Information: definition, difference between information and data. Security: definitions (freedom; thing, measure). Historic perspectives (isolation, resource sharing, likelihood of attack). InfoSec is security of information and information systems; components of an information system. Information security vs information assurance. Information security services: - confidentiality - authentication of integrity - authentication of origin - nonrepudiation - availability - access control - For each service: Can you give examples from everyday life where it is needed? Is it always needed? What are some ways you might try to provide it? How might it be violated? Security is not absolute: trade-off between security and usability. Terminology: need to understand, reference sources. Lecture 2 What do we mean by threat in the information security context? Does it require an action? What is a threat action? Can you give examples? What is a threat agent? Can you give examples? Can you name, explain, and give examples of the three types of threat? What makes an attack different from a human error? What are other names for a successful attack? What is a zero-day attack? About 2/3 of incidents occur. What is an insider? Why are insiders a threat? What might they do? Why is an ex-employee a threat? How should an organization handle someone who quits or is fired? Can you name, explain, and give examples of categories of outsiders who could be a threat? What is malware? What is its threat agent? Can you explain and give examples of malware transport mechanisms? Can you explain and give examples of malware payloads? What is a trapdoor (or backdoor)? What is a logic bomb? What is a time bomb? What is a Trojan horse? What is a RAT? What is a software bacterium? What is a software virus? What is a software worm? What is a rootkit? Why is it used? What is spyware? What is adware? What are some risks when performing offensive security operations? Do you have to be an expert attacker to successfully defend against attacks? Why is defense harder than offense in this context? What is a countermeasure? Can you name and explain the three types? Lecture 3 Why is security management more than just implementing security technologies? What is the goal of information security? What is defense in depth? Can you give examples from everyday life, and from I.T.? Why is managing security difficult? Why is a formal process necessary? What is compliance? Why is it important? Why is important that information security NOT be seen as cops looking to bust offenders? What are some important strategic considerations? What are the driving forces behind compliance? Why does the compliance work grow every year? What is SOX? What it its purpose? What types of privacy laws might apply to a multinational corporation? What is FISMA? What does it require? Where in an organization should the information security function be placed? What is outsourcing? How might it impact security? What is an MSSP? What is risk analysis? What is classic risk analysis? What are some problems with it? Can you name, explain, and give examples of the four risk control strategies? What is a technical security architecture? What does legacy mean in this context? Why is it important to identify and eliminate single points of vulnerability? What is the function of a policy? Why is it important? Can you give examples of policies related to information security? What is implementation guidance in this context? Can you name, explain, and give examples of the three types? What is segregation (or separation) of duties? Can you give an example? What is request/authorization control? Can you give an example? How should exceptions to policy be handled? What is oversight? What are some common oversight functions? What is a governance framework? Can you give examples?