The document discusses the critical role of information security in organizational operations, emphasizing the need for management to prioritize data preservation, secure applications, and protect technological assets against increasingly sophisticated threats. It outlines various challenges such as human error, natural disasters, sabotage, extortion, technological obsolescence, and the importance of comprehensive policies and management strategies. Additionally, it highlights specific types of malware and security incidents that compromise information systems and the necessity for constant vigilance and robust security measures.

1. THE DEMAND FOR SECURITY
LESSON 2
framework in security planning

2. • The primary objective of an information security program, distinct from other
IT initiatives, is to preserve the integrity of systems and their data.
• Organizations allocate substantial resources, both monetary and manpower,
to keep their data systems up-to-date.
• These resources could be redirected to enhance the systems that house the
information if there were no risks to information and systems.
• Information systems are frequently targeted, leading to a corresponding
increase in the need for information security as these attacks become more
sophisticated.
INTRODUCTION

3. BUSINESS NEEDS FIRST
FOR A COMPANY, INFORMATION SECURITY SERVES FOUR CRITICAL FUNCTIONS:
L. KEEPING THE COMPANY'S ABILITY TO FUNCTION SAFE.
2, ENSURE THAT APPLICATIONS OPERATING ON THE ORGANIZATION'S IT PLATFORMS ARE
SAFE TO USE.
3, KEEPING THE DATA THAT THE COMPANY OBTAINS AND UTILIZES SAFE.
4, KEEPING THE COMPANY'S TECHNOLOGICAL ASSETS SAFE.

4. SAFEGUARDING ORGANIZATIONAL FUNCTIONALITY
∙ Information security implementation ensuring organizational functionality is a
shared responsibility between general management and IT management.
∙ Despite the perception of information security as technically complex, its
effectiveness relies more on management than technology.
∙ Charles Cresson Weed highlights the importance of effective information
technology management in ensuring security.
∙ Convincing stakeholders to view information security as a management and
people issue rather than just a technical one is a significant effort.
∙ Each community within an organization must address information security
considering its commercial impact and potential business interruptions.

5. CREATING A SECURE ENVIRONMENT FOR APPLICATIONS
∙ Organizations face pressure to acquire and operate efficient
applications, necessitating the development of protective
environments, especially for critical infrastructure apps.
∙ Management should maintain oversight of the organization's
infrastructure rather than solely relying on the IT department.

6. PROTECTING COLLECTED DATA
∙ Data is vital for an organization's transactions and value delivery,
emphasizing the importance of securing both data in motion and at
rest.
∙ Attackers target data due to its value, hence an effective information
security program managed by management is crucial for
safeguarding data integrity and value.

7. ENSURING SAFETY OF ORGANIZATIONAL TECHNOLOGY ASSETS
∙ Organizations should adopt secure infrastructure services suitable
for their size and requirements, upgrading as needed with
organizational growth.
∙ Public Key Infrastructure (PKI) and digital certificates are examples of
advanced security measures to protect confidential interactions and
transactions.

8. ADDRESSING THREATS
∙ Understanding both internal and external threats is essential for
protecting organizational data and assets.
∙ Management must be aware of various risks to people, applications,
data, and information systems to make informed decisions about
information security.
∙ Internet connectivity increases the threat from external sources, with a
substantial percentage of the world's population having internet
access, as highlighted in research findings.

9. INTELLECTUAL PROPERTY (IP) IN COMMERCIAL ACTIVITIES
∙ Companies engage in creating or supporting the development of
intellectual property (IP) as part of their business endeavors.
∙ IP encompasses the ownership and control of ideas, whether in
tangible or virtual form, and may involve the use of another party's IP
with or without royalty payments or permission.
∙ Key components of IP include trade secrets, copyrights, trademarks,
and patents, all of which require proper acknowledgment of the
source.
∙ Unauthorized use of IP poses a risk to information security, especially
as employees often interact with various forms of IP in their daily tasks.

10. ACQUISITION AND USE OF IP
∙ Organizations often acquire or lease IP from other entities and must
adhere to the terms specified in the purchase or license agreements to
ensure fair and responsible use.
∙ Software-based IP infringement, commonly known as software piracy,
is prevalent and occurs when individuals or businesses use software
contrary to the terms of the owner's license agreements.
∙ Violating software licensing terms, such as copying programs to
multiple computers without proper licensing, constitutes a breach of
copyright.

11. INTENTIONAL SOFTWARE ATTACKS
∙ Deliberate software attacks occur when individuals or groups create
and deploy software with the purpose of harming or disrupting
systems.
∙ This type of software, commonly referred to as malicious code or
malware, is designed to inflict damage, destruction, or hinder the
normal functioning of target systems.
∙ Examples of such malicious programming include viruses, worms,
Trojan horses, logic bombs, and backdoors.

12. NOTABLE INCIDENTS OF MALICIOUS ATTACKS
∙ The infamous denial-of-service attacks orchestrated by Mafiaboy
targeted major websites such as Amazon.com, CNN.com, ETrade.com,
eBay.com, Yahoo.com, Excite.com, and Dell.com, resulting in significant
financial losses.
∙ Goudimie, a British Internet provider, was reportedly the first company
"hacked out of existence" in a denial-of-service attack similar to
Mafiaboy’s.
THE TYPE OF VIRUS USED
∙ Macro viruses, embedded in macro code of word processors,
spreadsheets, and databases, and boot viruses, which infect key
operating system files in a computer's boot sector, are among the most
common types of computer viruses.

13. VIRUSES
∙ Computer viruses are coded segments designed to execute destructive actions, analogous
to biological viruses that infect living organisms.
∙ These viruses propagate by attaching themselves to existing programs and seizing control of
the host system's functions, subsequently spreading to other systems.
∙ Users often unwittingly assist in the spread of viruses by opening infected emails or
performing seemingly innocuous actions, leading to various levels of damage, from odd
messages to complete data loss.
∙ Viruses spread through physical media, email, or other means of data transmission, with
email attachments being a common vector.
∙ Modern viruses exploit networked environments, posing significant risks if proper controls
are not implemented.
∙ Anti-virus software from reputable manufacturers like Symantec Norton Anti-Virus and
McAfee VirusScan are essential tools for combating computer infections.

14. WORMS
∙ Named after the Tapeworm in John Brunner's novel "The Shockwave Rider," worms are
malicious programs that autonomously replicate themselves without requiring a host
program.
∙ Worms can continue replicating until all available system resources, such as memory, hard
drive space, and network bandwidth, are exhausted.
∙ Notable worm examples include Code Red, Sircam, Nimda (which spells "admin" backward),
and Klez, which employ various attack techniques in a single package.
∙ Some worms, like Klez, carry dual payloads, containing both the worm itself and attempting
to deliver a macro virus if opened in an HTMLenabled browser.
∙ Comprehensive attack worms and viruses such as MSBlaster, MyD00m, and Netsky exploit
vulnerabilities in popular operating systems and software programs.
∙ Worms can initiate their activities with or without user interaction, spreading to all email
accounts on an infected system and leaving copies on accessible web servers.
∙ They exploit open shares on networks where an infected system resides, installing copies of
the worm code on servers to infect users who access those shares.

15. TROJAN HORSE
∙ Trojan horses are software programs that disguise their true nature until activation,
revealing their purpose upon being triggered.
∙ They often masquerade as helpful, entertaining, or essential software, like
readme.exe files found in shareware and freeware bundles.
∙ Similar to their namesake in Greek mythology, Trojan horses become active once
infiltrating a system and can wreak havoc on unsuspecting users.
∙ An illustrative Trojan horse incident occurred on January 20, 1999, when Internet
email users received emails containing a Trojan horse named Happy99.exe as an
attachment.
∙ Upon opening the attachment, users were presented ith a short multimedia display
featuring fireworks and a "Happy New Year" message, while the Trojan horse quietly
installed itself on their PCs.
∙ Furthermore, every email sent by the infected user automatically included a second
email to the same recipient, containing the Happy99 Trojan horse program, thereby
facilitating the virus's propagation.

16. BACK DOOR OR TRAP DOOR
∙ A virus or worm payload can include a component that installs a back
door or trap door in a system, granting attackers access with special
privileges at their discretion.
∙ Subseven and Back Orificæ are notable examples of this type of
payload.

17. POLYMORPHIC THREATS
∙ Polymorphic threats pose significant challenges in combating viruses and
worms.
∙ These threats alter their appearance over time, making detection difficult
for antivirus software that relies on predefined signatures.
∙ To evade antivirus detection, viruses and worms adapt by changing their
size and other file characteristics.

18. VIRUS AND WORM HOAXES
∙ While viruses and worms are troublesome, viral hoaxes can be even more
disruptive.
∙ Wellintentioned individuals may spread false warnings about nonexistent
viruses through group emails, disrupting organizational harmony and
productivity.
∙ This can lead to network overload as users forward warning messages, post
them on bulletin boards, and attempt to update antivirus software.
∙ Individuals can verify virus information using various internet tools, such as
the CERT Coordination Center and the HoaxSlayer website.

19. VARIATIONS IN SERVICE QUALITY
∙ The smooth operation of interconnected support systems, including
power grids, communication networks, and service vendors, is crucial
to an organization's information system.
∙ Unexpected events like storms or personnel illnesses can disrupt these
support systems, leading to potential service interruptions.
∙ Incidents such as a backhoe damaging a fiberoptic link can illustrate
how unforeseen events can impact service delivery.

20. FORCES OF NATURE
• Natural disasters and acts of God can be extremely catastrophic as they
often occur suddenly and are beyond human control.
• Examples include fires, floods, earthquakes, lightning, volcanic eruptions,
and bug infestations, which can disrupt lives and information storage,
transfer, and usage.

21. EXAMPLES FORCES OF NATURE
∙ Fire: Structural fires can damage computing equipment and cause smoke or water damage
via . Fire and business interruption insurance can mitigate this risk.
∙ Flood: Overflowing water can damage the information system and its building, potentially
disrupting operations. Flood insurance and business interruption insurance can help.
∙ Earthquake: Sudden movements of the earth's crust can damage the information system or
its building, affecting operations. Specialist casualty and business interruption insurance can
address this risk.
∙ Lightning: Electric discharge can directly damage the information system or its power
components, leading to fires or other facility damage. Multipurpose insurance can mitigate
this risk.
∙ Landslide or mudslide: Downward earth movements can destroy the information system or
its building, hindering operations. Casualty and business interruption insurance can
minimize this risk.
∙ Tornado or strong windstorm: Highspeed air movements can damage the information
system or its building, obstructing access. Insurance coverage can reduce this risk.
∙ Hurricane or typhoon: Severe tropical storms can damage the information system or its
building, especially in coastal areas. Insurance can help manage this risk.
∙ Tsunami: Ocean waves triggered by seismic events can directly harm the information
system or its building, affecting organizations near the shore. Insurance coverage can
mitigate this risk.

22. HUMAN ERROR OR FAILURE
∙ This category encompasses unintentional actions by authorized users, often due to
mistakes or lack of awareness.
∙ Users can make errors due to factors like inexperience, inadequate training, or
incorrect assumptions, all of which can have significant consequences.
∙ Minor errors, such as typing mistakes, can lead to major disruptions. For instance:
o In April 1997, a routine Internet router table update resulted in the core of the
Internet being disrupted, affecting connectivity between service providers for
about fifteen minutes and impacting roughly 45% of Internet users.
o In July 1997, an accidental upload to the root domain servers of the Internet
caused widespread disruptions.
∙ Employees pose a significant threat to an organization's information security due to
their access to sensitive data.

23. HUMAN ERROR OR FAILURE
∙ Their errors can jeopardize data confidentiality, integrity, and availability,
including disclosing classified information, incorrect data entry, accidental data
deletion or alteration, storing data in insecure locations, and failing to protect
information.
∙ Training, ongoing awareness efforts, and controls ranging from simple processes
like doublechecking critical commands to more complex procedures like
command verification by a second party can help mitigate human error.
∙ Dual approval controls, such as those embedded in many military applications,
represent an example of more sophisticated measures to prevent human error
or failure.

24. INFORMATION EXTORTION
∙ Information extortion occurs when an attacker or insider steals data from a
computer system and demands payment or secrecy.
∙ For instance, in a case of credit card theft, a Russian hacker named Maxus
stole customer credit card data from CD Universe and demanded $100,000
in extortion. When not paid, he posted the card numbers online, limiting
access to his website due to its popularity.
∙ In another incident in 2008, Express Scripts, Inc., a pharmacy benefits
manager, was hacked by an individual who claimed access to customer
data, demanding an undisclosed sum. The company alerted the FBI, offered
a $1 million reward, and notified affected customers as per state breach
notification laws. They also incurred undisclosed costs for alerts and credit
monitoring services for customers.

25. MISSING, INADEQUATE, OR INCOMPLETE ORGANIZATIONAL POLICY OR
PLANNING
∙ When other threats lead to attacks, an organization's information
assets can suffer due to lacking, inadequate, or incomplete policies or
strategies.
∙ Information security is primarily a management responsibility, with
senior leadership overseeing strategic planning for security, IT, and
business functions, known as governance.

26. MISSING, INADEQUATE, OR INCOMPLETE CONTROLS
∙ Organizations lacking, inadequately implementing, or incompletely
managing controls, such as security measures and protection systems,
are more prone to losses.
∙ For example, if a small business initially sets up its network with
consumer grade equipment and then fails to upgrade, increasing traffic
can degrade performance and cause data loss. Regular security audits
help ensure ongoing protection of an organization's assets.

27. SABOTAGE OR VANDALISM
∙ Deliberate sabotage or acts of vandalism aimed at destroying assets or
harming an organization's image fall under this category.
∙ Examples include employee vandalism or organized sabotage against
an organization.
∙ Attacks on an organization's image can be serious, impacting consumer
confidence and brand value. For instance, vandalism to a website can
lead to revenue loss and damage to a company's reputation.

28. HACKTIVISM AND CYBERTERRORISM
∙ Hacktivist operations, aimed at protesting organizational or
governmental policies or actions, are on the rise.
∙ Cyberterrorism involves using computer hacking for terrorist purposes
over networks or the Internet.
∙ Security measures are being developed globally to protect critical
computing, communications networks, and infrastructure from
cyberterrorist threats.

29. THEFT
∙ Theft, whether physical, technological, or intellectual, poses a constant
threat as it involves the unauthorized taking of property.
∙ While physical theft can be managed with security measures like
secured doors and alarm systems, electronic theft is harder to detect.
∙ Electronic data theft can go unnoticed, especially if thieves are careful,
leading to significant consequences.

30. TECHNICAL HARDWARE FAILURES OR ERRORS
∙ Technical hardware failures occur when equipment is distributed with
known or undisclosed faults, causing inconsistencies or unavailability in
system functionality.
∙ Some hardware faults can be fatal, resulting in unrecoverable loss,
while others may be intermittent, making them difficult to reproduce.

31. TECHNOLOGICAL OBSOLESCENCE
∙ Outdated infrastructure can lead to unreliable systems, risking data
integrity due to assaults.
∙ Management must regularly assess current technology to prevent
obsolescence, with IT professionals playing a key role in identifying
potential issues.

32. ATTACK
∙ An attack compromises a system by exploiting vulnerabilities, causing
destruction or theft of information or assets.
∙ Attacks occur when actions exploit system vulnerabilities, unlike
constant threats. Malicious code, including viruses and worms, can
cause significant harm.

33. HOAXES
∙ Hoaxes involve transmitting a fake virus warning with an actual virus
attached, tricking users into spreading it under the guise of a legitimate
message.

34. BRUTE FORCE
∙ Brute force attacks involve trying every possible password combination
to gain access to accounts, often targeting commonly used passwords.
Defense against such attacks involves limiting the number of failed
access attempts.

35. DICTIONARY
∙ Dictionary attacks narrow down the field by using a list of common
passwords instead of random variations, targeting specific accounts.
Regulations mandating complex passwords help mitigate the
effectiveness of dictionary attacks.

36. THANK YOU
Report by
Kyle Dennis Dalida
Babylyn Mendoza