Scribd
Upload
81 views9 pages

IAS202 Answer

The document provides student information for an Information Assurance and Security course, including the student's name, student number, program of study, home address, email, and contact number. It also lists the professor's name, academic department, consultation schedule, and contact information. The document relates to an enrichment activity for Module 1, Lesson 1-3 of the course.

Uploaded by

Melarose Tesorero Peñafiel
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
81 views9 pages

IAS202 Answer

The document provides student information for an Information Assurance and Security course, including the student's name, student number, program of study, home address, email, and contact number. It also lists the professor's name, academic department, consultation schedule, and contact information. The document relates to an enrichment activity for Module 1, Lesson 1-3 of the course.

Uploaded by

Melarose Tesorero Peñafiel
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
You are on page 1/ 9

IAS202

Information Assurance and Security


STUDENT
Name: Melarose Tesorero
Student Number: 2019- 01712
Program: BSIT
Section: 2- IT4
Home Address: Brgy. San Juan Calamba City, Laguna
Email Address: [email protected]
Contact Number: 09217130005

PROFESSOR
Name: Leonardo T. Antivo
Academic Department:
Consultation Schedule:
Email Address:
Contact Number:
M1:L1-L3 - Enrichment Activity

Name: ________________________________ Score: _______________

Year and Section: ______________________ Professor: ____________

a. Conduct a research that will present the following


a. Companies stand in the importance of IA

FireEye Inc. is an enterprise cyber security business that delivers solutions to enterprises facing more
complex cyber threats, such as destructive malware that particularly targets key organizational data. It was
formed in Milpitas, California in 2004.

b. What are the preventive measures from these companies to ensure that their data re-protected and safe

The FireEye Malware Protection System, FireEye's core product line, uses virtual computers to evaluate
attacks based on their signatures—in other words, examining virus for specific coding patterns that can hint at the
malware's origins.

c. Are there any existing IA policies?

Your Personal Information is used and protected by FireEye and its affiliates and subsidiaries."Personal
Information" is data that allows us to recognize you. Your email address, name, title, or mailing address are
examples of this type of information, but there are other types of data that might be utilized for the same reason.

d. Who are the actors and actresses for this IA policy

Advanced persistent threats (APT) groups that get direction and support from an established nation state are
given special attention by FireEye.
Module #1: Assessment

Name: ________________________________ Score:_______________

Year and Section: ______________________ Professor:____________

1. In your own words, how do you define IA?

Information assurance(AI) is a practice of ensuring information and managing risks related with its use,
processing, storage, and transfer. Information assurance includes the quality, availability, legitimacy, non-
repudiation, and confidentiality of user data.

2. Define the importance of each IA qualities. Cite example on you being a student can also apply this in your
personal life.

INTEGRITY- The credibility of information depends on whether we are getting it from sources we can
trust. After all, the value of information to the decision-maker and problem-solver consists first in its integrity,
and then in its usefulness and usability.
AVAILABILITY-Data availability means that information is accessible to authorized users. It provides an
assurance that your system and data can be accessed by authenticated users whenever they’re needed.
CONFIDENTIALITY-protecting the information from being exposed to an unauthorized party due to a
data breach or insider threat. Confidentiality covers a spectrum of access controls and measures that protect your
information from getting misused by any unauthorized access.
AUTHENTICATION-verifies the identity of a user attempting to gain access to. Authentication tools for
identity and access management, such as MFA provide better security by requiring additional credentials, such as
a code generated from a smartphone app.
NONREPUDIATION-repudiation is a rejection or denial of something as valid or true . This attribute
assures the sender of data is provided with proof of delivery and the recipient is provided with proof of the
sender’s identity, so neither party can deny sending, receiving, or accessing the data.

As a student, I constantly maintain my honor/ integrity by citing the work of others in their assignments in a
regular and correct manner. When using a technology like Google Drive to share papers, teachers and students
should double-check who they share the document with and what privileges each person has (view, edit, or
suggest).
3. Design a network infrastructure diagram and include the four security domains
M2:L1-L2 - Enrichment Activity

Name: ________________________________ Score: _______________

Year and Section: ______________________ Professor:____________

Conduct a research that will present the following

• From the activity gathered in M1:L1-L3 , create a InfoSec policy

Confidentiality Integrity

INFORMATION
SECURITY
+ Authenticity +Utility
Availability

• Determine the impact of the policy the company

Policies are important in a company because they assist to reinforce and explain the expectations of
employees, as well as help employers manage their employees more efficiently by defining what is acceptable
and unacceptable in the workplace.
Module #1: Assessment

Name: ________________________________ Score:_______________

Year and Section: ______________________ Professor:____________

1. Using the activity 1 and 2, make your own definition of IAS, InfoSec and IA

Information assurance and security (IAS)


It's a long-term strategy that encompasses a variety of data protection and management procedures. Security
audits, network architecture, compliance audits, database administration, and developing, implementing, and
enforcing organizational information management policies are just a few examples.

InfoSec
Unauthorized access to confidential information. Theft or loss of private or possibly sensitive information-
containing devices. Virus or malware outbreak and/or traffic on a large scale. Attempts to gain unauthorized
access to a system or its data (whether successful or unsuccessful).

Information assurance (IA)


Organizations value IA because it ensures that user data is secure while in transit and during storage. As
business transactions and procedures increasingly rely on digital handling techniques, information assurance has
become an important component of data security.

2. What are the characteristics that you should possess to be a good InfoSec personnel

I think relevant experience, trustworthiness, and practicality are the most critical characteristics in an
information security expert. Also experimentation is relevant experience in our industry (particularly with
regulations) is required when seeking consulting support.

3. Differentiate the 3 info security

The confidentiality principle's goal is to ensure that private information stays private and can only be
viewed or accessed by those who require it to perform their job tasks while Integrity is a process for ensuring that
data can be trusted to be accurate and has not been interfered with in another kind while the goal of availability is
to ensure that data is available for decision-making when it is needed.
M3:L1-L2 - Enrichment Activity

Name: ________________________________ Score: _______________

Year and Section: ______________________ Professor: ____________

a. Create your own diagram incorporating the procedures needed for Risk Management Framework

Identify
Risk

Monitor Measure
Risk
Results Risk
Management
Framework

Implement Examine
Solution Solution
Module #3: Assessment
Name: ________________________________ Score: _______________

Year and Section: ______________________ Professor: ____________

1. In your own understanding, what is the difference between risk and threats? Vulnerability and attack?
A threat is what we're trying to protect against while Risk refers to the possibility of an asset being lost,
damaged, or destroyed as a result of a threat exploiting a vulnerability. The combination of assets, threats, and
vulnerabilities is known as risk.

A vulnerability is a flaw in some component or feature of a system that allows it to be abused while an
attack is a danger that is realized by exposing one or more vulnerabilities. This could be someone carrying out a
threat or taking advantage of a flaw.
2. What is the most critical strategies needed to build a risk management framework
When putting together a risk management framework, there are at least five important aspects to consider.
Risk identification, risk measurement and assessment, risk reduction, risk reporting and monitoring, and risk
governance are some of the topics covered.

3. Why do you think using a framework is needed for any organization?


Process frameworks help organizations in maintaining consistency, accelerating the discovery of new
processes, and structuring data and content.

You might also like