Cyber security and information assurance refer to measures for protecting computer systems, networks, and information
Cyber security often refers to safety of the
infrastructure and computer systems with a strong emphasis on the technology
Information assurance tends to have a
boarder focus with emphasis on information management and business practices
The two areas overlap strongly and the
Information assurance (IA) is the practice of managing information-related risks. More specifically, IA practitioners seek to protect and defend information and information
systems by ensuring confidentiality, data integrity, authentication, availability, and non-repudiation. IA measures include
Confidentiality has been defined by the International Organization for
Standardization (ISO) as "ensuring that information is accessible only to those
authorized to have access" and is one of the cornerstones of information security.
Confidentiality is one of the design goals for many cryptosystems, made possible in
Data integrity means that the data is "whole" or complete, and is identically maintained
during any operation (such as transfer, storage or retrieval). Data integrity is the assurance
that data is consistent and correct. Loss of integrity can result from:
Malicious altering, such as an attacker altering an account number in a bank transaction, or forgery of an identity document
Authentication is a security measure designed to establish the validity of a transmission, message, document or originator, or a means of verifying an
individual's authorization to receive specific categories of information.
Authentication technologies include:
passwords, digital signatures, keys and
Availability means that the information, the computing systems used to process the
information, and the security controls used to protect the information are all available and functioning correctly when the
information is needed = timely, reliable
Non-repudiation is the assurance the sender of data is provided with proof of
delivery and the recipient is provided with proof of the sender's identity, so neither can later deny having processed the data.
Technologies include:
The global recession will lead to a rise of cybercrime worldwide according to 2009
cybercrime forecasts from leading IT security firms.
Approximately 1.5 million pieces of unique
malware will have been identified by the end of the year, more than in the previous five years combined.
The optimal way to prevent malicious files from infecting PCs and corporate networks is active real-time content inspection technologies.
The United States has bypassed China as
the biggest purveyor of malware as well as sends the most spam worldwide, says
Sophos Security Threat Report: 2009.
Not only is the USA relaying the most spam
because too many of its computers have been compromised and are under the
control of hackers, but it's also carrying the most malicious webpages.
Cybercriminals will continue to exploit the
best Web 2.0 technologies, such as Trojan technologies.
Cybercriminals are increasingly relying on
Adobe PDF and Flash files, normally considered safe, to infect victims with malware.
Hackers have been breaking into Facebook
and MySpace and implanting malware to distribute to a victim's social network.
Increasing complexity of IT systems and networks Convergence of IT and communication systems Expanding wireless connectivity and multiplicity
of wireless devices
Increasing amount of digital information collected Increasing connectivity and accessibility of digital
information systems
Globalization of IT and information systems Increased web access to a wide range of web
services and web applications
Increase in all forms of digital commerce
Trends towards data-marts and hosted data
Network security Disaster recovery
Information system security technologies Wireless system security
Internet security
Legal issues, standards and compliance Cybercrime
Information management
Information audit and risk analysis Digital forensics
Types of intrusion and intrusion detection
systems
Firewalls and access control
Cryptography
Digital certificates
Biometrics
Digital authentication and Public Key
Infrastructure (PKI)
Cryptography systems
Identification and authentication systems
Operating system security
E-commerce security tools and strategies
Firewalls and proxy servers
Anti-malware and anti-spyware technology
Anti-piracy techniques
en.wikipedia.org/wiki/Cyber_security
en.wikipedia.org/wiki/Information_assurance
www.cssia.org/
www.afei.org/news/NCES/NCES_Information_Assurance.pdf
www.nitrd.gov/pubs/csia/csia_federal_plan.pdf
www.sis.uncc.edu/LIISP/slides00/GAIL.pdf
www.cnss.gov/Assets/pdf/cnssi_4009.pdf
www2.cs.uidaho.edu/~oman/CS336_F08_syllabus.pdf
www.coastline.edu/degrees/page.cfm?LinkID=786