INFORMATION SECURITY MIDTERMS REVIEWER

100%

INFORMATION SECURITY

Also known as InfoSec

The practice of protecting information by mitigating information risks.

A part of information risk management.

Involves preventing or at least reducing the probability of unauthorized or inappropriate access to data, or the unlawful use, disclosure, disruption, deletion, corruption, modification, inspection, recording, or devaluation of information.

It also involves actions intended to reduce the adverse impacts of such incidents.

CIA example: ATM

With two-factor authentication, confidentiality is addressed, and sensitive data is protected by using a debit card with a PIN code. This PIN code makes sure that only authorized individuals will have access to financial account information.

ATMs and bank software help maintain data integrity by keeping records of all ATM transfers and withdrawals in a user's bank account. This helps ensure that information is accurate and up-to-date.

ATMs are available for public use and are accessible at all times. This provides convenience and flexibility for users.

INFORMATION ASSURANCE

The practice of assuring information and managing risks related to the use, processing, storage, and transmission of information. Information assurance includes the protection of the integrity, availability, authenticity, nonrepudiation, and confidentiality of user data.

Also known as IA

It encompasses not only digital protections but also physical techniques. These protections apply to data in transit, both physical and electronic forms, as well as data at rest.

IA is best thought of as a superset of information security, and as the business outcome of information risk management.

One. Confidentiality

Two. Integrity

Three. Availability

Four. Authentication

Five. Non-Repudiation

INFORMATION SECURITY: IS IT AN ART OR A SCIENCE?

AS AN ART

One. Confidentiality

Application:

Example:

Two. Integrity

Application:

Example:

Three. Availability

Application:

Example:

DIMENSION TWO: Identifies where information exists

One. Data at Rest (Storage)

Disk encryption

Research data stored on a university server is encrypted to protect it from unauthorized access.

Secure protocols (HTTPS, SSL and TLS)

Online enrollment systems use HTTPS to secure data transmitted between student devices and servers.

Application:

Example:

DIMENSION THREE: Defines how protection is implemented THREE. Security measures used to protect data

Acceptable Use Policy

Example:

Two. Education, Training, and Awareness (Peopleware Controls)

Application:

Example:

Three. Technology (Technical Controls)

Application:

Example:

Applying the McCumber Cube in Practice

Three. Check if Confidentiality, Integrity, and Availability are addressed

Five. Identify gaps and implement controls

One. Provides a complete security view

Three. Supports risk management and compliance

INFORMATION SECURITY RISK MANAGEMENT

FOUR STAGES OF ISRM

One. IDENTIFICATION

Two. ASSESSMENT

RISK SCORING

COMPUTER THREATS

HOW TO DETERMINE THREATS

A. Social Engineering

B. Insider Threat

Three. Software

Four. Network

Five. Data and Privacy

Six. Mobile and IoT

Overview

This midterms reviewer focuses on the key concepts of information security and assurance, exploring their fundamental components and the importance of managing information risks effectively. It discusses practical applications, policies, and the implementation of security measures in various contexts.

Key Points

1Information security involves protecting data from unauthorized access and risks
2Information assurance ensures integrity, availability, and confidentiality of data
3The McCumber Cube framework helps in managing information security effectively
4Various computer threats include social engineering, malware, and insider threats
5Risk management is crucial for assessing and mitigating vulnerabilities in IT systems

Details

Category: Technology and Engineering

PDF
Proficiency of records practitioners using artificial intelligence to enhance records management practices at the Gauteng Department of Education in South Africa
This study examines the proficiency of records practitioners at the Gauteng Department of Education in using artificial intelligence (AI) to improve records management practices. It employs a mixed-methods research approach to evaluate the existing skill levels and proposes a framework for upskilling these practitioners in AI utilization.
PDF
Intelligent Archive Management Based on Deep Learning Technology Driven by Artificial Intelligence
This research article presents a study on an intelligent archive management system (AMS) that employs deep learning (DL) technology to enhance the efficiency and accuracy of processing multimodal data. The proposed model addresses traditional AMS shortcomings such as data classification accuracy and system responsiveness.
PDF
Discharging Records Management Activities Using Artificial Intelligence at the Council for Scientific and Industrial Research, South Africa
This study investigates the application of artificial intelligence (AI) in enhancing records management activities at the Council for Scientific and Industrial Research (CSIR) in South Africa. It provides a framework for utilizing AI to improve efficiency in managing records throughout their life cycle.
PDF
Human-like systematic generalization through a meta-learning neural network
This article explores the capacity of neural networks to achieve human-like systematicity through a meta-learning approach that enhances compositional skills. It presents experimental findings comparing human and machine performance on systematic generalization tasks.
PDF
TBI-603 Network Security & Cyber Law Unit Notes
This document serves as comprehensive unit notes for a course on Network Security and Cyber Law, covering topics like network security practices, types of security attacks, and legal aspects of cybersecurity.