1.-Concept-of-Information-Security.pdf

Full Transcript

Information
Assurance Basics
Information Assurance and Security 2
Learning
Objectives

Define information
assurance.
Discuss the importance,
fundamental principles,
and consequence of
failure of information
assurance
“Is our data safe?”

A total of 5.45 billion people
around the world were using
the internet at the start of July
2024, equivalent to 67.1
percent of the world’s total
population
(86.98M are from the
Philippines).
 Biggest Data Breaches
(2024)

1. AT&T – 7.6 million current and 65.4
million former customers
2. MOVEit – 77 million
3. Ticketmaster Entertainment, LLC – 560
million
4. Tile – 450 million
5. Dell – 49 million
6. Bank of America – 57, 000
7. Jollibee FC – 11 million
https://www.bluefin.com/bluefin-news/biggest-data-breaches-year-
2024/
01 Overview of
information security

1. Concept of information security
Information security refers to
protecting information
administratively, physically, and
technically to prevent damage,
alteration, and leakage of
information while being collected,
processed, stored, and transmitted
information.
Overview of information security
2. Need for information security
The need to guarantee privacy and prevent crimes
on the Internet is gradually increasing. Concerns
about the leakage of major domestic technologies
and information are also increasing, due to
globalization, as the entire world is connected
through the Internet.
Overview of information security
3. Goals of information security
The three goals of
information security are
confidentiality, integrity,
and availability. Efforts should
be made to administratively,
physically and technically ensure
these attributes.
02 Basic terms of information security
A. Authentication
Authentication refers to a method of verifying whether the
information exchanged between the sender and receiver, who
are the information, has not been altered or deleted and whether
the subject (sender and receiver) are legitimate.
B. Non-repudiation
Non-repudiation refers to security technology to prevent the
repudiation after receiving and sending a message, by verifying
the fact of message receiving/sending. Non-repudiation can be
classified into the following three categories: Non-repudiation
of origin, non-repudiation of delivery, and non-repudiation of
receipt.
Non-repudiation categories
Non-repudiation of origin refers to the prevention of the
sender’s claim that the message was not received after
actually receiving the message.
Non-repudiation of delivery refers to the prevention of
receiver’s claim that the message was not delivered after
actually sending the message.
Non-repudiation of receipt refers to the prevention of the
receiver’s claim that the message was not received after
actually receiving the message.
02 Basic terms of information security
C. Cryptography
Cryptography is largely classified into cryptographic techniques and
encryption protocol techniques.
Cryptographic techniques can be divided into symmetric key
cryptosystem, in which the encryption key and the decryption
key are the same, while in the public key cryptosystem, the
encryption key and the decryption key are different, depending
on whether the encryption key and the decryption key are the
same.
 Cryptography Protocols
Cryptography protocols refer to
the products that use
cryptographic techniques. As a
protocol means a series of finite
phases where more that 2 persons
participate to achieve a certain
purpose, the cryptographic
protocol (authentication,
confidentiality, integrity, non-
repudiation, etc.) as well as the
meaning of each message.
Digital Signature
A digital signature is the
method of providing both data
integrity and signature
authentication, by performing a has
operation on a specific document,
using the signature’s private key.
Signing the entire message is very
inefficient because the public key
operation should be performed on all
message blocks repetitively.
Hash Function

A hash function, or hash
algorithm, is a mathematical function
that converts a random string of
various sizes into a short hast value
(hash code) of fixed length, then
outputs it. That is, function
compresses an input string of a
random length into a string with a
fixed, short length.
F. Malware
Malware is an abbreviation of malicious software and refers to
software designed to perform malicious actions against computers, file
systems, or networks. Malware can be classified into the following
types:
Worms. Malware that runs independently. This malware
replicates itself and spreads to other concepts.
Viruses. Viruses refer to malicious codes that are inserted into
the code of another independent program, then make the
program perform malicious behavior and spread on its own.
Trojan horse. A program with hidden codes. Although it looks
like a normal program, malicious code is extended when the
used executes the program.
G. Major security solutions

1. Firewall. A firewall refers to a security solution installed between the
public network and the private network to protect the private network
from the outside. Two types of firewalls: Packet filtering Gateway and
Proxy Server. Packet Filtering Gateway, which determines whether to
pass the packet, based on a series of rules. Proxy server that provides
authentication to specific hosts to access a private network and allows
them to pass the packet.
2. Intrusion Prevention System (IPS). A security system that blocks
intrusions in real time by detecting unauthorized and abnormal
behavior for the target system (network detection area), and by
distinguishing detected illegal behavior.
3. Virtual Private Network (VPN). A technology that enables to safety
use access control, authentication, and confidentiality services, like a
private network when using a public network, without building a
physical private network between remote sites. IPSec and SSL are the
representative technologies for implementing a VPN. The VPN can be
implemented in a dedicated system, router, or firewall.

4. Single Sign On (SSO). Single sign on enables the user to access
another site without a separate authentication procedure after logging
in on one site.
3. Virtual Private Network (VPN). A technology that enables to safety
use access control, authentication, and confidentiality services, like a
private network when using a public network, without building a
physical private network between remote sites. IPSec and SSL are the
representative technologies for implementing a VPN. The VPN can be
implemented in a dedicated system, router, or firewall.
4. Single Sign On (SSO). Single sign on enables the user to access
another site without a separate authentication procedure after logging
in on one site.
5. Web Application Firewall(WAF). Located in front of web server, this
security solution monitors incoming traffic with the HTTP/HTTPS
protocol and blocks malicious attacks detected against the web
application, such as the SQL injection attach or XSS attack, before it
reaches the web server.
6. Network Access Control (NAC). When at the endpoint, when a user
computer attempts to access the internal network for the first time, the
system checks whether the accessing user computer compiles with
various security policies, such as network user authentication, anti-
virus program installation, etc., and controls network access according
to the predefined security policy, when security policies are not
observed.
7. Wireless Intrusion Prevention System (WPS). The WIPS
automatically detects and blocks access from unauthorized wireless
devices by continuously monitoring the wireless LAN operated of a
specific organization, and it improves the stability of wireless LAN and
enables integrated management. The WIPS provides a function of
detecting and blocking intrusion attempt using an unauthorized AP or
used device in the exposed wireless network.
8. Enterprise Security Management (ESM). ESM is designed to provide
a consistent and intuitive administrator and user interface by
integrating security management function modularized by function and
product. This security solution aims to build an integrated security
management system for all systems, according to standard policies by
building an efficient, policy-oriented, and systematic security
management system.

9. Security Information Event Management (SIEM). The SIEM solution
establishes an early warning and monitoring system for intelligent
threats, which provides correlation analysis and forensic functions in
the vast information of big data by extending the role of the existing
ESM from the security domain to the enterprise, and by adding
corporate compliance response functions, so that those threats can be
traces later, instead of only collecting and analyzing logs.
 A. Blockchain
The Bitcoin cryptocurrency system and all
03 New transactions occurring in the network are
recorded in one public ledger, distributed, and
technical stored in a single ledger. Blockchain is a
terms of distributed ledger and is designed with a
structure that enables network participants to
information store and verify data. When transactions occur,
transactions that have occurred for a certain
security period (10 minutes) are collected to create a
block, to verify transaction, information, then
the blocks are sequentially connected to form a
chain.
B. FIDO (Fast Identity Online Alliance). FIDO was established in July
2012 to set the technical (de facto) standard for authentication
method, using biometrics in the online environment. The FIDO
standard separated local user authentication in the user device from
remote authentication performed by the service provider’s server.
FIDO 1.0. FIDO 1.0 is similar to existing biometric authentication;
it provides two authentication method the UAF (Universal
Authentication Framework) protocol that does not store the
user’s personal information on the server, and the U2F(Universal
2nd Factor) protocol that improves security using two-factor
authentication.
FIDO 2.0. FIDO 2.0 provides a convenient authentication and
payment environment using bio-information instead of the
password in the PC and web environment. FIDO 2.0 is a universal
authentication technology standard that is developed to provide
the FIDO clients and ASM on the flatform.
C. Network segregation and networking linking. Networking segregation
refers to network blocking, which separate the business network from
the external network to block illegal access from the external internet
network and to prevent the leakage of internal information. There are
two types: physical segregation and logical network segregation.
D. Fraud Detection System (FDS). The FDS is a system that detects
suspicious transaction and blocks abnormal financial transactions by
comprehensively analyzing device information, access information, and
transaction details used in electronic financial transactions. Pattern
analysis is the core engine of the FDS because the usual transactions of
the user are analyzed, and abnormal behavior is detected when an
action that violates the analyzed pattern is taken. The FDS has the
following functions:
1. Information Collection. The FDS collects user media
environment information and accident type information by
collecting information on the user information behavior.
2. Analysis and detection. The FDS detects abnormal behavior
by analyzing various correlations by user type and transaction
type, and testing the pattern, based on the analysis of abnormal
behavior using collected information.
Fraud Detection Methods
1. Predictive analytics - is a powerful and dynamic concept which uses
historical data to forecast future fraudulent activities. it’s a shield
against evolving fraud risks. Organizations, spanning from financial
institutions to e-commerce enterprises, attest to its effectiveness in
mitigating fraud risks and preventing fraudulent transactions.
Benefits of predictive analytics:
Early detection Adaptive learning
Reduce false positives Real-time insights
Customization Cost efficiency
Enhances customer trust Comprehensive risk management
Strategic decision-making
2. Behavioral Analytics
Is the Sherlock Holmes of the digital world, establishing a
baseline for ‘normal’ user activity to keenly identify irregularities that
may signal potential fraud. This method, powered by machine learning
algorithms, plays a pivotal role not only in preventing identity theft but
also in detecting and responding to suspicious activities in real-time.
Benefits of behavioral analytics:
Nuanced understanding Proactive identification
Machine Learning Precision Identify theft prevention
Real-time response Dynamic profiling
Holistic risk management User-centric security
Continuous improvement
3. Comprehensive ID verification and Strong
Customer Authentication (SCA)
Comprehensive identity verification and SCA authentication are
the fortress against the looming threat of identity theft in today’s
digital landscape. In an era where identity theft poses significant fraud
risks, robust ID verification with advanced features like liveness
detection becomes an indispensable layer of defense.
Benefits of comprehensive ID verification and SCA
Mitigation of Identity theft Real-time security fortification
Biometric precision Fraudulent transaction prevention
Privacy and data security User confidence
Compliance assurance Proactive fraud prevention
4. Real-time transaction monitoring
Real-time transaction monitoring is a dynamic method that
scrutinizes transactions as they unfold, playing a pivotal role in promptly
detecting fraudulent activities. Empowered by advanced analytics tools
and fueled by the prowess of machine learning algorithms, real-time
transaction monitoring not only enhances the efficiency and accuracy of
the detection system but also significantly reduces the occurrence of false
positives. Benefits of real-time transaction monitoring:
Prompt fraud detection Swift response
Reduced false positives Efficient review process
Adaptive machine learning Fraud prevention
Financial loss mitigation Enhanced accuracy
Comprehensive risk mitigation
5. Advanced Detection using ML and AI
In the ongoing battle against fraud, ML and AI stand as game-
changers, armed with adaptive capabilities and the capacity to learn
from ever-evolving fraud patterns. These technological marvels are not
just effective; they redefine the landscape of fraud prevention and
detection.
Benefits of advanced fraud detection using ML and AI
Adaptive Learning Precision and accuracy
Rela-time insights Endorsements from corporations
Scalability Efficiency
Comprehensive fraud analysis Proactive risk management
Bank fraud detection Data decision-making
 3. Response. The FDS blocks an illegal transaction by blocking
the transaction or by requiring additional authentication when
abnormal behavior id detected.
E. Quantum cryptography. It is a cryptographic technology that utilizes the
characteristics of mechanics. Quantum cryptography is based on the
characteristics of quantum. A quantum cannot be copied or returned to its
original state. Due to these properties, the receiver can detect an
eavesdropping attempt when a third party measure the quantum for
eavesdropping because its state is changed if measured.
F. Trusted Platform Module (TPM). It is a standard established by the
TCG(Trusted Computing Group) an international industry standard
organization, to overcome the limitations of security technology that only
operated with software. This module provides a strong security environment
that stores important data that requires security in a secure space separated
by hardware, such as the encrypted key, password, digital certificate. TPM
was released in September 2016, which includes the Mobile Trusted module
(MTM).
G. Re-identification. De- identification is the process or method of
converting data in such way that an individual cannot be identified. Re-
identification is the process or method of identifying an individual from
the de-identification data by combining analyzing and processing it
with other information. Personal information may be disclosed, due to
intentional or accidental re-identification, while collecting information
from SNS or websites, like search engine, or while companies that
handle personal information, such as medial and financial institutions,
are analyzing data.
H. EU-GDPR. It is the personal information protection law of the EU
(European Union) that took effect from May 25, 2018. THE EU has
enacted the General Data Protection Regulation to protect personal
information and to provide opportunities for the utilization of personal
information at the same time, using the concept of general
information, anonymous information, and pseudonym information.
Major changes to the GDPR are as follows:
1. Enforcement regulation (imposition of penalties)
Whereas the previous EU Directives were the regulation at the
recommendation level, the GDPR is quite different, in that it is a mandatory
regulation that all member states must comply with. (Penalties are imposed
if violated.)
2. Extra-territorial scope
The GDPR applies not only to the company operating a business site in
the EU, but also to the companies that process the personal information of
EU residents in overseas countries through e-commerce, etc.
3. Increase responsibilities
The increased responsibility of the enterprise, such as the designation
of the Data Protection Officer (PDO) and the increased rights of the
information owner, such as right to data portability, have been added.
 Write a research paper analyzing
notable security breaches in various
companies (at least 3 companies). Identify a
company that has experienced significant
security breaches in recent years. Conduct in-
depth research and provide a comprehensive
analysis of each breach. Your paper should
Assignment cover the following aspects of each company:
1. Company background and industry
context.
2. Date and scope of the security breach.
3. Attack vector and method employed by
the hackers.
4. Impact and consequences of the breach
on the company and its stakeholders.
5. Response and mitigation measures taken
by the company.
6. Lessons learned from breach and
recommendations for improving security
practices.
Use an A4 coupon bond and include
references. The deadline is next meeting,
during our lecture class schedule.