Embed Size (px)
DESCRIPTION
Citation preview
Center of Excellence for IT at Bellevue College
Cyber security and information assurance refer to measures for protecting computer systems, networks, and information systems from disruption or unauthorized access, use, disclosure, modification, or destruction.
Cyber security often refers to safety of the infrastructure and computer systems with a strong emphasis on the technology
Information assurance tends to have a boarder focus with emphasis on information management and business practices
The two areas overlap strongly and the terms are sometimes used interchangeably
Information assurance (IA) is the practice of managing information-related risks. More specifically, IA practitioners seek to protect and defend information and information systems by ensuring confidentiality, data integrity, authentication, availability, and non-repudiation. IA measures include providing for restoration of information systems by incorporating protection, detection, and reaction capabilities.
Confidentiality has been defined by the International Organization for Standardization (ISO) as "ensuring that information is accessible only to those authorized to have access" and is one of the cornerstones of information security. Confidentiality is one of the design goals for many cryptosystems, made possible in practice by the techniques of modern cryptography.
Data integrity means that the data is "whole" or complete, and is identically maintained during any operation (such as transfer, storage or retrieval). Data integrity is the assurance that data is consistent and correct.
Loss of integrity can result from: Malicious altering, such as an attacker altering
an account number in a bank transaction, or forgery of an identity document
Accidental altering, such as a transmission error, or a hard disk crash
Authentication is a security measure designed to establish the validity of a transmission, message, document or originator, or a means of verifying an individual's authorization to receive specific categories of information.
Authentication technologies include: passwords, digital signatures, keys and
passports, biometrics
Availability means that the information, the computing systems used to process the information, and the security controls used to protect the information are all available and functioning correctly when the information is needed = timely, reliable access to data and information services for authorized users.
Non-repudiation is the assurance the sender of data is provided with proof of delivery and the recipient is provided with proof of the sender's identity, so neither can later deny having processed the data.
Technologies include: Digital certificates and signatures
The global recession will lead to a rise of cybercrime worldwide according to 2009 cybercrime forecasts from leading IT security firms.
Approximately 1.5 million pieces of unique malware will have been identified by the end of the year, more than in the previous five years combined.
The optimal way to prevent malicious files from infecting PCs and corporate networks is active real-time content inspection technologies.
www.securitymanagement.com/print/4969
The United States has bypassed China as the biggest purveyor of malware as well as sends the most spam worldwide, says Sophos Security Threat Report: 2009.
Not only is the USA relaying the most spam because too many of its computers have been compromised and are under the control of hackers, but it's also carrying the most malicious webpages.
www.securitymanagement.com/print/4969
Cybercriminals will continue to exploit the best Web 2.0 technologies, such as Trojan technologies.
Cybercriminals are increasingly relying on Adobe PDF and Flash files, normally considered safe, to infect victims with malware.
Hackers have been breaking into Facebook and MySpace and implanting malware to distribute to a victim's social network.
www.securitymanagement.com/print/4969
Increasing complexity of IT systems and networks Convergence of IT and communication systems Expanding wireless connectivity and multiplicity
of wireless devices Increasing amount of digital information collected Increasing connectivity and accessibility of digital
information systems Globalization of IT and information systems Increased web access to a wide range of web
services and web applications Increase in all forms of digital commerce Trends towards data-marts and hosted data
warehousing services
Network security Disaster recovery Information system security technologies Wireless system security Internet security Legal issues, standards and compliance Cybercrime Information management Information audit and risk analysis Digital forensics Secure electronic commerce
Types of intrusion and intrusion detection systems
Firewalls and access control Cryptography Digital certificates Biometrics Digital authentication and Public Key
Infrastructure (PKI) Data assurance and disaster recovery
Cryptography systems Identification and authentication systems Operating system security E-commerce security tools and strategies Firewalls and proxy servers Anti-malware and anti-spyware technology Anti-piracy techniques Network traffic analysis tools
en.wikipedia.org/wiki/Cyber_security
en.wikipedia.org/wiki/Information_assurance
www.cssia.org/
www.afei.org/news/NCES/NCES_Information_Assurance.pdf
www.nitrd.gov/pubs/csia/csia_federal_plan.pdf
www.sis.uncc.edu/LIISP/slides00/GAIL.pdf
www.cnss.gov/Assets/pdf/cnssi_4009.pdf
www2.cs.uidaho.edu/~oman/CS336_F08_syllabus.pdf
www.coastline.edu/degrees/page.cfm?LinkID=786
bii.mc.maricopa.edu/degrees/checklists/CCLInformationAssurance5227.pdf
