ORIENTATION OF ONLINE

CLASS FOR IAS – 1

By: Mark Joshua P. Firmalino
 COURSE OUTLINE:
1. Why Study Information Security?
2. Information Security Principles of Success
3. Certification Programs and the Common Body of Knowledge
4. Governance and Risk Management
5. Security Architecture and Design
6. Business Continuity Planning and Disaster Recovery Planning
7. Law, Investigations, and Ethics
8. Physical Security Control
9. Operations Security
 ONLINE CLASS RULES AND
GUIDELINES
1. Be respectful.
2. NO YELLING, PLEASE (when using google meet)
3. Read first
4. Think before you type
5. Yes, grammar and spelling matter.
6. Be aware of strong language, all caps, and exclamation points.
7. Don’t abuse the chat box
8. Be careful with humor and sarcasm.
 ONLINE CLASS RULES AND
GUIDELINES
9. Don’t post or share (even privately) inappropriate material.
10.Attempt to find your own answer
11.Cite your sources.
12.Submit files the right way
13.Be kind, forgiving and professional
14.Be on time
15.No Cheating (applicable during quiz and major exams)
CHAPTER 1 (INTRODUCTION
TO INFORMATION SECURITY)
By: Mark Joshua P. Firmalino
DATA VS INFORMATION
 DATA AND INFORMATION
• Data is a collection of unprocessed items, which can include text, numbers,
images, audio, and video.
• Information conveys meaning and is useful to people.
DATA AND INFORMATION
DATA AND INFORMATION
 DATA PROCESSING
• the manipulation of data which uses a set of operations to transform data to
produce meaningful information that could be used by man in planning and
decision-making.

DATA PROCESSING CYCLE

1. Input
2. Processing
3. Output
4. Storage
DATA PROCESSING
 BASICS OF INFORMATION
• Computer security
• Data
• Data security
• Information
• Information security
• Network security
 INFORMATION
It is a resource fundamental to the success of any business.
• Data
• Knowledge
• Action
 NEED AND IMPORTANCE OF
INFORMATION
• Damage to information can cause disruptions in a normal process.
• Management is crucial to making good business decision.
• Monitor and document the operations of other systems.
• To satisfy the decision making capability
 REASONS FOR INFORMATION
CLASSIFICATION
• Protection of personal data
• Protection of confidential data
• Protecting Intellectual property
• Protecting info. That supports public security and law enforcement
• Supporting routine disclosure and active dissemination
• Data of intergovernmental cooperation and integrated service delivery.
 CRITERIA OF INFORMATION
CLASSIFICATION
• Value
• Age
• Useful Life
• Personal association
 LEVELS OF INFORMATION
CLASSIFICATION
• Unclassified
• Sensitive But Unclassified
• Confidential
• Secrete
• Top secret
 NEED OF SECURITY
• Application were developed to handle financial and personal data
• Mechanism
• Use userid and paswword
• Encode information present in database
 SECURITY BASICS
Basics of computer security /Three pillars
of IS includes :

• Confidentiality
• Integrity
• Availability
 CONFIDENTIALITY
• Confidentiality means secrecy or concealment of information and resources.
• Attempt to prevent the intentional or unintentional unauthorized disclosure
of information.
• Interception attack
• Uses identification and authentication.
 CONFIDENTIALITY
• Breaches of confidentiality
• Permitting someone to look over your shoulder
• If the information containing device is stolen or sold
• Giving out the confidential information over communication media.

• Mechanism used for confidentiality

• Resource hiding
• cryptography
• access control mechanism.
 INTEGRITY
• It involves maintaining the consistency, accuracy, and trustworthiness of
data over its entire life cycle.
• Data integrity and origin integrity.
• Modification attack
• Breaches of Integrity
• Accidentally or with malicious intent deletes information
• Computer virus
• Mechanism used for Integrity
• file permissions
• user access control
• cryptography
 AVAILABILITY
• Resources should be available to authorized parties at all times.
• Availability is an important aspect of reliability as well as of system design
• Interruption attack
• High availability systems aim to remain available at all times(24x7) preventing
service disruptions
• DOS(denial-of-service) attack.
Non-repudiation :
• It refers to the ability to ensure that a party to a contract or a
communication cannot deny the authenticity of their signature on a
document or the sending of a message that they originated.
• The best services for non repudiation are digital signature and encryption.
Authorization
• Authorization is a process of verifying that a known person has the authority
to perform a certain operation.
 AUTHENTICATION
• It is the process of determining the identity of a user or other entity.
• It requires to access secure data or enter a secure area.

• Three method of authentication.

• Something –you-know : user ID and password.
• Something – you – have: lock and key.
• Something –about –you : finger print, DNA , Samples etc.
 DATA OBFUSCATION
• Data obfuscation (DO) is a form of data masking where data is purposely
scrambled to prevent unauthorized access to sensitive materials.
• Used to prevent the intrusion of private and sensitive online data.
• Sensitive info. : Employee data(salary info , review info.),customer data, bank
and vendor data
 EVENT CLASSIFICATION
• Viruses
• Disaster
• Crisis
• Catastrophe
QUESTIONS?