CHAPTER 1 INTRODUCTION TO INFORMATION SECURITY

Get Started. It's Free
or sign up with your email address
Rocket clouds
CHAPTER 1 INTRODUCTION TO INFORMATION SECURITY by Mind Map: CHAPTER 1 INTRODUCTION TO INFORMATION SECURITY

1. Information Security Definition

2. Areas in Information Security

2.1. Physical Security

2.2. Operational Security

2.3. Management and Policies

3. goals of Information Security

3.1. Confidentiality

3.2. Integrity

3.3. Availability

4. Roles of the Information Security organizations

4.1. CERT/CC

4.1.1. The CERT Coordination Center (CERT/CC) is a reporting center for Internet security issues.

4.1.2. The CERT/CC plays a major role in coordinating responses to Internet security threats

4.2. US-CERT

4.2.1. United States Computer Emergency Readiness Team (US-CERT)

4.2.2. to protect the nation’s Internet infrastructure by coordinating defense against and responses to Internet security threats

4.3. SANS Institute

4.3.1. The SysAdmin, Audit, Network, Security (SANS)

4.3.2. develops and maintains research documents about various aspects of information security.

4.4. (ISC)2

4.4.1. International Information Systems Security Certification Consortium

4.4.2. nonprofit organization that maintains a collection of industry best practices for information security.

4.5. Common Criteria

4.5.1. an international standard for evaluating IT security.

4.6. FIPS

4.6.1. Federal Information Processing Standard

4.6.2. specifies security requirements for cryptographic modules

4.7. ICSA

4.7.1. International Computer Security Association

4.7.2. increase awareness of the need for computer security and to provide education about various security products and technologies

5. Issues of on-line security

5.1. Internet services

5.1.1. Electronic Mail and news

5.1.2. File transfer

5.1.3. Remote Access to hosts

5.1.4. Real time conferencing services

5.2. Terminologies

5.2.1. Information theft

5.2.2. Unauthorized disclosure

5.2.3. Information warfare

5.2.4. Accidental data loss

6. Security threats

6.1. Categories

6.1.1. data disclosure

6.1.1.1. Exposure of data to third parties. Key point to consider is whether the disclosure is relevant and necessary.

6.1.2. data modification

6.1.2.1. A modification attack is an attempt to modify information that an attacker is not authorized to modify.

6.1.3. data availability

6.1.3.1. Describe products and services that continues to be available at a required level of performance in situations ranging from normal through "disastrous."

6.2. Activities

6.2.1. hacking

6.2.1.1. hacking is the process of bypassing computer safeguards in order to gain access to them – which can either be good or bad –

6.2.2. cracking

6.2.2.1. cracking specifically refers to hacking practice, but with criminal intent.

6.2.3. spoofing

6.2.3.1. spoofing attack is when a malicious party impersonates another device or user on a network in order to launch attacks against network hosts, steal data, spread malware or bypass access controls

6.2.4. sniffing

6.2.4.1. Sniffing involves capturing, decoding, inspecting and interpreting the information inside a network packet on a TCP/IP network.

6.2.4.2. he purpose is to steal information, usually user IDs, passwords, network details, credit card numbers, etc.

6.2.4.3. Generally referred to as a “passive” type of attack, wherein the attackers can be silent/invisible on the network.

6.2.4.4. This makes it difficult to detect, and hence it is a dangerous type of attack.

7. guuyfuyfuyfu

7.1. m j mbh