Scribd
Upload
61 views21 pages

Intro-InformationAssurance-Security - Part1

This document provides an overview of information assurance and security concepts including objectives, terminology, and security goals of confidentiality, integrity and availability. Key terms are defined such as assets, threats, vulnerabilities, exploits, risk, and impact. Assets are anything valuable to an organization that needs protection. Threats endanger assets, vulnerabilities are weaknesses that threats can exploit, and exploits are tools used by threats. Risk is the potential for loss from a threat exploiting a vulnerability. Impact is the result of an exploited vulnerability. The document discusses risk assessment and provides examples of vulnerability, threat, risk, and solutions to mitigate risk.

Uploaded by

Kenneth Draper
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPTX, PDF, TXT or read online on Scribd
61 views21 pages

Intro-InformationAssurance-Security - Part1

This document provides an overview of information assurance and security concepts including objectives, terminology, and security goals of confidentiality, integrity and availability. Key terms are defined such as assets, threats, vulnerabilities, exploits, risk, and impact. Assets are anything valuable to an organization that needs protection. Threats endanger assets, vulnerabilities are weaknesses that threats can exploit, and exploits are tools used by threats. Risk is the potential for loss from a threat exploiting a vulnerability. Impact is the result of an exploited vulnerability. The document discusses risk assessment and provides examples of vulnerability, threat, risk, and solutions to mitigate risk.

Uploaded by

Kenneth Draper
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPTX, PDF, TXT or read online on Scribd
You are on page 1/ 21

CS-313N

INTRODUCTION TO
INFORMATION ASSURANCE
Lesson 1
AND SECURITY
An Overview on
IAS

Albert A. Elveña, Jr., MSIT


Instructor
WHAT TO EXPECT/OBJECTIVES?

 Understand the points to


focus on the network
security
 Terminologies usually used
 Assessment of a company‘s
risks in terms of information
security
BALANCING ACCESS AND
SECURITY

ACCESS SECURITY
SECURITY GOALS

CONFIDENTIA INTEGRITY AVAILABILITY


LITYis not
 Information  Consistency of data  Legitimate
revealed to
unauthorized
users are not
persons
 Possibility of denied access
detecting to information
 Data transmitted or modification of and resources
stored should only data
be revealed to
intended audience
DEFINITION OF TERMS:

VULNERABILITY EXPLOIT

THREAT
RISK

ASSETS
IMPACT
ASSETS
 Everything that have value for an organization
or impact its business continuity.

 This includes people, data, hardware,


software, physical devices, and documents.

 Assets should be identified to create


information security system

 An asset is what we are trying to protect

 Security specialist must be fully aware of the


assets he/she is protecting with.
THREAT
 A person, thing, event or ideas which poses danger to
an asset

 A breach to the following Confidentiality, Integrity,


Availability and Legitimate use

 A possible means of breaching a security policy

 Exploiting a vulnerability either intentionally or


accidentally

 Obtain, damage, or destroy an asset

 A threat is what we are trying to protect against


VULNERABILITY
 Weakness or absence of
safeguards
 Holes or Gaps in a security
program that can be exploited
by threats to gain unauthorized
access to asset
 A vulnerability is a backdoor in
our protection efforts
EXPLOIT
 An exploit is a program, script, or code
 Aims to perform unauthorized
operations
 An example is a backdoor Trojan used
to grand unauthorized access to a
machine
 The way or tool by which an attacker
uses a vulnerability to damage the
target system
RISK
 Measure of the cost of realized
vulnerability
 Potential for loss, damage, or
destruction of an asset
 Result of a threat exploiting a vulnerability
 Exists when our systems have a vulnerability that a given threat
can attack
 Security deals with managing risk to your critical assets
 Security is basically an exercise in loss reduction
 Impossible to eliminate risk totally
 Probability of a threat crossing or touching a vulnerability
IMPACT

 The result of an exploited


vulnerability
 Deleted Files
 Loss of information
 Lost of Company Image
 Lost of Privacy
RISK ASSESSMENT
VULNERABILITY

 Password is vulnerable for dictionary or


exhaustive key attacks

THREAT

 Intruder can exploit the password weakness


to break into the system

RISK

 Resources within the system are prone for RISK = Threat x Vulnerability x Impact
illegal access/modify/damage by intruder
Use encryption software that scambles information
you send over the internet
AVOID PHISHING SOLUTION

Don't open files, click on links, or download


Use encryption software
programs sent by strangers that scrambles information
you send over the internet
Opening a file from someone you don't know
could expose your system to a computer virus
like malware or spyware that captures your
passwords or other information you type
WHEN IN DOUBT

CALL COMPANY
REPRESENTATIV
ES
If there is suspicious warnings
it is best to confirm from
the company itself.
ASSIGNMENTS?
QUESTIONS:

What security-relevant things do


you want to happen or not happen
when you use such trusted or
untrusted sites?

Give some example?

You might also like