Introduction to Security and Information Assurance

Learning outcomes

• Be able to understand and explain the basic CIA principles
• Explain and implement basic safe handling of information including data transfer
• Assess value of data sets and the risks involved with them
• Explain authentication, two-factor authentication and access control.

Would you like to download my PowerPoint to follow along?

• Why is Security Important?
• World's Biggest Data Breaches & Hacks
• Password Do's and Don'ts
• Personal vs Corporate Security
• Authentication
• Factors of authentication
• Multifactor authentication
• CIA triad plus non-repudiation
• Confidentiality
• Integrity
• Availability
• Non-Repudiation
• Communication attacks
• Denial of Service
• DOS
• DDOS
• Security Policy vs Security Mechanism
• Security Policy
• What is and is not allowed
• Example: Only the admin shall change passwords
• Security mechanism
• How to enforce the policy
• Example: Password file is encrypted and authenticates admin, keeps a log of all retrieval attempts
• Prevention (Example: Locks and bars on house)
• Detection (Example: Stolen items are…..stolen)
• Recovery (Example: Call police, make insurance claim and replace items)
• IDS and IPS
• Data Handling
• Data type
• Media type
• Responsibility (Who's fault is it?)
• Breaking data into pieces
• How long to keep it
• Electronic vs IRL data
• Data integrity
• Backups, which need ALL the same questions asked and answered
• Example: Securing Data and Devices for a Small Business
• Data set value and risks
• PII
• Personal information - a combination of a name along with a Social Security number, bank account number, or credit card number
• Example of PII laws for Massachusetts http://www.mass.gov/ago/doing-business-in-massachusetts/privacy-and-data-security/standards-for-the-protection-of-personal.html
• Examples of Data that has value
• Credit cards
• Social Security Numbers
• Email address
• Physical addresses
• Social media accounts
• Bank Accounts
• Example of what that data can be worth: data calculation on black marketDisclaimer: This is a large company that makes money on protecting data/companies
• Examples of Risks for data
• Hackers
• Equation Group (Suspected NSA)
• Carelessness (PEBKAC)
• Apathy from consumers
• Government infrastructure or lack thereof
• Equifax
• IRS
• Georgia secretary of state office
• Office of Personnel Management (OPM)
• USPS
• Insider theft
• Data Leaks(Edward Snowden)

Suggested Activities and Discussion Topics:

• This activity is going to be checking to see if you have potentially compromised accounts. Go to https://haveibeenpwned.com and see if you are listed under any or all of your accounts. If you are, take the steps recommended to fix and security your accounts.
• Download this PDF and setup the two virtual machines. Both Mint and Kali Linux are useful for information security work, Linux can have a steep learning curve so it's important to get comfortable with it sooner rather then later. This course won't be going to far into it, but it's good to have some familiarity.
• Try out this phishing test online for free and see what your score is. Can you correctly identify all the phishing emails?

Would you like to see some more classes? Click here