Assignment: Understanding Information Assurance and Security

1. Define and explain the following key concepts in your own words:
o Confidentiality
Confidentiality refers to protecting information from
unauthorized access. Maintaining confidentiality helps achieve
multiple important goals, including ensuring privacy and
avoiding ransomware attacks.
o Integrity
The integrity of data may be compromised unintentionally by
a system malfunction, errors in entering data, or forgetting to
maintain an up-to-date backup. Integrity can also be
compromised by malicious actors attempting to tamper with
data. For example, a phishing scam aimed at changing bank
account routing numbers in our payroll system is threat to the
integrity of our institutional data. Integrity means data are
trustworthy, complete, and have not been accidentally altered
or modified by an unauthorized user.
o Availability
Availability means information resources (e.g., computer
hardware, software, networks, and data) are accessible when
you need them. Ongoing availability is crucial to daily
operations of our institution.
2. Research and provide an example of a recent security breach or
incident. Answer the following questions:
 What happened during the incident?

In November 2024, Chinese hackers known as Salt Typhoon

breached at least eight U.S. telecommunications providers, as well
as telecom providers in over twenty other countries. The attackers
exploited vulnerabilities to gain unauthorized access, raising
significant concerns about the security of critical infrastructure.

Details of the Incident’s;

The breach was part of a broader espionage and intelligence

collection campaign that reportedly began up to two years prior to
the incident. Attackers successfully infiltrated telecom networks,
leading to the theft of sensitive customer data, including call records
and law enforcement surveillance requests. The breach
compromised private communications of individuals involved in
government or political activities, raising alarms about national
security and the potential for misuse of the stolen data.
  Which of the key concepts (confidentiality, integrity, availability)
were compromised?
To determine which key concepts—confidentiality, integrity, or availability
—were compromised, we need to analyze the specific context or incident
in question.
Here’s a brief overview of each concept:
Confidentiality: This refers to the protection of information from
unauthorized access and disclosure. If sensitive data was accessed or
leaked without permission, confidentiality was compromised.
Integrity: This involves maintaining the accuracy and completeness of
information. If data was altered, corrupted, or tampered with, integrity
was compromised.
Availability: This ensures that information and resources are accessible
to authorized users when needed. If a system was down or data was
inaccessible, availability was compromised.

 What measures could have been implemented to prevent the

breach?

To prevent breaches related to confidentiality, integrity, and

availability, organizations can implement several key measures.
These include strong access controls, encryption of sensitive data,
regular security audits, multi-factor authentication, network
segmentation, and employee training on security best practices.
Additionally, physical security measures, such as locks and
surveillance, can help protect data in physical locations.

3. Write a short essay (500-700 words) on the importance of

information security in modern organizations. Include examples and
references to support your points.

The Importance of Information Security in Modern Organizations

In today’s digital age, information security has become a cornerstone
of organizational integrity and operational success. As businesses
increasingly rely on technology to store, process, and transmit
sensitive data, the risks associated with data breaches and
cyberattacks have escalated dramatically. Information security is not
merely a technical issue; it is a critical component of business
strategy that protects an organization’s assets, reputation, and
 customer trust.
One of the primary reason’s information security is vital for modern
organizations is the protection of sensitive data. Organizations
handle a plethora of sensitive information, including personal
identifiable information (PII), financial records, and intellectual
property. A breach of this data can lead to severe consequences,
including financial loss, legal ramifications, and damage to
reputation.
Information security is also crucial for maintaining business
continuity. Cyberattacks, such as ransomware, can disrupt
operations and lead to significant downtime. In an era where
consumers are increasingly aware of data privacy issues, information
security plays a vital role in building and maintaining customer trust.
Customers are more likely to engage with organizations that
demonstrate a commitment to protecting their data.

In conclusion, information security is of paramount importance in

modern organizations. It protects sensitive data, ensures compliance
with regulations, maintains business continuity, builds customer
trust, and safeguards organizational reputation. As cyber threats
continue to evolve, organizations must adopt a proactive approach
to information security, investing in the necessary technologies,
policies, and training to mitigate risks. By doing so, they not only
protect their assets but also position themselves for sustainable
growth in an increasingly digital world.

Federal Trade Commission. (2019). Equifax Data Breach Settlement.

Retrieved from FTC.gov
Information Commissioner’s Office. (2020). British Airways fined £20
million for data breach. Retrieved from ICO.org.uk
PwC. (2018). Consumer Intelligence Series: Protect.me. Retrieved
from PwC.com
Target Corporation. (2014). Target Reports Data Breach. Retrieved
from Target.com
U.S. Department of Justice. (2021). Colonial Pipeline Ransomware Attack.
Retrieved from [Justice.gov](https://www.justice.gov/opa/pr/justice-
department-announces
 REBUPLIC OF THE PHILIPPINES
EASTERN SAMAR STATE UNIVERSITY
SALCEDO CAMPUS
SALCEDO EASTERN SAMAR

ASSIGNMENT: Understanding Information

Assurance and Security
PIO MARK G. BAGUNAS BSCS II-2
DATE: JANUARY 28, 2025