Scribd
Upload
29 views5 pages

Information Security (Is) Outline

The document outlines key concepts and components of Information Security, including the CIA Triad, types of threats, attacks, and malware. It also discusses risk management strategies, cryptography, network security fundamentals, and access control mechanisms. Various approaches to implementing information security and the roles of different types of hackers are also covered.

Uploaded by

moxabeg228
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
29 views5 pages

Information Security (Is) Outline

The document outlines key concepts and components of Information Security, including the CIA Triad, types of threats, attacks, and malware. It also discusses risk management strategies, cryptography, network security fundamentals, and access control mechanisms. Various approaches to implementing information security and the roles of different types of hackers are also covered.

Uploaded by

moxabeg228
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 5

Information Security

IT Security
IT Security Functions
InfoSec Functions
Security
Privacy
Three Pillars of Information Security, CIA Model, CIA Triad

DAD:
● Disclosure
● Alternation
● Destruction

Definitions:
Subject vs Object
Asset
Risk
Control, Safeguard, or Countermeasure
Vulnerability
Threat and Threat Agent
Attack
● Active Attack
● Passive Attack
Exploit
Exposure
Loss
Protection Profile or Security Posture

Components of IS
● Software
● Hardware
● Data
● People
● Procedure
● Networks

Secure Software Development Life Cycle


● Investigation
● Analysis
● Logical Design
● Physical Design
● Implementation
● Maintenance and Change
Types of Threats
● Acts of Human Error/Failure
● Compromise to Intellectual Property
● Deliberate acts of Espionage / Trespass
● Deliberate acts of Sabotage/Vandalism
● Deliberate acts of Information Extortion
● Deliberate Acts of Theft
● Deliberate Software Attacks
● Forces of Nature
● Deviations in quality of service from service providers
● Technical hardware failure or errors
● Technical software failures or errors
● Technological obsolescence

Malware or Malicious Code


Types of Malware
● Viruses
● Worms
● Keyloggers
● Trojans
● Ransomware
● Spyware
● Adware
● Rootkits
● Crypto Jackers

Types of Attacks
● Active Attack
● Passive Attack
● Insider Attack
● Outsider Attack
● Password Attack
○ Brute-force Attack
○ Dictionary Attack
● Denial of service
● Distributed Denial of Service
● Cross-Site Scripting (XSS)
● Cross-Site Request Forgery (CSRF) or XSRF
● Spoofing Attack
● Eavesdropping Attack or Man-in-the-Middle Attack
● Pharming Attack
● DNS hijacking
● Spam Attacks
● Social Engineering Attack
Password
Passphrase
Password Manager

Types of Social Engineering Attack


● Baiting
● Scareware
● Pretexting
● Phishing
● Spear Phishing
● Whale Phishing (Whaling)
● Vishing (Voice Phishing)
● Tailgating or “Piggybacking”
● Typosquatting

Approaches to Information Security Implementation


● Bottom-Up Approach
● Top-Down Approach
● Layered Security Approach

Hacker
● White Hat Hacker
● Black Hat Hacker
● Gray Hat Hacker
● Script Kiddies
● Green Hat Hacker
● Blue Hat Hacker
● Red Hat Hacker

Laws
Ethics
Policy
Standards
Practices
Procedures
Guidelines

Information Security Blueprint

Risk Management
Risk Identification
Risk Control
Risk Assessment
● Quantitative Risk Assessment
● Qualitative Risk Assessment
Risk Control Strategies
● Apply Safeguards (Avoidance)
○ Application of Policy
○ Training and Education
○ Applying technology
● Transfer the risk (Transference)
● Reduce impact (Mitigation)
○ Incident response plan (IRP)
○ Disaster recovery plan (DRP)
○ Business continuity plan (BCP)
● Understand consequences and accept risk (Acceptance)

Benchmarking
● Metrics-based measures
● Process-based measures

Baselining
Risk Appetite
Residual Risk

Cryptography

• Basic Concepts of Cryptography

• Symmetric and Asymmetric Encryption

• Hash Functions and Digital Signatures

• Public Key Infrastructure (PKI)

Network Security

• Network Security Fundamentals

• Firewalls and Intrusion Detection Systems (IDS)

• Virtual Private Networks (VPNs)

• Secure Network Design

Access Control
● Access Control Models (MAC, DAC, RBAC)
● Access Control Mechanisms (Authentication, Authorization)
● Multi-Factor Authentication (MFA)
● Identity and Access Management (IAM)

You might also like