1. Security Threats
1.1. Categories
1.1.1. Data Disclosure
1.1.1.1. Exposure of data to third parties.key point to consider is whether the disclosure is relevant and necessary.
1.1.2. Data Modification
1.1.2.1. A modification attack is an attempt to modify information that an attacker is not authorized to modify
1.1.3. Data Availability
1.1.3.1. is the process of ensuring that data is available to end users and applications, when and where they need it
1.2. Activities
1.2.1. Hacking
1.2.1.1. gain unauthorized access to data in a system or computer.
1.2.2. Cracking
1.2.2.1. cracking specifically refers to hacking practice, but with criminal intent.
1.2.3. Spoofing
1.2.3.1. spoofing attack is when a malicious party impersonates another device or user on a network in order to launch attacks against network hosts, steal data, spread malware or bypass access controls.
1.2.4. Sniffing
1.2.4.1. Sniffing involves capturing, decoding,inspecting and interpreting the information inside a network packet on a TCP/IP network.To steal information, usually user IDs, passwords,network details,credit card numbers, etc.
2. Issues Of On-line Security
2.1. Internet services
2.1.1. Electronic Mail and News
2.1.2. File Transfer
2.1.3. Remote Access to Hosts
2.1.4. Real-time Conferencing Services
2.2. Terminologies
2.2.1. Information Theft
2.2.1.1. Attacks that allow an attacker to get data without ever having to directly use your computers.
2.2.2. Unauthorized Disclosure
2.2.2.1. Attacks that allow an attacker to get data without ever having to directly use your computers.
2.2.3. Information Warfare
2.2.3.1. Is the use and management of information in pursuit of a competitive advantage over an opponent.
2.2.4. Accidental Data Loss
2.2.4.1. Most common data loss cause, simply accidentally deleting a file that wasn't supposed to be deleted.
3. Roles of The Information Security Organizations
3.1. CERT/CC
3.1.1. for the Software Engineering Institute (SEI), a non-profit United States federally funded research and development center.
3.2. US-CERT
3.2.1. responsible for analyzing and reducing cyber threats, vulnerabilities, disseminating cyber threat warning information, and coordinating incident response activities.
3.3. SANS Institute
3.3.1. for training include cyber and network defenses, penetration testing, incident response, digital forensics, and audit.
3.4. (ISC)2
3.4.1. is a non-profit organization which specializes in information security education and certifications
3.5. Common Criteria
3.5.1. A framework in which computer system users can specify their security functional and assurance requirements through the use of vendors can then implement or make claims about the security attributes of their products
3.6. FIPS
3.6.1. are issued to establish requirements for various purposes such as ensuring computer security and interoperability, and are intended for cases in which suitable industry standards do not already exist.
3.7. ICSA
3.7.1. Its mission was to increase awareness of the need for computer security and to provide education about various security products and technologies.
4. Information Definition
4.1. the state of being protected against the unauthorized use of information, especially electronic data, or the measures taken to achieve this.
5. Areas In Information Security
5.1. Physical Security
5.2. Operational Security
5.3. Management & Policies
6. Goals Of Information Security
6.1. Confidentiality
6.1.1. he state of keeping or being kept secret or private.
6.2. Integrity
6.2.1. Assurance that data is not altered or destroyed in an unauthorized manner
6.3. Availaibility
6.3.1. Continuous operation of computing systems