Cyber security and information assurance refer to measures for protecting computer systems, networks, and information

 Cyber security often refers to safety of the

infrastructure and computer systems with a strong emphasis on the technology

 Information assurance tends to have a

boarder focus with emphasis on information management and business practices

 The two areas overlap strongly and the

Information assurance (IA) is the practice of managing information-related risks. More specifically, IA practitioners seek to protect and defend information and information

systems by ensuring confidentiality, data integrity, authentication, availability, and non-repudiation. IA measures include

Confidentiality has been defined by the International Organization for

Standardization (ISO) as "ensuring that information is accessible only to those

authorized to have access" and is one of the cornerstones of information security.

Confidentiality is one of the design goals for many cryptosystems, made possible in

Data integrity means that the data is "whole" or complete, and is identically maintained

during any operation (such as transfer, storage or retrieval). Data integrity is the assurance

that data is consistent and correct. Loss of integrity can result from:

 Malicious altering, such as an attacker altering an account number in a bank transaction, or forgery of an identity document

Authentication is a security measure designed to establish the validity of a transmission, message, document or originator, or a means of verifying an

individual's authorization to receive specific categories of information.

Authentication technologies include:

 passwords, digital signatures, keys and

Availability means that the information, the computing systems used to process the

information, and the security controls used to protect the information are all available and functioning correctly when the

information is needed = timely, reliable

Non-repudiation is the assurance the sender of data is provided with proof of

delivery and the recipient is provided with proof of the sender's identity, so neither can later deny having processed the data.

Technologies include:

 The global recession will lead to a rise of cybercrime worldwide according to 2009

cybercrime forecasts from leading IT security firms.

 Approximately 1.5 million pieces of unique

malware will have been identified by the end of the year, more than in the previous five years combined.

 The optimal way to prevent malicious files from infecting PCs and corporate networks is active real-time content inspection technologies.

 The United States has bypassed China as

the biggest purveyor of malware as well as sends the most spam worldwide, says

Sophos Security Threat Report: 2009.

 Not only is the USA relaying the most spam

because too many of its computers have been compromised and are under the

control of hackers, but it's also carrying the most malicious webpages.

 Cybercriminals will continue to exploit the

best Web 2.0 technologies, such as Trojan technologies.

 Cybercriminals are increasingly relying on

Adobe PDF and Flash files, normally considered safe, to infect victims with malware.

 Hackers have been breaking into Facebook

and MySpace and implanting malware to distribute to a victim's social network.

 Increasing complexity of IT systems and networks  Convergence of IT and communication systems  Expanding wireless connectivity and multiplicity

of wireless devices

 Increasing amount of digital information collected  Increasing connectivity and accessibility of digital

information systems

 Globalization of IT and information systems  Increased web access to a wide range of web

services and web applications

 Increase in all forms of digital commerce

 Trends towards data-marts and hosted data

 Network security  Disaster recovery

 Information system security technologies  Wireless system security

 Internet security

 Legal issues, standards and compliance  Cybercrime

 Information management

 Information audit and risk analysis  Digital forensics

 Types of intrusion and intrusion detection

systems

 Firewalls and access control

 Cryptography

 Digital certificates

 Biometrics

 Digital authentication and Public Key

Infrastructure (PKI)

 Cryptography systems

 Identification and authentication systems

 Operating system security

 E-commerce security tools and strategies

 Firewalls and proxy servers

 Anti-malware and anti-spyware technology

 Anti-piracy techniques

 en.wikipedia.org/wiki/Cyber_security

 en.wikipedia.org/wiki/Information_assurance

 www.cssia.org/

 www.afei.org/news/NCES/NCES_Information_Assurance.pdf

 www.nitrd.gov/pubs/csia/csia_federal_plan.pdf

 www.sis.uncc.edu/LIISP/slides00/GAIL.pdf

 www.cnss.gov/Assets/pdf/cnssi_4009.pdf

 www2.cs.uidaho.edu/~oman/CS336_F08_syllabus.pdf

 www.coastline.edu/degrees/page.cfm?LinkID=786