CAB240 Lecture Notes - Lecture 13: Information Security Management, Information Security, Denial-Of-Service Attack

On completing this unit, you should: be able to, understand the fundamental concepts and major issues in information security, Which aspects are important: what is information security, security goals and services - confidentiality, integrity, availability. Information states: storage, transmission, processing: threats, vulnerabilities, attacks, security measure or controls, technological, policy and practices, education and training. L2: threats, vulnerabilities, and attacks: threats, threat sources - internal, external, threat types - natural event or human action (deliberate or otherwise, vulnerabilities, associated with property, people and procedures. If action is deliberate, it is an attack, not an incident: attack types, passive: no interaction by attacker, does not change system, eavesdropping, shoulder surfing, active: requires action or interaction with system by attacker. Spoofing: dos, ddos, mitm, phishing, replay, malware, etc. Information security and risk management: what is risk, why do we need to manage risk, how can we manage risk, as/nzs27005:2012 info security risk management.