Information Security Vs Cybersecurity PDF
Document Details
Uploaded by JoyousString
null
Tags
Summary
This document provides a comparison between information security and cybersecurity, focusing on the concepts of confidentiality, integrity, and availability. It covers various aspects, including the CIA Triad, different threat actors and actions related to disrupting, protecting, and ensuring confidentiality. It also explores the history of cybersecurity and the importance of cybersecurity in the current world.
Full Transcript
**INFORMATION SECURITY VS CYBERSECURITY** **Information Security** - The practice of protecting information from unauthorized access, modification, or destruction in order to provide confidentiality, integrity, and availability. - "The protection of information and information systems...
**INFORMATION SECURITY VS CYBERSECURITY** **Information Security** - The practice of protecting information from unauthorized access, modification, or destruction in order to provide confidentiality, integrity, and availability. - "The protection of information and information systems from unauthorized access, use, disclosure, disruption, modification, or destruction in order to provide confidentiality, integrity, and availability. - **AKA "data security"** - Protecting data from all sorts of locations; not just online! - **CIA TRIAD** 1. **Confidentiality** - **"Somewhat secret"** - The act of protecting data from being observed by any unauthorized persons - Not pure secret since authorized people can access it - If bypassed: CAUSES LOSS OF PRIVACY - Trade secrets, personal info, bank account info / statements, government documents - **Activities disrupting confidentiality:** - Pocket Sniffing - Phishing - Blackmailing - Password Cracking - Dumpster Diving - Wiretapping - Key Logging - **How to ensure confidentiality?** - Strong password and username - 2FA / MFA - Biometric verification - Security Token (Key Pubs) -- banks - Data Encryption - **Password:** 8-12 characters + special characters / numbers 2. **Integrity** - The act of maintaining and assuring the accuracy and completeness of data over its entire lifecycle. - A complete and exactly the same data must be received by the receiver from the sender especially if the data is **in transit** - **SSL (Secure Socket Layer)** is the **protocol** used - **Transport Layer Security Protocol** - Protocol used to protect data from being compromised while in transit over the network - **Compromise:** Man-in-the-middle attack 3. **Availability** - The act of maintaining the ability to access and use data when needed. If there is an attack that brings down your network, whether temporary or locked out, then that is a failure of availability. - Data must be available 24/7. - Minimize the loss if data - Requires **routine/regular backup** - Use **proxy server** - **Compromise:** Destruct infrastructures **Cybersecurity** - The practice of safeguarding digital information stored on electronic systems from unauthorized access and malicious threats. - A set of standards and practices organizations use to protect their applications, data, programs, networks, and systems from cyberattacks, and unauthorized access. - A practice of safeguarding digital information stored on electronic systems, including computers, servers, networks, and mobile devices, from unauthorized access and malicious threats. - It involves recognizing what data is significant, where it is located, the potential risks, and the methods and tools necessary to protect it from certain risk vectors. **IMPORTANCE OF CYBERSECURITY** 1. **Protection of sensitive data** - Personal information - Corporate data 2. **Preventing financial loss** - Cybercrime - Legal penalties 3. **Maintaining trust** - Customer confidence - Brand reputation 4. **Compliance with laws and regulations** - Regulatory requirements - Data Privacy 5. **National Security** - Preventing disruption of services - Operational security 6. **Defense against evolving threats** - Rapid technological advancements - Sophisticated attacks 7. **National Security** - Critical infrastructure - State-sponsored attacks 8. **Protection of Intellectual Property** - Business Innovation - Competitive advantage **HISTORY OF CYBERSECURITY** **1970s: ARPANET** - Cybersecurity began in the 1970s when researcher **Bob Thomas** created a computer program called **Creeper** that could move across ARPANET's network, leaving a breadcrumb trail wherever it went. - **Ray Tomlinson** - Inventor of Email - Wrote the program REAPER - **REAPER:** - Chased and deleted the CREEPER. - Very first example of **antivirus software** - First **self-replicating program** - **First-ever computer worm** **1980s: Birth of the Commercial Antivirus** - **1987:** Commercial antivirus birthyear - although there were competing claims for the innovator of the first antivirus product. - **Andreas Lüning & Kai Figge** - Released their first antivirus product for the **ATARI ST** -- which also saw the release of **Ultimate Virus Killer in 1987** - **Three Czechoslovakians** created the **first version of the NOD antivirus** in the same year - In the US, **John McAfee** founded **McAfee** and released **VirusScan** **1990s: The world goes online** - With the **internet** becoming **available to the public**, more people began putting their personal information online. - Organized crime entities saw this as a potential source of revenue and started to **steal data from people and governments via the web** - By the middle of the 1990s, network security threats had increased exponentially that's why firewalls and antivirus programs had to be mass produced on a mass basis to protect the public. **2000s: Threats diversify and multiply** - In the early 2000s crime organizations started to heavily fund professional cyberattacks and governments began to clamp down on the criminality of hacking, giving much more serious sentences to those culpable - Information security continued to advance as the internet grew as well but, unfortunately, so did the virus. **SECURITY CONCEPTS** 1. **Vulnerability** - Weakness in a system that allows a threat source to compromise its security 2. **Threat** - Any potential danger that is associated with the exploitation of a vulnerability. - **Threat Agent:** - An entity that takes advantage of a vulnerability 3. **Risk** - Likelihood of a threat source exploiting a vulnerability and the corresponding business impact 4. **Exposure** - Instance of being exposed to losses 5. **Control** - **"Countermeasure"** - Put into place to mitigate (reduce) the potential risk **CONTROL FUNCTIONALITIES** 1. **Preventive** - Avoid an accident from occurring 2. **Detective** - Helps identify an incident's activities and potentially an intruder 3. **Corrective** - Fixes components or systems after an incident has occurred 4. **Deterrent** - Intended to discourage a potential attacker 5. **Recovery** - Intended to bring the environment back to regular operations 6. **Compensating** - Controls that provide an alternative measure of control **RELATIONSHIP AMONG THE SECURITY CONCEPTS**  13 BOMBS MOVIE: Director: Angga Dwimas Sasongko Lead: Oscar and William
