Information security
domingo, 29 de julio de 2018
miércoles, 25 de julio de 2018
Reflection
Conclusión
Sabemos que la seguridad
de la información es muy importante ya que este es el conjunto de prevenciones que
podemos utilizar para resguardar y proteger la información siempre y cuando
buscando mantener la confidencialidad.
¿Acerca de este tema, cómo
podemos prevenir un ataque informático?
(puedes dejar tu comentario en la parte de abajo! c: )
(puedes dejar tu comentario en la parte de abajo! c: )
sábado, 21 de julio de 2018
Deliberate Act of Trespass
Deliberate
Act of Trespass
The
typical requirements of this crime of computer intrusion:
unreasonable access (the defendant was not authorized at the time of
execution of the facts, which is recognized by the appeal itself);
violation of computer security measures; and access to company
employees' emails, corporate emails, and data and computer programs
of the company.
The
good that is protected is computer freedom understood as the right of
the citizen to control personal and family information that is
collected in data files, which constitutes a positive dimension of
privacy that constitutes the protected legal right.
In
addition, given the reserved nature of the data, the files or records
must be of limited access and use to specific individuals and for
specific purposes, regardless of their nature: personal, academic or
work, medical, economic, etc ... It deals, in reality, with personal
information related more to privacy than to privacy. They do not have
to be computerized because they also accept any other type of file or
public or private registry.
- unauthorized access to info. that an organization is trying to protect
- low-tech: shoulder surfing
- high-tech: hacking
Deliberate Act of Sabotage or Vandalism
Deliberate
Act of Sabotage
or Vandalism
It is a process by
which a modification, destruction, obstruction or any intervention in an
outside operation is carried out, in order to obtain some benefit for oneself.
Sabotage is understood as any meddlesome action on other people's affairs.
These sabotages are
carried out by people who seek to benefit themselves or prevent something.
The term computer
sabotage includes all those behaviors aimed at eliminating or modifying
functions or data in a computer without authorization, in order to hinder its
correct functioning, that is, to cause damage to the hardware or software of a
system.
The methods used to
cause damage to computer systems are very varied and have evolved into
techniques increasingly sophisticated and difficult to detect.
• Acts
aimed to destroy an information asset and, ultimately, damage the image of an
organization
• Example:
- hackers accessing a system and damaging or destroying critical data
- hackers accessing a system and damaging or destroying critical data
jueves, 19 de julio de 2018
Deliberate Act of Info. Extortion / Blackmail
Security
researchers warn: “Information security continues to be ignored by top
managers, middle managers, and employees alike.
The result of
this neglect is that organizational systems are far less secure than they might
otherwise be and that security breaches are far more frequent and damaging than
is necessary”
In order to
strengthen the level of protection of information in the organization, those
responsible for that information must begin with an understanding of the
threats facing the information, and then must examine the vulnerabilities
inherent in the systems that store,
process, and
transmit the information possibly subjected to those threats. The first part of
this strategy is the identification of the dominant threats facing
organizational information security, and the ranking of those threats in order
to allow organizations to direct priorities accordingly.
What is a deliberate act?
Deliberately it is an adverb that is used to refer to what is
done deliberately. This means that these are actions developed on purpose, with
intention. ... The fact that an act is deliberate or not, in short, has to do
with the planning and intentionality of the subject.
• hacker or
trusted insider steals information and demands compensation for its return
• example:
- theft of data files containing customer credit card information
- theft of data files containing customer credit card information
Security threat
Security threat
Any action/inaction that could cause
disclosure, alteration, loss, damage or unavailability of a
company’s/individual’s assets.
In computer security, a threat is a
possible danger that might exploit a vulnerability to breach security and
therefore cause possible harm.
A threat can be either
"intentional" (i.e. hacking: an individual cracker or a criminal
organization) or "accidental" (e.g. the possibility of a computer
malfunctioning, or the possibility of a natural disaster such as an earthquake,
a fire, or a tornado) or otherwise a circumstance, capability, action, or
event.
A potential cause of an incident, that
may result in harm of systems and organization
A more comprehensive definition, tied to an Information assurance point of view, can be found in "Federal Information Processing Standards (FIPS) 200, Minimum Security Requirements for Federal Information and Information Systems" by NIST of United States of America.
A more comprehensive definition, tied to an Information assurance point of view, can be found in "Federal Information Processing Standards (FIPS) 200, Minimum Security Requirements for Federal Information and Information Systems" by NIST of United States of America.
Any
circumstance or event with the potential to adversely impact organizational
operations (including mission, functions, image, or reputation), organizational
assets, or individuals through an information system via unauthorized access,
destruction, disclosure, modification of information, and/or denial of service.
Also, the potential for a threat-source to successfully exploit a particular
information system vulnerability.
There are
three components of threat:
> Targets: organization’s
asset that might be attacked
-information
(its confidentiality, integrity, availability), software,
hardware, network service, system resource,
etc.
>Agents: people or
organizations originating the threat –intentional or non intentional.
-employees,
ex- employees, hackers, commercial rivals, terrorists, criminals, general
public, customers.
> Events: type of
action that poses the threat
-misuse of
authorized information, malicious / accidental alteration of
information,
malicious / accidental destruction of information, etc.
Suscribirse a:
Entradas (Atom)
-
Conclusión Sabemos que la seguridad de la información es muy importante ya que este es el conjunto de prevenci...
-
Deliberate Act of Info. Extortion / Blackmail Security researchers warn: “Informat...