DFP40263_Topic 1_1.2

DFP40263

SECURE MOBILE COMPUTING

Topic 1: Information Security Overview

INFORMATION SECURITY
OVERVIEW

At the end of the lecture students will be able to :

1.1 Display the need of information security

1.2 Measures potential risks to information security

Measures Potential Risks to Information Security

 Information theft
 Unauthorized disclosure
 Information warfare
 Accidental data loss
 Data disclosure
 Data modification
 Data availability

Information theft

 Network eavesdropping can lead to information theft.
 The theft can occur as data is transmitted over the internal or external network.
 The network intruder can also steal data from networked computers by gaining

unauthorized access.
 Example : Credit Card Number Theft, ATM Spoofing, PIN Capturing,

Database Theft, Electronic Cash

30

Unauthorized disclosure

To disclose inforTmoatidonistcolaonsiendiivnidfuoarlmwhaotiisonnottaouthaonrizienddtoivreidceuivaelitw. ho is not authorized to receive it.

An event(s) involving the exposure of information to entities not authorized access to the information.
Communication or physical transfer of classified national intelligence, including personal information or any valuable information to
an unauthorized recipient/receiver.

31

Information warfare

 The use of information, and attacks on information, as a tool of warfare.
 The use of electronic communications and the internet to disrupt a country’s

telecommunications, power supply, transport system, etc.
 Information warfare is comprised of giving the enemy propaganda to convince them to

give up and denying them information that might lead to their resistance.

32

Accidental data loss

 Data loss is an error condition in information systems in which information is destroyed by failures
or neglect in storage, transmission, or processing.

 Information systems implement backup and disaster recovery equipment and processes to
prevent data loss or restore lost data.

 Data loss is distinguished from data unavailability, which may arise from a network outage.
Although the two have substantially similar consequences for users, data unavailability is
temporary, while data loss may be permanent.

33

Data disclosure

 Exposure data or file which consists of valuable information.
 Revealing system data or debugging information helps an adversary learn about the system and

form a plan of attack.
 An information leak occurs when system data or debugging information leaves the program

through an output stream or logging function.

34

Data modification

 Modifying the actual data stored in system
 An act which aiming at achieving objectives that will benefits some parties, or
 It can be an act of sabotage to the existing functional network.

35

Data availability

 Data is to be available at a required level of performance in all situations.
 Can be accessed by authorized users at anytime.
 Ready to be used by intended / authorized users.

36

Group Activity :

Identify the roles of the information security
organizations.
 Define the full name of the organization
 Developed by whom?
 Organizations Logo
 Organizations mission, vision, aims and purposes
 Organizations contributions
 Technologies / standards created by organization
 Any members or associates organizations
 How to contact?

Group Task :

• GROUP 1 : CERT / CC
• GROUP 2 : US-CERT
• GROUP 3 : SANS Institute
• GROUP 4 : (ISC)2
• GROUP 5 : FIPS & ICSA

38