Lesson Proper for Week 1 What are the key principles of information security?

What is Information Security?
Information security or infosec is concerned with protecting information from
unauthorized access. It's part of information risk management and involves
preventing or reducing the probability of unauthorized access, use, disclosure,
disruption, deletion, corruption, modification, inspect, or recording.
Confidentiality, integrity and availability, also known as the CIA triad, are at the
heart of information security. That said, there is a debate about whether or not
the CIA triad sufficiently addresses the rapidly changing technology and business
requirements, as well as the relationship between security and privacy. Other
principles such as accountability have been proposed and non-repudiation does
not fit in well with the three core concepts.

If a security incident does occur, information security professionals are involved What is confidentiality?
with reducing the negative impact of the incident.
Confidentiality is about not making information available or disclosed to
While the primary focus of any information security program is protecting the unauthorized individuals, entities or processes. While similar to privacy the words
confidentiality, integrity and availability (the CIA triad) of information, should not be used interchangeably.
maintaining organizational productivity is often an important consideration
What is integrity?
This has led the information security industry to specific best-practice standards
in the following areas: Integrity or data integrity is concerned with the maintenance, assurance,
accuracy and completeness of data over its entire lifecycle. This means
implementing security controls that ensure data cannot be modified or deleted by
 Information security policies, an unauthorized person or in an undetected manner.
 Password strength
What is availability?
 Access controls
 Multi-factor authentication For any information system to be useful, it must be available when needed. This
 Antivirus software, firewalls means computer systems that store and process information, the security
controls that protect it, and the communication channels that access it must
 Cryptography
function on demand.
 Legal liability
 Security awareness What is non-repudiation?

Information security is achieved through a structured risk management Non-repudiation is a term borrowed from law that implies one's intention to fulfill
process that: their obligations in a contract and that one party cannot deny having received or
having sent a transaction.
• Identifies information, related assets and the threats, vulnerability and
impact of unauthorized access What is a threat?
• Evaluates risks
A threat is anything (incidental or deliberate) that could cause potential harm,
• Makes decisions about how to address or treat risks i.e. avoid,
loss or exposure to an information asset.
mitigate, share or accept
• When mitigated, selects, designs and implements security controls What is a vulnerability?
• Monitors activities and makes adjustments to address any new
A vulnerability is a weakness or exploit that could cause harm, loss or exposure
issues, changes, or improvements
to an information asset.
Types of InfoSec
What is risk?
Application security
Application security is a broad topic that covers software vulnerabilities in web
Risk is the likelihood that an event could cause harm, loss or exposure to an
and mobile applications and application programming interfaces (APIs). These
information asset.
vulnerabilities may be found in authentication or authorization of users, integrity
of code and configurations, and mature policies and procedures.

Cloud security
Cloud security focuses on building and hosting secure applications in cloud
environments and securely consuming third-party cloud applications. “Cloud”
simply means that the application is running in a shared environment.

Cryptography
Encrypting data in transit and data at rest helps ensure data confidentiality and
integrity. Digital signatures are commonly used in cryptography to validate the
authenticity of data. Cryptography and encryption has become increasingly
important.

Infrastructure security
Infrastructure security deals with the protection of internal and extranet networks,
labs, data centers, servers, desktops, and mobile devices.

Incident response
Incident response is the function that monitors for and investigates potentially
malicious behavior.

In preparation for breaches, IT staff should have an incident response plan for
containing the threat and restoring the network. In addition, the plan should
create a system to preserve evidence for forensic analysis and potential
prosecution. This data can help prevent further breaches and help staff discover
the attacker.

Vulnerability management

Vulnerability management is the process of scanning an environment for weak

points (such as unpatched software) and prioritizing remediation based on risk.

What are information security threats?

Threats can come in many forms including software attacks, identity theft,
sabotage, physical theft and information extortion:

• Software attacks on information security include viruses, malware,

worms, ransomware like WannaCry, trojan horses or any malicious
codes that impact the availability of information.

• Phishing emails or websites are often aimed at stealing intellectual

property or log-in credentials to gain unauthorized access. Social
engineering is one of the largest cyber threats and is hard to protect
against with traditional security measures

• Sabotage like denial of service attacks often aim to reduce the

availability of key information assets, reducing confidence or
organizational productivity until payment is received in exchange for
returning service to the organization

• Theft of information and equipment is becoming increasingly common

as most devices are now mobile in nature like smartphones or
laptops. This is placing more dependance on cloud security than ever
before in history.

• Information extortion involves gaining access to confidential

information and then holding it at ransom until payment is made
Lesson Proper for Week 2 money transfer. Phishing attacks are prevalent among hackers as they can
exploit the user’s data until the user finds out about it. Phishing attacks remain
What's the difference between security, anonymity, and privacy? And when one of the major challenges of Cyber Security in India, as the demographic here
should you prioritize one over another? isn’t well-versed with handling confidential data.

Three of the most important concepts to understand online are: privacy,

anonymity, and security. And depending on your online needs, you should
prioritize one over the other.
While the three often overlap, the only way to determine which one you need the
most in a particular scenario is to understand what they actually mean.
What Does Privacy Mean?
Privacy is the ability to keep certain data and information about yourself exclusive
to you and control who and what has access to it.
Think of privacy as owning a smartphone—unencrypted and without a password.
Everyone around you knows who the phone belongs to, but they don’t know
what’s on it. If someone goes through your phone without permission, it’s an
invasion of privacy, even if they don't use it to hurt or blackmail you. When it
comes to online privacy, it’s a matter of how much personal information you can
keep to yourself when browsing the internet or using software on any of your
devices.
When to Prioritize Privacy
Make privacy your priority when using apps or services that have access to your
personal information such as full name, email address, phone number, location,
etc.
You should optimize your experience for privacy when using social media
platforms and apps, messaging and emailing services, and browsers.
What Does Anonymity Mean?
To be anonymous is to hide or conceal your identity, but not your actions. You
can be anonymous in the physical world by covering your face and fingerprints.
In the digital world, you can be anonymous by preventing online entities from
collecting or storing data that could be used to identify you.
When to Prioritize Anonymity
Online anonymity is a case-by-case need. Generally, you’d want to be
anonymous anytime you’re doing something you wouldn't want to be traced back
to you or your online personas.
It’s important when discussing sensitive topics; whether it’s asking for advice on
online forums, expressing fringe political views, or exposing a public person or
commercial entity's misconduct.
What Does Security Mean?
Security is a set of precautions and measures for protection against potential
harm to your person and reputation, and files directly or indirectly from malicious
parties. You can practice online and data security by using antivirus software,
encrypting important files, and using passwords to secure accounts and
devices.
We also advise using Two-Factor Authentication (2FA) on services where
possible.
When to Prioritize Security
You need security to protect any type of information that others could use against
you, such as private images and financial information. Look for services with the
utmost security when dealing with password managers, antivirus, and financial
services.
Six Significant Information Security Challenges
Executives need to understand and address six significant challenges, which are:
· E-commerce requirements
· Information security attacks
· Immature information security market
· Information security staff shortage
· Government legislation and industry regulations
· Mobile workforce and wireless computing
Security is becoming a severe issue for individuals, enterprises, and
governments alike. In a world where everything is on the internet, from cute
kitten videos and our travel diaries to our credit card information, ensuring
that our data remains safe is one of the biggest challenges of Security.
1. RANSOMWARE ATTACKS
5. BLOCKCHAIN AND CRYPTOCURRENCY ATTACKS
Block chain and crypto currency attacks
While blockchain and cryptocurrency might not mean much to the average
internet user, these technologies are a huge deal for businesses. Thus, attacks
on these frameworks pose considerable challenges in Cyber Security for
businesses as it can compromise the customer data and business operations.
These technologies have surpassed their infancy stage but have yet not reached
an advanced secure stage. Thus, several attacks have been attacks, such as
DDOS, Sybil, and Eclipse, to name a few. Organizations need to be aware of the
security challenges that accompany these technologies and ensure that no gap
is left open for intruders to invade and exploit.
6. SOFTWARE VULNERABILITIES
Software Vulnerabilities
Even the most advanced software has some vulnerability that might pose
significant challenges to Cyber Security in 2020, given that the adoption of digital
devices now is more than ever before. Individuals and enterprises don’t usually
update the software on these devices as they find it unnecessary. However,
updating your device’s software with the latest version should be a top priority. An
older software version might contain patches for security vulnerabilities that are
fixed by the developers in the newer version. Attacks on unpatched software
versions are one of the major challenges of Cyber Security. These attacks are
usually carried out on a large number of individuals, like the Windows zero-day
attacks.
7. MACHINE LEARNING AND AI ATTACKS
Machine learning and AI attacks
While Machine Learning and Artificial Intelligence technologies have proven
highly beneficial for massive development in various sectors, it has its
vulnerabilities as well. These technologies can be exploited by unlawful
individuals to carry out cyberattacks and pose threats to businesses. These
technologies can be used to identify high-value targets among a large dataset.
Machine Learning and AI attacks are another big concern in India. A
sophisticated attack might prove to be too difficult to handle due to the lack of
Cyber Security expertise in our country.
8. BYOD POLICIES
BVOD Policies
Most organizations have a Bring-Your-Own-Device policy for their employees.
Having such systems poses multiple challenges in Cyber Security. Firstly, if the
device is running an outdated or pirated version of the software, it is already an
excellent medium for hackers to access. Since the method is being used for
personal and professional reasons, hackers can easily access confidential
business data. Secondly, these devices make it easier to access your private
network if their security is compromised. Thus, organizations should let go of
BYOD policies and provide secure devices to the employees, as such systems
possess enormous challenges of Computer Security and network compromise.
9. INSIDER ATTACKS
Insider attacks
While most challenges of Cyber Security are external for businesses, there can
be instances of an inside job. Employees with malicious intent can leak or export
confidential data to competitors or other individuals. This can lead to huge
financial and reputational losses for the business. These challenges of Computer
Security can be negated by monitoring the data and the inbound and outbound
network traffic. Installing firewall devices for routing data through a centralized
server or limiting access to files based on job roles can help minimize the risk of
insider attacks.
10. OUTDATED HARDWARE
Outdated Hardware
Well, don’t be surprised. Not all challenges of Cyber Security come in the form of
software attacks. With software developers realizing the risk of software
vulnerabilities, they offer a periodic update. However, these new updates might
not be compatible with the hardware of the device. This is what leads to outdated
hardware, wherein the hardware isn’t advanced enough to run the latest software
versions. This leaves such devices on an older version of the software, making
them highly susceptible to cyberattacks.

Ransomware attacks
Ransomware attacks involve hacking into a user’s data and preventing them
from accessing it until a ransom amount is paid. Ransomware attacks are critical
for individual users but more so for businesses who can’t access the data for
running their daily operations.

2. IOT ATTACKS
IOT Attacks
IoT devices are computing, digital, and mechanical devices that can
autonomously transmit data over a network. Examples of IoT devices include
desktops, laptops, mobile phones, smart security devices, etc. As the adoption of
IoT devices is increasing at an unprecedented rate, so are the challenges of
Cyber Security. Attacking IoT devices can result in the compromise of sensitive
user data. Safeguarding IoT devices is one of the biggest challenges in Cyber
Security, as gaining access to these devices can open the doors for other
malicious attacks.

3. CLOUD ATTACKS
Cloud attacks
Most of us today use cloud services for personal and professional needs. Also,
hacking cloud-platforms to steal user data is one of the challenges in Cyber
Security for businesses. We are all aware of the infamous iCloud hack, which
exposed private photos of celebrities. If such an attack is carried out on
enterprise data, it could pose a massive threat to the organization and maybe
even lead to its collapse.

4. PHISHING ATTACKS
Phishing is a type of social engineering attack often used to steal user data,
including login credentials and credit card numbers. Unlike ransomware attacks,
the hacker, upon gaining access to confidential user data, doesn’t block it.
Instead, they use it for their own advantages, such as online shopping and illegal
Lesson Proper for Week 3
Threats to Information Security
Information Security threats can be many like Software attacks, theft of
intellectual property, identity theft, theft of equipment or information, sabotage,
and information extortion.
Threat can be anything that can take advantage of a vulnerability to breach
security and negatively alter, erase, harm object or objects of interest.
Software attacks means attack by Viruses, Worms, Trojan Horses etc. Many
users believe that malware, virus, worms, bots are all same things. But they are
not same, only similarity is that they all are malicious software that behave
differently.
Malware is a combination of 2 terms- Malicious and Software. So Malware
basically means malicious software that can be an intrusive program code or a
anything that is designed to perform malicious operations on system. Malware
can be divided in 2 categories:
1. Infection Methods
2. Malware Actions
Malware on the basis of Infection Method are following:
Virus – They have the ability to replicate themselves by hooking them to the
program on the host computer like songs, videos etc and then they travel all over
the Internet.
Worms – Worms are also self replicating in nature but they don’t hook
themselves to the program on host computer. Biggest difference between virus
and worms is that worms are network aware. They can easily travel from one
computer to another if network is available and on the target machine they will
not do much harm, they will for example consume hard disk space thus slowing
down the computer.
Trojan – The Concept of Trojan is completely different from the viruses and
worms. The name Trojan derived from the ‘Trojan Horse’ tale in Greek
mythology.
Their purpose is to conceal themselves inside the software that seem legitimate
and when that software is executed they will do their task of either stealing
information or any other purpose for which they are designed.
Bots –: can be seen as advanced form of worms. They are automated processes
that are designed to interact over the internet without the need of human
interaction. They can be good or bad. Malicious bot can infect one host and after
infecting will create connection to the central server which will provide commands
to all infected hosts attached to that network called Botnet.
Malware on the basis of Actions:
Adware – Adware is not exactly malicious but they do breach privacy of the
users. They display ads on computer’s desktop or inside individual programs.
They come attached with free to use software, thus main source of revenue for
such developers. They monitor your interests and display relevant ads. An
attacker can embed malicious code inside the software and adware can monitor
your system activities and can even compromise your machine
Spyware – It is a program or we can say a software that monitors your activities
on computer and reveal collected information to interested party. Spyware are
generally dropped by Trojans, viruses or worms. Once dropped they installs
themselves and sits silently to avoid detection.
Ransomware – It is type of malware that will either encrypt your files or will lock
your computer making it inaccessible either partially or wholly. Then a screen will
be displayed asking for money i.e. ransom in exchange.
Scareware – It masquerades as a tool to help fix your system but when the
software is executed it will infect your system or completely destroy it. The
software will display a message to frighten you and force to take some action like
pay them to fix your system.
Rootkits – are designed to gain root access or we can say administrative
privileges in the user system. Once gained the root access, the exploiter can do
anything from stealing private files to private data.
Zombies – They work similar to Spyware. Infection mechanism is same but they
don’t spy and steal information rather they wait for the command from hackers. ·
Lesson Proper for Week 4
Malware definition
Malware, short for malicious software, is a blanket term for viruses, worms,
trojans and other harmful computer programs hackers use to wreak destruction
and gain access to sensitive information. As Microsoft puts it, "[malware] is a
catch-all term to refer to any software designed to cause damage to a single
computer, server, or computer network." In other words, software is identified as
malware based on its intended use, rather than a particular technique or
technology used to build it.
This means that the question of, say, what the difference is between malware
and a virus misses the point a bit: a virus is a type of malware, so all viruses are
malware (but not every piece of malware is a virus).
Types of malware
There are a number of different ways of categorizing malware; the first is by how
the malicious software spreads. You've probably heard the words virus, trojan,
and worm used interchangeably, but as Symantec explains, they describe three
subtly different ways malware can infect target computers:
• A worm is a standalone piece of malicious software that reproduces itself
and spreads from computer to computer.
• A virus is a piece of computer code that inserts itself within the code of
another standalone program, then forces that program to take malicious
action and spread itself.
• A trojan is a program that cannot reproduce itself but masquerades as
something the user wants and tricks them into activating it so it can do its
damage and spread.
Malware can also be installed on a computer "manually" by the attackers
themselves, either by gaining physical access to the computer or using privilege
escalation to gain remote administrator access.
Another way to categorize malware is by what it does once it has successfully
infected its victim's computers. There are a wide range of potential attack
techniques used by malware:
• Spyware is defined by Webroot Cybersecurity as "malware used for the
purpose of secretly gathering data on an unsuspecting user." In essence, it
spies on your behavior as you use your computer, and on the data you
send and receive, usually with the purpose of sending that information to a
third party. A keylogger is a specific kind of spyware that records all the
keystrokes a user makes—great for stealing passwords.
• A rootkit is, as described by TechTarget, "a program or, more often, a
collection of software tools that gives a threat actor remote access to and
control over a computer or other system." It gets its name because it's a kit
of tools that (generally illicitly) gain root access (administrator-level control,
in Unix terms) over the target system, and use that power to hide their
presence.
• Adware is malware that forces your browser to redirect to web
advertisements, which often themselves seek to download further, even
more malicious software. As The New York Times notes, adware often
piggybacks onto tempting "free" programs like games or browser
extensions.
• Ransomware is a flavor of malware that encrypts your hard drive's files
and demands a payment, usually in Bitcoin, in exchange for the decryption
key. Several high-profile malware outbreaks of the last few years, such as
Petya, are ransomware. Without the decryption key, it's mathematically
impossible for victims to regain access to their files. So-called scareware is
a sort of shadow version of ransomware; it claims to have taken control of
your computer and demands a ransom, but actually is just using tricks like
browser redirect loops to make it seem as if it's done more damage than it
really has, and unlike ransomware can be relatively easily disabled.
• Cryptojacking is another way attackers can force you to supply them with
Bitcoin—only it works without you necessarily knowing. The crypto mining
malware infects your computer and uses your CPU cycles to mine Bitcoin
for your attacker's profit. The mining software may run in the background
on your operating system or even as JavaScript in a browser window.
• Malvertising is the use of legitimate ads or ad networks to covertly deliver
malware to unsuspecting users’ computers. For example, a cybercriminal
might pay to place an ad on a legitimate website. When a user clicks on the
ad, code in the ad either redirects them to a malicious website or installs
malware on their computer. In some cases, the malware embedded in an
ad might execute automatically without any action from the user, a
Malware examples
We've already discussed some of the current malware threats looming large
today. But there is a long, storied history of malware, dating back to infected
floppy disks swapped by Apple II hobbyists in the 1980s and the Morris Worm
spreading across Unix machines in 1988. Some of the other high-profile
malware attacks have included:
• ILOVEYOU, a worm that spread like wildfire in 2000 and did more than $15
billion in damage
• SQL Slammer, which ground internet traffic to a halt within minutes of its
first rapid spread in 2003
• Conficker, a worm that exploited unpatched flaws in Windows and
leveraged a variety of attack vectors – from injecting malicious code to
phishing emails – to ultimately crack passwords and hijack Windows
devices into a botnet.
• Zeus, a late '00s keylogger Trojan that targeted banking information 
CryptoLocker, the first widespread ransomware attack, whose code
keeps getting repurposed in similar malware projects
• Stuxnet, an extremely sophisticated worm that infected computers
worldwide but only did real damage in one place: the Iranian nuclear facility
at Natanz, where it destroyed uranium-enriching centrifuges, the mission it
was built for by U.S. and Israeli intelligence agencies
Cryptomining attacks decline
The Malwarebyte Labs report has seen a shift away from cryptomining starting in
the second quarter of 2018, due largely to the decline in cryptocurrency values.
Still, the number of cryptomining detections increased for the year by 7 percent.
Instead, cyber criminals are turning to information stealing malware like Emotet
to turn a profit. “Overall, it seems as though criminals have reached the
consensus that sometimes stealing is better than mining,” the report stated.
Ransomware becoming more targeted
Kujawa notes that small and medium-sized businesses (SMBs) are becoming
more popular targets. He attributes this to the likelihood of being paid for
ransomware attacks—SMBs often can’t afford the downtime and see paying
ransom as the fastest way to recover. They also often softer targets than larger
businesses.
Ransomware detections actually declined by 26 percent worldwide in 2018,
according to the Malwarebytes report. However, ransomware detections at
businesses rose by 28 percent. Industries most often targeted were consulting,
education, manufacturing and retail. Kujawa believes criminals focus on these
industries because of opportunity and likelihood of ransoms being paid.
7 LAYERS OF SECURITY
Security is an important factor for people all over the world due to the existence
of important information which may be stored on the computer or any other
system, so you have to provide different facilities to protect this information and
not allow others to access it, in the world of computers, security has many
details, and to understand each of them, at the beginning, you need to be fully
aware of the computer in general, so that you can maintain the security of your
site better, security has 7 layers, which we will discuss in the following.
1- Information Security Policies:
One of the main layers of information security is Information Security Policies,
which gives users the assurance that you give a value to their information and do
your best to protect them, the security plans for people who want to protect
information must be prearranged and should have a step-by-step process to
strengthen the security of your site.
In general, information security policies reflect the thoughts of the media and
show all their efforts to protect information, through this layer of security ,
information can be secured against all existing threats.
This layer of security has 3 main types that we will mention in the following:
- Organizational (or Master) Policy
- System-specific Policy
- Issue-specific Policy
2- Physical Security:
This layer of security is always an important for many people, and they regularly
provide facilities through which they can establish physical security to protect
information, in the real world, if you have a valuable object, such as money,
jewelry, documents, etc., you maintain this layer of security as fully as possible,
for example, if you leave that valuable object in a safe place, or give it to
someone who you trust, you are not worried about protecting them. The same
thing is also true for computers, generally, physical security is defined as the
protection of hardware and software components, networks, and data from
natural physical conditions and events, which may cause serious damage to an
organization and the information contained in them, in other words, physical
security includes all measures to protect all hardware, information and software
available against theft, natural disasters, etc., in order to achieve this kind of
security, you must pay attention to some tips which help you keep your
information safe.
3- Secure Networks and Systems:
This layer of security is very widespread, which includes all measures,
equipment, etc., which cause the security of the system and the network to be
integrated,m and prevent any threatening factors from entering your system, and
ultimately provide security for you.
Network security has 3 types, which we are going to discuss in the
following.
· Physical Network Security:
This type of network security control is to protect information and prevent illegal
access to the system.
· Technical Network Security:
This type is so important and protects all the data that is in the computer,
including the one that is being transferred from the computer or the data that is
entering the computer, in order to establish the security of this layer, you must
pay attention to many points.
· Administrative Network Security:
As you know, the behaviors of users who have access to information, cannot be
controlled, and you must provide facilities in advance, so that you can prevent
any event that affects the security structure of the network, one of the things that
can be done in this section, is restricting people's access to all information, which
is an effective way to prevent a series of unfortunate events.
In general, in this layer of security , you can do the following:
· Network Access Control
· Antivirus and Antimalware Software
· Firewall Protection
· Virtual Private Networks
4- Vulnerability Programs:
Despite the spread of cyber attacks and loss of information which they cause,
and the daily progress of hackers, security layers have received more attention
from users, and they try to study and search in this field to have control over
each layer and implement all the necessary strategies to protect their
information, hackers are constantly scrutinizing the weaknesses of a system and
use these weak points to attack the system and its information, so they get their
desired results through them.
In this layer of security, you must pay more attention to the vulnerabilities of a
system, all of these weak points have to be identified through various tools, then
you should try to do your best to solve the problem because that weak points
must be strengthened in order to increase security in general, so you can
improve your system security by paying attention to all points.
5- Strong Access Control Measures:
This layer of security has a great impact on establishing security in general, and
all the actions that are taken in this layer, ultimately, are aimed at controlling
people's access to information, to achieve this goal, various solutions can be
taken, including the solution of setting passwords which are hard to be guessed,
which should include more than 8 characters, so it is hard for people to guess
this password, as a result they cannot access your information easily.
This layer of security contains the following 3 types:
· Discretionary Access Control (DAC) ·
Managed Access Control (MAC)
· Role-Based Access Control (RBAC)
6- Protect and Backup Data:
This layer of security helps you to have no worries about the stored information,
and it is constantly recommended in this layer to provide backup information, so
that in case of unexpected events, your information won’t be damaged and will
be protected as much as possible, there are a number of ways you can get help
from them in order to implement this layer properly, including keeping information
in a safe place other than the current information system that helps you maintain
your information safe. It should be noted that it is necessary to establish the
security for the information from which you have made a backup.
7- Monitor and Test Your Systems:
In this layer, you should review all the actions you have taken and examine all
the aspects, so that you can identify the possible dangers that threaten your
information and system, in general, the system monitoring process helps you
solve these problems and does not allow a problem to occur, which causes
damage to your system or loss of your information.
To implement this layer, there are various tools which will help you achieve your
goal, some of which we are going to mention in the following section.
· SolarWinds Server and Application Monitor ·
NinjaRMM
· PRTG - OpManager by ManageEngine
· OpenNMS
· WhatsUp Gold
· OpenNMS
Lesson Proper for Week 5
What Does Password Protection Mean?
Password protection is a security process that protects information accessible via
computers that needs to be protected from certain users. Password protection
allows only those with an authorized password to gain access to certain
information.
Password protect
To password protect is to implement or enable a password on a computer,
network device, online service, file, user account, or data. When password
protection is enabled, users receive a prompt for a username or password before
they're given access. For example, to log in to a Microsoft Windows account, the
user must enter the proper credentials. The same goes for a file that is password
protected.
If the incorrect information is entered, users can't access certain computers,
online services, files, or other password-protected areas. If the incorrect
password is entered multiple times, access is usually locked temporarily. Once
locked, you must wait for a set time before trying the password again or ask for
support to unlock the computer, account, or file.
If you can't remember the password for an online account, most services provide
a forgot password feature to help you reset it.
Protecting Against Malware
So now we're at the biggest question of all: "How do I make sure my computer or
network is malware-free?"
The answer has two parts: Personal vigilance, and protective tools. One of the
most popular ways to spread malware is by email, which may be disguised to
look as if it is from a familiar company such as a bank, or a personal email from a
friend.
Be wary of emails that ask you to provide passwords. Or emails that seem to be
from friends, but have only a message such as "check out this cool website!"
followed by a link.
Personal vigilance is the first layer of protection against malware, but simply
being careful is not enough. Because business security is not perfect, even
downloads from legitimate sites can sometimes have malware attached. Which
means that even the most prudent user is at risk, unless you take additional
measures.
What is Malware Protection?
Malware security protection provides that second vital layer of protection for your
computer or network. A robust antivirus software package is the primary
component of technological defenses that every personal and business computer
system should have.
Well-designed antivirus protection has several characteristics. It checks any
newly downloaded program to ensure that it is malware-free. It periodically scans
the computer to detect and defeat any malware that might have slipped through.
It is regularly updated to recognize the latest threats.
Good antivirus protection can also recognize — and warn against — even
previously unknown malware threats, based on technical features (such as
attempting to "hide" on a computer) that are characteristic of malware. In
addition, robust antivirus software detects and warns against suspicious
websites, especially those that may be designed for "phishing" (a technique that
tricks users into entering passwords or account numbers).
Finally, malware protection needs to be usable. Effective antivirus software must
be simple to download and install, so you don't need to be a Ph.D. in computer
science in order to use it. Look for antivirus software solutions that have the
characteristics outlined above — and follow through by installing it.
Robust malware protection specifically guards your finances. These tools
safeguard your account information, and can also provide passwordmanagement
tools so that frustration over forgotten passwords does not lead you to skip over
this essential component of protection.
No protection is absolute. But a combination of personal awareness and
welldesigned protective tools will make your computer as safe as it can be.
Workspace security
Each group you add to a workspace can have vastly different permissions than
others. You can also copy an existing group’s permissions to save time on
configuring them.
Limit access to your workspace
Slack allows for transparency, and sometimes that means sharing proprietary
information or sensitive details. Here are some tips to ensure only the right
people have access to information in your workspace:
 Only invite people you know
For total control, keep the default setting to only let Workspace Owners
and Admins send invitations to new members. If you do allow others to
send invites, review pending and accepted invitations periodically.
Deactivate members’ accounts who no longer need access
Change is constant, and people come and go. Don’t forget to deactivate a
member’s account when they leave. Workspace Owners on the Business+ and
Enterprise Grid plans can streamline deactivation with an identity provider
using SCIM provisioning.
Add people from other companies to a channel
To work with external partners who don’t need access to all the information in
your workspace, you can use Slack Connect to invite them to channels. This lets
you collaborate securely and productively in one centralized place, all from your
own workspaces.
Use guest accounts and limit the channels they're invited to Some
members of your Slack workspace (like contractors, interns, or clients) may
only need access to certain channels. Guest accounts are a great way to
manage who has access to the information they need in your workspace.
Manage email display
Members can find each others' email addresses in their profiles, but some people
may prefer to keep this info private. Workspace Owners and Admins can choose
if members’ email addresses are displayed in their Slack profiles.
Workspace permissions
workspace permissions into five categories
· Object security
· Tab visibility
· Browsers
· Mass operations
· Admin operations
Object security
workspace objects with their related item-level permissions. Item-level rights
include:
· None - denies users access to the object.
· View - view the object. This is the lowest level object permission.
· Edit - edit and view the object.
· Delete - delete, edit, and view the object.
· Add - add new objects. This icon turns blue when the setting is unsaved;
once you click Save, the blue icon becomes grey.
· Edit Security - grants users the ability to edit the security of objects.
Tab visibility
Tab Visibility lists all parent and child tabs to which you can grant groups access.
Combine object security permissions and tab visibility access to give users the
tools they need to complete their tasks. Select a tab to make it visible for a
group.
Mass operations
In the Mass Operations section, you control which types of mass action rights the
group can access. This section also lists any custom mass operations that you
have added to Relativity or that are available in applications currently installed in
your environment.
Browsers
In the Browsers section, you control which browsers are visible to a group. Select
a browser type to make it visible for the group.
Admin operations
You can secure several admin operations separately. To assign permissions to a
group, select checkboxes for any combination of these operations.
Physical Security
Most people think about locks, bars, alarms, and uniformed guards when they
think about security. While these countermeasures are by no means the only
precautions that need to be considered when trying to secure an information
system, they are a perfectly logical place to begin.
Physical security is a vital part of any security plan and is fundamental to all
security efforts--without it, information security software security, user access
security and network security are considerably more difficult, if not impossible, to
initiate. Physical security refers to the protection of building sites and equipment
(and all information and software contained therein) from theft, vandalism,
natural disaster, manmade catastrophes, and accidental damage (e.g., from
electrical surges, extreme temperatures, and spilled coffee). It requires solid
building construction, suitable emergency preparedness, reliable power supplies,
adequate climate control, and appropriate protection from intruders.
Create a Secure Environment: Building and Room Construction
· Don't arouse unnecessary interest in your critical facilities: A secure room
should have "low" visibility (e.g., there should not be signs in front of the building
and scattered throughout the hallways announcing "expensive equipment and
sensitive information this way").
· Select only those countermeasures that meet percuived needs as
indentified during risk assessment and support security policy.
· Maximize structural protection: A secure room should have full height walls
and fireproof ceilings.
· Minimize external access (doors): A secure room should only have one or
two doors--they should be solid, fireproof, lockable, and observable by assigned
security staff. Doors to the secure room should never be propped open.
· Minimize external access (windows): A secure room should not have
excessively large windows. All windows should have locks.
· Maintain locking devices responsibly: Locking doors and windows can be
an effective security strategy as long as appropriate authorities maintain the keys
and combinations responsibly. If there is a breach, each compromised lock
should be changed.
· Investigate options other than traditional keyhole locks for securing areas
as is reasonable: Based on the findings from your risk assessment consider
alternative physical security strategies such as window bars, anti-theft cabling
(i.e., an alarm sounds when any piece of equipment is disconnected from the
system), magnetic key cards, and motion detectors.
Recognize that some countermeasures are ideals and may not be feasible
if, for example, your organization is housed in an old building.
Be prepared for fire emergencies: In an ideal world, a secure room should be
protected from fire by an automatic fire-fighting system. Note that water can
damage electronic equipment, so carbon dioxide systems or halogen agents are
recommended. If implemented, staff must be trained to use gas masks and other
protective equipment. Manual fire fighting equipment (i.e., fire extinguishers)
should also be readily available and staff should be properly trained in their use.
Maintain a reasonable climate within the room: A good rule of thumb is that if
people are comfortable, then equipment is usually comfortable--but even if
people have gone home for the night, room temperature and humidity cannot be
allowed to reach extremes (i.e., it should be kept betwessl
en 50 and 80 degrees Fahrenheit and 20 and 80 percent humidity). Note that it's
not freezing temperatures that damage disks, but the condensation that forms
when they thaw out.
Be particularly careful with non-essential materials in a secure computer room:
Technically, this guideline should read "no eating, drinking, or smoking near
computers," but it is quite probably impossible to convince staff to implement
such a regulation. Other non-essential materials that can cause problems in a
secure environment and, therefore, should be eliminated include curtains,
reams of paper, and other flammables.
Guard Equipment:
Keep critical systems separate from general systems: Prioritize equipment
based on its criticality and its role in processing sensitive information. Store it in
secured areas based on those priorities.
House computer equipment wisely: Equipment should not be able to be seen or
reached from window and door openings, nor should it be housed near radiators,
heating vents, air conditioners, or other duct work. Workstations that do not
routinely display sensitive information should always be stored in open, visible
spaces to prevent covert use.
Protect cabling, plugs, and other wires from foot traffic: Tripping over loose wires
is dangerous to both personnel and equipment.
Keep a record of your equipment: Maintain up-to-date logs of equipment
manufacturers, models, and serial numbers in a secure location. Be sure to
include a list of all attached peripheral equipment. Consider videotaping the
equipment (including close-up shots) as well. Such clear evidence of ownership
can be helpful when dealing with insurance companies.
Maintain and repair equipment: Have plans in place for emergency repair of
critical equipment. Either have a technician who is trained to do repairs on staff
or make arrangements with someone who has ready access to the site when
repair work is needed. If funds allow, consider setting up maintenance
contracts for your critical equipment. Local computer suppliers often offer
service contracts for equipment they sell, and many workstation and mainframe
vendors also provide such services. Once you've set up the contract, be sure
that contact information is kept readily available. Technical support telephone
numbers, maintenance contract numbers, customer identification numbers,
equipment serial numbers, and mail-in information should be posted or kept in a
log book near the system for easy reference. Remember that computer repair
technicians may be in a position to access your confidential information, so
make sure that they know and follow your policies regarding outside employees
and contractors who access your system.
Rebuff Theft:
Identify your equipment as yours in an overt way: Mark your equipment in an
obvious, permanent, and easily identifiable way. Use bright (even fluorescent)
paint on keyboards, monitor backs and sides, and computer bodies. It may
decrease the resale value of the components, but thieves cannot remove these
types of identifiers as easily as they can adhesive labels.
Losing a computer to theft has both financial costs (the replacement
value of the equipment) and information costs (the files contained on the hard
drive).
Identify your equipment as yours in a covert way: Label the inside of equipment
with the organization's name and contact information to serve as powerful
evidence of ownership.
Make unauthorized tampering with equipment difficult: Replace regular body
case screws with Allen-type screws or comparable devices that require a special
tool (e.g., an Allen wrench) to open them.
Limit and monitor access to equipment areas: Keep an up-to-date list of
personnel authorized to access sensitive areas. Never allow equipment to be
moved or serviced unless the task is pre-authorized and the service personnel
can produce an authentic work order and verify who they are. Require picture or
other forms of identification if necessary. Logs of all such activity should be
maintained. Staff should be trained to always err on the cautious side (and the
organization must support such caution even when it proves to be inconvenient).
Laptops and other expensive equipment that leave the office often never
return.
something you should do (icon)
Attend to Portable Equipment and Computers:
· Never leave a laptop computer unattended: Small, expensive things often
disappear very quickly--even more quickly from public places and vehicles!
Store laptop computers wisely: Secure laptops in a hotel safe rather than a hotel
room, in a hotel room rather than a car, and in a car trunk rather than the back
seat.
Stow laptop computers appropriately: Just because a car trunk is safer than its
back seat doesn't mean that the laptop won't be damaged by an unsecured tire
jack. Even if the machine isn't stolen, it can be ruined all the same. Stow the
laptop and its battery safely!
Don't leave a laptop computer in a car trunk overnight or for long periods of
time: In cold weather, condensation can form and damage the machine. In
warm weather, high temperatures (amplified by the confined space) can also
damage hard drives.
Regulate Power Supplies:
· Be prepared for fluctuations in the electrical power supply:
Do so by (1) plugging all electrical equipment into surge suppressors or electrical
power filters;
and (2) using Uninterruptible Power Sources (UPSs) to serve as auxiliary
electrical supplies to critical equipment in the event of power outages
Pay attention to the manufacturer's recommendations for storing portable
computer batteries--they carry live charges and are capable of igniting fires if not
handled properly.
· Protect power supplies from environmental threats: Consider having a
professional electrician design or redesign your electrical system to better
withstand fires, floods, and other disasters.
· Select outlet use carefully: Although little thought generally goes into outside users who enter your network from the Internet. The second deals with
plugging equipment into an outlet, machines that draw heavily from a power safeguarding information as it is being transmitted over the Internet.
source can affect, and be affected by, smaller equipment that draws energy from
the same outlet. Protect Your Network from Outsiders:

· Guard against the negative effects of static electricity in the office place:
Install anti-static carpeting and anti-static pads, use anti-static sprays, and
encourage staff to refrain from touching metal and other static-causing agents
before using computer equipment.
Protect Output:
Keep photocopiers, fax machines, and scanners in public view: These types of
equipment are very powerful tools for disseminating information--so powerful, in
fact, that their use must be monitored.
Assign printers to users with similar security clearances: You don't want
employees looking at sensitive financial information (e.g., staff salaries) or
confidential student information (e.g., individual records) while they are waiting
for their documents to print. It is better to dedicate a printer to the Director of
Finance than to have sensitive data scattered around a general use printer. Don't
hesitate to put printers in locked rooms if that is what the situation demands.
Label printed information appropriately: Confidential printouts should be clearly
identified as such.
Demand suitable security procedures of common carriers when
shipping/receiving confidential information: Mail, delivery, messenger, and courier
services should be required to meet your organization's security standards when
handling your confidential information.
Dispose of confidential waste adequately: Print copies of confidential information
should not be placed in common dumpsters unless shredded.
Electronic Mail Policy
User Responsibilities
These guidelines are intended to help you make the best use of the electronic
mail facilities at your disposal. You should understand the following:
The agency provides electronic mail to staff to enable them to communicate
effectively and efficiently with other members of staff, other companies, and
partner organizations.
When using the agency's electronic mail facilities you should comply with the
following guidelines.
If you are in any doubt about an issue affecting the use of electronic mail, you
should consult the IT Services Manager.
Any breach of the agency's Electronic Mail Policy may lead to disciplinary action.
Implement applicable security recommendations as raised in previous
chapters: Solid defense against external Internet threats includes the
proper implementation of relatively straightforward security measures like
encryption software, virus scanners , remote access regulations, and
passwords.
Isolate your network through the use of a firewall: Installing a firewall enables
the organization to decide which types of messages should be allowed into the
system from external sources (e.g., "nothing with identifiable virus coding" and
"nothing with decryptor coding structures"). The actual installation and operation
of the complex features requires expert technical assistance, but policy-makers
can make informed decisions about product features all the same. Locate
equipment and information that is intended for external users outside of the
firewall: If an organization's Web server is intended to provide information and
services to the public, it should not be located on the private side of the firewall.
Nor should it be able to access confidential information that resides inside the
firewall. This way, if the public Web server should ever be compromised,
confidential information is still protected. Protect Transmissions Sent over
the Internet:
Use Secure Sockets Layer (SSL) Servers to secure financial and information
transactions made with a Web browser: In a secure Web session, your Web
browser generates a random encryption key and sends it to the Web site host to
be matched with its public encryption key. Your browser and the Web site then
encrypt and decrypt all transmissions.
Authenticate messages through the use of digital signatures: A digital
signature amounts to a "fingerprint" of a message. It depicts the message such
that if the message were to be altered in any way, the "fingerprint" would reflect
it--thus making it possible to detect counterfeits. The converse, of course, is that
if the "fingerprint" does not change during transmission, you can be confident
that the message was not altered.
Authenticate messages through the use of time stamps or sequence numbers:
Another way to recognize when messages have been modified is to challenge
the "freshness" of the message. This is done by embedding time stamps,
sequence numbers, or random numbers in the message to indicate precisely
when and in what order the message was sent. If a received message's time and
sequence are not consistent, you will be alerted that someone may have
tampered with the transmission.
Authenticate message "receivers" through the use of digital certificates: By
requiring an authentication agent or digital certificate, you force the person on the
other end of the transmission to prove his or her identity. In the digital world,
trusted third parties can serve as certificate authorities--entities that verify who
a user is for you. In this way, digital certificates are analogous to a state-issued
driver's license. If you trust the party that issues the certificate (e.g., the state or
the certificate authority), then you don't need to try to verify who the user is
yourself.
Encrypt all messages sent over the Internet: As more and more messages
are sent over larger and larger networks, information becomes increasingly
vulnerable to assault. Encryption has become a leading tool to combat this
vulnerability. Like other countermeasures, it can be very effective if used
properly and regularly

DO

Do check your electronic mail daily to see if you have any messages.
Do include a meaningful subject line in your message.
Do check the address line before sending a message and check you are

sending it to the right person.

Do delete electronic mail messages when they are no longer required.
Do respect the legal protections to data and software provided by copyright

and licenses.
Do take care not to express views that could be regarded as defamatory or

libelous.
Do use an "out of the office assistant" to automatically reply to messages

when you are not available.

DO NOT

Do not print electronic mail messages unless absolutely necessary.

Do not expect an immediate reply; the recipient might not be at their
computer

or could be too busy to reply straight away.

Do not forward electronic mail messages sent to you personally to others,
particularly newsgroups or mailing lists, without the permission of the originator.
Do not use electronic mail for personal reasons.
Do not send excessively large electronic mail messages or attachments.
Do not send unnecessary messages such as festive greetings or other

nonwork items by electronic mail, particularly to several people.

Do not participate in chain or pyramid messages or similar schemes. Do not

represent yourself as another person.

Do not use electronic mail to send or forward material that could be
construed

as confidential, political, obscene, threatening, offensive, or libelous.

Network Security

Network security, especially as it relates to the biggest network of all, the

Internet, has emerged as one of today's highest-profile information security
issues. Many education organizations have already connected their computing
resources into a single network; others are in the process of doing so. The next
step for these organizations is to weigh the costs and benefits of opening a
connection between their private networks (with their trusted users) and the
unknown users and networks that compose the Internet.

Policy Issues

Connecting to the Internet doesn't necessarily raise its own security policy issues
as much as it focuses attention on the necessity of implementing security
strategies properly. Internet security goals fall within two major domains. The first
centers around protecting your networks, information, and other assets from