Please enable JavaScript.
Coggle requires JavaScript to display documents.
SECURITY BASIC AND IT PROFESSIONALS, Only authorized users that can freely…
SECURITY BASIC AND IT PROFESSIONALS
1.INTRODUCTION TO SECURITY
set of practices intended to keep data secure for being hacked
TYPES OF SECURITY THREATS
Malicious Code
Harmful computer programming scripts designed to create or exploit system
Hacking
Hacking refers to activities that seek to compromise digital devices,
Theft
Any security incident in which sensitive
Natural Disaster
These can best be thought of as threats caused by Mother Nature—floods
TYPES OF SECURITY ATTACKS
Reconnaissance Attack (sniffing, spoofing)
Denial of Service Attack (DOS)
Distributed Denial of Service Attack (DDOS)
Malicious Code Attack (worms, viruses, Trojan horses)
GOALS OF SECURITY
CONFIDENTIALITY
Encryption services can protect your data at rest
INTEGRITY
etection on any modification of data by unauthorised parties.
AVAILABILITY
Attacker
Hackers
A person who breaks into other people's computers with malicious intentions.
2.SECURITY POLICIES AND PROCEDURES
a document that outlines specific requirements or rules that must be met.
Security Policy Requirements
Appendices
operating systems should be placed in appendices or in separate configuration procedures.
Waivers
provide a mechanism to assess the risk to the organization and to develop a contingency plan
Encryption
define acceptable encryption algorithms for use within the organization
Identification and Authentication
define how users will be identified
Access Control
define the standard requirement for access controls to be placed on electronic files.
Network Connectivity
specify the rules for connection
Malicious Code
specify where security programs that look for malicious code
Audit
define the types of events to be audited on all systems.
Password Requirements
Minimum length – 8 Characters
Maximum length – 14 Characters
Minimum complexity – no dictionary words included
Password are case sensitive but username is NOT case sensitive
Unique password – should not less than 24
Maximum password age – 60 days
Minimum password age – 2 days
Store password using reversible encryption
Encryption
encoding messages or information in such a way that only authorized parties can access it.
Types of ENCRYPTION:
Hash Encoding
form of computerized cryptography using a singular encryption key to guise an electronic message.
Symmetric Encryption
Asymmetric Encryption
form of Encryption where keys come in pairs. What one key encrypts, only the other can decrypt.
transformation of a string of characters into a usually shorter fixed-length value
cipher text?
algorithm that can perform encryption or decryption.
Decryption
inverse of encryption
Cryptanalysis
methods of deciphering cipher text without knowing key.
SECURITY TROUBLESHOOTING & SOLUTIONS
Identify the problem.
Establish a plan of action to resolve the problem and implement the solution.
Verify full functionality and, if applicable, implement preventive measures.
Document your findings, actions, and outcomes.
Establish a theory of probable cause.
Test your theories to determine the cause of the problem
Only authorized users that can freely access the systems
any software or person that deliberately attempts to avoid security services
Access Attack (hacking, brute force)