💻Information Systems Unit 9 – Information Security and Privacy

Key Concepts and Definitions

• Information security aims to protect the confidentiality, integrity, and availability (CIA triad) of information assets
• Confidentiality ensures that information is accessible only to authorized individuals or systems
  • Achieved through access controls, encryption, and proper handling of sensitive data
• Integrity maintains the accuracy, consistency, and trustworthiness of data throughout its lifecycle
  • Prevents unauthorized modifications, tampering, or corruption of information
• Availability guarantees that information is accessible to authorized users when needed
  • Ensures systems, networks, and resources are functioning properly and can recover from disruptions
• Risk is the potential for loss, damage, or destruction of an asset as a result of a threat exploiting a vulnerability
• Threat is any circumstance or event with the potential to adversely impact a system through unauthorized access, destruction, disclosure, modification of data, or denial of service
• Vulnerability is a weakness in a system, application, or network that can be exploited by a threat actor

Threats and Vulnerabilities

• Malware is malicious software designed to infiltrate, damage, or gain unauthorized access to computer systems
  • Types of malware include viruses, worms, trojans, ransomware, and spyware
• Phishing is a social engineering attack that attempts to trick individuals into revealing sensitive information or installing malware
  • Often delivered through fraudulent emails, websites, or text messages posing as legitimate sources
• Denial-of-Service (DoS) attacks overwhelm a system or network with traffic, making it unavailable to legitimate users
  • Distributed Denial-of-Service (DDoS) attacks leverage multiple compromised devices to amplify the attack
• Insider threats originate from individuals within an organization who have authorized access to systems and data
  • Insiders may intentionally or unintentionally cause harm through theft, sabotage, or negligence
• Advanced Persistent Threats (APTs) are sophisticated, targeted attacks that remain undetected for extended periods
  • APTs often focus on stealing sensitive data or establishing long-term access to a network
• Zero-day vulnerabilities are previously unknown flaws in software or systems that can be exploited by attackers
  • No patches or fixes are immediately available, making them particularly dangerous
• Misconfiguration of systems, applications, or security settings can introduce vulnerabilities
  • Weak passwords, default configurations, and unpatched systems are common examples

Security Controls and Measures

• Access controls restrict access to systems, applications, and data based on user roles and permissions
  • Includes authentication (verifying identity) and authorization (granting access rights)
• Firewalls monitor and control network traffic based on predetermined security rules
  • Can be hardware-based, software-based, or a combination of both
• Intrusion Detection Systems (IDS) monitor network traffic for suspicious activities and alert administrators
  • Can be signature-based (known threats) or anomaly-based (deviations from normal behavior)
• Intrusion Prevention Systems (IPS) actively block or prevent detected threats in real-time
• Antivirus and anti-malware software detect, prevent, and remove malicious software from systems
  • Regularly updated to identify and protect against new threats
• Patch management involves identifying, acquiring, testing, and installing updates to software and systems
  • Ensures known vulnerabilities are addressed and systems remain secure
• Security awareness training educates employees about security best practices, policies, and procedures
  • Helps prevent human error and social engineering attacks

Cryptography Basics

• Cryptography is the practice of secure communication in the presence of adversaries
  • Involves encrypting data to protect confidentiality and ensure integrity
• Encryption is the process of converting plaintext into ciphertext using an encryption algorithm and key
  • Renders data unreadable without the corresponding decryption key
• Symmetric encryption uses the same key for both encryption and decryption
  • Examples include AES (Advanced Encryption Standard) and DES (Data Encryption Standard)
• Asymmetric encryption, or public-key cryptography, uses a pair of keys: a public key and a private key
  • Public key is widely distributed and used for encryption, while the private key is kept secret and used for decryption
  • Examples include RSA (Rivest-Shamir-Adleman) and ECC (Elliptic Curve Cryptography)
• Hash functions generate a fixed-size output (hash) from an input of any size
  • Used for data integrity, password storage, and digital signatures
  • Examples include SHA (Secure Hash Algorithm) and MD5 (Message Digest Algorithm 5)
• Digital signatures provide authentication, non-repudiation, and integrity for digital messages or documents
  • Created using the sender's private key and verified using the sender's public key

Network Security

• Network segmentation divides a network into smaller, isolated subnetworks (segments or subnets)
  • Helps contain security breaches and limit the spread of attacks
• Virtual Private Networks (VPNs) create secure, encrypted connections over public networks (internet)
  • Enables remote access and protects data transmitted between endpoints
• Network Access Control (NAC) enforces security policies on devices connecting to a network
  • Ensures devices meet specific security requirements before granting access
• Secure Sockets Layer (SSL) and Transport Layer Security (TLS) provide encryption for data transmitted over networks
  • Commonly used to secure web traffic (HTTPS), email, and other applications
• Wireless security protocols, such as WPA2 (Wi-Fi Protected Access 2), secure wireless networks
  • Encrypts data transmitted over wireless connections and authenticates devices
• Security Information and Event Management (SIEM) systems collect and analyze log data from various sources
  • Helps detect, investigate, and respond to security incidents and anomalies

Data Privacy and Protection

• Data classification categorizes data based on its sensitivity and criticality
  • Helps determine appropriate security controls and handling procedures
• Data loss prevention (DLP) solutions monitor, detect, and prevent the unauthorized transfer of sensitive data
  • Can be network-based, endpoint-based, or cloud-based
• Encryption protects data at rest (stored) and in transit (transmitted) from unauthorized access
  • Renders data unreadable without the appropriate decryption key
• Tokenization replaces sensitive data with a non-sensitive equivalent (token)
  • Helps protect data while maintaining its format and usability
• Data backup and recovery strategies ensure data can be restored in the event of loss, corruption, or disaster
  • Includes regular backups, offsite storage, and tested recovery procedures
• Privacy regulations, such as GDPR (General Data Protection Regulation) and CCPA (California Consumer Privacy Act), govern the collection, use, and protection of personal data
  • Organizations must comply with applicable regulations to avoid penalties and maintain trust

Legal and Ethical Considerations

• Cybercrime refers to criminal activities carried out using computers, networks, or the internet
  • Includes hacking, data theft, fraud, and intellectual property infringement
• Computer Fraud and Abuse Act (CFAA) is a US federal law that prohibits unauthorized access to computers and networks
  • Criminalizes hacking, malware distribution, and other computer-related offenses
• Intellectual property laws protect the rights of creators and owners of inventions, literary and artistic works, and symbols, names, and images used in commerce
  • Includes patents, copyrights, trademarks, and trade secrets
• Ethical hacking, or penetration testing, involves authorized professionals simulating attacks to identify vulnerabilities
  • Helps organizations improve their security posture and address weaknesses
• Responsible disclosure is the practice of reporting discovered vulnerabilities to the affected vendor or organization
  • Allows time for the vulnerability to be patched before public disclosure
• Privacy and data protection laws regulate the collection, use, storage, and transfer of personal information
  • Organizations must obtain consent, provide transparency, and ensure the security of personal data

Emerging Trends and Future Challenges

• Cloud computing introduces new security challenges, such as shared responsibility models and data sovereignty
  • Requires robust access controls, encryption, and monitoring of cloud environments
• Internet of Things (IoT) devices often have limited security features and can be vulnerable to attacks
  • Securing IoT involves device hardening, network segmentation, and regular firmware updates
• Artificial Intelligence (AI) and Machine Learning (ML) can be used to enhance security through anomaly detection and threat intelligence
  • However, adversaries can also leverage AI/ML to create more sophisticated attacks
• Quantum computing has the potential to break current encryption algorithms, such as RSA
  • Post-quantum cryptography is being developed to resist quantum-based attacks
• 5G networks offer higher speeds and lower latency but also expand the attack surface
  • Securing 5G requires a multi-layered approach, including network slicing and edge computing security
• Zero Trust is an emerging security model that assumes no implicit trust and continuously verifies every access request
  • Relies on strong authentication, authorization, and encryption throughout the network
• Blockchain technology offers potential for secure, decentralized systems but also introduces new risks
  • Smart contract vulnerabilities and private key management are key challenges in blockchain security