Page 41 - DCAP309_INFORMATION_SECURITY_AND_PRIVACY
P. 41

Unit 3: Building Blocks of Information Security




          Rootkit: A  hacker security  tool that  obtains passwords and  message  traffic to  and  from  a  Notes
          computer.
          Smurfing: Software that mounts a denial of service attack by destroying IP broadcast addressing
          and ICMP ping packets to cause flooding.
          Spam: Haphazardly sending unsolicited, unwanted, irrelevant  or inappropriate messages,
          particularly commercial advertising in mass quantities, is measured spam. Another term used
          to portray spam is “electronic junk mail.”
          Spoofing: Impersonating another person or computer, generally by providing a false  email
          name, URL or IP address.
          Spyware:  Software that gathers information about  a  person  or  organization without  their
          knowledge or informed consent and reports such data back to a third party.
          Threat: Any situation or event with the potential to unfavorably impact an information system
          via unauthorized access, destruction, disclosure, modification of data, and/or denial of service.

          Virus: Self-replicating,  malicious code  that links itself to  an application  program or  other
          executable system component and leaves no noticeable signs of its presence.
          Vulnerability: Weakness in an information system, system security procedures, internal controls,
          or implementation that could be destroyed.
          Worm:  Autonomous  program  that  replicates  from  machine  to  machine  across  network
          connections generally clogging networks and information systems as it spreads.

          Self Assessment

          Fill in the blanks:
          10.  ....................... is a hacker security tool that obtains passwords and message traffic to and
               from a computer.

          11.  Haphazardly  sending unsolicited,  unwanted, irrelevant  or inappropriate  messages,
               particularly commercial advertising in mass quantities, is measured ....................... .

          3.4 Three Pillars of Information Security


          There are three pillars of information security; that is confidentiality, integrity and availability
          that are important to guaranteeing the effective safety of information. Each of these pillars will
          be discussed as below.
          3.4.1 Confidentiality


          The first pillar, confidentiality, is related with guaranteeing that information of a particular
          classification is not disseminated to persons outside the group for which it is classified. It makes
          sure that only those individuals who have access permissions will  be able to inspect certain
          information. The group for which the information is classified could be a particular organization,
          department or a specific individual.
          Confidentiality means that sensitive information must be prohibited from  being revealed  to
          illegal parties. There are usually two methods, or an amalgamation of these, in the course of
          which confidentiality can be provided. One method is to limit access to the information that
          must be kept undisclosed. The other method is to encrypt the secret information. Confidentiality
          is at times also known as secrecy.




                                           LOVELY PROFESSIONAL UNIVERSITY                                   35
   36   37   38   39   40   41   42   43   44   45   46