INTRODUCTION TO SECURITY

Get Started. It's Free
or sign up with your email address
INTRODUCTION TO SECURITY by Mind Map: INTRODUCTION TO SECURITY

1. Theft

1.1. - The taking of another person's property without that person's permission/crimes against property - Types of theft: - Information theft - Identity theft

2. Attackers Vs Hackers

2.1. Attackers

2.1.1. - an attack is an attempt to destroy, expose, alter, disable, steal or gain unauthorized access or make unauthorized use of asset -an individual or organization performing malicious activities

2.2. Hackers

2.2.1. -uses technical knowledge to overcome a problem -uses bug or exploits to break into computer system -also known as "security hacker"

3. Information Security

3.1. -The practice of preventing unauthorized access, use, disclosure, disruption, modification, inspection, recording or destruction of information

3.2. -To ensure confidentially, integrity and availability of data, without affecting organization productivity

4. Goals of Security

4.1. Availability

4.1.1. authorized individuals able to access their data when ever they want

4.2. Integrity

4.2.1. maintaining the accuracy, consistency, and trustworthiness of data

4.3. Confidentially

4.3.1. implementing measure that are designed to stop unauthorized individual accessing sensitive data, while ensuring authorized individual can still access it

5. Security Attacks

5.1. Reconnaissance attack

5.1.1. Information gathering on network system and service, and able to discover the weakness on the network

5.2. Access attack

5.2.1. Password attack, Trust exploitation, Port redirection, Main in the middle attack, Spoofing

5.3. Denial service attack

5.3.1. Compromise many computers in this process and control them

5.4. Distributed denial of service attack

5.4.1. Occurs when multiple systems flood the bandwidth or resources of a targeted system.

5.5. Malicious code attack

5.5.1. Code that will break your security policy Example: Virus, Worm, Trojan house

6. Social Engineering

6.1. Pretexting

6.1.1. The practice of presenting someone else in order to obtain private information

6.2. Phishing

6.2.1. Use email or malicious websites to solicit personal information

6.3. Vishing

6.3.1. Criminal practice of using social engineering over a telephone system to gain access

7. Security Threats

7.1. Malicious Code

7.1.1. - Code that causes damage to a computer or system - Examples: Virus, Trojan, Spyware, Adware

7.2. Hacking

7.2.1. - A technical effort to manipulate the normal behavior of network connections and connected systems - Hackers gain access to the network and may arise data loss/data manipulation and disruption of service

7.3. Natural Disaster

7.3.1. - Causes by flood, fire, storm and etc. - Disaster recovery planning is how the data would be recovered - Example of recovery planning: - On-site standby - Off-site standby - Reciprocal agreements

8. Sources of Security Threats

8.1. Unstructured Threats

8.1.1. - Mostly inexperienced individuals - Using easily available hacking tools: shell scripts and password cracker

8.2. Structured Threats

8.2.1. - Hackers who are more highly motivated and technically competent - Understand and develop exploit code and scripts - Sophisticated techniques to penetrate unsuspecting business

8.3. External Threats

8.3.1. - Arise from individuals or organizations working outside of a company - The person does not have authorized access to the computer systems or network - The person works their way into a network mainly from the internet or dial up access servers

8.4. Internal Threats

8.4.1. - Occur when someone has authorized access to the network with either: - Account on a server - Physical access to the network

9. Tools in Information Security

9.1. Network Mapper (NMAP)

9.1.1. Discover hosts and services on a computer network by sending packets and analyzing responses

9.2. Netstat

9.2.1. Command-line network utility that display network connections

9.3. Netscan

9.3.1. Powerful, flexible network monitoring system that extracts information directly from the control and user plane andv makes it accessible in real-time

10. Access to Data and Equipment

10.1. Data wiping

10.1.1. Make data unreadable but it does not remove the data

10.2. Hard Drive Destruction

10.2.1. Destroys hard drive to render the data unreadable

10.3. Hard drive Recycling

10.3.1. Completely erasing the data so the drives can be reused or physically destruction