Lesson 1 Fundamentals of Information Assurance (IA) and Information Security (INFOSEC)
Lesson 1 Fundamentals of Information Assurance (IA) and Information Security (INFOSEC)
2. Integrity
- Maintaining the integrity of an information system means keeping it
safe from harm and threats. The main aim of this pillar is to create
defenses that discourage these threats. For instance, viruses and
harmful code are common threats. To stop them from damaging files,
Information Assurance experts use antivirus software and other tools
to block them before they can harm the computer system. They also
make rules to make sure people in their organizations handle data
properly and test their systems to see if they can withstand attacks. If
they find weaknesses, they fix and protect the system to keep data
safe. Having the right rules and practices in place helps keep an
organization's information and systems secure.
3. Authentication
- IA professionals use methods to check authentication to verify a user’s
identity before allowing them to access data. Common methods
include usernames and passwords or things like fingerprints. If these
methods are broken, data can be stolen. A big attack happened in
2011 when hackers tricked an RSA employee and took their
passwords. Then they used those passwords to get into RSA's
systems and take important information. RSA had to fix the problem
and secure their data, but the attack hurt their reputation and their
security products might not work as well now. Sometimes, attackers
use simple methods like trying lots of passwords until one works. IA
professionals need to find and fix any problems in their authentication
systems to stop these kinds of attacks.
4. Confidentiality
- Keeping sensitive information safe through measures like data
encryption is a crucial job for Information Security experts.
Confidentiality means making sure private data stays private, and only
approved people, systems, or things can see it. It's not just about who
can get to it, but also about the data itself. This helps companies keep
their ideas safe and protects customers from having their personal
information misused.
5. Non-Repudiation
- When people send information online, it's crucial that we can confirm it
reached its destination and that the person receiving it knows who sent
it. This confirmation, known as non-repudiation, helps identify who's in
charge of handling specific data. While it's not common, there are
cases where someone tries to hide their actions, like tampering with
computer logs. This can make it tricky to figure out who did what. If
unauthorized activity happens during this, it's tough for the
organization to pinpoint the responsible party, making it harder to
prevent future incidents. Thankfully, non-repudiation attacks are rare
today, thanks to the dedicated work of Information Security experts
who've built strong network systems for tracking and confirming data
exchanges across networks with very low chances of error.
Assignment:
1. Why do we need to keep important corporate information confidential?
- Confidential information is restricted to authorized personnel only. This
includes sensitive employee data like salary, performance reports, and
medical information, as well as personal details. Many business
relationships rely on confidentiality agreements that clearly outline
what is considered private. When in doubt, treat information as
confidential.
To stop these problems, it's really important to have strong rules about
keeping things secret. This means teaching employees how to handle
information properly, making sure only the right people can see
important stuff, and using tools like special codes to keep it safe from
theft or sneaky looks.
References
What is Information Assurance? All You Need to Know (2023). (2023, July 11).
SoftwareLab. https://softwarelab.org/blog/what-is-information-assurance/
The 5 Pillars of Information Assurance. (n.d.). Norwich University Online.
https://online.norwich.edu/academic-programs/resources/the-5-pillars-of-information-
assurance