1. icsa
1.1. ICSA Labs (International Computer Security Association) began as NCSA (National Computer Security Association). Its mission was to increase awareness of the need for computer security and to provide education about various security products and technologies. In its early days, NCSA focused almost solely on the certification of anti-virus software. Using the Consortia model, NCSA worked together with anti-virus software vendors to develop one of the first anti-virus software certification schemes. Over the past decade, the organization added certification programs for other security-related products, and changed its name to ICSA.
1.1.1. ICSA Labs is currently an independent division of Verizon Business providing resources for research, intelligence, certification and testing of products, including anti-virus, firewall, IPsec VPN, cryptography, SSL VPN, network IPS, anti-spyware and PC firewall products.
2. security threats
2.1. categories
2.1.1. data disclosure
2.1.1.1. Data disclosure is the voluntary sharing of any and all information that is considered relevant to a given situation. Disclosure of this type varies, depending on the specific circumstances of the situation. In some cases, disclosure of certain types of information is not required under the terms of prevailing laws and regulations. At other times, failure to engage in proper data disclosure can lead to serious ramifications.
2.1.2. data modification
2.1.2.1. The statements you use to add, change, or delete data are called data modification statements which are a subset of the data manipulation language (DML) statements part of ANSI SQL
2.1.2.1.1. The main DML statements are:
2.1.3. data availability
2.1.3.1. is a term used by some computer storage manufacturers and storage service providers (SSPs) to describe products and services that ensure that data continues to be available at a required level of performance in situations ranging from normal through "disastrous."
2.2. activities
2.2.1. hacking
2.2.1.1. Hacking is unauthorized intrusion into a computer or a network. The person engaged in hacking activities is generally referred to as a hacker. This hacker may alter system or security features to accomplish a goal that differs from the original purpose of the system.
2.2.2. cracking
2.2.2.1. Gaining unauthorized access to computer systems to commit a crime, such as digging into the code to make a copy-protected program run and flooding Internet sites, thus denying service to legitimate users. During a cracking exploit, important information can be erased or corrupted. Websites can be deliberately defaced. Unauthorized access is typically done by decrypting a password or bypassing a copy-protection scheme. Around 1985, the term “cracker” was coined by hackers as an attempt to defend themselves against journalistic misuse of the word “hacker.” An attempt around 1981 to establish “worm” in this sense on Usenet was largely a failure.
2.2.3. spoofing
2.2.3.1. Spoofing, in general, is a fraudulent or malicious practice in which communication is sent from an unknown source disguised as a source known to the receiver. Spoofing is most prevalent in communication mechanisms that lack a high level of security.
2.2.4. sniffing
2.2.4.1. draw up air audibly through the nose to detect a smell, to stop it running, or to express contempt.
2.2.4.1.1. draw in (a scent, substance, or air) through the nose
2.2.4.1.2. investigate covertly, especially in an attempt to find out confidential or incriminating information about someone.
3. issues of on-line security
3.1. internat services
3.1.1. electronic mail and news
3.1.1.1. electronic mail is one of the most crucial Internet services. Mail, along with news, provides a way for people to hold discussions with other people, singly or in groups. This chapter discusses the security issues related to electronic mail and news protocols, including SMTP, POP, IMAP, MIME, and NNTP.
3.1.1.1.1. a mail system has three parts, which may be implemented by different programs or by the same program, in any combination: Mail transfer agent (MTA) Accepts mail from external hosts or sends it to external hosts Mail delivery agent (MDA) Puts the mail in the correct mailbox on the local host Mail user agent (MUA) Lets the recipient read the mail and compose outgoing mail
3.1.2. file transfer
3.1.2.1. is the transmission of a computer file through a communication channel from one computer system to another. Typically, file transfer is mediated by a communications protocol. In the history of computing, a large number of file transfer protocols have been designed for different contexts.
3.1.2.1.1. A file transfer protocol is a convention that describes how to transfer files between two computing endpoints. As well as the stream of bits from a file stored as a single unit in a file system, some may also send relevant metadata such as the filename, file size and timestamp - and even file system permissions and file attributes.
3.1.3. remote access to host
3.1.3.1. refers to any combination of hardware and software to enable the remote access tools or information that typically reside on a network of IT devices.
3.1.3.1.1. connects a client to a host computer, known as a remote access server.[1] The most common approach to this service is remote control of a computer by using another device which needs internet or any other network connection. Here are the connection steps: User dials into a PC at the office. Then the office PC logs into a file server where the needed information is stored. The remote PC takes control of the office PC's monitor and keyboard, allowing the remote user to view and manipulate information, execute commands, and exchange files.
3.1.4. real time conferencing services
3.1.4.1. There are several services available on the Internet that allow people to interact in real time on the Internet, including talk , IRC , and various services provided over the MBONE
3.2. terminologises
3.2.1. information theft
3.2.1.1. Identity theft, one of the worst crimes in the world, occurs when a thief uses someone else’s personal information as his own, thereby creating a new identity of an existing person. The new identity then applies for any form of credit he can get. The most common things an identity thief steals are: your name and address, your Social Security (Insurance) Number, your driver’s license number, your employee ID number, your mother’s maiden name, and any account information, including bank accounts and credit accounts
3.2.2. unauthorized disclosure
3.2.2.1. Unauthorized disclosure occurs when personally identifiable information from a student’s education record is made available to a third party who does not have legal authority to access the information. Such an unauthorized disclosure can happen inadvertently, as occurs when information about an individual is unintentionally revealed through, for example, a security breach of the electronic system that is used to maintain and access the education records, or when a teacher or administrator accidentally leaves paper reports that include personally identifiable information in an unsecured location
3.2.3. information warfare
3.2.3.1. refers to the use of information, and attacks on information, as a tool of warfare. Information warfare is comprised of giving the enemy propaganda to convince them to give up and denying them information that might lead to their resistance
3.2.4. accidental data loss
3.2.4.1. Data loss is an error condition in information systems in which information is destroyed by failures or neglect in storage, transmission, or processing. Information systems implement backup and disaster recovery equipment and processes to prevent data loss or restore lost data. Data loss is distinguished from data unavailability, which may arise from a network outage. Although the two have substantially similar consequences for users, data unavailability is temporary, while data loss may be permanent. Data loss is also distinct from data breach, an incident where data falls into the wrong hands, although the term data loss has been used in those incidents.
3.2.4.1.1. Types of data loss -Procedural -Intentional Action Intentional deletion of a file or program -Unintentional Action Accidental deletion of a file or program Misplacement of CDs or Memory sticks Administration errors Inability to read unknown file format -Failure Power failure, resulting in data in volatile memory not being saved to permanent memory. Hardware failure, such as a head crash in a hard disk. A software crash or freeze, resulting in data not being saved. Software bugs or poor usability, such as not confirming a file delete command. Business failure (vendor bankruptcy), where data is stored with a software vendor using Software-as-a-service and SaaS data escrow has not been provisioned. Data corruption, such as file system corruption or database corruption. -Disaster Natural disaster, earthquake, flood, tornado, etc. Fire -Crime Theft, hacking, SQL injection, sabotage, etc. A malicious act, such as a worm, virus, hacker or theft of physical media. Studies show hardware failure and human error are the two most common causes of data loss, accounting for roughly three quarters of all incidents.[2] Another cause of data loss is a natural disaster, which is a greater risk dependant on where the hardware is located. While the probability of data loss due to natural disaster is small, the only way to prepare for such an event is to store backup data in a separate physical location. As such, the best backup plans always include at least one copy being stored off-site.
4. roles of the information security
4.1. cert/cc
4.1.1. Short for the Computer Emergency Response Team Coordination Center. CERT was started in December 1988 by the Defense Advanced Research Projects Agency, which was part of the U.S. Department of Defense, after the Morris Worm disabled about 10% of all computers connected to the Internet. CERT/CC is located at the Software Engineering Institute, a federally funded research center operated by Carnegie Mellon University. Cert/CC studies Internet security vulnerabilities, provides services to Web sites that have been attacked and publishes security alerts. CERT/CC's research activities include the area of WAN computing and developing improved Internet security. The organization also provides training to incident response professionals.
4.2. us-cert
4.2.1. The Department’s cyber security division created the United States Computer Emergency Readiness Team (US-CERT) in September 2003 to protect the Nation’s Internet infrastructure by coordinating defense against and response to cyber attacks. US-CERT is responsible for analyzing and reducing cyber threats and vulnerabilities, disseminating cyber threat warning information, and coordinating incident response activities. US-CERT collaborates with federal agencies, private sector, the research community, state and local governments, and international entities. By analyzing incidents reported by these entities and coordinating with national security incident response centers responding to incidents on both classified and unclassified systems, US-CERT disseminates reasoned and actionable cyber security information to the public. The Department’s cyber security division created the United States Computer Emergency Readiness Team (US-CERT) in September 2003 to protect the Nation’s Internet infrastructure by coordinating defense against and response to cyber attacks. US-CERT is responsible for analyzing and reducing cyber threats and vulnerabilities, disseminating cyber threat warning information, and coordinating incident response activities. US-CERT collaborates with federal agencies, private sector, the research community, state and local governments, and international entities. By analyzing incidents reported by these entities and coordinating with national security incident response centers responding to incidents on both classified and unclassified systems, US-CERT disseminates reasoned and actionable cyber security information to the public.
4.2.1.1. To protect America’s cyberspace, US-CERT: • Maintains 24x7 Secure Operations Center. • Established a public website (www.us-cert.gov) to provide the general public with cyber related information. • Acts as a trusted third-party to assist in the responsible disclosure of vulnerabilities. • Develops and participates in regional, national, and international level exercises. • Supports forensic investigations with recursive analysis on artifacts. • Provides malware analytic and recovery support for government agencies. • Provides behavior techniques for dynamic and static analysis.• Manages the malicious code submission and collection program. • Disseminates emerging cyber threat warnings. • Administers the National Cyber Alert System to disseminate cyber security information to all Americans. • Provides fused, current, and predictive cyber analysis based on situational reporting. • Provides on-site incident response capabilities to federal and state agencies. • Supports ongoing federal law enforcement investigations. • Coordinates federal programs of computer emergency response team and Chief Information Security Officer (CISO) peer groups for sharing incident information, best practices, and other cyber security information. • Collaborates with domestic and international computer security incident response teams. • Manages the malicious code submission and collection program. • Disseminates emerging cyber threat warnings. • Administers the National Cyber Alert System to disseminate cyber security information to all Americans. • Provides fused, current, and predictive cyber analysis based on situational reporting. • Provides on-site incident response capabilities to federal and state agencies. • Supports ongoing federal law enforcement investigations. • Coordinates federal programs of computer emergency response team and Chief Information Security Officer (CISO) peer groups for sharing incident information, best practices, and other cyber security information. • Collaborates with domestic and international computer security incident response teams.
4.3. sans institute
4.3.1. The SANS Institute was established in 1989 as a cooperative research and education organization. Its programs now reach more than 165,000 security professionals around the world. A range of individuals from auditors and network administrators, to chief information security officers are sharing the lessons they learn and are jointly finding solutions to the challenges they face. At the heart of SANS are the many security practitioners in varied global organizations from corporations to universities working together to help the entire information security community. SANS is the most trusted and by far the largest source for information security training and security certification in the world. It also develops, maintains, and makes available at no cost, the largest collection of research documents about various aspects of information security, and it operates the Internet's early warning system - the Internet Storm Center.
4.4. (isc)2
4.4.1. is a non-profit organization which specializes in information security education and certifications. It has been described as the "world's largest IT security organization". The most widely known certification offered by (ISC)² is the Certified Information Systems Security Professional (CISSP) certification.
4.5. common criteria
4.5.1. Common Criteria is a framework in which computer system users can specify their security functional and assurance requirements (SFRs and SARs respectively) through the use of Protection Profiles (PPs), vendors can then implement and/or make claims about the security attributes of their products, and testing laboratories can evaluate the products to determine if they actually meet the claims. In other words, Common Criteria provides assurance that the process of specification, implementation and evaluation of a computer security product has been conducted in a rigorous and standard and repeatable manner at a level that is commensurate with the target environment for use. Common Criteria is used as the basis for a Government driven certification scheme and typically evaluations are conducted for the use of Federal Government agencies and critical infrastructure
4.6. fips
4.6.1. FIPS (Federal Information Processing Standards) are a set of standards that describe document processing, encryption algorithms and other information technology standards for use within non-military government agencies and by government contractors and vendors who work with the agencies.
5. Information Security Definition
5.1. The state of being protected against the unauthorized use of information, especially electronic data, or the measures taken to achieve this.
6. Areas In Information Security
6.1. Physical Security
6.1.1. the protection of personnel, hardware, software, networks and data from physical actions and events that could cause serious loss or damage to an enterprise, agency or institution. This includes protection from fire, flood, natural disasters, burglary, theft, vandalism and terrorism.
6.2. Operational Security
6.2.1. or OPSEC, is the process by which we protect unclassified information that can be used against us. OPSEC challenges us to look at ourselves through the eyes of an adversary (individuals, groups, countries, organizations).
6.3. Management And Policies
6.3.1. An information management policy is a set of rules for a type of content. Information management policies enable organizations to control and track things like how long content is retained or what actions users can take with that content. Information management policies can help organizations comply with legal or governmental regulations, or they can simply enforce internal business processes.
7. goals of information security
7.1. confidentiality
7.1.1. the state of keeping or being kept secret or private.
7.2. intergrity
7.2.1. 1. the quality of being honest having strong moral principles
7.2.2. 2. the state of being whole and undivided
7.3. availability
7.3.1. the quality of being able to be used or obtained.
7.3.1.1. the state of being otherwise unoccupied; freedom to do something.
7.3.1.2. the state of not being currently involved in a sexual or romantic relationship.