4. Define communication security, information security, network security, physical security with
example.
Solution
Communication Security
The protection resulting from all measures designed to deny unauthorized persons information of
value that might be derived from the possession and study of telecommunications, or to mislead
unauthorized persons in their interpretation of the results of such possession and study. Also
called COMSEC. Communications security includes: cryptosecurity, transmission security,
emission security, and physical security of communications security materials and information.
a. cryptosecurity--The component of communications security that results from the provision of
technically sound cryptosystems and their proper use. b. transmission security--The component
of communications security that results from all measures designed to protect transmissions from
interception and exploitation by means other than cryptanalysis. c. emission security--The
component of communications security that results from all measures taken to deny unauthorized
persons information of value that might be derived from intercept and analysis of compromising
emanations from crypto-equipment and telecommunications systems. d. physical security--The
component of communications security that results from all physical measures necessary to
safeguard classified equipment, material, and documents from access thereto or observation
thereof by unauthorized persons.
Physical Security
Physical security is the protection of personnel, hardware, software, networks and data from
physical actions and events that could cause serious loss or damage to an enterprise, agency or
institution. This includes protection from fire, flood, natural disasters, burglary, theft, vandalism
and terrorism.
Physical security has three important components: access control, surveillance and testing.
Obstacles should be placed in the way of potential attackers and physical sites should be
hardened against accidents, attacks or environmental disasters. Such hardening measures include
fencing, locks, access control cards, biometric access control systems and fire suppression
systems. Second, physical locations should be monitored using surveillance cameras and
notification systems, such as intrusion detection sensors, heat sensors and smoke detectors.
Third, disaster recovery policies and procedures should be tested on a regular basis to ensure
safety and to reduce the time it takes to recover from disruptive man-made or natural disasters.
Information Security
Information security (infosec) is a set of strategies for managing the processes, tools and policies
necessary to prevent, detect, document and counter threats to digital and non-digital information.
Infosec responsibilities include establishing a set of business processes that will protect
information assets regardless of how the information is formatted or whether it is in transit, is
being processed or is at rest in storage.
4. Define communication security, information security, network secu.pdf
1. 4. Define communication security, information security, network security, physical security with
example.
Solution
Communication Security
The protection resulting from all measures designed to deny unauthorized persons information of
value that might be derived from the possession and study of telecommunications, or to mislead
unauthorized persons in their interpretation of the results of such possession and study. Also
called COMSEC. Communications security includes: cryptosecurity, transmission security,
emission security, and physical security of communications security materials and information.
a. cryptosecurity--The component of communications security that results from the provision of
technically sound cryptosystems and their proper use. b. transmission security--The component
of communications security that results from all measures designed to protect transmissions from
interception and exploitation by means other than cryptanalysis. c. emission security--The
component of communications security that results from all measures taken to deny unauthorized
persons information of value that might be derived from intercept and analysis of compromising
emanations from crypto-equipment and telecommunications systems. d. physical security--The
component of communications security that results from all physical measures necessary to
safeguard classified equipment, material, and documents from access thereto or observation
thereof by unauthorized persons.
Physical Security
Physical security is the protection of personnel, hardware, software, networks and data from
physical actions and events that could cause serious loss or damage to an enterprise, agency or
institution. This includes protection from fire, flood, natural disasters, burglary, theft, vandalism
and terrorism.
Physical security has three important components: access control, surveillance and testing.
Obstacles should be placed in the way of potential attackers and physical sites should be
hardened against accidents, attacks or environmental disasters. Such hardening measures include
fencing, locks, access control cards, biometric access control systems and fire suppression
systems. Second, physical locations should be monitored using surveillance cameras and
notification systems, such as intrusion detection sensors, heat sensors and smoke detectors.
Third, disaster recovery policies and procedures should be tested on a regular basis to ensure
safety and to reduce the time it takes to recover from disruptive man-made or natural disasters.
Information Security
2. Information security (infosec) is a set of strategies for managing the processes, tools and policies
necessary to prevent, detect, document and counter threats to digital and non-digital information.
Infosec responsibilities include establishing a set of business processes that will protect
information assets regardless of how the information is formatted or whether it is in transit, is
being processed or is at rest in storage.
Infosec programs are built around the core objectives of the CIA triad: maintaining the
confidentiality, integrity and availability of IT systems and business data. These objectives
ensure that sensitive information is only disclosed to authorized parties (confidentiality), prevent
unauthorized modification of data (integrity) and guarantee the data can be accessed by
authorized parties when requested (availability).
Threats to sensitive and private information come in many different forms, such as malware and
phishing attacks, identity theft and ransomware. To deter attackers and mitigate vulnerabilities at
various points, multiple security controls are implemented and coordinated as part of a layered
defense in depth strategy. This should minimize the impact of an attack. To be prepared for a
security breach, security groups should have an incident response plan (IRP) in place. This
should allow them to contain and limit the damage, remove the cause and apply updated defense
controls.
Network Security
A specialized field in computer networking that involves securing a computer network
infrastructure. Network security is typically handled by a network administrator or system
administrator who implements the security policy, network software and hardware needed to
protect a network and the resources accessed through the network from unauthorized access and
also ensure that employees have adequate access to the network and resources to work.
A network security system typically relies on layers of protection and consists of multiple
components including networking monitoring and security software in addition to hardware and
appliances. All components work together to increase the overall security of the computer
network.