Information: definition, difference between information and data. Security: definitions (freedom;
thing, measure).
Historic perspectives (isolation, resource sharing, likelihood of attack).
InfoSec is security of information and information systems; components of an information system.
Information security vs information assurance.
Information security services:
– confidentiality
– authentication of integrity
– authentication of origin
– nonrepudiation
– availability
– access control
– For each service:
• Can you give examples from everyday life where it is needed?
• Is it always needed?
• What are some ways you might try to provide it?
• How might it be violated?
Security is not absolute: trade-off between security and usability. Terminology: need to understand,
reference sources.
What do we mean by “threat” in the information security context? Does it require an action? What
is a threat action? Can you give examples?
What is a threat agent? Can you give examples?
Can you name, explain, and give examples of the three types of threat? What makes an attack
different from a human error?
What are other names for a successful attack? What is a zero-day attack?
About 2/3 of incidents occur .
What is an “insider”? Why are insiders a threat? What might they do? Why is an ex-employee a
threat?
How should an organization handle someone who quits or is fired?
Can you name, explain, and give examples of categories of outsiders who could be a threat? What is
malware? What is its threat agent?
Can you explain and give examples of malware transport mechanisms? Can you explain and give
examples of malware payloads?
What is a trapdoor (or backdoor)?
What is a logic bomb? What is a time bomb? What is a Trojan horse? What is a RAT?
What is a software bacterium? What is a software virus?