WHAT IS THE GOAL OF IS SECURITY?
Threat: a person or org that seeks to obtain or alter data or other IS assets illegally, without the owner’s permission and often without the owner’s knowledge.
1.Hacker wants to steal your bank login credentials
2.Employee posts sensitive data to public google+ group
Vulnerability: an opportunity for threats to gain access to individual or organization assets.
1.Hacker creates a phising site nearly identical to your online banking site
2. Public access to not-secure group
Safeguard: some measure that individuals or org take to block the threat from obtaining the asset.
1. Only access sites using httpd
2. Passwords procedures employees training
Result: No loss, loss of login credentials, loss of sensitive data
Explanation: 1. ineffective safeguard, 2. ineffective safeguard
Target: the asset that is desired by the threat.
SOURCES OF THREATS
Sources of threats: human error, computer crime, natural events and disasters.
WHAT TYPES OF SECURITY LOSS EXISTS?
Types of security loss:
-unauthorized data disclosure: Pretexting> occurs when someone deceives by pretending to be some1 else. Phising> a similar technique for obtaining unauthorized data that uses pretexting via email. Phisher> pretends to be legit company and sends an email requesting confidential data. Spoofing> someone pretending to be someone else. Sniffing> a technique for intercepting computer communication.
-incorrect data modification: incorrectly increasing a customer’s discount or incorrectly modifying an employee’s salary, earned days of vacation, or annual bonus. Procedure incorrectly designed or not followed. Placing incorrect data on company website. Cause improper internal controls on systems, system errors, and faulty recovery actions after a disaster.
-Faulty service: problems that result because of of incorrect system operation.
-Incorrect data modification
-Systems working incorrectly
-Procedural mistakes
-Programming errors
-IT installation errors
-Denial of service (unintentional)
-Denial of service (intentional)
-Usurpation: occurs when computer criminals invade a computer system and replace legit programs with their own, unauthorized ones that shut down legit apps and substitute their own processing to spy, steal, and manipulate, or achieve other purposes.
-denial of service: humans can inadvertently shut down a web server or corporate gateway router by starting a computationally intensive apps.
Loss of infrastructure: bulldozer cutting a conduit of fiber-optic cables and a floor buffer crashing into a rack of web servers. Humans accident, theft and terrorist events, disgruntled or terminated employee, natural disasters
-Advanced persistent threat (APT): long running computer hack that is perpetrated by large, well-funded org such as government
-Intrusion detection system (IDS): a computer program that senses when another computer is attempting to scan or access a computer network.
-Brute force attack: the password cracker tried every possible combo of chars. Can crack 6 char pass in about 5 min.
-cookies: small files that browser receives when you visit web sites
-technical safeguards: involve the hardware and software components of an information system.
-smart card: plastic card similar to credit card.
- Biometric authentication: personal physical characteristics such as fingerprints, facial features, and retinal scans to authenticate users.
-Encryption: process of transforming clear text into coded, unintelligible text for secure storage or communication.
-Key: a string of bits used to encrypt the data.
-symmetric encryption: the same key is used to encode and to decode.
-Asymmetric encryption: two keys are used; one key encodes the message, and the other to decodes the message. Symmetric encryption is simpler and much faster than asymmetric encryption.
-Secure sockets layer or transport layer security: uses a combo of public key encryption and symmetric encryption.
-Firewalls: a computing device that prevents unauthorized network access.
-Perimeter firewall: sits outside the org network> first device that internet traffic encounters
-Internal firewalls: inside the org network
-Packet filtering firewall: exams each part of a message and determines whether to let that part pass.
MALWARE PROTECTION
-Virus: a computer program that replicates itself. Unchecked replication is computed cancer.
-Payload: can delete programs or data or even worse, modify data in undetected ways.
-Trojan horses: viruses that masquerade as useful programs or files.
-Worm: a virus that self propagates using the internet or other computer network. Spread faster than viruses because they can replicate itself.
-Spyware: programs are installed on the user’s computer without the user’s knowledge or permission. <key loggers: malicious spyware
-Adware: similar to spyware in that it is installed without the user’s permission and resides in the background and observes user behavior. Most are benign.
Ransomware: malicious software that blocks access a system or data until money is paid to the attacker.
MALWARE SAFEGUARDS:
- Install antivirus and antispyware programs on your computer
- Set up your antimalware programs to scan your computer frequently
- Update malware definition.
- Open emails attachments only from known sources
- Promptly install software updates from legit sources.
- Browse only reputable web sites.
Design for secure app:
SQL injection attack: occurs when users enter a SQL statement into a form in which they are supposed to enter a name or other data.
Key escrow: safety procedures to have a copy of encryption key
SECURITY SAFEGUARDS AND THE 5 COMPONENTS
Technical safeguards: ID and authorization encryption firewalls malware protection apps design. (Hardware and software)
Data safeguards: data rights and responsibility, passwords, encryption backup and recovery, physical security. (data)
human safeguards: ( people and procedure ) result when authorized users follow appropriate procedures for system use and careful user account management. Positive> job tasks and responsibility. EX> no individual should should be allowed to both approve expenses and write checks
Human safeguards for non-employees: temporary personnel, vendors, partner personnel, and the public. Require vendors and partners to perform appropriate screening and security training. Contact specifies security responsibility. Provide accts and pass with least privilege and remove accts asap.
PUBLIC USERS: websites and other openly accessible IS
Hardening: special versions of operating system, lock down or eliminate operating systems features and functions not required by apps. Protect such users from internal company security problems. sites means to take great measures to reduce a system’s vulnerability.
SECURITY MONITORING
-Employ utilities to assess vulnerabilities
-Honeypots: false targets for computer criminals to attack.
-Investigate security incidents
-Constantly monitor to determine adequacy of existing policy and safeguards.
PRISM: the intelligence program by which the national security agency requested and received data about internet activities from major internet providers.
Privacy: freedom from being observed by other people
Security: state of being free from danger.
GOAL OF IS SECURITY: find appropriate trade-off between risk of loss and cost of implementing safeguards. Protective actions ( use antivirus software delete browser cookies, make appropriate tradeoffs to protect yourself and your business.
ACCOUNT ADMINISTRATION:
-Account management: standards for new user acc, modification of account permissions, removal of unneeded accts.
-Pass management: users change pass frequently
-Help desk policies: provide means of authenticating users.
SYSTEM PROCEDURES:
-normal op: system users> use the system to perform job tasks, with security app to sensitivity. Op personnel> operate data center equip manage networks, run WEB server and do related op task
-Backup :system users> prepare for loss of system functionality. Op personnel> back up web sites resources, databases, admin data, acct and pass data, and other data.
-Recovery: system users> accomplish job tasks during failure. Know tasks to do during system recovery. Op personnel> recovers systems from backed up data. Perform role of help desk during recovery