Professional Documents
Culture Documents
Tutorial 1 BMIT2703 Information and IT Security
Tutorial 1 BMIT2703 Information and IT Security
Tutorial 1 BMIT2703 Information and IT Security
Tutorial 1 Part 1
1. List and describe basic characteristics of information security.
i) Confidentiality
- Prevent the disclosure of information to unauthorized individuals or systems.
- Make sure only authorised individuals have the right to access the information
ii) Integrity
- Data cannot be modified undetectably, integrity is violated when data is actively modified
in transit.
- Only authorised users can make changes on the data, keep track on the changes made
iii) Availability
- For any information system to serve its purpose, the information must be available when
it is needed.
- Provide information available on time
• Information can be assessed through Internet easily (we have many accounts such as
google account, email account – we need to provide phone number for verification purpose,
therefore
• Identify from company business websites
• Identify theft, loss of privacy – hackers may steal information by hacking our social media
accounts – abuse our personal information for other unhealthy activities
• Online shopping, banking, food ordering (many information is disclosed – address, bank
account number)
• Protect and ensure personal information to avoid from unintentional behavior, viruses,
spyware
5. Briefly describe the possible cloud service (dropbox, google, email, one drive)
vulnerabilities. (Slide 9)
• Phone calls
One of the most common methods social engineers use in their attacks is conducted via the phone.
The attacker may impersonate a person of authority, a person representing a person of authority or
a service provider to extract information from an unsuspecting user. For example, a person claiming
to be the CEO of the company calls someone on the helpdesk, requesting for his password, which
he claims to have forgotten.
• Phishing
A type of social engineering attack wherein the perpetrator sends an e-mail that appears to come
from a legitimate source (for example, a banks). The e-mail usually requests for verification of
information, sometimes warning of dire consequences if the recipient fails to comply. A phishing e-
mail usually includes links to fraudulent web pages which are made to look very similar to legitimate
web pages, including logos and content. (sending email and request for personal information such
as ID and password)
• Shoulder Surfing
This includes direct observation techniques, such as looking over someone's shoulder, to get
information. It is commonly used to obtain passwords, ATM PINs and security codes.
Tutorial 1 BMIT2703 Information and IT Security