Information Systems Security

  • Briefly define each of the three members of the information security triad.

The information security triad consists of confidentiality, integrity and availability. Confidentiality is mostly about protecting information, by restricting access from others being able to see sensitive content. Integrity refers to information not being tampered with and remaining true to its reputation and not altered. Availability refers to information being available to someone who is  authorized to access the information in a timely manner.

  • What does the term authentication mean?

Authentication means to make sure the person who is gaining access to the sensitive information is truly who they are portraying to be when accessing the information. The process could be for example passwords, user ID and unique pin codes to make sure the person who is authorized only can gain access because of their special identity to be authorized. 

  • What is multi-factor authentication?

A multi-factor authentication is when a person combines two or more factors making it harder for someone to pretend to be them and still the authorized person’s identity. 

  • What is role-based access control?

When dealing with role-based access control (RBAC) users are given specific and detailed roles and then those roles are granted and assigned the access. 

  • What is the purpose of encryption, and fundamentally how does it work?

Encryption is the process of encoding data before it’s transmission or storage so only authorized individuals have access to the information. For it to work and be successful the sender and receiver need to be in agreement on the method of encoding so that both parties can communicate properly.  

  • What is pretexting and how does it represent a threat in the Cybersecurity landscape?

Pretexting happens when an attacker calls a help desk pretending to be the authorized person complaining about logging in issues. Then the attacker conveniences the service person to reset the password for the account.

  • What’s the point in backups & what are the components of a good backup plan?

Backup plans are essential for companies and consist of different components with one being knowing the organization’s information and knowing where all the information is stored. Another component would be regularly backing up all of the organization’s data, critical and important data should be backed up daily while less major data can be backed up weekly. One important component is having an offline storage space just in case a storm was to happen and the power went down with an offline storage space the data would still be accessible. Lastly, testing the data backups makes sure the backup plan will be useful for emergencies. 

  • What is a firewall?

A firewall essentially protects all company servers by stopping packets from outside the organization’s network that don’t meet a certain set of criteria. A firewall is either hardware or software and sometimes both. A hardware firewall is a device that connects to the network and filters the packets based on a set of rules. While on the other hand a software firewall runs on the operating system and intercepts packets as they arrive at a computer. 

  • Discuss various types of Firewalls.

Intrusion Detection Systems provides the function to identify when the network is being attacked by watching certain activity, and alert security personnel if suspicious activity occurs. A virtual private network allows outside users of a corporate network to take a shortcut around the firewall and access the internal network from the outside.

  • What does the term physical security mean and how does it apply to Cybersecurity?

Physical security is the protection of actual hardware and networking components that store and transmit information resources. Physical security can apply to Cybersecurity because the process involves ensuring that the sensitive resources can not be tampered or stolen just like Cybersecurity is controlling cyber attacks so sensitive information doesn’t get accessed in the wrong hands and become a risk for the organization.