Ias Ii

lOMoARcPSD
lOMoARcPSD|20832310
LESSON 1
Overview of the Security Environment
TOPICS
1. The state of Information Assurance today
2. Advance persistent of threats
3. Why Information Assurance (IA) matters at DoD
4. Information Confidentiality, Integrity and Availability
5. Threats, Vulnerabilities and Consequences
LEARNING OUTCOMES
At the end of the lesson, the students are expected to:
1. Assess the current security environment, including the risks and opportunities that attend
new processes and technologies.
2. Summarize the nature and role of information assurance in both providing and protecting
information.
TOPIC The state of Information Assurance Today

1
In the modern world, digital information is an important asset that is under

constant threat of theft, exploitation, and unexpected loss. Professionals who
specialize in either information assurance or information security are experienced
in delivering services that can protect against digital threats. Although both
specialties guard computer systems and digital networks, the techniques taught
and practiced in each discipline are often different.
Many organizations face the task of implementing data protection and data
security measures to meet a wide range of requirements. With increasing
frequency, storage managers and professionals are being asked to handle
elements of this protection which are often presented in the form of a security
checklist. However, checklist compliance by individuals who are missing a basic
competency in Information Assurance is a quick recipe for trouble in cyber world.
Computer data often travels from one computer to another either via network
cable, cloud, drivers etc., leaving the safety of its protected physical surroundings.
Once the data is out of hand, people with bad intention it could be modify or forge
the data, either for amusement or for their own benefit. A technology that begun life
within legal firms and the legal departments of companies is now broadening out
as all organizations are dealing an ever-increasing volume and variety of data, with
greater controls and regulations on what they are permitted to do with that data.
Handling regulatory enquires and enhancing data protection and data management
have become key focus areas for information assurance solutions in enterprises
worldwide.
“In March 2021, Chinese hackers broke into Microsoft Exchange Server and
stole emails from over 250,000 customers worldwide.” By New York (CNN
Business)
1
INFORMATION ASSURANCE SECURITY II
lOMoARcPSD|20832310
“In 2020, information about the SolarWinds cyber-attack broke with one
commentator describing the hack as ‘IT’s Pearl Harbor’. The state-sponsored data
breach threatened US national security with many key agencies including the
Department of Defense. It’s believed that the hackers had nine months inside these
systems between the breach and it being detected.”
This raises two questions: How do you stop these attacks happening? How
do you find out what data is affected and what damage has been done? Today’s
information security is the combination of cyber security, information governance,
risk management and information assurance that can address these issues.
What Is Information Assurance?

Information assurance is a field that safeguards the integrity of data used by
individuals or organizations. To this end, occupations related to information assurance
often involve managing the risks associated with using, processing, storing, and
transferring data. It applies to both digital and physical forms, with the physical form
considered any electronic device used to store data. The National Institute of Standards
and Technology defines information assurance as any measures that protect and defend
information and information systems by ensuring their availability, integrity, authentication,
confidentiality, and nonrepudiation. These measures include providing for restoration of
information systems by incorporating protection, detection, and reaction capabilities.
What Is Information Security?
Information security is the practice of preventing illicit access to private information.
From a practical standpoint, information security focuses heavily on the development and
implementation of tools and techniques for keeping data safe. This ranges from creating
network security infrastructures to designing defensive software applications that ward off
threats. The National Institute of Standards and Technology defines information security
as any efforts to protect information and information systems from unauthorized access,
use, disclosure, disruption, modification, or destruction.
Information security strategies target three key metrics: the integrity, confidentiality,
and availability of information systems. Protecting the integrity of information entails
guarding against unauthorized alteration or destruction of data. Preserving confidentiality
of information involves restricting access to private personal or proprietary information.
Finally, maintaining the availability of information systems requires ensuring that
information can be reliably accessed by authorized personnel. Each of these processes is
covered in-depth through information security classes, allowing professionals to develop
the ability to craft comprehensive cyber security strategies.
How They Are Similar
In many regards, information assurance can be described as an offshoot of
information security, as both fields involve safeguarding digitally stored information. At a
deeper level, professionals in both fields use physical, technical, and administrative means
to achieve their objectives.
For instance, information assurance and information security professionals both

seek the most secure physical data infrastructure possible to protect an organization’s
information. They both leverage advanced technical safeguards, such as cutting-edge
firewalls. An assessment of information assurance vs. information security also reveals a
similarity in the threats they face. Both fields are concerned with privacy issues and fraud,
malicious hackers, and the strategic defense and recovery of information systems before
and after catastrophic events.
Core Function Differences

Information assurance is a broader discipline that combines information security
with the business aspects of information management. Information assurance work
2
lOMoARcPSD|20832310
typically involves implementing organization-wide standards that aim to minimize the risk
of a company being harmed by cyber threats. To achieve this, an information assurance
team may do something like overhauling login authentication systems or performing routine
backups of important company data. Thus, information assurance professionals are more
concerned with addressing the overall risk to an organization’s information, rather than
dealing with an individual, exterior threats.
Information security is a more hands-on discipline. It prioritizes developing tools,

technologies, and other countermeasures that can be used to protect information,
especially from exterior threats. The subtle difference between the two fields means
earning a degree featuring both disciplines can offer students a wellrounded skill set, which
can potentially help graduates qualify for senior positions in the information security and
assurance industries
Five Pillars of Information Assurance Framework
Here are the five pillars of the IA framework that you need to manage in your office
cyberspace:
1. Confidentiality. This is the assurance that information is not disclosed to

unauthorized individuals, groups, processes, or devices. Highly confidential data must be
encrypted so third parties cannot easily decrypt it. Only those who are authorized to view
the information are allowed access.
2. Integrity. The accuracy and completeness of vital information must be

safeguarded. Data should not be altered or destroyed during transmission and storage.
This involves making sure that an information system is not tampered by any unauthorized
entities. Policies should be in place so that users know how to properly utilize their system.
3. Availability. This means that authorized users have timely and easy access to
information services. IT resources and infrastructure should remain robust and fully-
functional at all times even during adverse conditions, such as database conundrum or
fall-overs. It involves protecting against malicious codes, hackers, and other threats that
could block access to the information system
4. Authenticity. This security measure is designed to establish the validity of a

transmission, message, or originator, or a means of verifying an individual’s authorization
to receive specific information. Authentication prevents impersonation and requires users
to confirm their identities before being allowed access to systems and resources. This
includes user names, passwords, emails, biometrics, and others.
5. Non-Repudiation. This attribute assures the sender of data is provided with proof
of delivery and the recipient is provided with proof of the sender’s identity, so neither party
can deny sending, receiving, or accessing the data. Security principles should be used to
prove identities and to validate the communication process.
Task 1
Direction: Analyze the given questions below and provide the correct answer on a separate
sheet of paper.
1. How does Information Assurance matters in your current organization?
3
lOMoARcPSD|20832310
Answer:
________________________________________________________________________
______________
________________________________________________________________________
______________
________________________________________________________________________
______________
________________________________________________________________________
______________
________________________________________________________________________
______________
________________________________________________________________________
______________
______________________________
2. What is the role of Information Assurance and Security in your daily work cycle?
Explain and create your own scenario based on how you implement Information
assurance and security in your daily work cycle.
Answer:
________________________________________________________________________
______________
________________________________________________________________________
______________
________________________________________________________________________
______________
________________________________________________________________________
______________
________________________________________________________________________
______________
________________________________________________________________________
______________
______________________________
3. Explain the importance of Information Assurance and Security.
Answer:
________________________________________________________________________
______________
______________________________________________________________________
________________
______________________________________________________________________
________________
______________________________________________________________________
________________
________________________________________________________________________
______________
TOPIC Advanced Persistent Threat (APT)
2
Advanced Persistent Threat (APT) are compound network attacks that utilize
multiple stages and different attack techniques. APTs are not attacks conceived of or
4
lOMoARcPSD|20832310
implemented on the spur-of-the-moment. Rather, attackers deliberately plan out their

attack strategies against specific targets and carry out the attack over a prolonged time
period.
What is an Advanced Persistent Threat?
An Advanced Persistent Threat (APT) is an organized cyberattack by a group of

skilled, sophisticated threat actors. APTs are not “hit and run” attacks. Attackers plan their
campaign carefully against strategic targets, and carry it out over a prolonged period of
time. It is an attack in which an unauthorized user gains access to a system or network and
remains there for an extended period of time without being detected. Advanced persistent
threats are particularly dangerous for enterprises, as hackers have ongoing access to
sensitive company data. Advanced persistent threats generally do not cause damage to
company networks or local machines. Instead, the goal of advanced persistent threats is
most often data theft.
Advanced persistent threats typically have several phases, including hacking the
network, avoiding detection, constructing a plan of attack and mapping company data to
determine where the desired data is most accessible, gathering sensitive company data,
and exfiltrating that data.
Advanced persistent threats have caused several large, costly data breaches and
are known for their ability to fly under the radar, remaining undetectable by traditional
security measures. What’s more, advanced persistent threats are becoming increasingly
common as cyber criminals look to more sophisticated measures to achieve their goals.
How Advanced Persistent Threats Work?
Advanced persistent threats use a variety of techniques to gain initial access to a

network. Attackers may use the internet as a means to deliver malware and gain access,
physical malware infection, or even external exploitation to gain access to protected
networks.
These attacks are different from many traditional threats, such as viruses and
malware that exhibit the same behavior consistently and are repurposed for attacking
different systems or companies. Advanced persistent threats do not take a general, broad
approach; instead, they are carefully planned and designed with the goal of attacking one
specific company or organization. Therefore, advanced persistent threats are highly
customized and sophisticated, designed specifically to get around the existing security
measures in place within a company.
Often, trusted connections are used to gain initial access. This means attackers
may use employees’ or business partners’ credentials obtained through phishing attacks
or other malicious means. This aids attackers in the important goal of remaining undetected
long enough to map the organization’s systems and data and devise a strategic plan of
attack to harvest company data.
Malware is critical to the success of an advanced persistent threat. Once the

network is breached, malware has the capability to hide from certain detection systems,
navigate the network from system to system, obtain data, and monitor network activity. The
ability for attackers to control an advanced persistent threat remotely is also key, enabling
criminals to navigate throughout the organization’s network to identify critical data, gain
access to the desired information, and initiate the extrapolation of data.
APT attacker goals, and consequences faced by organizations, include:

Theft of intellectual property
Theft of classified data
Theft of Personally Identifiable Information (PII) or other sensitive data
5
lOMoARcPSD|20832310
Sabotage, for example database deletion

Complete site takeover
Obtaining data on infrastructure for reconnaissance purposes
Obtaining credentials to critical systems
Access to sensitive or incriminating communications
What are the Unique Characteristics of Advanced Persistent Threats?
There are a number of sure signs that point to the existence of an APT attack. These signs
include:
Actors. Attacks are typically carried out by actors with a specific mission. These actors
are frequently backed by nation-states or corporation-backed organizations.
Example groups include Deep Panda, OilRig, and APT28.
Objectives. Undermine target capabilities or gather intelligence over an extended
period. The purpose of this sabotage or exfiltration of data could be strategic or
political.
Timeliness. Attacks focus on ensuring that attackers can gain access and
maintain it for a significant amount of time. Frequently, attackers return to an
infiltrated system multiple times over the length of the attack.
Resources. APT attacks require significant resources to plan and execute. This
includes time, security and development expertise, and hosting.
Risk tolerance. Attackers are less likely to use broad attacks and instead focus on
specific targets. APT attackers are also more careful not to get caught or to create
suspicious behavior in a system.
Methods. APT attacks often employ sophisticated techniques requiring security
expertise. These techniques can include rootkits, DNS tunneling, social engineering,
and rogue Wi-Fi.
Attack origin. APT attacks can originate from a variety of locations and may occur
during an attack designed to distract security teams. Attackers often take the time
to comprehensively map a system’s weaknesses before choosing an entry point.
Attack value. Attack value can refer to the size of the target or to the size of the
attack operations. Large organizations tend to be the target of APTs more
frequently than small organizations. Likewise, large numbers of data transfers
typically indicate the greater organization required for APT attacks.
Can bypass traditional detection tools. APT attacks generally bypass traditional
detection tools which rely on signature-based detection. To do this, attackers use
novel techniques, such as fileless malware, or use methods that enable them to
obfuscate their actions.
Five APT Attack Stages

APT attacks have multiple stages, from initial access by attackers to ultimate
exfiltration of the data and follow-on attacks:
1. Initial access. APT groups start their campaign by gaining access to a network via
one of three attack surfaces: web-based systems, networks, or human users. They
typically achieve access via malicious uploads, searching for and exploiting application
vulnerabilities, gaps in security tools, and most commonly, spear phishing targeting
employees with privileged accounts. The goal is to infect the target with malicious
software.
2. First penetration and malware deployment. After they gain access, attackers
compromise the penetrated system by install a backdoor shell, a trojan masked as
legitimate software, or other malware that allows them network access and remote control
of the penetrated system. An important milestone is to establish an outbound connection
to their Command-and-Control system. APTs may use advanced malware techniques
such as encryption, obfuscation or code rewriting to hide their activity.
6
lOMoARcPSD|20832310
3. Expand access and move laterally. Attackers use the first penetration to gather
more information about the target network. They may use brute force attacks, or exploit
other vulnerabilities they discover inside the network, to gain deeper access and control
additional, more sensitive systems. Attackers install additional backdoors and create
tunnels, allowing them to perform lateral movement across the network and move data at
will.
4. Stage the attack. Once they have expanded their presence, attackers identify the
data or assets they are after, and transfer it to a secure location inside the network,
typically encrypted and compressed to prepare for exfiltration. This stage can take time,
as attackers continue to compromise more sensitive systems and transfer their data to
secure storage.
5. Exfiltration or damage infliction. Finally, attackers prepare to transfer the data

outside the system. They will often conduct a “white noise attack”, such as a Distributed
Denial of Service (DDoS) attack, to distract security teams while they transfer the data
outside the network perimeter. Afterwards they will take steps to remove forensic
evidence of the data transfer.
Depending on the goal of the attack, at this point the APT group may create massive
damage, debilitating the organization or taking over critical assets such as websites or data
centers.
6. Follow up attacks. If the APT attack involved a silent data exfiltration which was
not detected, attackers will remain inside the network and wait for additional attack
opportunities. Over time they may collect additional sensitive data and repeat the process.
They will also aim to create backdoors that are difficult to detect, so even if they are
caught, they can regain access to the system in the future.
Advanced Persistent Threat Examples

Here are a few examples of APT malware-based attacks and known APT groups:
GhostNet. Based in China, attacks were conducted by spear phishing emails

containing malware. The group compromised computers in over 100 countries,
focusing on gaining access to networks of government ministries and embassies.
Attackers compromised machines inside these organizations, turned on their
cameras and microphones and turned them into surveillance devices.
Stuxnet. A worm used to attack Iran’s nuclear program, which was delivered via an
infected USB device, and inflicted damage to centrifuges used to enrich Uranium.
Stuxnet is malware that targets SCADA (industrial Supervisory Control and Data
Acquisition) systems—it was able to disrupt the activity of machinery in the Iranian
nuclear program without the knowledge of their operators.
Deep Panda. An APT attack against the US Government’s Office of Personnel

Management, probably originating from China. A prominent attack in 2015 was
code named Deep Panda, and compromised over 4 million US personnel records,
which may have included details about secret service staff.
APT28 . Russian group also known as Fancy Bear, Pawn Storm, and Sednit,
identified by Trend Micro in 2014. Conducted attacks against military and
government targets in the Ukraine and Georgia, NATO organizations and USA
defense contractors.
APT34. A group tied to Iran, identified by FireEye researchers in 2017. It targeted

government organizations and financial, energy, chemical and telecommunications
companies in the Middle East.
7
lOMoARcPSD|20832310
APT37. Also known as Reaper and StarCruft, probably originates from North
Korea and has been operating since 2012. The group has been connected to spear
phishing attacks exploiting the Adobe Flash zero-day vulnerability.
APT Detection and Protection Measures

APT is a multi-faceted attack, and defenses must include multiple security tools and
techniques. These include:
Email filtering. Most APT attacks leverage phishing to gain initial access. Filtering
emails, and blocking malicious links or attachments within emails, can stop these
penetration attempts.
Endpoint protection. All APT attacks involve takeover of endpoint devices.
Advanced anti-malware protection and Endpoint Detection and Response can help
identify and react to compromise of an endpoint by APT actors.
Access control. Strong authentication measures and close management of user
accounts, with a special focus on privileged accounts, can reduce the risks of APT.
Task 2
Monitoring of traffic, user and entity behavior. Can help identify penetrations,
lateral movement and exfiltration at different stages of an APT attack.
sheet of paper.
1. Given that someone already infiltrated your network (via web-based systems,
networks, or human users). As an IT practitioner, what will you do in this kind of
situation?
Answer:
________________________________________________________________________
______________
________________________________________________________________________
______________
________________________________________________________________________
______________
________________________________________________________________________
______________
________________________________________________________________________
______________
________________________________________________________________________
______________
______________________________
2. In your current state of knowledge as an IT practitioner, what are the best measures
to avoid APT attacks?
Answer:
________________________________________________________________________
______________
________________________________________________________________________
______________
________________________________________________________________________
______________
________________________________________________________________________
______________
________________________________________________________________________
______________
8
lOMoARcPSD|20832310
________________________________________________________________________
______________
______________________________
3. In your own opinion, what are the factors to consider why individual are vulnerable to
APT attackers?
Answer:
________________________________________________________________________
______________
________________________________________________________________________
______________
________________________________________________________________________
______________
________________________________________________________________________
______________
________________________________________________________________________
______________
TOPIC Why Information Assurance (IA) matters at DoD

3
Information assurance is emerging as a critical component of DoD operational

readiness. When effective, information assurance enables the systems and networks
composing the Defense information infrastructure to provide protected, continuous, and
dependable service in support of both war fighting and business missions. Availability.
Identification and authentication, confidentiality, integrity. and non-repudiation are the
fundamental attributes of information assurance.
“FY 1999 DoD Annual Statement of Assurance. The statement reports that information
assurance is a systemic weakness in the DoD, and that numerous computer system
intrusions occurred over the last several years that highlighted the vulnerability of DoD
information systems to attack. DoD dependence on information systems makes
information assurance a critical readiness issue. Although many corrective actions have
been implemented, intrusions continue to occur.”
“The FY 1998 DoD Chief Information Officer Annua1 Information Assurance Report,
May 1999. The annual report states that information is indispensable to all aspects of
mission planning and execution. Further, if mission participants cannot accurately
exchange information in a timely manner and ensure the availability, integrity, and, in
some cases, the confidentiality of that information, missions will fail. The timely
availability of information is universally acknowledged within DoD as critical to mission
accomplishment in all
operations.”
Robert J. Lieberman
Assistant Inspector General for
Auditing
DoD emphasis has also increased. During the past five years the Department has:
Under Presidential leadership, joined forces with other federal agencies in a

comprehensive national cybersecurity initiative to secure government networks,
protect against constant intrusion attempts, and anticipate future threats.
Developed a DoD Information Management/Information Technology (IM/IT)
Strategic Plan for achieving information advantage.
9
lOMoARcPSD|20832310
Recognized cyberspace as a global domain within the information enterprise,

developed a National Military Strategy for Cyberspace Operations (NMS-CO),
embraced a Network Operations (NetOps) construct for operating and defending the
Global Information Grid (GIG), and, under United States Strategic Command
(USSTRATCOM), integrated NetOps with other cyber operations and established a
Sub-unified US Cyber Command (USCYBERCOM).
Developed the IA Component of the GIG Integrated Architecture and strategies and
programs for delivering key identity and IA capabilities as enterprise services.
Partnered with the Director for National Intelligence (DNI) to establish the Unified
Cross Domain Management Office (UCDMO) to synchronize and accelerate the
availability of assured information sharing solutions.
Established a cybersecurity program in partnership with the Defense Industrial
Base (DIB) to protect unclassified information relevant to Defense-related research
and development.
The DoD vision is freedom of action in cyberspace, where:

DoD missions and operations continue under any cyber situation or condition.
The cyber components of DoD weapons systems and other defense platforms
perform only as expected.
DoD cyber assets collectively, consistently, and effectively act in their own defense.
The Department has ready access to its information and command and control
channels, and its adversaries do not.
The Defense information enterprise securely and seamlessly extends to mission
partners.
There are many challenges to realizing and sustaining this vision; among them:
Being united. Cyber assets are planned, resourced, acquired, deployed, and
operated across a multiplicity of missions, organizations, acquisitions, and systems-
of-systems, often without thought for their role in keeping the enterprise agile or
sustainable.
Being prepared. Today, adversaries are collecting information on and about DoD
networks to understand our capabilities. In the future, conventional and irregular
warfare will include cyberattacks to disrupt, co-opt, manipulate, or destroy DoD
networks and information.
Being aware. Dependence on cyber capabilities is pervasive but often
unacknowledged.
Countering cyber asymmetry. Cyberattacks can be launched with low risk, a low
threshold of investment in capability, from a distance, and with anonymity. Yet,
cyberattacks can deliver significant value to the attacker and have high
consequences to those being attacked.
Predicting cyber effects. Cyber event damage can propagate along many different yet
changing vectors, and may be non-localized
10
lOMoARcPSD|20832310
Overview Goals of CIIA
TOPIC Information Confidentiality, Integrity and Availability

4
Confidentiality Integrity Availability
• Prevents • Maintain • Ensures that the

sensitive information information is
information from consistency, available when it
reaching wrong accuracy, and is needed.
people while trustworthiness
making sure that of information
the right people over it life cycle.
can use it.
11
lOMoARcPSD|20832310
1. Confidentiality
Keeping sensitive data private using safeguards like data encryption is an

extremely important function of IA professionals. Confidentiality involves protecting private
information from disclosure to any unauthorized users, systems, or other entities.
Confidentiality must be considered in terms of the data, not just in terms of access or
permissions. Only those who are authorized can access the data, the devices or the
processes that contain the data. Prioritizing information confidentiality helps companies
defend themselves from having their ideas stolen while protecting their customers from the
exploitation of their personal information.
2. Integrity
Upholding an information system’s integrity involves keeping its network intact and
uncompromised; thus, the primary goal of this pillar is to set up safeguards that deter
threats. For example, viruses and malicious code are the most common threats to a
system’s integrity. To prevent viruses from deleting or damaging files, IA professionals use
antivirus software and other tools to stop them before they enter the computer system.
They also develop policies to keep users in their organizations from mishandling data and
run penetration testing to simulate system attacks. These tests ensure that their networks
are strong; if the IA professionals detect weaknesses, they work to repair and secure the
system and protect the integrity of the data therein. Having the right IA rules and practices
in place helps keep organizations’ information and systems secure.
3. Availability
Availability means that users can access the data stored in their networks or use
services that are featured within those networks. Without easy data access, the system’s
users are limited in their ability to access important information or perform critical tasks.
Threats to availability are becoming more complex because more of the world’s information
is online and vulnerable to hackers. For instance, if a cybercriminal renders an automated
car’s operation system inoperable, the car could cause an accident. Businesses have the
same risk. If a company’s leaders can’t access important data when making business
decisions, the company could lose revenue as a result. IA professionals must know how
to avoid threats that could block data availability using tools like firewalls and implement
other, more complex security measures.
Task 3
sheet of paper.
1. What is the most important from the 3 pillars of information assurance? How it
matters in your organization? Give a scenario that will support your answer. (5pts)
Answer:
________________________________________________________________________
______________
________________________________________________________________________
______________
________________________________________________________________________
______________
________________________________________________________________________
______________
12
lOMoARcPSD|20832310
________________________________________________________________________
______________
________________________________________________________________________
______________
________________________________________________________________________
______________
________________________________________________________________________
______________
________________________________________________________________________
______________
___________________________________________________________________
2. “In early 2018, international shipping giant FedEx discovered that hackers had
managed to steal scanned images of approximately 119,000 of its customers’
personal documents, including passports and driver's licenses. Surprisingly, these
images were being stored on an unsecured third-party server that has since been
closed. According to a statement by FedEx officials, an internal investigation
concluded that none of the information had been misappropriated. This was a stroke
of luck for FedEx, but this is a compelling example of how a simple mistake can put
a large amount of private data at risk.”
In the statement above, where do you think it falls under the 3 pillars of information
assurance? Why? (5pts) Answer:
________________________________________________________________________
______________
________________________________________________________________________
______________
________________________________________________________________________
______________
________________________________________________________________________
______________
________________________________________________________________________
______________
________________________________________________________________________
______________
________________________________________________________________________
______________
________________________________________________________________________
______________
______________________________________________________________________
________________
______________________________________________________________________
________________
______________________________________________________________________
________________
______________________________
13
lOMoARcPSD|20832310
TOPIC Threats, Vulnerabilities and Consequences

5
In today’s world, data and protecting that data are critical considerations for
businesses. Customers want to ensure that their information is secure with you, and if you
can’t keep it safe, you will lose their business. In order to have a strong handle on data
security issues that may potentially impact your business, it is imperative to understand the
relationships of three components:
Threat
Vulnerability
Consequences
Risk
What is a threat?
A threat refers to a new or newly discovered incident that has the potential to harm
a system or your company overall. There are three main types of threats:
Natural threats, such as floods, hurricanes, or tornadoes
Unintentional threats, like an employee mistakenly accessing the wrong information
Intentional threats, such as spyware, malware, adware companies, or the actions of
a disgruntled employee
These threats may be uncontrollable and often difficult or impossible to identify in

advance. Still, certain measures help you assess threats regularly, so you can be better
prepared when a situation does happen. Here are some ways to do so:
Ensure your team members are staying informed of current trends in cybersecurity
so they can quickly identify new threats. They should subscribe to blogs (like Wired)
and podcasts (like Techgenix Extreme IT) that cover these issues, and join
professional associations so they can benefit from breaking news feeds,
conferences, and webinars.
Perform regular threat assessments to determine the best approaches to protecting a
system against a specific threat, along with assessing different types of threats.
Conduct penetration testing by modeling real-world threats in order to discover
vulnerabilities.
14
lOMoARcPSD|20832310
Some of the major threat include the following:
Viruses. Designed in such a way that can be easily transmitted from one computer
or system to another. Often sent as email attachments, viruses corrupt and co-opt
data, interfere with your security settings, generate spam, and may even delete
content.
Computer worms. They spread from one computer to the next by sending itself to
all of the user’s contacts and subsequently to all of the contacts’ contacts.
Trojans. These malicious pieces of software insert themselves into a legitimate
program. Often, people voluntarily let trojans into their systems in the form of email
messages from a person or an advertiser they trust. As soon as the accompanying
attachment is open, your system becomes vulnerable to the malware within.
Bogus security software. That tricks users into believing that their system has
been infected with a virus. The accompanying security software that the threat actor
provides to fix the problem causes it.
The adware. Tracks your browsing habits and causes particular advertisements
to pop up. Although this is common and often something you may even agree to,
adware is sometimes foisted upon you without your consent.
Spyware. Is an intrusion that may steal sensitive data such as passwords and credit
card numbers from your internal systems.
Denial of service (DOS) attack. Occurs when hackers deluge a website with
traffic, making it impossible for users to access its content. A distributed denial of
service (DDOS) attack is more forceful and aggressive since it is initiated from
several servers simultaneously. As a result, a DDOS attack is harder to mount
defenses against.
Phishing. Attacks are social engineering infiltrations whose goal is to wrongfully
obtain sensitive data: passwords and credit card numbers. Via emails or links coming
from trusted companies and financial institutions, the hacker causes malware to be
downloaded and installed.
SQL injections. Network threats that involve using malicious code to infiltrate cyber
vulnerabilities in data systems. As a result, data can be stolen, changed, or
destroyed.
Man-in-the-middle. Involve a third-party intercepting and exploiting
communications between two entities that should remain private. Not only does
eavesdropping occur but also information can be changed or misrepresented by
the intruder, causing inaccuracy and even security breaches.
Rootkit tools. Gain remote access to systems without permission and can lead to the
installation of malware and the stealing of passwords and other data.
What is a vulnerability?
A vulnerability refers to a known weakness of an asset (resource) that can be exploited by
one or more attackers. In other words, it is a known issue that allows an attack to succeed.
For example, when a team member resigns and you forget to disable their access
to external accounts, change logins, or remove their names from company credit cards,
this leaves your business open to both intentional and unintentional threats. However, most
vulnerabilities are exploited by automated attackers and not a human typing on the other
side of the network.
Testing for vulnerabilities is critical to ensuring the continued security of your

systems. By identifying weak points, you can develop a strategy for quick response. Here
are some questions to ask when determining your security vulnerabilities:
Is your data backed up and stored in a secure off-site location?
Is your data stored in the cloud? If yes, how exactly is it being protected from cloud
vulnerabilities?
What kind of network security do you have to determine who can access, modify, or
delete information from within your organization?
15
lOMoARcPSD|20832310
What kind of antivirus protection is in use? Are the licenses current? Is it running as
often as needed? Do you have a data recovery plan in the event of a vulnerability
being exploited?
What is risk?
Risk is defined as the potential for loss or damage when a threat exploits a
vulnerability. Examples of risk include:
Financial losses
Loss of privacy
Damage to your reputation Rep
Legal implications
Even loss of life
Risk can also be defined as:
To reduce potential risk, creating and implementing a risk management plan. Here
are the key aspects to consider when developing your risk management strategy:
Assess risk and determine needs. When it comes to designing and implementing
a risk assessment framework, it is critical to prioritize the most important breaches
that need to be addressed. Although frequency may differ in each organization, this
level of assessment must be done on a regular, recurring basis.
Include a total stakeholder perspective. Stakeholders include the business
owners as well as employees, customers, and even vendors. All of these players
have the potential to negatively impact the organization (potential threats) but at
the same time they can be assets in helping to mitigate risk.
Designate a central group of employees who are responsible for risk
management and determine the appropriate funding level for this activity.
Implement appropriate policies and related controls and ensure that the
appropriate end users are informed of any and all changes.
Monitor and evaluate policy and control effectiveness. The sources of risk are
ever-changing, which means your team must be prepared to make any necessary
adjustments to the framework. This can also involve incorporating new monitoring
tools and techniques.
Task 4
sheet of paper.
16
lOMoARcPSD|20832310
1. As an IT practitioner, how can you protect yourself from this kind of threats?
Give one scenario on how you protect yourself from threats based on your own experience/
understanding. (5pts) Answer:
________________________________________________________________________
______________
________________________________________________________________________
______________
________________________________________________________________________
______________
______________________________________________________________________
________________
______________________________________________________________________
________________
______________________________________________________________________
________________
______________________________________________________________________
________________
______________________________________________________________________
________________
______________________________________________________________________
________________
___________________________________________________________________
2. What are the key differences between threats and vulnerabilities? (5pts)
Answer:
________________________________________________________________________
______________
________________________________________________________________________
______________
________________________________________________________________________
______________
________________________________________________________________________
______________
________________________________________________________________________
______________
_______________________
3. Choose one of the major computer threats of today and briefly discuss on
how you assess it in your current understanding about threats.
Answer:
________________________________________________________________________
______________
________________________________________________________________________
______________
________________________________________________________________________
______________
________________________________________________________________________
______________
________________________________________________________________________
______________
_______________________
17
lOMoARcPSD|20832310
LESSON 2
Principles of Cyber security
TOPICS
1. The interrelated components of the computing environment
2. Cybersecurity models (The CIA triad, The star model, The Parkerian Hexad)
3. Computer Security (Network, Operating System, Application)
4. Cyber Threats
5. Cryptography, Authentication and Authorization
LEARNING OUTCOMES
At the end of the lesson, the students are expected to:
1. Characterize privacy, legal and ethical issues of information security.

2. Identify vulnerabilities critical to the information assets of an organization.
3. Define the security controls sufficient to provide a required level of confidentiality, integrity,
and availability in an organization’s computer systems and networks.
4. Evaluate and communicate the human role in security systems with an emphasis on ethics,
social engineering vulnerabilities and training.
5. Critique and assess the strengths and weaknesses of general cybersecurity models,
including the CIA triad
TOPIC The interrelated components of the computing environment

1
The computing environment involves the collection of computer machinery, data

storage devices, work stations, software applications, and networks that support the
processing and exchange of electronic information demanded by the software solution.
The computing environment involves the following relationships and dependencies with
elements of the software architecture:
1. Technology availability (requirements baseline). The performance of the

software solution is constrained by the computing environment and must be
factored into software product requirements. The number of instructions that can
be executed, data transfer rates, graphics resolution, and rendering rates are
18
lOMoARcPSD|20832310
typical computing equipment measures that affect the subsequent performance of

the software solution.
2. Resource utilization and conservation (software product architecture). The

availability of computer resources within the computing environment will constrain
software product performance. Shared resource utilization models must be
developed, especially for networked multi-user applications. A strategy for
managing resources that establishes resource consumption, conservation,
preservation, and recovery must be developed and incorporated into the software
architecture.
A computer system uses many devices, arranged in different ways to solve many
problems. This constitutes a computing environment where many computers are used to
process and exchange information to handle multiple issues.
The different types of Computing Environments are:
Personal
Computing
Environment
Cluster Time-sharing
Computing Computing
Environment Environment
Types of
Computing
Environment
Cloud Client Server

Computing Computing
Environment Environment
Distributed
Computing
Environment
Personal Computing Environment. In the personal computing environment,

there is a single computer system. All the system processes are available on the computer
and executed there. The different devices that constitute a personal computing
environment are laptops, mobiles, printers, computer systems, scanners etc.
Time Sharing Computing Environment. The time sharing computing
environment allows multiple users to share the system simultaneously. Each user is
provided a time slice and the processor switches rapidly among the users according to it.
Because of this, each user believes that they are the only ones using the system.
Client Server Computing Environment. In client server computing, the client
requests a resource and the server provides that resource. A server may serve multiple
clients at the same time while a client is in contact with only one server. Both the client and
server usually communicate via a computer network but sometimes they may reside in the
same system.
19
lOMoARcPSD|20832310
Distributed Computing Environment. A distributed computing environment

contains multiple nodes that are physically separate but linked together using the network.
All the nodes in this system communicate with each other and handle processes in tandem.
Each of these nodes contains a small part of the distributed operating system software.
Cloud Computing Environment. The computing is moved away from individual
computer systems to a cloud of computers in cloud computing environment. The cloud
users only see the service being provided and not the internal details of how the service is
provided. This is done by pooling all the computer resources and then managing them
using a software.
Cluster Computing Environment. The clustered computing environment is similar
to parallel computing environment as they both have multiple CPUs. However, a major
difference is that clustered systems are created by two or more individual computer
systems merged together which then work parallel to each other.
TOPIC Cybersecurity models (The CIA triad, The star model, The
2 Parkerian Hexad)
Cybersecurity is the practice of protecting systems, networks, and programs from

digital attacks. These cyberattacks are usually aimed at accessing, changing, or destroying
sensitive information; extorting money from users; or interrupting normal business
processes. Implementing effective cybersecurity measures is particularly challenging
today because there are more devices than people, and attackers are becoming more
innovative.
What is cybersecurity all about?
A successful cybersecurity approach has multiple layers of protection spread
across the computers, networks, programs, or data that one intends to keep safe. In an
organization, the people, processes, and technology must all complement one another to
create an effective defense from cyber-attacks. A unified threat management system can
automate integrations across select Cisco Security products and accelerate key security
operations functions: detection, investigation, and remediation.
Cybersecurity Models
CIA Triad
Information security is not only about securing information from unauthorized
access. Information security is basically the practice of preventing unauthorized access,
use, disclosure, disruption, modification, inspection, recording or destruction of information.
Information can be anything like your profile on social media, your data in mobile phone,
your biometrics etc. Thus information security spans so many areas like cryptography,
mobile computing, forensics, online social media etc.
Information Security programs are built around 3 objectives, commonly known as CIA –
Confidentiality, Integrity, Availability.
20
lOMoARcPSD|20832310
Confidentiality. Confidentiality means that only the authorized individuals/systems

can view sensitive or classified information. Data being sent over the network should not
be accessed by unauthorized individuals. The attacker may try to capture the data using
different tools available on the Internet and gain access to your information. A primary way
to avoid this is to use encryption techniques to safeguard your data so that even if the
attacker gains access to your data, he/she will not be able to decrypt it. Encryption
standards include AES(Advanced Encryption Standard) and DES (Data Encryption
Standard). Another way to protect your data is through a VPN tunnel. VPN stands for
Virtual Private Network and helps the data to move securely over the network.
Integrity. The next thing to talk about is integrity. Well, the idea here is making sure
that data has not been modified. Corruption of data is a failure to maintain data integrity.
To check if our data has been modified or not, we make use of a hash function.
Availability. This means that the data should be readily available to its users. This
applies to systems and to networks - not simply the data, but the technology necessary to
obtain and view the data need to be available. To ensure availability, the network/system
administrator should maintain hardware, make regular upgrades, have a plan for fail-over
and prevent bottleneck in a network. Attacks such as DoS or DDoS may render a network
unavailable as the resources of the network gets exhausted. The impact may be significant
to the companies and users who rely on the network as a business tool. Thus, proper
measures should be taken to prevent such attacks.
21
lOMoARcPSD|20832310
Parkerian Hexad
The Parkerian Hexad added the following three additional elements:

Authenticity. Authenticity refers to the veracity of the claim of origin or authorship
of the information. For example, one method for verifying the authorship of a hand written
document is to compare the handwriting characteristics of the document to a sampling of
others which have already been verified. For electronic information, a digital signature
could be used to verify the authorship of a digital document using public-key cryptography
(could also be used to verify the integrity of the document).
Possession. Possession or control: Suppose a thief were to steal a sealed
envelope containing a bank debit card and its personal identification number. Even if the
thief did not open that envelope, it's reasonable for the victim to be concerned that the thief
could do so at any time. That situation illustrates a loss of control or possession of
information but does not involve the breach of confidentiality.
Utility. Utility means usefulness. For example, suppose someone encrypted data
on disk to prevent unauthorized access or undetected modifications–and then lost the
decryption key: that would be a breach of utility. The data would be confidential, controlled,
integral, authentic, and available–they just wouldn't be useful in that form. Similarly,
conversion of salary data from one currency into an inappropriate currency would be a
breach of utility, as would the storage of data in a format inappropriate for a specific
computer architecture.
The star model

The STAR Program framework provides a flexible, incremental, and multi-layered
cloud-provider system that is recognized as the international, certifiable harmonized
governance, risk management, and compliance solution. By utilizing the STAR Program
and its accompanying tools (Cloud Controls Matrix, Consensus Assessment Initiative
Questionnaire, and the GDPR Code of Conduct), enterprises are able to reduce
complexity, which translates to reduced costs, decreased risk, and increased security.
22
lOMoARcPSD|20832310
Test 1.
Direction: Analyze the given questions below and provide the correct answer on
the space provided. Write your answer on a separate sheet of paper.
Tasks
5
_______________1. It contains multiple nodes that are physically separate but linked
together using the network.
_______________2. It allows multiple users to share the system simultaneously.
Each user is provided a time slice and the processor switches rapidly among the
users according to it.
_______________3. This is similar to parallel computing environment as they both
have multiple CPUs.
_______________4. This means that only the authorized individuals/systems can view
sensitive or classified information.
_______________5. This refers to the veracity of the claim of origin or authorship of the
information.
Test 2.
1. From the given cybersecurity model. Which of them do you think is the most
convenient to apply in your current organization? Why? (10pts) Answer:
________________________________________________________________________
______________
________________________________________________________________________
______________
________________________________________________________________________
______________
________________________________________________________________________
______________
______________________________________________________________________
________________
______________________________________________________________________
________________
______________________________________________________________________
________________
______________________________________________________________________
________________
______________________________________________________________________
________________
___________________________________________________________________
2. Why cybersecurity is important in an individual? (5pts) Answer:

________________________________________________________________________
______________
________________________________________________________________________
______________
________________________________________________________________________
______________
________________________________________________________________________
______________
________________________________________________________________________
______________
_______________________
23
lOMoARcPSD|20832310
3. Give example scenario wherein you can apply CIA Triad.

Answer:
________________________________________________________________________
______________
________________________________________________________________________
______________
________________________________________________________________________
______________
________________________________________________________________________
______________
________________________________________________________________________
______________
_______________________
TOPIC Computer Security (Network, Operating System, Application)

3
Computer security breaches are commonplace, and several occur around the world
every day. Some are considered minor, with little loss of data or monetary resources, but
many of them are considered major, or even catastrophic.
What is network security?
According to the SANS Institute, network security is the process of taking
preventative measures to protect the underlying networking infrastructure from
unauthorized access, misuse, malfunction, modification, destruction or improper
disclosure. Implementing these measures allows computers, users and programs to
perform their permitted critical functions within a secure environment.
Securing a network requires a complex combination of hardware devices, such as
routers, firewalls and anti-malware software applications. Government agencies and
businesses employ highly skilled information security analysts to implement security plans
and constantly monitor the efficacy of these plans.
Types of network security
Access control. This refers to controlling which users have access to the network
or especially sensitive sections of the network. Using security policies, you can restrict
network access to only recognized users and devices or grant limited access to
noncompliant devices or guest users.
Antivirus and anti-malware software. Malware, or “malicious software,” is a
common form of cyberattack that comes in many different shapes and sizes. Some
variations work quickly to delete files or corrupt data, while others can lie dormant for long
periods of time and quietly allow hackers a back door into your systems.
Application security. Each device and software product used within your
networking environment offers a potential way in for hackers. For this reason, it is important
that all programs be kept up-to-date and patched to prevent cyberattacks from exploiting
vulnerabilities to access sensitive data. Application security refers to the combination of
24
lOMoARcPSD|20832310
hardware, software, and best practices you use to monitor issues and close gaps in your
security coverage.
Behavioral analytics. In order to identify abnormal behavior, security support
personnel need to establish a baseline of what constitutes normal behavior for a given
customer’s users, applications, and network.
Data loss prevention. Data loss prevention (DLP) technologies are those that
prevent an organization’s employees from sharing valuable company information or
sensitive data—whether unwittingly or with ill intent—outside the network. DLP
technologies can prevent actions that could potentially expose data to bad actors outside
the networking environment, such as uploading and downloading files, forwarding
messages, or printing.
Distributed denial of service prevention. Distributed denial of service (DDoS)
attacks are becoming increasingly common. They function by overloading a network with
one-sided connection requests that eventually cause the network to crash.
Email security. Email is an especially important factor to consider when
implementing networking security tools. Numerous threat vectors, like scams, phishing,
malware, and suspicious links, can be attached to or incorporated into emails.
Firewalls. Firewalls are another common element of a network security model.
They essentially function as a gatekeeper between a network and the wider internet.
Firewalls filter incoming and, in some cases, outgoing traffic by comparing data packets
against predefined rules and policies, thereby preventing threats from accessing the
network.
Mobile device security. The vast majority of us have mobile devices that carry
some form of personal or sensitive data we would like to keep protected. This is a fact that
hackers are aware of and can easily take advantage of. Implementing mobile device
security measures can limit device access to a network, which is a necessary step to
ensuring network traffic stays private and doesn’t leak out through vulnerable mobile
connections.
Network segmentation. Dividing and sorting network traffic based on certain
classifications streamlines the job for security support personnel when it comes to applying
policies. Segmented networks also make it easier to assign or deny authorization
credentials for employees, ensuring no one is accessing information they should not be.
Security information and event management. These security systems (called
SIEMs) combine host-based and network-based intrusion detection systems that combine
real-time network traffic monitoring with historical data log file scanning to provide
administrators with a comprehensive picture of all activity across the network
Web security. Web security software serves a few purposes. First, it limits internet
access for employees, with the intention of preventing them from accessing sites that could
contain malware. It also blocks other web-based threats and works to protect a customer’s
web gateway.
What is Operating System Security?
Operating system security (OS security) is the process of ensuring OS integrity,
confidentiality and
availability.
OS security refers to specified steps or measures used to protect the OS from
threats, viruses, worms, malware or remote hacker intrusions. OS security encompasses
all preventive-control techniques, which safeguard any computer assets capable of being
stolen, edited or deleted if OS security is compromised.
OS security may be approached in many ways, including adherence to the following:
Performing regular OS patch updates
25
lOMoARcPSD|20832310
Installing updated antivirus engines and software

Scrutinizing all incoming and outgoing network traffic through a firewall
Creating secure accounts with required privileges only
(i.e., user management) What is Application Security?
Application security describes security measures at the application level that aim to
prevent data or code within the app from being stolen or hijacked. It encompasses the
security considerations that happen during application development and design, but it also
involves systems and approaches to protect apps after they get deployed.
Application security may include hardware, software, and procedures that identify
or minimize security vulnerabilities. A router that prevents anyone from viewing a
computer’s IP address from the Internet is a form of hardware application security. But
security measures at the application level are also typically built into the software, such as
an application firewall that strictly defines what activities are allowed and prohibited.
Procedures can entail things like an application security routine that includes protocols
such as regular testing.
Types of application security
Different types of application security features include authentication, authorization,
encryption, logging, and application security testing. Developers can also code applications
to reduce security vulnerabilities.
Authentication: When software developers build procedures into an application to
ensure that only authorized users gain access to it. Authentication procedures ensure that
a user is who they say they are. This can be accomplished by requiring the user to provide
a user name and password when logging in to an application.
Authorization: After a user has been authenticated, the user may be authorized
to access and use the application. The system can validate that a user has permission to
access the application by comparing the user’s identity with a list of authorized users.
Authentication must happen before authorization so that the application matches only
validated user credentials to the authorized user list.
Encryption: After a user has been authenticated and is using the application, other
security measures can protect sensitive data from being seen or even used by a
cybercriminal. In cloud-based applications, where traffic containing sensitive data travels
between the end user and the cloud, that traffic can be encrypted to keep the data safe.
Logging: If there is a security breach in an application, logging can help identify
who got access to the data and how. Application log files provide a time-stamped record
of which aspects of the application were accessed and by whom.
Application security testing: A necessary process to ensure that all of these
security controls work properly.
Application security in the cloud

Application security in the cloud poses some extra challenges. Because cloud
environments provide shared resources, special care must be taken to ensure that users
only have access to the data they are authorized to view in their cloud-based applications.
Sensitive data is also more vulnerable in cloud-based applications because that data is
transmitted across the Internet from the user to the application and back.
Mobile application security
Mobile devices also transmit and receive information across the Internet, as
opposed to a private network, making them vulnerable to attack. Enterprises can use virtual
private networks (VPNs) to add a layer of mobile application security for employees who
26
lOMoARcPSD|20832310
log in to applications remotely. IT departments may also decide to vet mobile apps and
make sure they conform to company security policies before allowing employees to use
them on mobile devices that connect to the corporate network.
Web application security
Web application security applies to web applications—apps or services that users
access through a browser interface over the Internet. Because web applications live on
remote servers, not locally on user machines, information must be transmitted to and from
the user over the Internet. Web application security is of special concern to businesses that
host web applications or provide web services. These businesses often choose to protect
their network from intrusion with a web application firewall. A web application firewall works
by inspecting and, if necessary, blocking data packets that are considered harmful.
TOPIC Cyber Threats

4
A cybersecurity threat is the threat of malicious attack by an individual or

organization attempting to gain access to a network, to corrupt data or steal confidential
information. As cyber threats become increasingly sophisticated, your business must
implement the security needed to safeguard its data and networks.
A cyber security threat refers to any possible malicious attack that seeks to
unlawfully access data, disrupt digital operations or damage information. Cyber threats can
originate from various actors, including corporate spies, hacktivists, terrorist groups, hostile
nation-states, criminal organizations, lone hackers and disgruntled employees.
7 Types of Cyber Security Threats
Cyber security professionals should have an in-depth understanding of the following
types of cyber security threats.
1. Malware. Malware is malicious software such as spyware, ransomware,
viruses and worms. Malware is activated when a user clicks on a malicious link or
attachment, which leads to installing dangerous software. Cisco reports that malware, once
activated, can:
2. Emotet. The Cybersecurity and Infrastructure Security Agency (CISA)
describes Emotet as “an advanced, modular banking Trojan that primarily functions as a
downloader or dropper of other banking
Trojans. Emotet continues to be among the most costly and destructive malware.”
3. Denial of Service. A denial of service (DoS) is a type of cyber-attack that
floods a computer or network so it can’t respond to requests. A distributed DoS (DDoS)
does the same thing, but the attack originates from a computer network. Cyber attackers
often use a flood attack to disrupt the “handshake” process and carry out a DoS. Several
other techniques may be used, and some cyber attackers use the time that a network is
disabled to launch other attacks. A botnet is a type of DDoS in which millions of systems
can be infected with malware and controlled by a hacker, according to Jeff Melnick of
Netwrix, an information technology security software company. Botnets, sometimes called
zombie systems, target and overwhelm a target’s processing capabilities. Botnets are in
different geographic locations and hard to trace.
4. Man in the Middle. A man-in-the-middle (MITM) attack occurs when
hackers insert themselves into a two-party transaction. After interrupting the traffic, they
can filter and steal data, according to Cisco. MITM attacks often occur when a visitor uses
an unsecured public Wi-Fi network. Attackers insert themselves between the visitor and
the network, and then use malware to install software and use data maliciously.
27
lOMoARcPSD|20832310
5. Phishing. Phishing attacks use fake communication, such as an email, to

trick the receiver into opening it and carrying out the instructions inside, such as providing
a credit card number. “The goal is to steal sensitive data like credit card and login
information or to install malware on the victim’s machine,” Cisco reports.
6. SQL Injection. A Structured Query Language (SQL) injection is a type of
cyber-attack that results from inserting malicious code into a server that uses SQL. When
infected, the server releases information. Submitting the malicious code can be as simple
as entering it into a vulnerable website search box.
7. Password Attacks. With the right password, a cyber attacker has access
to a wealth of information. Social engineering is a type of password attack that Data Insider
defines as “a strategy cyber attackers use that relies heavily on human interaction and
often involves tricking people into breaking standard security practices.” Other types of
password attacks include accessing a password database or outright guessing.
Tasks
6
Test 1.
Direction: Analyze the given questions below and provide the correct answer on
the space provided. Write your answer on a separate sheet of paper.
_______________1. It describes security measures at the application level that aim to

prevent data or code within the app from being stolen or hijacked.
_______________2. It prevents an organization’s employees from sharing valuable
company information or sensitive data—whether unwittingly or with ill intent—outside the
network.
_______________3. Dividing and sorting network traffic based on certain classifications
streamlines the job for security support personnel when it comes to applying policies.
_______________4. It is the process of taking preventative measures to protect the
underlying networking infrastructure from unauthorized access, misuse, malfunction,
modification, destruction or improper disclosure.
_______________5. This refers to controlling which users have access to the network or
especially sensitive sections of the network.
_______________6. A necessary process to ensure that all of these security controls
work properly.
_______________7. It is activated when a user clicks on a malicious link or attachment,
which leads to installing dangerous software.
_______________8. These attacks use fake communication, such as an email, to trick
the receiver into opening it and carrying out the instructions inside, such as providing a credit
card number.
_______________9. It refers to any possible malicious attack that seeks to unlawfully
access data, disrupt digital operations or damage information.
28
lOMoARcPSD|20832310
_______________10. It is a kind of cyber threats wherein attackers insert themselves

between the visitor and the network, and then use malware to install software and use data
maliciously
Test 2.
1. What do you think is the best way to prevent cyber threats?

(5pts) Answer:
________________________________________________________________________
______________
________________________________________________________________________
______________
________________________________________________________________________
______________
________________________________________________________________________
______________
________________________________________________________________________
______________
________________________________________________________________________
______________
________________________________________________________________________
______________
________________________________________________________________________
______________
________________________________________________________________________
______________
___________________________________________________________________
2. How do you protect your Operating System (OS) from such

a cyber threat? (5pts) Answer:
________________________________________________________________________
______________
________________________________________________________________________
______________
________________________________________________________________________
______________
________________________________________________________________________
______________
________________________________________________________________________
______________
_______________________
3. From your own perspective, what is computer security?

(5pts) Answer:
________________________________________________________________________
______________
________________________________________________________________________
______________
________________________________________________________________________
______________
________________________________________________________________________
______________
________________________________________________________________________
______________
29
lOMoARcPSD|20832310
_______________________
TOPIC Cryptography, Authentication and Authorization

5
What is Cryptography?
Cryptography is the process of encrypting and decrypting data in order to keep that
data safe when storing or transmitting it.
Encryption is a way of hiding data by converting it to an encoded format.
Decryption is a way of revealing encrypted data by decoding it from its encoded
format.
What Is Authentication?
Authentication is the act of validating that user are whom they claim to be. This is the
first step in any security process.
Complete an authentication process with:
Passwords. Usernames and passwords are the most common authentication
factors. If a user enters the correct data, the system assumes the identity is valid and
grants access.
One-time pins. Grant access for only one session or transaction.
Authentication apps. Generate security codes via an outside party that grants
access. Biometrics. A user presents a fingerprint or eye scan to gain access to the
system.
In some instances, systems require the successful verification of more than one factor
before granting access. This multi-factor authentication (MFA) requirement is often
deployed to increase security beyond what passwords alone can provide.
What Is Authorization?
Authorization in system security is the process of giving the user permission to access
a specific resource or function. This term is often used interchangeably with access control
or client privilege.
Giving someone permission to download a particular file on a server or providing
individual users with administrative access to an application are good examples of
authorization. In secure environments, authorization must always follow authentication.
Users should first prove that their identities are genuine before an organization’s
administrators grant them access to the requested resources.
30
lOMoARcPSD|20832310
Authentication vs. Authorization

Despite the similar-sounding terms, authentication and authorization are separate
steps in the login process. Understanding the difference between the two is key to
successfully implementing an IAM solution. Let's use an analogy to outline the differences.
Consider a person walking up to a locked door to provide care to a pet while the
family is away on vacation. That person needs:
Authentication, in the form of a key. The lock on the door only grants access to
someone with the correct key in much the same way that a system only grants
access to users who have the correct credentials.
Authorization, in the form of permissions. Once inside, the person has the
authorization to access the kitchen and open the cupboard that holds the pet food.
The person may not have permission to go into the bedroom for a quick nap.
Authentication and authorization work together in this example. A pet sitter has the right
to enter the house (authentication), and once there, they have access to certain areas
(authorization).
Tasks
6
CASE 1:
Company ABC is a banking company. Every day, they experience DDoS attacks every
12pm-1pm
making servers inaccessible to both employees and clients. They have 10CISCO firewall
active but cannot fix the issue. The only remediation that they can think is to turn off the
services from 12pm-1pm. because
of DDoS attacks clients start complain and productivity is very affected. just for one
month of December.
The company loss summed up to a total of 10million. it is expected the double in the
coming months if the
issue is not resolve and the banks reputation will be damage badly.
Requirements of case study:

Objectives: what is the goal? make it SMART objectives.
Problem Statement: What problem needs to be addressed to meet your objectives?
Case facts: Relevant facts that will support your courses of action
Alternative courses of action: What are possible solutions? give 3 solutions.
Recommendation: Make your recommendation to prevent this kind of attack.
Answer:
________________________________________________________________________
______________
________________________________________________________________________
______________
31
lOMoARcPSD|20832310
32

Ias Ii

Uploaded by

Copyright:

Available Formats

Ias Ii

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Ias Ii

Uploaded by

Copyright:

Available Formats

lOMoARcPSD

TOPIC The state of Information Assurance Today

In the modern world, digital information is an important asset that is under

What Is Information Assurance?

For instance, information assurance and information security professionals both

Core Function Differences

Information security is a more hands-on discipline. It prioritizes developing tools,

Five Pillars of Information Assurance Framework

1. Confidentiality. This is the assurance that information is not disclosed to

2. Integrity. The accuracy and completeness of vital information must be

4. Authenticity. This security measure is designed to establish the validity of a

1. How does Information Assurance matters in your current organization?

3. Explain the importance of Information Assurance and Security.

implemented on the spur-of-the-moment. Rather, attackers deliberately plan out their

What is an Advanced Persistent Threat?

An Advanced Persistent Threat (APT) is an organized cyberattack by a group of

How Advanced Persistent Threats Work?

Advanced persistent threats use a variety of techniques to gain initial access to a

Malware is critical to the success of an advanced persistent threat. Once the

APT attacker goals, and consequences faced by organizations, include:

Sabotage, for example database deletion

What are the Unique Characteristics of Advanced Persistent Threats?

Five APT Attack Stages

5. Exfiltration or damage infliction. Finally, attackers prepare to transfer the data

Advanced Persistent Threat Examples

GhostNet. Based in China, attacks were conducted by spear phishing emails

Deep Panda. An APT attack against the US Government’s Office of Personnel

APT34. A group tied to Iran, identified by FireEye researchers in 2017. It targeted

APT Detection and Protection Measures

TOPIC Why Information Assurance (IA) matters at DoD

Information assurance is emerging as a critical component of DoD operational

Under Presidential leadership, joined forces with other federal agencies in a

Recognized cyberspace as a global domain within the information enterprise,

The DoD vision is freedom of action in cyberspace, where:

Overview Goals of CIIA

TOPIC Information Confidentiality, Integrity and Availability

Confidentiality Integrity Availability

• Prevents • Maintain • Ensures that the

Keeping sensitive data private using safeguards like data encryption is an

TOPIC Threats, Vulnerabilities and Consequences

These threats may be uncontrollable and often difficult or impossible to identify in

Some of the major threat include the following:

Testing for vulnerabilities is critical to ensuring the continued security of your

Risk can also be defined as:

1. The interrelated components of the computing environment

3. Computer Security (Network, Operating System, Application)

5. Cryptography, Authentication and Authorization

1. Characterize privacy, legal and ethical issues of information security.

TOPIC The interrelated components of the computing environment

The computing environment involves the collection of computer machinery, data

1. Technology availability (requirements baseline). The performance of the

typical computing equipment measures that affect the subsequent performance of

2. Resource utilization and conservation (software product architecture). The

The different types of Computing Environments are:

Cloud Client Server

Personal Computing Environment. In the personal computing environment,

Distributed Computing Environment. A distributed computing environment

Cybersecurity is the practice of protecting systems, networks, and programs from

Confidentiality. Confidentiality means that only the authorized individuals/systems