Professional Documents
Culture Documents
Unit 2 SE
Unit 2 SE
Unit 2 SE
nations, from Arctic to Antarctica as indicated by the report from the International
Telecommunication Union. Thus, individuals and organizations can reach any point on the
• Among the easy access to the information, there is some risk associated with that including
• If the information is available on computer networks, it‘s more vulnerable than if the
• Intruders can steal the information even without entering an office or home, and also need not
be from the same country. Hence the importance of information security become more critical
to the owners.
Basic Information Security Concepts
• Three basic information security concepts important to information are
• Information Security is such a broad discipline that it‘s easy to get lost in a
accurate, and
authorized people.
Confidentiality
• When information is read or copied by someone not authorized to do so,
• This goal of the CIA triad emphasizes the need for information protection.
users are able to view it, while unauthorized persons are blocked from
seeing it.
Integrity
• Information can be corrupted or manipulated if it‘s available on an insecure network, and
is referred to as ―loss of integrity.‖ This means that unauthorized changes are made to
• Integrity is particularly important for critical safety and financial data used for activities
such as electronic funds transfers, air traffic control, and financial accounting.
• For example, banks are more concerned about the integrity of financial records, with
confidentiality having only second priority. Some bank account holders or depositors
leave ATM receipts unchecked and hanging around after withdrawing cash. This shows
that confidentiality does not have the highest priority. In the CIA triad, integrity is
maintained when the information remains unchanged during storage, transmission, and
means that people who are authorized to get information are restricted from accessing.
attack nowadays. Almost every week you can find news about high profile websites
being taken down by Denial of Service attacks. The CIA triad goal of availability is the
• Now let‘s take a look at other key terms in Information Security – Authorization,
Authentication, and Non repudiation processes and methods, which are some of the main
trusted with it (for accessing and modification), organizations use authentication and
authorization.
• Authentication is proving that a user is the person he or she claims to be. That proof may
involve something the user knows (such as a password), something the user has (such as a
―smartcard‖), or something about the user that proves the person‘s identity (such as a
fingerprint). Authorization is the act of determining whether a particular user (or computer
system) has the right to carry out a certain activity, such as reading a file or running a
program.
• Users must be authenticated before carrying out the activity they are authorized to perform.
Security is strong when the means of authentication cannot later be refuted—the user cannot
later deny that he or she performed the activity. This is known as non-repudiation.
Cyber Security Incident Response - Definition
• The goal is to handle the situation in a way that limits damage and reduces recovery
security incident response team (CSIRT), a group that has been previously selected
members. The team may also include representatives from the legal, human
function that helps ensure an organization can make quick decisions with
reliable information.
• Not only are technical staff from the IT and security departments involved,
will, escalate into a bigger problem that can ultimately lead to a damaging data
mitigate exploited vulnerabilities, restore services and processes and reduce the risks
• Incident response enables an organization to be prepared for both the known and
laptops that could have compromised login credentials and database leaks.
• Any of these incidents can have both short- and long-term effects that can impact the
• It could also affect future profits as untreated incidents are correlated with lower
considered an incident for one organization might not be as critical for another. The
following are a few examples of common incidents that can have a negative impact:
• A malware or ransomware infection that has encrypted critical business files across
• A successful phishing attempt that has led to the exposure of personally identifiable
• An unencrypted laptop known to have sensitive customer records that has gone
missing
• Security incidents that would typically warrant the execution of formal
• That is, they are urgent in nature and must be dealt with immediately and
business.
information assets, identity theft, systems taken offline and legal and
compliance violations.
Incident Response Plan
• An incident response plan should be set up to address a suspected data breach in a
series of phases. Within each phase, there are specific areas of need that should be
considered.
• Preparation
• Identification
• Containment
• Eradication
• Recovery
• Lessons Learned
Preparation:
breach.
• Does the Incident Response Team know their roles and the
required notifications to make?
response.
• Some people don't understand what threat intelligence is but it's critical to
common tactics used by specific groups, and keep your company one step
ahead.
• Questions to address
When did the event happen?
• One of the first steps after identification is to contain the damage and
breach is contained.
• Questions to address
What‘s been done to contain the breach short term?
• What‘s been done to contain the breach long term?
• Has any discovered malware been quarantined from the rest of the
environment?
• What sort of backups are in place?
• Does your remote access require true multi-factor authentication?
• Have all access credentials been reviewed for legitimacy, hardened
and changed?
• Have you applied all recent security patches and updates?
Eradication:
• Security teams need to validate that all affected systems are no longer
• During this stage, the incident response team and partners meet to determine how to
• This can involve evaluating current policies and procedures, as well specific
• Final analysis should be condensed into a report and used for future training.
• Forcepoint can help your team analyze previous incidents and help improve your
• IT governance (ITG) is defined as the processes that ensure the effective and
effectively and ensure that the activities associated with information and
• Meet relevant legal and regulatory obligations, such as those set out in the GDPR
• Identify the individuals, at all levels, who are responsible for making
choices
• It sets out principles, definitions and a high-level framework that organisations of all
types and sizes can use to better align their use of IT with Organisational decisions,
• Value delivery
• Strategic alignment
• Performance management
• Resource management
• Risk management