Cybersecurity Best Practices: Protecting Data and Systems, Lecture notes of Information Systems

lectuonitor and advise student work based on assigned task  Both Given activities report and its implementation will be evaluated  Report the status of the project for college, challenges, and if any action is taken (if any) re note

Typology: Lecture notes

2019/2020

Uploaded on 12/24/2020

besu-kind
besu-kind 🇪🇹

1 document

1 / 289

Toggle sidebar

This page cannot be seen from the preview

Don't miss anything!

bg1
Chapter I
Introduction to Security
INFORMATION ASSURANCE AND SECURITY
BY FARIS A.
FEB 2020
pf3
pf4
pf5
pf8
pf9
pfa
pfd
pfe
pff
pf12
pf13
pf14
pf15
pf16
pf17
pf18
pf19
pf1a
pf1b
pf1c
pf1d
pf1e
pf1f
pf20
pf21
pf22
pf23
pf24
pf25
pf26
pf27
pf28
pf29
pf2a
pf2b
pf2c
pf2d
pf2e
pf2f
pf30
pf31
pf32
pf33
pf34
pf35
pf36
pf37
pf38
pf39
pf3a
pf3b
pf3c
pf3d
pf3e
pf3f
pf40
pf41
pf42
pf43
pf44
pf45
pf46
pf47
pf48
pf49
pf4a
pf4b
pf4c
pf4d
pf4e
pf4f
pf50
pf51
pf52
pf53
pf54
pf55
pf56
pf57
pf58
pf59
pf5a
pf5b
pf5c
pf5d
pf5e
pf5f
pf60
pf61
pf62
pf63
pf64

Partial preview of the text

Download Cybersecurity Best Practices: Protecting Data and Systems and more Lecture notes Information Systems in PDF only on Docsity!

Chapter I

Introduction to Security

INFORMATION ASSURANCE AND SECURITY BY FARIS A. FEB 2020

The 3 Dimensions of the Security Cube

1. The Principles of Security

 The first dimension of the cybersecurity cube identifies the goals to protect the cyber world. The goals identified in the first dimension are the foundational principles of the cybersecurity world.  These three principles are:  ConfidentialityIntegrityavailability.  The principles provide focus and enable cybersecurity specialists to prioritize actions in protecting the cyber world.  Use the acronym CIA to remember these three principles.

The Three Dimensions (Cont.)

3. Security Safeguards

 The third dimension of the cybersecurity sorcery cube defines the types of powers used to protect the cyber world. The sorcery cube identifies the three types of powers:  Technologies - devices, and products available to protect information systems and fend off cyber criminals.  Policies and Practices - procedures, and guidelines that enable the citizens of the cyber world to stay safe and follow good practices.  People - Aware and knowledgeable about their world and the dangers that threaten their world.

The Three Dimensions (Cont.)

The CIA Triad

1. Confidentiality  Confidentiality prevents the disclosure of information to unauthorized people, resources and processes. Another term for confidentiality is privacy.  Organizations need to train employees about best practices in safeguarding sensitive information to protect themselves and the organization from attacks.  Methods used to ensure confidentiality include data encryption, authentication, and access control.

The CIA Triad |Confidentiality (cont.) Protecting Data Privacy  Organizations collect a large amount of data and much of this data is not sensitive because it is publicly available, like names and telephone numbers.  Other data collected, though, is sensitive. Sensitive information is data protected from unauthorized access to safeguard an individual or an organization.

The CIA Triad |Confidentiality (cont.)  Data confidentiality ensures privacy so that only the receiver can read the message. Encryption is the process of scrambling data so that it cannot be read by unauthorized parties.  Readable data is called plaintext, or cleartext.  Encrypted data is called ciphertext. A key is required to encrypt and decrypt a message.  The key is the link between the plaintext and ciphertext.

The CIA Triad |Confidentiality (cont.) Controlling Access  Access control defines a number of protection schemes that prevent unauthorized access to a computer, network, database, or other data resources.  The concepts of AAA involve three security services: Authentication, Authorization and Accounting.

The CIA Triad |Confidentiality |Authentication

The CIA Triad |Confidentiality |Authentication Authentication guarantees that the message:  Is not a forgery.  Does actually come from who it states it comes from. Authentication is similar to a secure PIN for banking at an ATM.  The PIN should only be known to the user and the financial institution.  The PIN is a shared secret that helps protect against forgeries.  Data nonrepudiation is a similar service that allows the sender of a message to be uniquely identified.  This means that a sender / device cannot deny having been the source of that message.  It cannot repudiate, or refute, the validity of a message sent.

The CIA Triad(cont.)

2. Integrity  Integrity is the accuracy, consistency, and trustworthiness of data during its entire life cycle.  Another term for integrity is quality.  Methods used to ensure data integrity include hashing, data validation checks, data consistency checks, and access controls.

The CIA Triad |integrity (cont.)

The CIA Triad |integrity (cont.) Need for Data Integrity  The need for data integrity varies based on how an organization uses data. For example, Facebook does not verify the data that a user posts in a profile.  A bank or financial organization assigns a higher importance to data integrity than Facebook does. Transactions and customer accounts must be accurate.  Protecting data integrity is a constant challenge for most organizations. Loss of data integrity can render entire data resources unreliable or unusable.

The CIA Triad |integrity (cont.) Integrity Checks  An integrity check is a way to measure the consistency of a collection of data (a file, a picture, or a record). The integrity check performs a process called a hash function to take a snapshot of data at an instant in time.  Digital Signature