1. 1.1.1 Information Security
1.1. - The term information security is frequently used to describe the tasks of securing information that is in a digital format
1.2. - The goal of information security is to ensure that protective measures are properly implemented to defend against attacks and prevent the total collapse of the system when a successful attack does occur.
2. 1.1.4 Type of attacks to computer security
2.1. Physical – Events or attacks that steal, damage, or destroy equipment, such as servers, switches, and wiring Data – Events or attacks that remove, corrupt, deny access to authorized users, allow access to unauthorized users, or steal information
3. 1.2 ACCESS TO DATA AND EQUIPMENT
3.1. 1.2.1 Social Engineering
3.1.1. A social engineer is a person who is able to gain access to equipment or a network by tricking people into providing the necessary access information
3.2. To protect against social engineering
3.2.1. Never give out a password.
3.2.2. Always ask for the ID of the unknown person.
3.2.3. Restrict access of visitors.
3.2.4. Escort all visitors.
3.2.5. Never post your password
4. 1.4 PROTECTION PHYSICAL EQUIPMENT
4.1. 1.4.1 Malicious Computer & Network Equipment Protection Methods
4.1.1. Physical security is as important as data security. Network infrastructure can be protected by:
4.1.2. Secured telecommunications rooms, equipment cabinets, and cages
4.1.3. Cable locks and security screws for hardware devices
4.1.4. Wireless detection for unauthorized access points
4.2. 1.4.2 Security Hardware
4.2.1. There are several methods of physically protecting computer equipment:
4.2.2. Use cable locks with equipment.
4.2.3. Keep telecommunication rooms locked.
4.2.4. Fit equipment with security screws.
4.2.5. Use security cages around equipment.
4.2.6. Label and install sensors, such as Radio Frequency Identification (RFID) tags, on equipment.
5. 1.1.2 Goals of Security : Confidentiality , Integrity ,Availability
5.1. Confidentiality. Preserving authorized restrictions on access and disclosure, including means for protecting personal privacy and proprietary information
5.2. Integrity. Guarding against improper information modification or destruction, and includes ensuring information nonrepudiation and authenticity.
5.3. Availability. Ensuring timely and reliable access to and use of information
6. 1.1.3 Types of Security Threats
6.1. Structured threats Structured threats come from hackers that are more highly motivated and technically competent .
6.2. External threats External threats can arise from individuals or organizations working outside of a company.
6.3. Internal threats Internal threats occur when someone has authorized access to the network with either an account on a server or physical access to the network.
7. 1.3 PROTECTION AGAINST MALICIOUS SOFTWARE
7.1. 1.3.1 Malicious Software Protection Programs
7.1.1. Malware is malicious software that is installed on a computer without the knowledge or permission of the user.
7.2. 1.3.2 Signature File Updates
7.2.1. New viruses are always being developed, therefore security software must be continually updated.
7.2.2. A virus signature is a set of unique data, or bits of code, that allow it to be identified.