Info-Assurance-review PDF

Summary

This document discusses computer security. It covers elements like confidentiality, integrity, and availability, along with key terms such as unauthorized access and vulnerabilities. It also touches upon encryption methods and social engineering threats. The document seems to be academic in nature, aimed at an undergraduate-level understanding of the subject.

Full Transcript

Module 1 Biometric identification
Danger of biometric identificationYou can't change your
COMPUTER SECURITY biometric password once it got leaked You can't legally refuse to give it,
unlike a password (US fifth amendment)
Elements : Finger print
Confidentiality - is the concealment of information or Voice print
resources. Also, there is a need to keep information secret from Iris scan
other third parties that want to have access to it, so just the right Retinal scan
people can access it.
Integrity - the trustworthiness of data in the systems or Cipher text is what encryption algorithms, or ciphers, transform an
resources by the point of view of preventing unauthorized and original message into.
improper changes.
Availability - refers to the ability to access data of a resource
when it is needed, such as the information has value only if the
authorized people can access at right time. Denying access to
data nowadays has become a common attack. Imagine a
downtime of a live server how costly it can be.

TERMINOLOGY

Unauthorized access − An unauthorized access is when someone gains
access to a server, website, or other sensitive data using someone else's
account details.
Hacker − Is a Person who tries and exploits a computer system for a
reason which can be money, a social cause, fun etc.
Threat − Is an action or event that might compromise the security.
Vulnerability − It is a weakness, a design problem or implementation
error in a system that can lead to an unexpected and undesirable event
regarding security system.
Attack − Is an assault on the system security that is delivered by a person
or a machine to a system. It violates security.
Antivirus or Antimalware − Is a software that operates on different OS
which is used to prevent from malicious software. Public Key Encryption
Social Engineering − Is a technique that a hacker uses to stole data by a The private key can unlock(decrypt)
person for different for purposes by psychological manipulation combined What is locked (encrypted) with a public key
with social scenes.
Virus − It is a malicious software that installs on your computer without
your consent for a bad purpose.
Firewall − It is a software or hardware which is used to filter network
traffic based on rules.

CONFIDENTIALITY

Passwords
Don't share them
Not even with computer
administrators
Don't write them down
Don't reuse them among
different sites
Change them often Virtual Private Networks
Select wise: Extends a private (hospital) network across a public (internet)
Easy to remember encrypted to protect against network sniffing
Hard to guess (resistant to dictionary attacks)
Password length
Large set of characters (caps, lower case, numbers, symbols)

Some notorious password leaks
2014: 5M Gmail passwords
2013: 38M Adobe passwords (and source code)
2013: 250K Twitter passwords
2012: 12M Apple User IDs stolen by FBI, 1M leaked
2012: 6M LinkedIn passwords
2012: 450K plaintext Yahoo passwords
2012: 1.5M plaintext Youporn passwords
2009: 10K MS Hotmail, MSN and Live passwords
 Cyberattacks - Cyberattacks like Distributed Denial of Service (DDoS) and
ransomware can disrupt data availability and lead to data loss or corruption.

Data encryption is the process of converting data into a coded or
unreadable format, to protect it from unauthorized access. Encryption is a
fundamental tool for ensuring data integrity and confidentiality.

Methods of Data Encryption
There are various encryption methods, including:

Symmetric Encryption- Uses a single key for both encryption and
Backups decryption, e.g., AES (Advanced Encryption Standard).
Use off-site data protection = vaulting Asymmetric Encryption - Utilizes a pair of public and private keys
e.g. remote backup (compression, encryption!) for encryption and decryption, e.g., RSA
First time and sometimes: full backup (Rivest-Shamir-Adleman).
Most often: only incremental backup End-to-End Encryption - Ensures that data is encrypted on the
Use a good data retention scheme sender's side and can only be decrypted by the intended
e.g. 7 daily, 4 weekly, 12 monthly, all yearly backups recipient, e.g., Signal Messenger.
Reflect about your time for full restore
Test the restore procedure!
“80% of backups fail to restore” Hash function is a mathematical algorithm that takes an input (or
"message") and returns a fixed-size string of characters, which is typically a
hexadecimal number. The output, known as the hash value or digest, is
unique to the input data, making it a valuable tool for data integrity.

Password Storage

When a user creates a password, it is run through a hash
function and the resulting hash is stored in the database. When
the user logs in, the entered password is hashed and compared
to the stored hash. If they match, the login is successful.

File Verification

Popular software like WinMD5 and HashTab calculate and
display hash values for files, allowing users to verify the file's
INTEGRITY
integrity. For example, an SHA-256 hash value can be provided
for a downloadable file, and users can verify it using hash
Data integrity refers to the accuracy, consistency, and reliability of data functions.
over its entire lifecycle. It ensures that data remains unchanged and
uncorrupted during storage, processing, and transmission. Hash functions are designed to be one-way functions, meaning it's
computationally infeasible to reverse the process and obtain the original
Key Aspects of Data Integrity input from the hash value. Examples of widely used hash functions include
MD5, SHA-1, and SHA-256.
Preventing Unauthorized Changes
Detecting Tampering Access control and authentication are essential components of data
Ensuring Data Accuracy integrity and security. They involve mechanisms and processes for verifying
Securing Data in Transit the identity of users and regulating their access to data, systems, or
resources.
Threats to data integrity encompass a wide range of events and actions
that can compromise the accuracy, consistency, and reliability of data. 1. Access Control Methods
These threats can be intentional or unintentional, and they pose significant
risks to information security. Access control mechanisms can be implemented in various
ways, including role-based access control (RBAC), mandatory
Common Threats to Data Integrity access control (MAC), and discretionary access control (DAC).

Malware and Viruses - Malicious software, such as viruses, worms, and
Trojans, can infect systems and corrupt or steal data. Role-Based Access Control (RBAC)

Data Breaches - Unauthorized access to sensitive data by hackers or In an organization, RBAC assigns specific roles (e.g.,
insiders can lead to data theft, manipulation, or exposure. admin, user, manager) to individuals. These roles
determine their access privileges. For example, an
Human Error- Mistakes made by employees or users, such as accidental admin can access and modify all data, while a user has
data deletion or improper data entry, can compromise data integrity. limited access.

Hardware Failures - Hardware components, including hard drives and 2. Authentication Methods
memory modules, can fail and result in data corruption or loss.
 Authentication methods include something you know (e.g.,
passwords), something you have (e.g., smart cards or tokens),
something you are (e.g., biometrics), and multi-factor
authentication (MFA) combining two or more of these methods.

Multi-Factor Authentication (MFA)

Many online services, like Google and online banking,
offer MFA. After entering a password, users receive a
one-time code on their mobile device, which they must
enter to access their accounts. This extra
authentication layer enhances security.

AVAILABILITY

Availability is one of the core principles of the CIA Triad. It refers to the
concept that information and systems should be accessible and usable by
authorized individuals whenever needed. The goal is to ensure that data
and services are consistently available, preventing disruptions due to
various threats.

1. Distributed Denial of Service (DDoS) Attacks:

Explain how DDoS attacks flood a system with traffic to
overwhelm and disrupt its services.
The 2016 Dyn cyberattack, where major websites like
Twitter and Netflix were rendered temporarily
unavailable due to a massive DDoS attack.

2. Hardware Failures:

Discuss how hardware components, such as hard drives or
power supplies, can fail unexpectedly.
The British Airways IT outage in 2017, caused by a
power supply issue, which resulted in canceled flights
and inconvenience to thousands of passengers.

3. Natural Disasters:

Explain that natural disasters like earthquakes, hurricanes, and
floods can disrupt data centers and infrastructure.
Hurricane Katrina in 2005 severely affected data center
availability, leading to data loss and downtime for many
organizations.

Methods for Ensuring Availability

Redundancy
Disaster Recovery Plans
Load Balancing
 ITEC- 85A INFORMATION ASSURANCE AND SECURITY 1

Lesson 2: INTRODUCTION TO INFORMATION ASSURANCE AND SECURITY

ISO STANDARD
According to ISO (International Standard Organization) / IEC (International Electrotechnical
Commission) standard 9126 – 1 (Software Engineering, Product Quality), the following are all aspects of
system quality:

 FUNCTIONALITY
 USABILITY
 RELIABILITY
 PERFORMANCE
 SECURIT

INFORMATION ASSURANCE
Information in computer terms may tend be

 Useful
 Gathered
 The result of processing data

Assurance on the other hand means a positive declaration intended to give confidence or a promise.

Information Assurance (IA) is the study of how to protect your information assets from destruction,
degradation, manipulation and exploitation. But also, how to recover should any of those happen.
Notice that it is both proactive and reactive.

BASIC SECURITY ISSUES
Availability - timely, reliable access to data and information services for authorized users.

Integrity - protection against unauthorized modification or destruction of information.

Confidentiality - assurance that the information is not disclosed to unauthorized person.

Authentication - security measures to establish the validity of a transmission, message or
originator.

Non-repudiation - assurance that the sender is provided with proof of a data delivery and
recipient is provided with proof of the sender’s identity, so that neither can later deny having
processed the data.
DIFFERENT VIEW ON IA
According to Debra Herrmann, IA should be viewed as spanning four security engineering domains:

Physical security

Personnel security

IT security

Operational security

So threats/risks to IA should be considered along these dimensions as well.

LETS MATCH
Physical security Locking sensitive documents in a safe

Personnel security Stationing a marine guard outside an embassy

IT security encrypting your hard drive
Using SSL(Secure Sockets Layer) for data transfers
Having off-site backup of documents

Operational security Assigning security clearances to staffer

Enforcing hard-to-guess passwords

FOUR SECURITY CATEGORIES
Physical security refers to the protection of hardware, software, and data against physical
threats to reduce or prevent disruptions to operations and services and loss of assets.

Personnel security is a variety of ongoing measures taken to reduce the likelihood and
severity of accidental and intentional alteration, destruction, misappropriation, misuse,
misconfiguration, unauthorized distribution, and unavailability of an organization’s logical and
physical assets, as the result of action or inaction by insiders and known outsiders, such as
business partners.

IT security is the inherent technical features and functions that collectively contribute to an IT
infrastructure achieving and sustaining confidentiality, integrity, availability, accountability,
authenticity and reliability.

Operational security involves the implementation of standard operational security that define
the nature and frequency of the interaction between users, systems and system resources.
ANOTHER VIEW ON IA
According to Raggad’s taxonomy of information security, a computing environment is made up of five
continuously interacting components:

Activities

People

Data

Technology

Networks

Security Strategies
 Risk Assessment and Management
 Access Control
 Encryption and Data Protection
 Incident Response and Recovery
 Security Awareness and Training
 Security Policies and Procedures

Lesson 3: CYBER SECURITY

CYBER SECURITY IS SAFETY

Security: We must protect our computers and data in the same way that we secure the doors to our
homes.

Safety: We must behave in ways that protect us against risks and threats that come with technology.

USER AWARENESS

Cyber-Criminals

Cracker: Computer-savvy programmer creates attack software

Script Kiddies: Unsophisticated computer users who know how to execute programs

Criminals: Create & sell bots -> generate spam Sell credit card numbers, etc…

System Administrators Some scripts appear useful to manage networks…
Hacker Bulletin Board

SQL Injection

Buffer overflow

Password Crackers

Password Dictionaries

Malware package earns $1K-2K 1 M Email addresses earn $8 10,000 PCs earn $100

LEADING THREATS

Viruses
Worms
Trojan Horses / Logic Bombs
Social Engineering
Rootkits
Botnets / Zombies

VIRUSES
A virus attaches itself to a program, file, or disk.

When the program is executed, the virus activates and replicates itself.

The virus may be benign or malignant but executes its payload at some point (often upon contact).

 Viruses can cause computer crashes and loss of data.

In order to recover or prevent virus attacks:

 Avoid potentially unreliable websites/emails.
 System Restore.
 Re-install operating system.
 Use and maintain anti-virus software.

WORMS
Independent program that replicates itself and sends copies from computer to computer
across network connections.

Upon arrival, the worm may be activated to replicate.
LOGIC BOMBS AND TROJAN HORSES
 Logic Bomb: Malware logic executes upon certain conditions. The program is often used for
otherwise legitimate reasons.
Examples:
Software which malfunctions if maintenance fee is not paid.
Employee triggers a database erase when he is fired

 Trojan Horse: Masquerades as a benign program while quietly destroying data or damaging your
system.
 Download a game: It may be fun but contains hidden code that gathers personal
information without your knowledge.

SOCIAL ENGINEERING
Social engineering manipulates people into performing actions or divulging confidential information.
Similar to a confidence trick or simple fraud, the term applies to the use of deception to gain
information, commit fraud, or access computer systems

PHISHING: COUNTERFEIT EMAIL
Phishing: A seemingly trustworthy entity asks for sensitive information such as SSN, credit card
numbers, login IDs or passwords via e-mail.

PHARMING: COUNTERFEIT WEB PAGES
 The link provided in the e-mail leads to a counterfeit webpage which collects important
information and submits it to the owner
 The counterfeit web page looks like the real thing
 Extracts account information

MAN IN THE MIDDLE ATTACK
An attacker pretends to be your final destination on the network. When a person tries to connect to a
specific destination, an attacker can mislead him to a different service and pretend to be that network
access point or server.
ROOTKIT
 Upon penetrating a computer, a hacker may install a collection of programs, called a rootkit.

May enable:

 Easy access for the hacker (and others) into the enterprise
 Keystroke logger

 Eliminates evidence of break-in.
 Modifies the operating system.

GEORGIA DATA BREACH NOTIFICATION LAW

 O.C.G.A. §§10-1-910, -911, -912

 An unauthorized acquisition of electronic data that compromises the security, confidentiality or
integrity of “personal information.”

 Personal Information
 Social Security Number.
 Driver’s license or state ID number.
 Information permitting access to personal accounts.
 Account passwords or PIN numbers or access codes.
 Any of the above in connection with a person’s name if the information is sufficient to
perform identity theft against the individual.

IDENTIFYING SECURITY COMPROMISES
Symptoms:

 Antivirus software detects a problem.
 Disk space disappears unexpectedly.
 Pop-ups suddenly appear, sometimes selling security software.
 Files or transactions appear that should not be there.
 The computer slows down to a crawl.
 Unusual messages, sounds, or displays on your monitor.
 Stolen laptop: 1 stolen every 53 seconds; 97% never recovered.
 The mouse pointer moves by itself.
 The computer spontaneously shuts down or reboots.
 Often unrecognized or ignored problems.
MALWARE DETECTION
Spyware symptoms:

 Changes to your browser homepage/start page.
 Ending up on a strange site when conducting a search.
 System-based firewall is turned off automatically.
 Lots of network activity while not particularly active.
 Excessive pop-up windows.
 New icons, programs, favorites which you did not add.
 Frequent firewall alerts about unknown programs when trying to access the Internet.
 Poor system performance.

ANTI-VIRUS AND ANTI-SPYWARE SOFTWARE
 Anti-virus software detects certain types of malware and can destroy it before any damage is
done.
 Install and maintain anti-virus and anti-spyware software.
 Be sure to keep anti-virus software updated.
 Many free and commercial options exist.
 Contact your Technology Support

BEST PRACTICES TO AVOID THESE THREATS

Defense in depth uses multiple layers of defense to address technical, personnel and operational issues.

HOST-BASED FIREWALLS
 A firewall acts as a barrier between your computer/private network and the internet. Hackers
may use the internet to find, use, and install applications on your computer. A firewall prevents
many hacker connections to your computer.
 Firewalls filter network packets that enter or leave your computer.
PROTECT YOUR OPERATING SYSTEM
 Microsoft regularly issues patches or updates to solve security problems in their software. If
these are not applied, it leaves your computer vulnerable to hackers.
 The Windows Update feature built into Windows can be set up to automatically download and
install updates.
 Avoid logging in as administrator
 Apple provides regular updates to its operating system and software applications.
 Apply Apple updates using the App Store

USE STRONG PASSWORDS
 Make passwords easy to remember but hard to guess
 USG standards:
 Be at least ten characters in length
 Must contain characters from at least two of the following four types of characters:
 English upper case (A-Z)
 English lower case (a-z)
 Numbers (0-9)
 Non-alphanumeric special characters ($, !, %, ^, …)

Must not contain the user’s name or part of the user’s name.

Must not contain easily accessible or guessable personal information about the user or user’s
family, such as birthdays, children’s names, addresses, etc.

CREATING STRONG PASSWORDS

A familiar quote can be a good start:

“LOVE IS A SMOKE MADE WITH THE FUME OF SIGHS”

William Shakespeare

Using the organization standard as a guide, choose the first character of each word:

 LIASMWTFOS

Now add complexity the standard requires:

 L1A$mwTF0S (10 characters, 2 numerals, 1 symbol, mixed English case: password satisfies all 4
types).

Or be more creative!
PASSWORD GUIDELINES

Never use admin, root, administrator, or a default account or password for administrative access.

A good password is:

Private: Used by only one person.

Secret: It is not stored in clear text anywhere, including on Post-It® notes!

Easily Remembered: No need to write it down.

Contains the complexity required by your organization.

Not easy to guess by a person or a program in a reasonable time, such as several weeks.

Changed regularly: Follow organization standards.

Avoid shoulder surfers and enter your credentials carefully! If a password is entered in the username
field, those attempts usually appear in system logs.

AVOID SOCIAL ENGINEERING AND MALICIOUS SOFTWARE

Do not open email attachments unless you are expecting the email with the attachment and
you trust the sender.

Do not click on links in emails unless you are absolutely sure of their validity.

Only visit and/or download software from web pages you trust.

AVOID HACKER TRICKS

Be sure to have a good firewall or pop-up blocker installed.

Pop-up blockers do not always block ALL pop-ups so always close a pop-up window using the ‘X’ in the
upper corner.

Never click “yes,” “accept” or even “cancel.”

Infected USB drives are often left unattended by hackers in public places

SECURE BUSINESS TRANSACTIONS

Always use secure browser to do online activities.

Frequently delete temp files, cookies, history, saved passwords etc.
BACKUP IMPORTANT INFORMATION

No security measure is 100% reliable.

Even the best hardware fails.

What information is important to you?

Is your backup:

 Recent?
 Off-site & Secure?
 Process Documented?
 Encrypted?
 Tested?

Cyber Incident Reporting

If you suspect a cyber security incident, notify your organization’s help desk or the USG its help desk
immediately. Be prepared to supply the details you know and contact information.

1. Do not attempt to investigate or remediate the incident on your own.

2. Inform other users of the system and instruct them to stop work immediately.

3. Unless instructed, do not power down the machine.

4. Unless instructed, do not remove the system from the network.

 The cyber security incident response team will contact you as soon as possible to gather
additional information.

IMPORTANCE OF CYBERSECURITY

The internet allows an attacker to work from anywhere on the planet.

Risks caused by poor security knowledge and practice:

 Identity Theft
 Monetary Theft
 Legal Ramifications (for yourself and your organization)
 Sanctions or termination if policies are not followed

According to the SANS Institute, the top vectors for vulnerabilities available to a cyber criminal are:

 Web Browser
 IM Clients
 Web Applications
 Excessive User Right
 Lesson 3: Ten Commandments of Computer Ethics

Computer Ethics
Deals with the procedures, values and practices that govern the process of consuming computing
technology and its related disciplines without damaging or violating the moral values and beliefs of
any individual, organization or entity.

1st Commandment

THOU SHALT NOT USE A COMPUTER TO HARM OTHER PEOPLE.

In the age of information and/or the digital age, more and more personal information is available online.
From financial to personal, information online is the property of the individual and entities that they
share it with and no others.

2nd Commandment

THOU SHALT NOT INTERFERE WITH OTHER PEOPLE'S COMPUTER WORK.

greater and higher speed access the user is to benefit and incorporate these advances in technology for
the betterment of their work and for the collaboration with others

3rd Commandment

THOU SHALT NOT SNOOP AROUND IN OTHER PEOPLE'S COMPUTER FILES.

Again with the increase in speed and access it is left to the user to continue their use in an ethical
manner.

4th Commandment

THOU SHALT NOT USE A COMPUTER TO STEAL.

Other commandments and with the advancement of technologies it is to the user to utilize equipment in
a manner in which benefits the Web 2.0 community.
5th Commandment

THOU SHALT NOT USE A COMPUTER TO BEAR FALSE WITNESS.

Computers, cell phones, chat rooms, instant messaging, blogs, wikis.... Daily there are multiple means
and options to post information for the global community to see. It is the responsibility of the user to
utilize these powerful tools to benefit this global community.

6th Commandment

THOU SHALT NOT COPY OR USE PROPRIETARY SOFTWARE FOR WHICH YOU HAVE NOT PAID.

For those looking for "free" software and applications, Web 2.0 applications provide users with "free"
and "open" applications which users can utilize in an ethical manner and at no cost.

7th Commandment

THOU SHALT NOT USE OTHER PEOPLE'S COMPUTER RESOURCES WITHOUT AUTHORIZATION OR
PROPER COMPENSATION

With the drop of costs and the increase in capabilities computer access in more common than ever.
Even with an atmosphere of openness users must remember to simply ask permission when using
equipment.

8th Commandment

THOU SHALT NOT APPROPRIATE OTHER PEOPLE'S INTELLECTUAL OUTPUT.

The Creative Commons community allows users and creators of information quick and easy use in
identifying the usability of their work.

9th Commandment

THOU SHALT THINK ABOUT THE SOCIAL CONSEQUENCES OF THE PROGRAM YOU ARE WRITING OR
THE SYSTEM YOU ARE DESIGNING.

As users and programmers collaborate from around the world it is with the intentions of betterment of
the world that they continue their work.
10th Commandment

THOU SHALT ALWAYS USE A COMPUTER IN WAYS THAT ENSURE CONSIDERATION AND RESPECT FOR
YOUR FELLOW HUMANS.

Computers are powerful tools that can and will be used to share knowledge with the global community.
It is left to the user to consider their purpose.
 CAVITE STATE UNIVERSITY – Imus Campus
DEPARTMENT OF COMPUTER STUDIES
INFORMATION TECHNOLOGY PROGRAM

Module 43: Security Policies
Security policies
A fundamental aspect of safeguarding an organization's information assets and maintaining the integrity, confidentiality, and
availability of data.

Formal documents that outline an organization's guidelines, rules, and expectations for securing its information and technology
assets.

Align with the CIA Triad (Confidentiality, Integrity, Availability) by specifying how to protect these three core principles.

Role of Policies in Information Security:

Risk Management:
Compliance
Data Protection
Access Control
Incident Response
User Accountability

Types of Security Policies:
There are various types of security policies, each addressing specific aspects of information security.
Common types include :

Acceptable Use Policies (AUP)
○ An AUP defines acceptable and unacceptable behavior when using an organization's information systems.
○ It outlines the rules regarding the use of company resources, including internet and email usage.
Password Policies
○ A password policy specifies the rules for creating, changing, and safeguarding passwords.
○ It typically covers password complexity, expiration, and reuse requirements.
Data Classification Policies
○ This policy categorizes data into different levels of sensitivity, such as public, internal, and confidential.
○ It dictates how data should be labeled, stored, and shared based on its classification.

Compliance and Auditing
Security Policies in Action:

Consider the example of a Data Classification Policy. This policy categorizes data into various sensitivity levels, such
as public, internal use, and confidential. By adhering to this policy, employees are mindful of how different types of
data should be treated.

○ Public Data - This data can be openly shared and doesn't require extensive security measures.
○ Internal Use Data - Restricted to employees, this data is subject to internal security protocols.
○ Confidential Data - Highly sensitive information that requires strict access controls and encryption.

Email Security Policies
○ An email security policy outlines the rules and best practices for sending and receiving email, including handling
attachments, avoiding phishing, and reporting suspicious emails.
BYOD (Bring Your Own Device) Policies.
○ A BYOD policy governs the use of personal devices for work purposes.
○ It addresses security measures, data protection, and user responsibilities when employees use their own devices.

Best Practices for Policy Development

Align with Business Goals -Ensure that security policies align with the overall business objectives to support a
security-conscious corporate culture.

Regulatory Compliance -Identify and adhere to relevant regulations and compliance standards. Ensure policies meet legal
requirements.

Instructor : Benedict G. Bautista Subject Code : ITEC 85
Program : Information Technology Subject Title : Information Assurance and Security 1
 CAVITE STATE UNIVERSITY – Imus Campus
DEPARTMENT OF COMPUTER STUDIES
INFORMATION TECHNOLOGY PROGRAM

Regular Updates - Security policies should be reviewed and updated periodically to remain relevant and effective in the face of
evolving threats.

Employee Training -Educate employees about security policies, their importance, and the consequences of non-compliance.

Security procedures

Security procedures are step-by-step instructions for performing specific security-related tasks.They operationalize security policies and
serve as a practical guide for employees.

Examples of Security Procedures:

Incident Response Procedures
User Account Management Procedures
Data Backup and Recovery Procedures

Incident Response Plans (IRPs)

An IRP is a documented strategy that outlines how an organization responds to security incidents and data breaches.It provides a
framework for identifying, containing, mitigating, and recovering from incidents.

Key Components of an IRP:

Incident Identification and Categorization - How incidents are recognized and classified in terms of severity.
Severity of Incidents:
Low Severity- These incidents might be minor malware infections on a few computers or isolated phishing attempts.
Moderate Severity-Examples include a more extensive malware outbreak affecting multiple systems or a data leakage incident.
High Severity - Catastrophic incidents like a major data breach or a widespread DoS attack.

Incident Response Team (IRT) -The composition and roles of the team responsible for responding to incidents.

Roles in Incident Response Team

1. Incident Coordinator -The Incident Coordinator is responsible for assessing the situation, determining the severity of the
incident, and deciding on appropriate responses.
2. Forensic Analyst-Forensic Analysts are responsible for collecting, analyzing, and preserving digital evidence related to the
incident. They use forensic tools and techniques to examine systems, logs, and data to determine the scope and impact of the incident.
3. Communication Liaison - The Communication Liaison manages the communication flow during an incident. They are
responsible for keeping internal and external stakeholders informed about the incident's status, progress, and impact.
4. IT Support and Recovery- IT Support and Recovery personnel focus on mitigating the immediate impact of the incident.
They work to contain and remediate the incident by identifying and eliminating threats.

Legal and Ethical Aspects

Cybersecurity Laws and Regulations
The company engages legal experts to ensure they comply with cybersecurity laws and regulations relevant to their industry and
geographical location.
Data Privacy Act of 2012 (Republic Act No. 10173)
This comprehensive law governs the collection, processing, and protection of personal data. It establishes the National Privacy
Commission (NPC) as the primary authority responsible for enforcing data privacy regulations.
Cybercrime Prevention Act of 2012 (Republic Act No. 10175)
This law addresses various forms of cybercrime, including illegal access to computer systems, data interference,
computer-related fraud, and content-related offenses. It also includes provisions for the takedown of content that violates the
law.
Philippine Critical Information Infrastructure Protection Act (Republic Act No. 10844)
This law designates certain critical infrastructure sectors and outlines measures for their protection against cyber threats.

Instructor : Benedict G. Bautista Subject Code : ITEC 85
Program : Information Technology Subject Title : Information Assurance and Security 1