1.1k likes | 2.4k Views
Introduction to Cyber Security and Information Assurance. Center of Excellence for IT at Bellevue College.
E N D
Introduction to Cyber Security and Information Assurance Center of Excellence for IT at Bellevue College
Cyber security and information assurance refer to measures for protecting computer systems, networks, and information systems from disruption or unauthorized access, use, disclosure, modification, or destruction.
Cyber Security and Information Assurance • Cyber security often refers to safety of the infrastructure and computer systems with a strong emphasis on the technology • Information assurance tends to have a boarder focus with emphasis on information management and business practices • The two areas overlap strongly and the terms are sometimes used interchangeably
Information assurance (IA) is the practice of managing information-related risks. More specifically, IA practitioners seek to protect and defend information and information systems by ensuring confidentiality, data integrity, authentication, availability, and non-repudiation. IA measures include providing for restoration of information systems by incorporating protection, detection, and reaction capabilities.
Confidentiality Confidentiality has been defined by the International Organization for Standardization (ISO) as "ensuring that information is accessible only to those authorized to have access" and is one of the cornerstones of information security. Confidentiality is one of the design goals for many cryptosystems, made possible in practice by the techniques of modern cryptography.
Data Integrity Data integrity means that the data is "whole" or complete, and is identically maintained during any operation (such as transfer, storage or retrieval). Data integrity is the assurance that data is consistent and correct. Loss of integrity can result from: • Malicious altering, such as an attacker altering an account number in a bank transaction, or forgery of an identity document • Accidental altering, such as a transmission error, or a hard disk crash
Authentication Authentication is a security measure designed to establish the validity of a transmission, message, document or originator, or a means of verifying an individual's authorization to receive specific categories of information. Authentication technologies include: • passwords, digital signatures, keys and passports, biometrics
Availability Availability means that the information, the computing systems used to process the information, and the security controls used to protect the information are all available and functioning correctly when the information is needed = timely, reliable access to data and information services for authorized users.
Nonrepudation Non-repudiation is the assurance the sender of data is provided with proof of delivery and the recipient is provided with proof of the sender's identity, so neither can later deny having processed the data. Technologies include: • Digital certificates and signatures
Some Global Trends • The global recession will lead to a rise of cybercrime worldwide according to 2009 cybercrime forecasts from leading IT security firms. • Approximately 1.5 million pieces of unique malware will have been identified by the end of the year, more than in the previous five years combined. • The optimal way to prevent malicious files from infecting PCs and corporate networks is active real-time content inspection technologies. www.securitymanagement.com/print/4969
US Cyber Security Trends • The United States has bypassed China as the biggest purveyor of malware as well as sends the most spam worldwide, says Sophos Security Threat Report: 2009. • Not only is the USA relaying the most spam because too many of its computers have been compromised and are under the control of hackers, but it's also carrying the most malicious webpages. www.securitymanagement.com/print/4969
Web 2.0 and Cyber Security • Cybercriminals will continue to exploit the best Web 2.0 technologies, such as Trojan technologies. • Cybercriminals are increasingly relying on Adobe PDF and Flash files, normally considered safe, to infect victims with malware. • Hackers have been breaking into Facebook and MySpace and implanting malware to distribute to a victim's social network. www.securitymanagement.com/print/4969
Trends in Technology • Increasing complexity of IT systems and networks • Convergence of IT and communication systems • Expanding wireless connectivity and multiplicity of wireless devices • Increasing amount of digital information collected • Increasing connectivity and accessibility of digital information systems • Globalization of IT and information systems • Increased web access to a wide range of web services and web applications • Increase in all forms of digital commerce • Trends towards data-marts and hosted data warehousing services
Areas of Emphasis • Network security • Disaster recovery • Information system security technologies • Wireless system security • Internet security • Legal issues, standards and compliance • Cybercrime • Information management • Information audit and risk analysis • Digital forensics • Secure electronic commerce
Technologies • Types of intrusion and intrusion detection systems • Firewalls and access control • Cryptography • Digital certificates • Biometrics • Digital authentication and Public Key Infrastructure (PKI) • Data assurance and disaster recovery
Tools • Cryptography systems • Identification and authentication systems • Operating system security • E-commerce security tools and strategies • Firewalls and proxy servers • Anti-malware and anti-spyware technology • Anti-piracy techniques • Network traffic analysis tools
Resources • en.wikipedia.org/wiki/Cyber_security • en.wikipedia.org/wiki/Information_assurance • www.cssia.org/ • www.afei.org/news/NCES/NCES_Information_Assurance.pdf • www.nitrd.gov/pubs/csia/csia_federal_plan.pdf • www.sis.uncc.edu/LIISP/slides00/GAIL.pdf • www.cnss.gov/Assets/pdf/cnssi_4009.pdf • www2.cs.uidaho.edu/~oman/CS336_F08_syllabus.pdf • www.coastline.edu/degrees/page.cfm?LinkID=786 • bii.mc.maricopa.edu/degrees/checklists/CCLInformationAssurance5227.pdf