Essential Infosec Concepts PDF
Document Details
![EuphoricFunction4040](https://quizgecko.com/images/avatars/avatar-6.webp)
Uploaded by EuphoricFunction4040
2022
ABET DELA CRUZ
Tags
Related
- CCF-Session-1-v4-Regular-2023-lec-clsu-1 PDF - Information Security Fundamentals
- Information Assurance and Security PDF
- Legal and Privacy Issues in Information Security PDF (Chapter 1)
- Information Assurance and Security Lesson 1-3 PDF
- Legal and Privacy Issues in Information Security PDF
- Compliance and Privacy PDF
Summary
This document provides essential information security concepts, details and definitions. It focuses on cyber security, data privacy and information security practices. The document is intended for a specific group, possibly training materials.
Full Transcript
Essential Security Concepts ABET DELA CRUZ Philippine Computer Emergency Response Team Coordinating Center (PHCERT/CC) This Document and its Contents are Properties of PRAGMATIC INCIGHTS OPC ® - Licensed for use to PHILIPPINE COMPUTER EMERGENCT RESPONSE TEAM COODINATING CENTER (PHCER...
Essential Security Concepts ABET DELA CRUZ Philippine Computer Emergency Response Team Coordinating Center (PHCERT/CC) This Document and its Contents are Properties of PRAGMATIC INCIGHTS OPC ® - Licensed for use to PHILIPPINE COMPUTER EMERGENCT RESPONSE TEAM COODINATING CENTER (PHCERT/CC) – NOT FOR RESALE – LIMITED DISTRIBUTION AS PDF for PCS-ISEC Program YR 2022 Let’s get our DEFINITIONS STRAIGHT! https://csrc.nist.gov/glossary This Document and its Contents are Properties of PRAGMATIC INCIGHTS OPC ® - Licensed for use to PHILIPPINE COMPUTER EMERGENCT RESPONSE TEAM COODINATING CENTER (PHCERT/CC) – NOT FOR RESALE – LIMITED DISTRIBUTION AS PDF for PCS-ISEC Program YR 2022 CYBERSPACE ON-PREMISE This Document and its Contents are Properties of PRAGMATIC INCIGHTS OPC ® - Licensed for use to PHILIPPINE COMPUTER EMERGENCT RESPONSE TEAM COODINATING CENTER (PHCERT/CC) – NOT FOR RESALE – LIMITED DISTRIBUTION AS PDF for PCS-ISEC Program YR 2022 CYBERSPACE ON-PREMISE This Document and its Contents are Properties of PRAGMATIC INCIGHTS OPC ® - Licensed for use to PHILIPPINE COMPUTER EMERGENCT RESPONSE TEAM COODINATING CENTER (PHCERT/CC) – NOT FOR RESALE – LIMITED DISTRIBUTION AS PDF for PCS-ISEC Program YR 2022 CYBERSPACE ON-PREMISE DATA PRIVACY Concerned with the Proper Handling, Processing, Storage, and Usage of Personal Information This Document and its Contents are Properties of PRAGMATIC INCIGHTS OPC ® - Licensed for use to PHILIPPINE COMPUTER EMERGENCT RESPONSE TEAM COODINATING CENTER (PHCERT/CC) – NOT FOR RESALE – LIMITED DISTRIBUTION AS PDF for PCS-ISEC Program YR 2022 How do we protect Personal Information? (How do we ensure Data Privacy?) This Document and its Contents are Properties of PRAGMATIC INCIGHTS OPC ® - Licensed for use to PHILIPPINE COMPUTER EMERGENCT RESPONSE TEAM COODINATING CENTER (PHCERT/CC) – NOT FOR RESALE – LIMITED DISTRIBUTION AS PDF for PCS-ISEC Program YR 2022 CYBERSPACE * INFORMATION SECURITY The protection of information and information systems from unauthorized access, use, disclosure, disruption, CYBERSECURITY modification, or destruction The ability to protect or defend in order to provide ON-PREMISE the use of cyberspace from cyber confidentiality, integrity, and ? attacks. availability. * NIST Definition (http://nvlpubs.nist.gov/nistpubs/ir/2013/NIST.IR.7298r2.pdf) This Document and its Contents are Properties of PRAGMATIC INCIGHTS OPC ® - Licensed for use to PHILIPPINE COMPUTER EMERGENCT RESPONSE TEAM COODINATING CENTER (PHCERT/CC) – NOT FOR RESALE – LIMITED DISTRIBUTION AS PDF for PCS-ISEC Program YR 2022 IN A NUTSHELL.. This Document and its Contents are Properties of PRAGMATIC INCIGHTS OPC ® - Licensed for use to PHILIPPINE COMPUTER EMERGENCT RESPONSE TEAM COODINATING CENTER (PHCERT/CC) – NOT FOR RESALE – LIMITED DISTRIBUTION AS PDF for PCS-ISEC Program YR 2022 INFORMATION SECURITY This Document and its Contents are Properties of PRAGMATIC INCIGHTS OPC ® - Licensed for use to PHILIPPINE COMPUTER EMERGENCT RESPONSE TEAM COODINATING CENTER (PHCERT/CC) – NOT FOR RESALE – LIMITED DISTRIBUTION AS PDF for PCS-ISEC Program YR 2022 Insider Abuse Scams Blackmail Whale-ing Vishing Smishing Phishing Ransomware Social Engineering Windows DDoS Linux/Unix Malicious Worm Infection Defacement Network Behavior Malware Intrusion Data Leakage This Document and its Contents are Properties of PRAGMATIC INCIGHTS OPC ® - Licensed for use to PHILIPPINE COMPUTER EMERGENCT RESPONSE TEAM COODINATING CENTER (PHCERT/CC) – NOT FOR RESALE – LIMITED DISTRIBUTION AS PDF for PCS-ISEC Program YR 2022 This Document and its Contents are Properties of PRAGMATIC INCIGHTS OPC ® - Licensed for use to PHILIPPINE COMPUTER EMERGENCT RESPONSE TEAM COODINATING CENTER (PHCERT/CC) – NOT FOR RESALE – LIMITED DISTRIBUTION AS PDF for PCS-ISEC Program YR 2022 According to a Kaspersky report, 7,000 Philippine companies encountered ransomware attacks in 2020. State of Ransomware 2021 Report from UK cyber security company Sophos, Philippine orgs have spent $820,000 (P40 mil) to recover from attacks Interesting trends –more susceptible, less likely to pay, more likely to be able to restore from backup This Document and its Contents are Properties of PRAGMATIC INCIGHTS OPC ® - Licensed for use to PHILIPPINE COMPUTER EMERGENCT RESPONSE TEAM COODINATING CENTER (PHCERT/CC) – NOT FOR RESALE – LIMITED DISTRIBUTION AS PDF for PCS-ISEC Program YR 2022 This Document and its Contents are Properties of PRAGMATIC INCIGHTS OPC ® - Licensed for use to PHILIPPINE COMPUTER EMERGENCT RESPONSE TEAM COODINATING CENTER (PHCERT/CC) – NOT FOR RESALE – LIMITED DISTRIBUTION AS PDF for PCS-ISEC Program YR 2022 This Document and its Contents are Properties of PRAGMATIC INCIGHTS OPC ® - Licensed for use to PHILIPPINE COMPUTER EMERGENCT RESPONSE TEAM COODINATING CENTER (PHCERT/CC) – NOT FOR RESALE – LIMITED DISTRIBUTION AS PDF for PCS-ISEC Program YR 2022 This Document and its Contents are Properties of PRAGMATIC INCIGHTS OPC ® - Licensed for use to PHILIPPINE COMPUTER EMERGENCT RESPONSE TEAM COODINATING CENTER (PHCERT/CC) – NOT FOR RESALE – LIMITED DISTRIBUTION AS PDF for PCS-ISEC Program YR 2022 “IT’S NOT IF, IT’S WHEN AND HOW SEVERE.” “THERE ARE TWO TYPES OF COMPANIES: THOSE THAT HAVE BEEN HACKED, AND THOSE WHO DON’T KNOW THEY HAVE BEEN HACKED.” “IF YOU KNEW YOU WERE GOING TO BE COMPROMISED, WOULD YOU DO SECURITY DIFFERENTLY?” This Document and its Contents are Properties of PRAGMATIC INCIGHTS OPC ® - Licensed for use to PHILIPPINE COMPUTER EMERGENCT RESPONSE TEAM COODINATING CENTER (PHCERT/CC) – NOT FOR RESALE – LIMITED DISTRIBUTION AS PDF for PCS-ISEC Program YR 2022 C.I.A. TRIAD This Document and its Contents are Properties of PRAGMATIC INCIGHTS OPC ® - Licensed for use to PHILIPPINE COMPUTER EMERGENCT RESPONSE TEAM COODINATING CENTER (PHCERT/CC) – NOT FOR RESALE – LIMITED DISTRIBUTION AS PDF for PCS-ISEC Program YR 2022 D.A.D. TRIAD DISCLOSURE ALTERATION DENIAL DISCLOSURE ALTERATION DENIAL This Document and its Contents are Properties of PRAGMATIC INCIGHTS OPC ® - Licensed for use to PHILIPPINE COMPUTER EMERGENCT RESPONSE TEAM COODINATING CENTER (PHCERT/CC) – NOT FOR RESALE – LIMITED DISTRIBUTION AS PDF for PCS-ISEC Program YR 2022 Ensure that Information is only known to authorized entities Prevent Disclosure Ensure that Information is not modified by un-authorized entities Prevent Alteration Ensure that Information is available when needed Prevent Denial (Inaccessibility) This Document and its Contents are Properties of PRAGMATIC INCIGHTS OPC ® - Licensed for use to PHILIPPINE COMPUTER EMERGENCT RESPONSE TEAM COODINATING CENTER (PHCERT/CC) – NOT FOR RESALE – LIMITED DISTRIBUTION AS PDF for PCS-ISEC Program YR 2022 CIA Threat Analysis Threat to CONFIDENTIALITY Any form of Data Leakage is inimical to the well being of the Compromise of Database and File Servers organization as well as for the clients that it seeks to serve. Wired/Wireless Network Sniffing/Eavesdropping From Confidential Information and Trade Secrets to Personal Trojans/Viruses/Worms that Exfiltrates Data Identifiable Information (PII) of both the Employees and the Theft of Computing Resources Clients that are protected by the law of the land, numerous Damages, Penalties, and Legal Action ramifications exist if this should fall into the wrong hands. Threat to INTEGRITY The reputation of the organization is what it should value the Website Defacement most. Trust and Confidence is what keeps the client coming Email Spoofing/Phishing back. It is the bedrock of the business. Any attack on the Identity Theft company and its systems which results in degradation of Reduced Trust and Confidence due to Non- confidence whether successful or not (as long as it is made Compliance public) can cause irreparable harm and consequently loss of Leakage of Personal Information business. Threat to AVAILABILITY Attacks on any system that relies on information and Trojans/Viruses/Worms that eats up Computing communication technology can affect the operational Resources capability and efficiency of the organization. It can hamper if Denial of Service Attacks not totally stop operations that will in turn hurt the overall Scanning and Reconnaissance productivity of the employees and consequently, the Natural and Man-made disasters/incidents organization as a whole. Peer-to-peer file sharing, unauthorized downloading and un-sanctioned internet activities This Document and its Contents are Properties of PRAGMATIC INCIGHTS OPC ® - Licensed for use to PHILIPPINE COMPUTER EMERGENCT RESPONSE TEAM COODINATING CENTER (PHCERT/CC) – NOT FOR RESALE – LIMITED DISTRIBUTION AS PDF for PCS-ISEC Program YR 2022 Sensitivity refers to the quality of information, which could cause harm or damage if disclosed. Maintaining confidentiality of sensitive information helps to prevent harm or damage. Discretion is an act of decision where an operator can influence or control disclosure in order to minimize harm or damage. Criticality The level to which information is mission critical is its measure of criticality. The higher the level of criticality, the more likely the need to maintain the confidentiality of the information. High levels of criticality are essential to the operation or function of an organization. Concealment is the act of hiding or preventing disclosure. Often concealment is viewed as a means of cover, obfuscation, or distraction. A related concept to concealment is security through obscurity, which is the concept of attempting to gain protection through hiding, silence, or secrecy. While security through obscurity is typically not considered a valid security measure, it may still have value in some cases. Secrecy is the act of keeping something a secret or preventing the disclosure of information. Privacy refers to keeping information confidential that is personally identifiable or that might cause harm, embarrassment, or disgrace to someone if revealed. Seclusion involves storing something in an out-of-the-way location. This location can also provide strict access controls. Seclusion can help enforcement of confidentiality protections. Isolation is the act of keeping something separated from others. Isolation can be used to prevent commingling of information or disclosure of information. This Document and its Contents are Properties of PRAGMATIC INCIGHTS OPC ® - Licensed for use to PHILIPPINE COMPUTER EMERGENCT RESPONSE TEAM COODINATING CENTER (PHCERT/CC) – NOT FOR RESALE – LIMITED DISTRIBUTION AS PDF for PCS-ISEC Program YR 2022 Accuracy: Being correct and precise Truthfulness: Being a true reflection of reality Authenticity: Being authentic or genuine Validity: Being factually or logically sound Nonrepudiation: Not being able to deny having performed an action or activity or being able to verify the origin of a communication or event Accountability: Being responsible or obligated for actions and results Responsibility: Being in charge or having control over something or someone Completeness: Having all needed and necessary components or parts Comprehensiveness: Being complete in scope; the full inclusion of all needed elements This Document and its Contents are Properties of PRAGMATIC INCIGHTS OPC ® - Licensed for use to PHILIPPINE COMPUTER EMERGENCT RESPONSE TEAM COODINATING CENTER (PHCERT/CC) – NOT FOR RESALE – LIMITED DISTRIBUTION AS PDF for PCS-ISEC Program YR 2022 Usability: The state of being easy to use or learn or being able to be understood and controlled by a subject Accessibility: The assurance that the widest range of subjects can interact with a resource regardless of their capabilities or limitations Timeliness: Being prompt, on time, within a reasonable time frame, or providing low latency response This Document and its Contents are Properties of PRAGMATIC INCIGHTS OPC ® - Licensed for use to PHILIPPINE COMPUTER EMERGENCT RESPONSE TEAM COODINATING CENTER (PHCERT/CC) – NOT FOR RESALE – LIMITED DISTRIBUTION AS PDF for PCS-ISEC Program YR 2022 TRADITIONAL IT DISCIPLINES This Document and its Contents are Properties of PRAGMATIC INCIGHTS OPC ® - Licensed for use to PHILIPPINE COMPUTER EMERGENCT RESPONSE TEAM COODINATING CENTER (PHCERT/CC) – NOT FOR RESALE – LIMITED DISTRIBUTION AS PDF for PCS-ISEC Program YR 2022 TRADITIONAL IT DISCIPLINES NETWORK ADMINISTRATOR This Document and its Contents are Properties of PRAGMATIC INCIGHTS OPC ® - Licensed for use to PHILIPPINE COMPUTER EMERGENCT RESPONSE TEAM COODINATING CENTER (PHCERT/CC) – NOT FOR RESALE – LIMITED DISTRIBUTION AS PDF for PCS-ISEC Program YR 2022 TRADITIONAL IT DISCIPLINES SYSTEM ADMINISTRATOR NETWORK ADMINISTRATOR This Document and its Contents are Properties of PRAGMATIC INCIGHTS OPC ® - Licensed for use to PHILIPPINE COMPUTER EMERGENCT RESPONSE TEAM COODINATING CENTER (PHCERT/CC) – NOT FOR RESALE – LIMITED DISTRIBUTION AS PDF for PCS-ISEC Program YR 2022 TRADITIONAL IT DISCIPLINES SYSTEM ADMINISTRATOR NETWORK DATABASE ADMINISTRATOR ADMINISTRATOR This Document and its Contents are Properties of PRAGMATIC INCIGHTS OPC ® - Licensed for use to PHILIPPINE COMPUTER EMERGENCT RESPONSE TEAM COODINATING CENTER (PHCERT/CC) – NOT FOR RESALE – LIMITED DISTRIBUTION AS PDF for PCS-ISEC Program YR 2022 TRADITIONAL IT DISCIPLINES SYSTEM SOFTWARE ADMINISTRATOR DEVELOPER NETWORK DATABASE ADMINISTRATOR ADMINISTRATOR This Document and its Contents are Properties of PRAGMATIC INCIGHTS OPC ® - Licensed for use to PHILIPPINE COMPUTER EMERGENCT RESPONSE TEAM COODINATING CENTER (PHCERT/CC) – NOT FOR RESALE – LIMITED DISTRIBUTION AS PDF for PCS-ISEC Program YR 2022 SECURITY CUTS ACROSS ALL IT DISCIPLINES SYSTEM SOFTWARE ADMINISTRATOR DEVELOPER SECURITY NETWORK DATABASE ADMINISTRATOR ADMINISTRATOR This Document and its Contents are Properties of PRAGMATIC INCIGHTS OPC ® - Licensed for use to PHILIPPINE COMPUTER EMERGENCT RESPONSE TEAM COODINATING CENTER (PHCERT/CC) – NOT FOR RESALE – LIMITED DISTRIBUTION AS PDF for PCS-ISEC Program YR 2022 SECURITY CUTS ACROSS ALL IT DISCIPLINES SYSTEM SOFTWARE ADMINISTRATOR DEVELOPER SECURITY NETWORK DATABASE ADMINISTRATOR ADMINISTRATOR This Document and its Contents are Properties of PRAGMATIC INCIGHTS OPC ® - Licensed for use to PHILIPPINE COMPUTER EMERGENCT RESPONSE TEAM COODINATING CENTER (PHCERT/CC) – NOT FOR RESALE – LIMITED DISTRIBUTION AS PDF for PCS-ISEC Program YR 2022 SALAMAT PO! ALBERT P. DELA CRUZ https://phcert.cc twitter.com/phcert fb.me/phcert This Document and its Contents are Properties of PRAGMATIC INCIGHTS OPC ® - Licensed for use to PHILIPPINE COMPUTER EMERGENCT RESPONSE TEAM COODINATING CENTER (PHCERT/CC) – NOT FOR RESALE – LIMITED DISTRIBUTION AS PDF for PCS-ISEC Program YR 2022