INFORMATION SECURITY

simple and easy to understand

Get Started. It's Free
or sign up with your email address
Rocket clouds
INFORMATION SECURITY by Mind Map: INFORMATION SECURITY

1. 1.1 Understanding Security

1.1. 1.1.1 information security

1.1.1. 3) protecting information and information systems from unauthorized access, use, disclosure, disruption, modification, or destruction in order to provide; integrity confidentiality availability

1.1.2. 2) ensure that protective measures are properly implemented to defend against attacks

1.1.3. 1) tasks of securing information that is in a digital format.

1.2. 1.1.2 Goals of security

1.2.1. 1)Availability. Ensuring timely and reliable access to and use of information and This means that the information cannot be “locked up” so tight that no one can access it.

1.2.2. 2) Confidentiality ensures that only authorized parties can view the information

1.2.3. 3) Integrity ensures that the information is correct and no unauthorized person or malicious software has altered the data. In the example of the online purchase, an attacker who could change the amount of a purchase from RM10,000.00 to RM1.00 would violate the integrity of the information.

1.3. 1.1.3 Types of Security Threats

1.3.1. A threat, in the context of computer security, refers to anything that has the potential to cause serious harm to a computer system.

1.3.2. 1) Unstructured threats Unstructured threats consist of mostly inexperienced individuals using easily available hacking tools such as shell scripts and password crackers.

1.3.3. 2) Structured threats Structured threats come from hackers that are more highly motivated and technically competent .

1.3.4. 3) External threats External threats can arise from individuals or organizations working outside of a company by working their way into a network mainly from the Internet or dialup access servers.

1.3.5. 4) Internal threats Internal threats occur when someone has authorized access to the network with either an account on a server or physical access to the network.

1.4. 1.1.4 Type of attacks to computer security

1.4.1. 1) Physical Events or attacks that steal, damage, or destroy equipment, such as servers, switches, and wiring

1.4.2. 2) Data Events or attacks that remove, corrupt, deny access to authorized users, allow access to unauthorized users, or steal information

2. 1.2 Acceess To Data And Equipment

2.1. 1.2.1 social engineering

2.1.1. a person who is able to gain access to equipment or a network by tricking people into providing the necessary access information

2.2. 1.2.2 Data Wiping

2.2.1. Data wiping, also known as secure erase is a software-based method of overwriting the data that aims to completely destroy all electronic data residing on a hard disk drive or other digital media.

2.3. 1.2.3 Hard Drive Destruction

2.3.1. Companies with sensitive data should always establish clear policies for hard drive disposal. Destroying the hard drive is the best option for companies with sensitive data.

2.4. 1.2.4 Hard Drive Recycling

2.4.1. The drive can be reformatted, and a new operating system can be installed.

2.4.2. 1) Standard format Also called high-level formatting, a boot sector is created and a file system is set up on the disk. A standard format can only be performed after a low-level format has been completed.

2.4.3. 2) Low-level format The surface of the disk is marked with sector markers to indicate where data will be stored physically on the disk, and tracks are created. Low-level formatting is most often performed at the factory after the hard drive is built.

3. 1.3 Protection Against Malicious Software

3.1. 1.3.1 Malicious Software Protection Programs

3.1.1. Malware is malicious software that is installed on a computer without the knowledge or permission of the user. Anti-malware available for these purpose are: Anti-virus, anti-spyware, anti-adware, and phishing programs.

3.2. 1.3.2 Signature File Updates

3.2.1. 1) New viruses are always being developed, therefore security software must be continually updated. Anti-virus software uses a virus signature to find a virus in a computer file system, allowing to detect, quarantine and remove the virus.

3.2.2. 2) In the anti-virus software, the virus signature is referred to as a definition file or DAT file.

4. 1.4 Protection Physical Equipment

4.1. 1.4.1 Malicious Computer & Network Equipment Protection Methods

4.1.1. 1) Disable AutoRun This is a security risk because it can automatically run a malicious program and compromise the system, so it is recommended to disable AutoRun.

4.1.2. 2) Two- factor Authentication secured using overlapping protection techniques to prevent unauthorized access to sensitive data.

4.2. 1.4.2 Security Hardware

4.2.1. 1) Label and install sensors, such as Radio Frequency Identification (RFID) tags, on equipment.

4.2.2. 2) Install physical alarms triggered by motion-detection sensors.

4.2.3. 3) Use webcams with motion-detection and surveillance software