Professional Documents
Culture Documents
SECTION 1
Q1. What is the need of information security?
Ans.
No matter how big or small a company may be, there is vital importance in
ensuring information security for both your own and your client’s
data. The careful planning, implementation, monitoring and maintenance of
strict controls is necessary to protect all assets, especially information-
which is extremely valuable to any organization.
Currently information security is crucial to all organization to protect their
information and conducts their business. Information security is defined as
the protection of information and the system, and hardware that use, store
and transmit that information. Information security performs four important
for an organization which is protect the organization’s ability to function,
enable the safe operation of applications implemented on the organization’s
IT systems, protect the data the organization collect and uses, and lastly is
safeguards the technology assets in use at the organization. There are also
challenges and risk involves in implemented information security in
organization.
Completeness is another attribute of high quality information. Partial information may as well be incomplete
information because it is only a small part of the picture. Completeness is as necessary as accuracy when
inputting data into a database.
Consistency is key when entering information into a database. For example, with a column for a phone number
entry 10 digits is the expected length of the field. Once the fields have been set in the database, a number more
or less than 10 digits will not be accepted. The same applies for any field, whether it is an entry that requires a
number, a series of numbers, an address, or a name, etc. If the fields are not set to a specific limit for
information then consistency is even more important.
Uniqueness is the fourth component of high quality information. In order to add value to any organization,
information must be unique and distinctive. Information is a very essential part of any organization and if used
properly can make a company competitive or can keep a company competitive.
A fifth important aspect of information is timeliness. New and current data is more valuable to organizations
than old outdated information. Especially now, in this era of high technological advances, out-of-date
information can keep a company from achieving their goals or from surviving in a competitive arena. The
information does not necessarily need to be out of date to have effect, it just needs to not be the most
current. Real-time information is an element of timeliness.
An IDS works by monitoring system activity through examining vulnerabilities in the system, the
integrity of files and conducting an analysis of patterns based on already known attacks. It also
automatically monitors the Internet to search for any of the latest threats which could result in a future
attack. There are three primary components of an IDS:
• Network Intrusion Detection System (NIDS): This does analysis for traffic on a whole subnet
and will make a match to the traffic passing by to the attacks already known in a library of
known attacks.
• Network Node Intrusion Detection System (NNIDS): This is similar to NIDS, but the traffic is
only monitored on a single host, not a whole subnet.
• Host Intrusion Detection System (HIDS): This takes a “picture” of an entire system’s file set
and compares it to a previous picture. If there are significant differences, such as missing files,
it alerts the administrator.
The System Development Life Cycle, "SDLC" for short, is a multistep, iterative process, structured in a
methodical way. This process is used to model or provide a framework for technical and non-technical
activities to deliver a quality system which meets or exceeds a business"s expectations or manage
decision-making progression.
Traditionally, the systems-development life cycle consisted of five stages. That has now increased to
seven phases. Increasing the number of steps helped systems analysts to define clearer actions to
achieve specific goals.
The SDLC highlights different stages (phrases or steps) of the development process. The life cycle
approach is used so users can see and understand what activities are involved within a given step. It is
also used to let them know that at any time, steps can be repeated or a previous step can be reworked
when needing to modify or improve the system.
Example of Threat; In Arizona, a lone FBI agent investigated the Saudi Arabians attending a flight
school in Arizona on a VISA and was concerned that they were taking classes to fly a plane but not to
land it. He had a bad feeling about this and other factors he saw and reported this concern to his
superiors at the FBI. They blew it off, were not concerned.
An Attack is when a hostile action by person or persons by any one of many means has occurred
towards a person or persons, causing harm to one person or many persons.
Example of Attack; Due to the historic blunder of the FBI in ignoring the threats believed in by one of
their agents, 3000 Americans were murdered by those pilots who hijacked US planes into the World
Trade Center, Pentagon and a foiled attempt to attack either the White House or Capitol, which did
lead to the death of all on the hijacked plane. No one was held responsible in the FBI for this major
catastrophe that their apathetic incompetence led to
• Buffer overflows
• Cross-site scripting
• SQL injection
• Canonicalization attacks
• Query string manipulation
• Form field manipulation
• Cookie manipulation
• HTTP header manipulation
A person from your organisation needs to attend risk assessment training as it will ensure
that this person is competent within your organisation and will gain abilities such as
hazard identification, ability to categorise and evaluate risk(s). These abilities will allow a
‘suitable and sufficient’ risk assessment to be conducted within your own organisation.
How to do a risk assessment
There are no fixed rules on how a risk assessment should be carried out, but there are a
few general principles that should be followed.
Five steps to risk assessment can be followed to ensure that your risk assessment is
carried out correctly, these five steps are: