accidental data loss means the loss of data or computer data due to some accidents. Generally, data or information from the computer system loss due to threats caused by the malicious intruders. Self mistakes such as wrong tape, incorrect entry of data, lost disk, or telecommunication errors.
A third of employees admit lying to hide the fact that they accidentally deleted data, most doing so out of embarrassment or fear of punishment. Even more would lie about a ransomware infection.
Types of risk: (Intentional)
Intentional destruction of data:
Data destruction is the process of destroying data stored on tapes, hard disks and other forms of electronic media so that it is completely unreadable and cannot be accessed or used for unauthorized purposes.
Human Rights Watch reviewed thermal anomaly data collected by an environmental satellite sensor (VIIRS) that detected the presence of multiple active fires in Thantlang town in Chin State in north-western Myanmar. The thermal anomalies were detected for the first time on October 29 at 12:29 p.m. local time. The readings are consistent with reports of fires burning buildings during the day, depicted in photos and videos circulated around this time by the media and human rights groups. More than 12 hours later, additional thermal anomalies were also detected, consistent with reports of fires at night.
Intentional tampering of data:
Data tampering is the act of deliberately modifying (destroying, manipulating, or editing) data through unauthorized channels. In both instances, the intrusion is malicious and the effects on the data always dire. It's one of the biggest security threats that any application, program, or organization can face.
The purpose of a comprehensive forensic audit is not to report the total ballots cast but to determine how many votes were real and how many were fraudulent. Nor is it necessary to establish who won or if cheating occurred -- it did and on a massive scale -- but it is to identify criminal election behavior.
That evidence was laid out in "The Arizona Nuclear Earthquake: 'The Election Should Not be Certified'"(LibertyUnder Fire.com). The controlled press ignored proof positive evidence submitted in the first Cyber Ninjas report and predictably will do the same in this second report as well. Nevertheless, Arizona Attorney General Mark Brnovich, based on the presented forensic documentation, appears ready to unleash indictments leading to prosecution