Information Assurance and Security 1

UGRD-IT6205A Information Assurance and Security 1

The course exposes the students to the basic structure of cyberspace and to a risk-based approach to cybersecurity.


DeliveryTransmitting the weapon to the target environment.
Requirements,Seven Stages of lifecycle model
TRUE(IA) is the study of how to protect your  information assets from destruction,
degradation, manipulation and  exploitation.
Prevent Cyber-AttacksPhysical security consist in the closure of IT equipment in a dedicated space
and the provision of access control.
TRUECyber
security, also referred to as information technology security, focuses on
protecting computers, networks, programs and data from unintended or
unauthorized access, change or destruction.
TrustIs a generic term
that implies a mechanism in place to 
provide a basis for confidence in the reliability/security of the  system.
confidentialityThis means that only those
authorized to view information are allowed access to it.
Phase F: Migration PlanningAssess the impact of new security measures upon
other new components or existing leveraged systems. What phase is that?
TRUECyberspace is "the environment in which communication over computer networks occurs.“
AuditThe ability to
provide forensic data attesting that the systems have been used in accordance
with stated security policies.
cyber bullyingWhich one is not a security threat in the IT world?
TRUEAvailability: Availability of information refers to ensuring that authorized parties are able
to access the information when needed
Information AssuranceIs the
study of how to protect your  information
assets from destruction, degradation, manipulation and  exploitation.
IntegrityProtection against
unauthorized modification or  destruction
of information
Phase F: Migration PlanningIn a phased
implementation the new security components are usually part of the
infrastructure in which the new system is implemented. The security
infrastructure needs to be in a first or early phase to properly support the
project. What phase is that?
ConfidentialityAssurance that information is shared only among authorized persons or organizations.
SecurityIs a process, not an end state
Risk TransferShift the risk to
someone else.
TrustFailure of the
mechanism may destroy the basis for trust.
integrityThis assured that the
information is authentic and complete.
confidentialityThis is roughly equivalent to
.
TRUEActions taken that
protect and defend information and 
information systems by ensuring their availability,  integrity, authentication, confidentiality
and
SecurityIs a process, not an
end state
Confidentiality, Integrity and AvailabilityThree Features of Security
ExploitationAfter the weapon is delivered to the victim, follows the targeting
of an application or vulnerability of the operating system. The infected file
can be used by the self-execution facility to launch the malware code, or it
can be executed by the user himself;
DeliveryThe main ways of transport are e-mails (attachment of infected files), web platforms (running malware scripts), or removable USB memories;
Assess assets, Assess threats, Assess vulnerabilities, Assess risks, Prioritize countermeasure options and Make risk management decisionsRisk Management Procedure consists of six steps.
crown jewelsFollowing a cyber risk
assessment, develop and implement a plan to mitigate cyber risk and protect the
“_____________” outlined in the assessment.
AuthenticationSecurity measures to
establish the validity of a 
transmission, message, or originator.
Cyber Risk Assessment_______________ should also consider any regulations that impact the way the company collects,
stores, and secures data, such as PCI-DSS, HIPAA, SOX, FISMA.
Trust mechanismAre the security
features of a system that  provide
enforcement of a security policy.
authenticationThis involves ensuring that the are who they say are and one of the most famous method to secure this is by using
ConfidentialityAssurance
that information is shared only among authorized persons or organizations.
Physical, Perceptual, Desired EffectsThree distinct levels:
photo enhancementThis is not a type of application security.
InformationIs data  endowed with relevance  and purpose.
TRUEAvailability:Assurance that the systems responsible for
delivering, storing and processing information are accessible when needed, by
those who need them.
SecurityIs the process of
maintaining an acceptable level of perceived risk
ConfidentialityIs roughly equivalent to privacy
TRUEIn information security, data integrity means maintaining and assuring the accuracy and consistency of data over its entire life-cycle.
AssuranceIs a measure of
confidence that the security features, 
practices, procedures, and architecture of a system accurately  mediates and enforces the security policy.
Action on ObjectiveAfter the first six phases, an attacker can act to achieve the goals. These actions typically consist of collecting information, modifying data integrity, or attacking the availability of services and devices, but the victim system can also be used as a starting point for infecting other systems or for expanding access to the local network.
InformationProcessed data
Attacker's OperationsPhysical attack and
destruction, including:  electromagnetic
attack, visual spying, intrusion, 
scavenging and removal, wiretapping, interference,  and eavesdropping.
Trusted Computing BaseAcronym for TCB?
LifecycleIs the process by which
an asset is managed from its  arrival or
creation to its termination or destruction.
InsidersConsists of
employees, former employees and 
contractors.
Information InfrastructureInformation and data
manipulation
AvailabilityAssurance
that the information is authentic and complete.
InformationConverting data
into  information thus  requires knowledge
Digital Underground, Underground Economy, Phishing, Hacktivism, Cyberwar:Estonia Case and StuxnetType of Concept for Cybercrime
Risk AcceptanceRisks not avoided or
transferred are retained by  the
organization.
Physical Security, Personnel Security, IT Security and Operational SecurityFour Security Domain
AssuranceThe ability to test
and prove that the enterprise architecture has the security attributes required
to uphold the stated security policies.
cyber securityThe state of being
protected against the criminal or unauthorized use of electronic data, or the
measures taken to achieve this.
Risk mitigationTaking actions to
reduce the losses due to a risk;  many
technical countermeasures fall into this 
category.
NoiseRaw facts with an
unknown coding system
Phase H: Architecture Change ManagementChanges in security
requirements are often more disruptive than a simplification or incremental
change. Changes in security policy can be driven by statute, regulation, or
something that has gone wrong. What phase is that?
Assess assets, Assess threats, Assess vulnerabilities, Assess risks, Prioritize countermeasure options, Make risk management decisionsRisk Management Procedure consists of six steps.
WeaponizationMaking a malware application (for example, a computer trojan)
that, combined with an exploitable security breach, allows remote access.
Moreover, PDF (Portable Document Format) files or Microsoft Office
suite-specific files can be regarded as weapons available to the attacker;
Defender's OperationsInformation security
technical measures  such as:        encryption and key management,
intrusion  detection, anti-virus
software, auditing, redundancy, 
firewalls, policies and standards.
Non-repudiationAssurance that the
sender is provided with proof  of a data
delivery and recipient is provided with proof 
of the sender’s identity, so that neither can later deny  having processed the data.
TRUEIn information security, data integrity means
maintaining and assuring the accuracy and consistency of data over its entire
life-cycle.
AvailabilityAssurance that the information is authentic and complete.
KnowledgeAccepted facts,
principles, or rules of thumb that are 
useful  for specific domains.
Prevent Cyber-AttacksLogical security consists in software that are necessary to control the
access to information and services of a system. The logical level is divided
into two categories: access security level and service security level.
Command and ControlUsually an infected host must be accessible outside of the local network to establish a command and control channel between the victim and the attacker. Once this bidirectional communication has been made, an attacker has access inside the target environment and can usually control the activity by manually launching commands;
Physical Security, Personnel Security, IT Security, Operational SecurityFour Security Domains
availabilityThis is an assurance that the systems responsible for
delivering, storing, and processing information are accessible when needed, by
those who need them.
TRUECyberspace is "the environment in which
communication over computer networks occurs.“
TRUECyber security, also referred to as information technology security, focuses on protecting computers, networks, programs and data from unintended or unauthorized access, change or destruction.
Phase C: Information System ArchitectureAssess and baseline current security-specific
architecture elements. What phase is that?
Phase A: Architecture VisionDefinition of
relevant stakeholders and discovery of their concerns and objectives will
require development of a high-level scenario. What phase is that?
Asset ProtectionThe protection of
information assets from loss or unintended disclosure, and resources from
unauthorized and unintended use.
ExploitationThe infected file can be used by the self-execution facility to
launch the malware code, or it can be executed by the user himself;
TRUECybersecurity is the collection of tools, policies, security concepts, security safeguards, guidelines, risk management approaches, actions, training, best practices, assurance and technologies that can be used to protect the cyber environment and organization and user’s assets.
Personnel Securitys a variety of
ongoing measures taken to  reduce the
likelihood and severity of accidental and intentional  alteration, destruction, misappropriation,
misuse, misconfiguration,  unauthorized
distribution, and unavailability of an organization’s  logical and physical assets, as the result of
action or inaction by  insiders and known
outsiders, such as business partners.”
Physical SecurityRefers to the
protection of hardware, software,  and
data against physical threats to reduce or prevent disruptions  to operations and services and loss of
assets.”
TRUEAvailability:Assurance that the systems responsible for delivering, storing and processing information are accessible when needed, by those who need them.
cloud providersThese are constantly creating and implementing new security
tools to help enterprise users better secure their data.
Risk AvoidanceNot performing an activity
that would incur risk.
Action on objectiveThese actions typically consist of collecting information, modifying
data integrity, or attacking the availability of services and devices, but the
victim system can also be used as a starting point for infecting other systems
or for expanding access to the local network.
The risk treatmentAcceptance,
avoidance, mitigation,  transfer—are with
respect to a specific risk for a specific pary.
Recon, Weaponise, Deliver, Exploit, Install, C2 and ActionWhat are the steps in intrusion model?
ConfidentialityAssurance that
information is not disclosed to 
unauthorized persons
TCBIs a collection of
all the trust  mechanisms of a computer
system which collectively enforce the 
policy.
Desired EffectsTo affect the
technical performance and the  capability
of physical systems, to disrupt the  capabilities
of the defender.
TRUECybersecurity is the collection of tools, policies,
security concepts, security safeguards, guidelines, risk management approaches,
actions, training, best practices, assurance and technologies that can be used
to protect the cyber environment and organization and user’s assets.
TRUECyber Crime Computer crime, or cybercrime, is any crime that involves a computer and a network. The computer may have been used in the commission of a crime, or it may be the target.
DataRaw facts with a
known coding system
AvailabilityTimely, reliable
access to data and information  services
for authorized users;
TRUEConcept
of Cybercrime
KnowledgeIt should be:  accurate, timely, complete, verifiable,
consistent,  available.
IT SecurityIs the inherent
technical features and functions that 
collectively contribute to an IT infrastructure achieving and  sustaining confidentiality, integrity,
availability, accountability,
information technology securityCyber security, also
referred to as____________________, focuses on protecting
computers, networks, programs and data from unintended or unauthorized access,
change or destruction.
Digital Underground, Underground Economy, Phishing, Hacktivism, Cyberwar:Estonia Case and StuxnetSix Concept of CyberCrime
SecurityIs the process of maintaining an acceptable level of perceived risk
Confidentiality,Three Features of Security
Operational SecurityInvolves the
implementation of standard  operational
security procedures that define the nature and 
frequency of the interaction between users, systems, and system  resources, the purpose of which is to.
ReconnaissanceResearch, target identification and selection: it may be looking
for e-mail addresses, social relationships, or data about a particular
technology, information displayed on various websites;
TRUEAvailability: Availability of information refers to ensuring that authorized parties are able to access the information when needed
PhysicalData and data
processing activities in physical space;
Phase A: Architecture VisionThe following security
specifics appropriate to the security architecture must be addressed within
each phase in addition to the generic phase activities. What phase is that?
Phase E: Opportunities & SolutionsIdentify
existing security services available for re-use. What phase is that?
Phase B: Business ArchitectureDevelopment of the
business scenarios and subsequent high-level use-cases of the project concerned
will bring to attention the people actors and system actors involved. What phase is that?
Phase A: Architecture VisionAre applicable to
ensuring that security requirements are addressed in subsequent phases of the
ADM. What phase is that?
Phase D: Technology ArchitectureRevisit
assumptions regarding interconnecting systems beyond project control, Identify and evaluate applicable recognized guidelines
and standards and Identify methods to regulate consumption of resources. What phase is that?
Phase D: Technology ArchitectureEvery system will
rely upon resources that may be depleted in cases that may or may not be
anticipated at the point of system design. What phase is that?
Phase D: Technology ArchitectureAssess and baseline current security-specific
technologies. What phase is that?
Phase G: Implementation GovernanceMany security
vulnerabilities originate as design or code errors and the simplest and least
expensive method to locate and find such errors is generally an early review by
experienced peers in the craft. What phase is that?
Phase H: Architecture Change ManaChanges in security
standards are usually less disruptive since the trade-off for their adoption is
based on the value of the change. However, standards changes can also be
mandated. What phase is that?
Phase G: Implementation GovernanceEstablish architecture artifact, design, and
code reviews and define acceptance criteria for the successful implementation
of the findings. What phase is that?
Phase B: Business ArchitectureDetermine
who are the legitimate actors who will interact with the
product/service/process. What phase is that?
Phase E: Opportunities & SolutionsFrom the Baseline
Security Architecture and the Enterprise Continuum, there will be existing
security infrastructure and security building blocks that can be applied to the
requirements derived from this architecture development engagement. What phase is that?
Phase C: Information System ArchitectureA full inventory of
architecture elements that implement security services must be compiled in
preparation for a gap analysis. What phase is that?
AdministrationThe ability to add
and change security policies, add or change how policies are implemented in the
enterprise, and add or change the persons or entities related to the systems.
AuthenticationThe definition and
enforcement of permitted capabilities for a person or entity whose identity has
been established.
TRUESecurity architecture
addresses non-normative flows through systems and among applications.
Identify soft enterpriseThose who will see
change to their capability and work with core units but are otherwise not
directly affected
AuthenticationThe substantiation of
the identity of a person or entity related to the enterprise or system in some
way.
TRUESecurity architecture
composes its own discrete views and viewpoints.
TRUESecurity architecture
introduces unique, single-purpose components in the design.
AvailabilityThe ability of the
enterprise to function without service interruption or depletion despite
abnormal or malicious events.
TRUESecurity architecture
introduces its own normative flows through systems and among applications.
TRUESecurity architecture
calls for its own unique set of skills and competencies of the enterprise and
IT architects.
Identify core enterpriseThose who are most
affected and achieve most value from the security work
Identify communities involvedThose stakeholders
who will be affected by security capabilities and who are in groups of
communities
Identify extended enterpriseThose units outside
the scoped enterprise who will need to enhance their security architecture for
interoperability purposes
TRUESecurity architecture
has its own discrete security methodology.
Risk ManagementThe organization's
attitude and tolerance for risk.
Phase E: Opportunities & SolutionsIdentify
existing security services available for re-use
Phase A: Architecture VisionAre applicable to
ensuring that security requirements are addressed in subsequent phases of the
ADM
TRUETrue or False: Business rules regarding handling of data/information assets
TRUETrue or False: Codified
data/information asset ownership and custody
TRUETrue or False: Written and published
security policy
TRUETrue or False: Identify communities
involved (enterprises) - those stakeholders who will be affected by security
capabilities and who are in groups of communities
TRUETrue or False: Identify extended
enterprise (units) - those units outside the scoped enterprise who will need to
enhance their security architecture for interoperability purposes
TRUETrue or False: Data classification
policy documentation
TRUETrue or False: Identify the security
governance involved, including legal frameworks and geographies (enterprises)
TRUETrue or False: Risk analysis
documentation
TRUETrue or False: Identify soft
enterprise (units) - those who will see change to their capability and work
with core units but are otherwise not directly affected
TRUETrue or False:  Identify core
enterprise (units) - those who are most affected and achieve most value from
the security work