1.-Concept-of-Information-Security.pdf
Document Details
Tags
Full Transcript
Information Assurance Basics Information Assurance and Security 2 Learning Objectives Define information assurance. Discuss the importance, fundamental principles, and consequence of failure of information assurance “Is our data safe?” A total of 5.45 billion people around the...
Information Assurance Basics Information Assurance and Security 2 Learning Objectives Define information assurance. Discuss the importance, fundamental principles, and consequence of failure of information assurance “Is our data safe?” A total of 5.45 billion people around the world were using the internet at the start of July 2024, equivalent to 67.1 percent of the world’s total population (86.98M are from the Philippines). Biggest Data Breaches (2024) 1. AT&T – 7.6 million current and 65.4 million former customers 2. MOVEit – 77 million 3. Ticketmaster Entertainment, LLC – 560 million 4. Tile – 450 million 5. Dell – 49 million 6. Bank of America – 57, 000 7. Jollibee FC – 11 million https://www.bluefin.com/bluefin-news/biggest-data-breaches-year- 2024/ 01 Overview of information security 1. Concept of information security Information security refers to protecting information administratively, physically, and technically to prevent damage, alteration, and leakage of information while being collected, processed, stored, and transmitted information. Overview of information security 2. Need for information security The need to guarantee privacy and prevent crimes on the Internet is gradually increasing. Concerns about the leakage of major domestic technologies and information are also increasing, due to globalization, as the entire world is connected through the Internet. Overview of information security 3. Goals of information security The three goals of information security are confidentiality, integrity, and availability. Efforts should be made to administratively, physically and technically ensure these attributes. 02 Basic terms of information security A. Authentication Authentication refers to a method of verifying whether the information exchanged between the sender and receiver, who are the information, has not been altered or deleted and whether the subject (sender and receiver) are legitimate. B. Non-repudiation Non-repudiation refers to security technology to prevent the repudiation after receiving and sending a message, by verifying the fact of message receiving/sending. Non-repudiation can be classified into the following three categories: Non-repudiation of origin, non-repudiation of delivery, and non-repudiation of receipt. Non-repudiation categories Non-repudiation of origin refers to the prevention of the sender’s claim that the message was not received after actually receiving the message. Non-repudiation of delivery refers to the prevention of receiver’s claim that the message was not delivered after actually sending the message. Non-repudiation of receipt refers to the prevention of the receiver’s claim that the message was not received after actually receiving the message. 02 Basic terms of information security C. Cryptography Cryptography is largely classified into cryptographic techniques and encryption protocol techniques. Cryptographic techniques can be divided into symmetric key cryptosystem, in which the encryption key and the decryption key are the same, while in the public key cryptosystem, the encryption key and the decryption key are different, depending on whether the encryption key and the decryption key are the same. Cryptography Protocols Cryptography protocols refer to the products that use cryptographic techniques. As a protocol means a series of finite phases where more that 2 persons participate to achieve a certain purpose, the cryptographic protocol (authentication, confidentiality, integrity, non- repudiation, etc.) as well as the meaning of each message. Digital Signature A digital signature is the method of providing both data integrity and signature authentication, by performing a has operation on a specific document, using the signature’s private key. Signing the entire message is very inefficient because the public key operation should be performed on all message blocks repetitively. Hash Function A hash function, or hash algorithm, is a mathematical function that converts a random string of various sizes into a short hast value (hash code) of fixed length, then outputs it. That is, function compresses an input string of a random length into a string with a fixed, short length. F. Malware Malware is an abbreviation of malicious software and refers to software designed to perform malicious actions against computers, file systems, or networks. Malware can be classified into the following types: Worms. Malware that runs independently. This malware replicates itself and spreads to other concepts. Viruses. Viruses refer to malicious codes that are inserted into the code of another independent program, then make the program perform malicious behavior and spread on its own. Trojan horse. A program with hidden codes. Although it looks like a normal program, malicious code is extended when the used executes the program. G. Major security solutions 1. Firewall. A firewall refers to a security solution installed between the public network and the private network to protect the private network from the outside. Two types of firewalls: Packet filtering Gateway and Proxy Server. Packet Filtering Gateway, which determines whether to pass the packet, based on a series of rules. Proxy server that provides authentication to specific hosts to access a private network and allows them to pass the packet. 2. Intrusion Prevention System (IPS). A security system that blocks intrusions in real time by detecting unauthorized and abnormal behavior for the target system (network detection area), and by distinguishing detected illegal behavior. 3. Virtual Private Network (VPN). A technology that enables to safety use access control, authentication, and confidentiality services, like a private network when using a public network, without building a physical private network between remote sites. IPSec and SSL are the representative technologies for implementing a VPN. The VPN can be implemented in a dedicated system, router, or firewall. 4. Single Sign On (SSO). Single sign on enables the user to access another site without a separate authentication procedure after logging in on one site. 3. Virtual Private Network (VPN). A technology that enables to safety use access control, authentication, and confidentiality services, like a private network when using a public network, without building a physical private network between remote sites. IPSec and SSL are the representative technologies for implementing a VPN. The VPN can be implemented in a dedicated system, router, or firewall. 4. Single Sign On (SSO). Single sign on enables the user to access another site without a separate authentication procedure after logging in on one site. 5. Web Application Firewall(WAF). Located in front of web server, this security solution monitors incoming traffic with the HTTP/HTTPS protocol and blocks malicious attacks detected against the web application, such as the SQL injection attach or XSS attack, before it reaches the web server. 6. Network Access Control (NAC). When at the endpoint, when a user computer attempts to access the internal network for the first time, the system checks whether the accessing user computer compiles with various security policies, such as network user authentication, anti- virus program installation, etc., and controls network access according to the predefined security policy, when security policies are not observed. 7. Wireless Intrusion Prevention System (WPS). The WIPS automatically detects and blocks access from unauthorized wireless devices by continuously monitoring the wireless LAN operated of a specific organization, and it improves the stability of wireless LAN and enables integrated management. The WIPS provides a function of detecting and blocking intrusion attempt using an unauthorized AP or used device in the exposed wireless network. 8. Enterprise Security Management (ESM). ESM is designed to provide a consistent and intuitive administrator and user interface by integrating security management function modularized by function and product. This security solution aims to build an integrated security management system for all systems, according to standard policies by building an efficient, policy-oriented, and systematic security management system. 9. Security Information Event Management (SIEM). The SIEM solution establishes an early warning and monitoring system for intelligent threats, which provides correlation analysis and forensic functions in the vast information of big data by extending the role of the existing ESM from the security domain to the enterprise, and by adding corporate compliance response functions, so that those threats can be traces later, instead of only collecting and analyzing logs. A. Blockchain The Bitcoin cryptocurrency system and all 03 New transactions occurring in the network are recorded in one public ledger, distributed, and technical stored in a single ledger. Blockchain is a terms of distributed ledger and is designed with a structure that enables network participants to information store and verify data. When transactions occur, transactions that have occurred for a certain security period (10 minutes) are collected to create a block, to verify transaction, information, then the blocks are sequentially connected to form a chain. B. FIDO (Fast Identity Online Alliance). FIDO was established in July 2012 to set the technical (de facto) standard for authentication method, using biometrics in the online environment. The FIDO standard separated local user authentication in the user device from remote authentication performed by the service provider’s server. FIDO 1.0. FIDO 1.0 is similar to existing biometric authentication; it provides two authentication method the UAF (Universal Authentication Framework) protocol that does not store the user’s personal information on the server, and the U2F(Universal 2nd Factor) protocol that improves security using two-factor authentication. FIDO 2.0. FIDO 2.0 provides a convenient authentication and payment environment using bio-information instead of the password in the PC and web environment. FIDO 2.0 is a universal authentication technology standard that is developed to provide the FIDO clients and ASM on the flatform. C. Network segregation and networking linking. Networking segregation refers to network blocking, which separate the business network from the external network to block illegal access from the external internet network and to prevent the leakage of internal information. There are two types: physical segregation and logical network segregation. D. Fraud Detection System (FDS). The FDS is a system that detects suspicious transaction and blocks abnormal financial transactions by comprehensively analyzing device information, access information, and transaction details used in electronic financial transactions. Pattern analysis is the core engine of the FDS because the usual transactions of the user are analyzed, and abnormal behavior is detected when an action that violates the analyzed pattern is taken. The FDS has the following functions: 1. Information Collection. The FDS collects user media environment information and accident type information by collecting information on the user information behavior. 2. Analysis and detection. The FDS detects abnormal behavior by analyzing various correlations by user type and transaction type, and testing the pattern, based on the analysis of abnormal behavior using collected information. Fraud Detection Methods 1. Predictive analytics - is a powerful and dynamic concept which uses historical data to forecast future fraudulent activities. it’s a shield against evolving fraud risks. Organizations, spanning from financial institutions to e-commerce enterprises, attest to its effectiveness in mitigating fraud risks and preventing fraudulent transactions. Benefits of predictive analytics: Early detection Adaptive learning Reduce false positives Real-time insights Customization Cost efficiency Enhances customer trust Comprehensive risk management Strategic decision-making 2. Behavioral Analytics Is the Sherlock Holmes of the digital world, establishing a baseline for ‘normal’ user activity to keenly identify irregularities that may signal potential fraud. This method, powered by machine learning algorithms, plays a pivotal role not only in preventing identity theft but also in detecting and responding to suspicious activities in real-time. Benefits of behavioral analytics: Nuanced understanding Proactive identification Machine Learning Precision Identify theft prevention Real-time response Dynamic profiling Holistic risk management User-centric security Continuous improvement 3. Comprehensive ID verification and Strong Customer Authentication (SCA) Comprehensive identity verification and SCA authentication are the fortress against the looming threat of identity theft in today’s digital landscape. In an era where identity theft poses significant fraud risks, robust ID verification with advanced features like liveness detection becomes an indispensable layer of defense. Benefits of comprehensive ID verification and SCA Mitigation of Identity theft Real-time security fortification Biometric precision Fraudulent transaction prevention Privacy and data security User confidence Compliance assurance Proactive fraud prevention 4. Real-time transaction monitoring Real-time transaction monitoring is a dynamic method that scrutinizes transactions as they unfold, playing a pivotal role in promptly detecting fraudulent activities. Empowered by advanced analytics tools and fueled by the prowess of machine learning algorithms, real-time transaction monitoring not only enhances the efficiency and accuracy of the detection system but also significantly reduces the occurrence of false positives. Benefits of real-time transaction monitoring: Prompt fraud detection Swift response Reduced false positives Efficient review process Adaptive machine learning Fraud prevention Financial loss mitigation Enhanced accuracy Comprehensive risk mitigation 5. Advanced Detection using ML and AI In the ongoing battle against fraud, ML and AI stand as game- changers, armed with adaptive capabilities and the capacity to learn from ever-evolving fraud patterns. These technological marvels are not just effective; they redefine the landscape of fraud prevention and detection. Benefits of advanced fraud detection using ML and AI Adaptive Learning Precision and accuracy Rela-time insights Endorsements from corporations Scalability Efficiency Comprehensive fraud analysis Proactive risk management Bank fraud detection Data decision-making 3. Response. The FDS blocks an illegal transaction by blocking the transaction or by requiring additional authentication when abnormal behavior id detected. E. Quantum cryptography. It is a cryptographic technology that utilizes the characteristics of mechanics. Quantum cryptography is based on the characteristics of quantum. A quantum cannot be copied or returned to its original state. Due to these properties, the receiver can detect an eavesdropping attempt when a third party measure the quantum for eavesdropping because its state is changed if measured. F. Trusted Platform Module (TPM). It is a standard established by the TCG(Trusted Computing Group) an international industry standard organization, to overcome the limitations of security technology that only operated with software. This module provides a strong security environment that stores important data that requires security in a secure space separated by hardware, such as the encrypted key, password, digital certificate. TPM was released in September 2016, which includes the Mobile Trusted module (MTM). G. Re-identification. De- identification is the process or method of converting data in such way that an individual cannot be identified. Re- identification is the process or method of identifying an individual from the de-identification data by combining analyzing and processing it with other information. Personal information may be disclosed, due to intentional or accidental re-identification, while collecting information from SNS or websites, like search engine, or while companies that handle personal information, such as medial and financial institutions, are analyzing data. H. EU-GDPR. It is the personal information protection law of the EU (European Union) that took effect from May 25, 2018. THE EU has enacted the General Data Protection Regulation to protect personal information and to provide opportunities for the utilization of personal information at the same time, using the concept of general information, anonymous information, and pseudonym information. Major changes to the GDPR are as follows: 1. Enforcement regulation (imposition of penalties) Whereas the previous EU Directives were the regulation at the recommendation level, the GDPR is quite different, in that it is a mandatory regulation that all member states must comply with. (Penalties are imposed if violated.) 2. Extra-territorial scope The GDPR applies not only to the company operating a business site in the EU, but also to the companies that process the personal information of EU residents in overseas countries through e-commerce, etc. 3. Increase responsibilities The increased responsibility of the enterprise, such as the designation of the Data Protection Officer (PDO) and the increased rights of the information owner, such as right to data portability, have been added. Write a research paper analyzing notable security breaches in various companies (at least 3 companies). Identify a company that has experienced significant security breaches in recent years. Conduct in- depth research and provide a comprehensive analysis of each breach. Your paper should Assignment cover the following aspects of each company: 1. Company background and industry context. 2. Date and scope of the security breach. 3. Attack vector and method employed by the hackers. 4. Impact and consequences of the breach on the company and its stakeholders. 5. Response and mitigation measures taken by the company. 6. Lessons learned from breach and recommendations for improving security practices. Use an A4 coupon bond and include references. The deadline is next meeting, during our lecture class schedule.