LEARN TO PROTECT YOUR INTELLECTUAL PROPERTY
The most important security concepts related to information on the internet are confidentiality, integrity and availability, whereas the most important concepts related to the people using the information on the internet are authorisation, authentication and non-repudiation.
A key issue of displaying information on the internet or on any other information system is to make sure that only the authorised people are able to view that information. Confidentiality is a very important attribute when it comes to information security, but when unauthorised people obtain access to information, the result will be loss of confidentiality. In some countries, there is a need to protect the privacy of individuals and prevent unlawful access to their information. This includes but is not limited to: information stored in banks, hospitals and medical records, medical laboratories and medical research data, the tax office, and many others.
This course will introduce you to Information Security concepts, so you can ensure your information is protected.
Lesson Structure
There are 11 lessons in this course:
- Introduction to Information Security
- Need for Security
- Basic Security Concepts
- Security Breaches and Intrusions
- Types of Threats
- Threat Assessment
- Vulnerability Assessment
- Security through Obscurity
- Hackers
- Crackers
- The Difference between Hackers and Crackers
- IP Spoofing
- Blind Spoofing
- Man in the Middle Attack
- Denial of Service
- Distributed Denial of Service
- Phishing
- How to Defend against Spoofing
- What is a Botnet
- Types of bots and their Malicious Use
- Information Security Ethics
- Ethical Issues facing IT Professionals
- Legal Issues facing IT Professionals
- Intellectual Property Rights
- Data Integrity and Backing up
- What is Data Integrity
- Protection
- Detection
- Correction
- What is Data backup
- Full backup
- Incremental backup
- Mirror backup
- Offsite backup
- Offsite versus Onsite Backup
- Disk based versus Tape based Backup
- Online backup
- Vulnerabilities of Operating Systems and Information Systems
- What is Vulnerability
- Operating Systems and Software Vulnerability
- Running Virus Protection Software
- Updating Security Patches for Software
- Approved Software
- FTP Vulnerability
- Trojan Horses
- Who is at Risk of Trojan Horses
- Protection against Trojans
- Risk Management
- What is Risk Management
- Key Roles in the Risk Management Process
- Risk Assessment
- Characterising the System
- Identifying Threats
- Control Analysis
- Determining Likelihood Ratings
- Analyzing the Impact
- Determining the Risks
- Controls Recommendations
- Risk Mitigation
- Risk Evaluation
- Information Security Technologies, Developments and Initiatives
- What is VPN (Virtual Private Network)
- Features and Benefits of VPN
- Components of Remote Access VPN
- Protocols Used in VPN Connections
- Advantages and Disadvantages of VPN
- What is a Firewall
- Main Functions of Firewalls
- Packet Filtering
- Circuit Relay
- Application Gateway
- Firewall Rules
- What are Intrusion Detection Systems (IDS)
- Types of IDS
- IDS versus Firewalls
- Physical Security
- What is Physical Security?
- Natural Disasters and Controls
- Lightning
- Power Loss
- Fire
- Earthquake
- Liquid Leakage
- The Human Factor
- Locks
- Tokens
- Challenge-response Tokens
- Dumb Cards
- Smart Cards
- Biometric Devices
- Fingerprint Scanners
- Retnal Scan Devices
- Palm Scan Devices
- Hand Geometry Devices
- Facial Recognition Devices
- Developing a security Policy
- Introduction
- Need for Security
- Importance of Security Policy
- Developing a Security Policy
- Implementing and revising a security policy
- Introduction
- Communicating the Security Policy
- Enforcing the Security Policy
- Assessing the Security Policy
- Common Security Policies
- Password Policy
- Access Control Policy
- Displaying a Warning Notice
- Audit Policy
- Server Security Policy
- Automatically Forwarded Emailsa Policy
- Information Sensitivity Policy
- Anti Virus Policy
- Remote Access Policy
- Wireless Communication Policy
- Business Continuity and Disaster Recovery Planning
- Difference between disaster recover and business continuity?
- Disaster recovery plan
- Business continuity plan
- Information Security Maintenance
- Time Management
- Networking
- Management
- Attitude
- Procedures
- Products and Services
- The Law
Each lesson culminates in an assignment which is submitted to the school, marked by the school's tutors and returned to you with any relevant suggestions, comments, and if necessary, extra reading.
LEARN TO ASSESS SECURITY THREATS THEN RESPOND ACCORDINGLY
When implementing security for a home computer or a business alike, one needs to assess the security threats for the information system, regardless of how small or large it is, however, the existence of threats to any system in general does not mean that harm will arise; it simply means that the system administrators are aware of the threats and they should use this knowledge to develop some action plans to mitigate the risks of each threat.
A threat is only harmful to a system if the system contains some sort of vulnerability to this particular threat. A vulnerability assessment is required to identify the degree of susceptibility of a particular system to any possible threat to this system.
Safeguards are usually adopted by organisations to counter vulnerabilities in systems. For example, many companies and businesses choose to install lightning rods on their buildings to avoid being hit by a lightning strike. These lightning rods are considered to be safeguards against lightning strikes because if a lightning strike hits the building, the rods will help divert the strike, thus protecting all the electrical and electronic systems in the building. Safeguards against power surges and power failures include using surge protectors and UPS systems (uninterruptable power supply).
When discussing vulnerability assessment for an information system or any other system, it is important to understand the term “risk assessment”. The first question you should ask yourself is: what is ‘risk’? The term risk is generally used to replace terms like ‘harm’, ‘threat’ and ‘vulnerability’, however, in the world of information security; the word risk defines the likelihood of a threat causing harm to a particular information system due to vulnerabilities in the system.
After a business undertakes risk assessment for their information system, the stakeholders will need to make a decision on whether it is worth spending money on risk mitigation or not. This decision will need to take into account all the costs involved in implementing risk mitigation techniques and the costs involved include the following:
- the time managers spend in planning for risk mitigation;
- the time employees spend in implementing the risk mitigation plans;
- the time employees spend in backing up data;
- the costs of purchasing additional media for storing data and software;
- the time and costs of providing training to staff about new procedures;
- any additional costs arising from contracting support from alternative sites for redundancy and offsite backups.
Risks can be classified according to their degree of likelihood as well as the impacts they cause if they happen and the costs the business should incur if its stakeholders decide to establish safeguards against those risks.
Information security requires risks to be managed and mitigated, but at the same time, individuals and businesses need to understand that it is not possible to achieve absolute security on their information systems because there is always a risk that something goes wrong regardless of how much they think they are prepared. Security is more about usability and finding the right balance between acceptable loss and the required level of protection against identified threats.