INTRODUCTION What Is AI? Download from this link https://drive.google.com/drive/folders/1SYygpoG-t21_4K6h9V_EllIf9nrWOv1_?usp=sharing Important link https://github.com/aimacode/aima-python https://aimacode.github.io/aima-exercises/ Task https://www.programiz.com/python-programming/keyword-list Optional https://i.am.ai/roadmap/#note
Q:01/a
What is information security? And Why information security is important?
Is a science that uses scientific theories in computer science and other sciences
To protect data from threats.it is important Because we store and access information in various devise and forms such as laptops,mobile and documents
We handle various types of valuable information like customer data and business data
And any loss of information can affect the organization in terms of time,money and reputation.
………………………………………………………………………………………………………………………………………………………………….
Q:01/b
what is information security management system required?
is a set of policies and procedures for systematically managing an organization’s sensitive data. The goal of an ISMS is to minimize risk and ensure business continuity by pro-actively limiting the impact of a security breach.
هي مجموعة من السياسات والإجراءات لإدارة البيانات الحساسة للمؤسسة بشكل منهجي. الهدف من ISMS هو تقليل المخاطر وضمان استمرارية العمل من خلال الحد بشكل استباقي من تأثير الخرق الأمني.
………………………………………………………………………………………………………………………………………………………………….
Q:02
a/my **PHoNe**2020## this is on of best password
b/the cost important when information security done
c/when make information security is important to understanding the confidentiality
d/I work in secure building so discuses information in an closed work area
e/security system development is life cycle
…………………………………………………………………………………………………………………………………………………………………
Q:03
Plan 1: Divide all employees of the company into three types according to their safety class A, B, C
Class A includes the company’s owner, chairman and management, Class B includes senior staff, Class C includes new employees And the system will always follow them The system is always followed by external dialects and class a,b
Plan 02: Provide all the devices and points of contact through the work of groups and one official who has the powers such as amendment and others, The system must focus with external dialects and with the responsibility of each group.
………………………………………………………………………………………………………………………………………………………………
الامير جمال رمضان .
Question (1) : –
A) What is information security ? And its Importance ?
// What is information security // —–> Information security, often referred to as InfoSec, refers to the processes and tools designed and deployed to protect sensitive business information from modification, disruption, destruction, and inspection.
// Importance of IS //——–> Today, you can order from any online stores and pay them online from your credit cards even better, make it emi. You can pay your bills from home and book airlines tickets from your mobile……All that just in a click.
Obviously you love all this convenience and want to keep doing this, even you want the service providers to provide more such services. If you lose money from your bank account while doing a recharge, will you again try that? No. You are doing this conveniently because you know it is safe, your bank and vendors are convinced that it is secure and even if something bad happens, you know “some” people will make sure it won’t happen again. “Some” people are working to keep system safe and improving it every day.This assurance is there due to these people and it is necessary.
B) What is information security management required ?
Question (2) : –
1) False —-> because abc123 is easily recognizable Password so any hacker can get it without any difficulty so ur Password must be more difficult for example a@b1*c2$3
2) False —–> In any business there are two terms Capex which refers to the amounts that companies use to purchase major physical goods or services that will be used in this example (build Security System) / and Opex which means Operating expenses represent the other day-to-day expenses necessary to keep the business running.in this example (System admin)
3) True.
4) False ——> because there are two types of attacks (External attack) Carried out by node that do not belong to the domain of the network. and (Internal attack) It is from compromised nodes, which are actually part of the network, So you have to be careful about confidentiality
5) True.
Question (3) : –
Plan |A|
The effort needed in achieving total computer system security seems overwhelming. There is always something else you could do to improve your security stance. You might be surprised, then, if I told you that just one step could accomplish this goal:
Eliminate all computer systems from your business and use paper instead!
Of course, for most businesses this is not a realistic solution, but then, achieving total computer system security is not a realistic goal. Like crossing the street, there is an element of risk no matter how careful you are. So what can you do to mitigate this risk in a reasonable way, without consuming endless resources? 😀 Plan “B”
// This plan will not cost you much money and you will not need more staff, It can be implemented anywhere in any country //
Plan |B|
While there can be no single answer that applies to every system and every business, you can make significant improvements in your overall security stance by taking some simple actions. Here are seven steps:
1- PERFORM REGULAR BACKUPS!
Sorry about shouting, but I cannot stress this one enough. If you do nothing else, save your work, including contacts, accounting and stored email. And keep your backups somewhere else, away from your office or place of business.
2- Scan for Viruses
Effectively use your virus scanner on all desktop workstations and servers (you do have scanning software, right?). That means regular scans and regular updates. Most scanners will do this for you, but what if an employee disables this feature? (Maybe it slows down his web surfing experience or something). You need to be sure!
3- Use Firewalls
No, firewalls are not going to save us all from all the evil hackers in the world, but they go a long way to making it more difficult for them. If you already have one, make sure it’s configured to allow nothing but the essential traffic. Consider using personal (software) firewalls on each workstation and server, too. A layered approach is best always!
4- Patch OS and Application Software
Check for security advisories on a regular basis. If your vendor says you should apply an important security patch, you really need to get it done.
5- Use Strong Passwords
Do not use your favorite color. Do not use the name of your dog (or cat, parakeet, critter, …). Do not change letters to clever number and punctuation replacements (c!3v3r, n0? No!). These all can be cracked in no time. Better yet, consider a stronger authentication mechanism.
6- Don’t open email attachments!
Delete email from unknown and unexpected sources outright. But even email that appears to be coming from friends, relatives and associates can be dangerous. Many worms have used personal address books to propagate themselves.
7-Develop a security policy
Even creating a simple security policy will force you to think about what needs protection and the threats specific to your business. If you have employees, make sure they understand the importance of your policy. Educate them (and yourself, in the process!)
// There are many software programs that vary in price and there are also some free ones that can be used for (System protection) and determine the number of employees according to the available cost //
أحمد على الباز محمد
الفرقة الرابعة /اتصالات
question(1)
a) الأمن المعلومات هو العلم الذي يعمل علي توثيق الحماية من المخاطر الذي تهددها أو اعتداء عليها وذلك من خلل توثيق الأدوات ووسائل اللازمة لحماية معلومات من مخاطر الداخلية والخارجية أي وضع برنامج امن لمعلومات وذلك لمنع وصول المعلومات إلي أشخاص عير مخولين عبر اتصال ولضمان صحة هذه اتصال
اهمية تكمن فى الحفاظ على المعلومات الخاصة بالعميل او المور الشخطية سواء كانت لمؤسة او جهات اخرى من التسريب او الاختراق
b)An information security management system (ISMS) is a set of policies and procedures for systematically managing an organization’s sensitive data. The goal of an ISMS is to minimize risk and ensure business continuity by pro-actively limiting the impact of a security breach.
question(2)
1) false – to be more secure we should like that [q=8H9s/fCW*’#qcT]
2) false – هام جدا لان النظام فى حالة دائمة فى التطور ولمواكبة هذا التطور يجب اى يتم تحديث النظام وترقيع الثغرات الامنية خلال نظم الحماية لديك
3) true
4)false – لا يجب ان يتم مشاركة اى بيانت خاصة بالعمل فى الخارج لان من الممكن استغلال هذة المعلومات فى اختراق الشركة حتى لو كانت بدون اهمية بنسبة لك
5)true
question(3)
اولا يجب ان نكون على علم ان معظم الاختراقات التى حدثت فى اخر 5 سنوات هيا اختراقات مبنية على استغلال العامل البشرى فيها من خلال الهندسة الاجتماعية والاصطياد الالكترونى من خلال الصفحات المزورة او غيرها
ولكى يتم بناء منظومة امن معلومات اكثر امانا يجب توعية العامل اولا باهمية امن الملعومات ومخاطرها
ثانية يتم عمل نظام حماية قادر على اكتشاف الاختراقات الامنية اول باول
وهذا يكون على الاقل استخدام 2 من مهندسن امن المعلوامات ذو الكفاءة فى ادارة النظام واستخدام برامج ذات حماية علية واستخدام جدار حمية جيد وهذا من الممكن ان يكلف فى بداية الامر ولكن سوف يعمل على حماية النظام
plan (2)
هو عمل نظام قادر على قفل النظام فى حالة الاختراقات الامنية
وعلم نسخة احتياطية من البيانات وفصلها عن النظام فى الحالات الطارقة وغيرها حتى وصول المشرفين على النظام
Q(1)
1) Information security refers to the processes and tools designed to protect sensitive business information from modification, disruption, destruction and inspection.
Information security is important to help protect against types of theft. Companies and organizations are especially vulnerable since they have a wealth of information from their employees. This can include names, addresses, telephone numbers, social security numbers, etc. This information is sensitive and needs to be protected.
2) ISMS requires minimization the risk and ensures business continuity by pro-actively limiting the impact of a security breach. It typically addresses employee behavior and processes as well as data and tech. It can be targeted towards a particular type of data, such as customer data, or it can be implemented in a comprehensive way that becomes part of the company’s culture.
———————————————————————–
Q(2)
1) False –> ^&$%GHabc123 this is one of best passwords.
2) False –> Money is important after IS is done for maintenance and development.
3)
4) False –> You need to discuss information in a secure work-space.
5) True.
————————————————————————–
Q(3)
To enhance the security of data:
Plan(1) “Costly”:
1- Have backups in place
It’s not just about protection; it’s about having backups to restore your info in case your systems need to be rebooted. That’s something you need to invest in.
2-Plan and protect for a security breach.
With the growth of the IoT, chances of a security breach continue to rise. Sure, you would like to keep this from happening to your company, but the goal is to limit the damage in the event this does happen. You can do this by keeping a backup in case of a breach, installing endpoint protection software, and keeping your system up to date with security fixes.
3-Consult an expert.
There are lots of little tweaks and hacks that can be done to bolster protection, but unless someone is looking at a company from a holistic point of view, it’s bound to have vulnerabilities. I feel the only safe way to protect a company as the stakes get higher is to work with an outsourced firm that specializes in security, or bring someone in-house.
4-Add a web application firewall
5-Remain vigilant and resilient.
Being vigilant is a matter of continual monitoring to make sure systems are still secure. Being resilient includes being able to quickly address and recover from threats.
6-Have a two-step verification process
This adds another layer of protection for data, which is essential when there are so many devices now being connected together with the same username and password. Longer passwords are also part of this extra security measure, making it more difficult to compromise the system.
7-Encrypt everything
The IoT will lead to the omnipresence of smart, connected devices. It’s impractical to determine the trustworthiness of every single device that data might pass through or be stored on, even those within firewalled networks. The solution is to ensure that all data, both at rest and in transit, is encrypted. Trust will move from the level of the network to the device or individual. Only peoplewith the authentication credentials or a pre-verified device will have access to data that is encrypted unless it’s being actively used.
8-Have users change passwords no less than every 90 days.
Most data breaches come from people using very easy to guess passwords. There are a number of strategies you can deploy to require users to take extra steps, including basic things like requiring the use of capital letters, numbers and symbols (or combinations thereof), but what I’ve found to be even more secure is requiring users to change their password no less than every 90 days. This helps to protect from internal intruders, as well as workplace breaches.
9-Use a mobile device management-like approach
We can replicate the MDM approach for IoT so that we can manage and monitor the devices, which are connected to the IoT network. Companies can inject the data encryptions from the remote locations and change it whenever needed. Devices can also be profiled or removed from access.
10-Constantly test
The only way to make sure something is consistently secure is to test it all the time. It isn’t unusual for deeply data-sensitive organizations to hire an experienced respectable hacker to test their security structure. Vulnerability scanning and evaluations are equally important inside and outside your security system. If you can find a way to get illegitimate access to your data, the outside world can as well.
Plan(2) “Less expensive”:
1-Limit Data Access
Most of the organizations give privileged access to their sensitive data to a number of employees and insiders.Organization’s should determine what an employee needs access to and ensure they have access to only what they need.
2-Know and protect your most important data
If a data breach occurred in the next hour, could you quickly identify your most valuable data? As a company, it’s important to take the time to identify what you consider the most valuable data and work on protecting that first. Commonly referred as the “crown jewels” of data, this type of data usually makes up 5-10 percent of the company’s data, and if it were compromised, would cause the most damage to the company.
3-Pre-Planned Data Security Policy
When looking at the operations and processes needed to mitigate a cyber-attack, an important step is to prepare a list of security measures and data security policies. This sort of plan by an organizations could help significantly in critical situation and times of incident response. Through policies, you can immediately react in order to prevent extreme impacts of a cyber-attack.
4-Strong and Different Passwords for Every Department
Sensitive data in an organization should be locked away with strong passwords. Making stronger passwords is necessary for fighting a number of password hacking tools that are easy to get on the market. Try ensuring that there are a combination of different characters including alphabets, numbers, symbols and other capital letters.
5-Regular Data Backup and Update
Last on the list of important data security measures is having regular security checks and data backups. For an unexpected attack or data breach, it is really helpful to have an organization back up their data. To have a successful business, you must keep a habit of automatic or manual data backup on a weekly or daily basis.
Question (1)
(A) Information security, often referred to as InfoSec, refers to the processes and tools designed and deployed to protect sensitive business information from modification, disruption, destruction, and inspection.
Information systems security is very important to help protect against this type of theft. Companies and organizations are especially vulnerable since they have a wealth of information from their employees. This can include names, addresses, telephone numbers, social security numbers, payrolls, etc. This information is sensitive and needs to be protected.
(B)
Step One: Asset Identification and Valuation
Confidentiality/// Integrity //// Availability////
Step Two: Conduct a Detailed Risk Assessment
Threats//// Vulnerabilities //// Impact and Likelihood/// Mitigation
Step Three: Establish the ISMS
Question (2)
(1) False ***abc123 is easily
Strong password (MsdGfA@498765@)
(2) False ****must be important
Which need it in maintenance
(3) True ***
(4) False ******
Because there are two type of attacks (external attack) carried out by node that do not belong to the domain of the network and there are (internal attack) it is from compromised node which are actually part of the net work
(5) True ***
Question (3)
Plan |A|
The effort needed in achieving total computer system security seems overwhelming. There is always something else you could do to improve your security stance. You might be surprised, then, if I told you that just one step could accomplish this goal:
Eliminate all computer systems from your business and use paper instead!
Of course, for most businesses this is not a realistic solution, but then, achieving total computer system security is not a realistic goal. Like crossing the street, there is an element of risk no matter how careful you are. So what can you do to mitigate this risk in a reasonable way, without consuming endless resources?
Plan |B|
While there can be no single answer that applies to every system and every business, you can make significant improvements in your overall security stance by taking some simple actions. Here are seven steps:
1- PERFORM REGULAR BACKUPS!
Sorry about shouting, but I cannot stress this one enough. If you do nothing else, save your work, including contacts, accounting and stored email. And keep your backups somewhere else, away from your office or place of business.
2- Scan for Viruses
Effectively use your virus scanner on all desktop workstations and servers (you do have scanning software, right?). That means regular scans and regular updates. Most scanners will do this for you, but what if an employee disables this feature? (Maybe it slows down his web surfing experience or something). You need to be sure!
3- Use Firewalls
No, firewalls are not going to save us all from all the evil hackers in the world, but they go a long way to making it more difficult for them. If you already have one, make sure it’s configured to allow nothing but the essential traffic. Consider using personal (software) firewalls on each workstation and server, too. A layered approach is best always!
4- Patch OS and Application Software
Check for security advisories on a regular basis. If your vendor says you should apply an important security patch, you really need to get it done.
5- Use Strong Passwords
Do not use your favorite color. Do not use the name of your dog (or cat, parakeet, critter,). Do not change letters to clever number and punctuation replacements (c!3v3r, n0? No!). These all can be cracked in no time. Better yet, consider a stronger authentication mechanism.
6- Don’t open email attachments!
Delete email from unknown and unexpected sources outright. But even email that appears to be coming from friends, relatives and associates can be dangerous. Many worms have used personal address books to propagate themselves.
7-Develop a security policy
Even creating a simple security policy will force you to think about what needs protection and the threats specific to your business. If you have employees, make sure they understand the importance of your policy. Educate them (and yourself, in the process!)
// There are many software programs that vary in price and there are also some free ones that can be used for (System protection) and determine the number of employees according to the available cost //
// This plan will not cost you much money and you will not need more staff, It can be implemented anywhere in any country //
محمد مصطفي صبري محمود
المستوي الرابع
Question (1)
a_ Information security is the theory and
practice of only allowing access to information to people in an organization who are authorized to see it. While this includes access to information contained on computers, the concept is much broader than computers, encompassing all records under the control of an organization.
((——Why information security important ??))
Data held on IT systems is valuable and critical to the business of the University. We all rely on IT to store and process information, so it is essential that we maintain Information Security.
The purpose of information security policies is to preserve:
Confidentiality//
Data is only accessed by those with the right to view the data.
Integrity//
Data can be relied upon to be accurate and processed correctly.
Availability//
Data can be accessed when needed.
Failure to comply with the requirements of these Information Security Guidelines may lead to disciplinary action.
b_ what is information security management system re required?
n information security management system (ISMS) is a set of policies and procedures for systematically managing an organization’s sensitive data. The goal of an ISMS is to minimize risk and ensure business continuity by pro-actively limiting the impact of a security breach.
Question (2)
1-(false)
(AbD12&%dBa&s)this is one of best password
2_(false)
Money important after IS bacause maintenance
3_(true)
4_(false)
discuss information in a secure work-space.
5_(true)
Question (3)
1. Manage who has access
First, as an organization, take inventory of what data every employee may or may not have access to. Determine which employees still need access and which do not in an effort to limit the amount of data access by employees/admins to a small, manageable number. In addition, have your admins determine which type of access each department/employee needs.
According to infoworld.com:
“Credential hygiene is essential to strong database security because attackers often, if not nearly always, seek to compromise privileged accounts to gain access to confidential data. Minimizing permanent privileged accounts reduces the risk that one of those accounts will be compromised and used maliciously.”
2. Know and protect your most important data
If a data breach occurred in the next hour, could you quickly identify your most valuable data? As a company, it’s important to take the time to identify what you consider the most valuable data and work on protecting that first.
Commonly referred as the “crown jewels” of data, this type of data usually makes up 5-10 percent of the company’s data, and if it were compromised, would cause the most damage to the company. Once identified, work on procedures to not only secure the data but also limit the amount of employees that have access to it.
3. Develop a data security plan/policy
Another important strategy when looking to improve data security is developing a data security policy. It’s important to have a plan in place when hacks and breaches occur and a plan that determines which employees need and have access to data, as mentioned above. Thus, these sorts of policies can keep employees in line and organized.
This policy should also be open to changes and edits as amendments will need to be made to match the growing technology innovations and new company policies. By having data access rules that are strictly enforced, the better you protect your data on a day-to-day basis.
4. Develop stronger passwords throughout your organization
Employees need to have stronger and more complicated passwords. Work to help employees develop passwords that are a combination of capital letters, numbers and special characters that will make it much harder for hackers to crack.
A good rule of thumb when creating a new password is to have it be at least 12 characters and to not include a combination of dictionary words, such as “green desk.” All and all, passwords should be unique to employees and difficult for computers to guess.
5. Regularly backup data
Lastly, it’s important to backup your data on a regular basis. In addition to hacks, loss of data is a serious issue, and organizations need to be prepared for the unexpected. As a business, get in the habit of either automatically or manually backing up data on a weekly or daily basis.
Also, make sure the backup data is equally secure from potential hackers. With a strong software program or IT department, it can help businesses fight off potential threats and build business values around the importance data security.
Avoid becoming the next major data breach story by taking action and initiative with your data security and protecting what’s valuable to your organization.
Q:01/a
What is information security? And Why information security is important?
Is a science that uses scientific theories in computer science and other sciences
To protect data from threats.it is important Because we store and access information in various devise and forms such as laptops,mobile and documents
We handle various types of valuable information like customer data and business data
And any loss of information can affect the organization in terms of time,money and reputation.
………………………………………………………………………………………………………………………………………………………………….
Q:01/b
what is information security management system required?
is a set of policies and procedures for systematically managing an organization’s sensitive data. The goal of an ISMS is to minimize risk and ensure business continuity by pro-actively limiting the impact of a security breach.
هي مجموعة من السياسات والإجراءات لإدارة البيانات الحساسة للمؤسسة بشكل منهجي. الهدف من ISMS هو تقليل المخاطر وضمان استمرارية العمل من خلال الحد بشكل استباقي من تأثير الخرق الأمني.
………………………………………………………………………………………………………………………………………………………………….
Q:02
a/my PHoNe**2020## this is on of best password
b/the cost important when information security done
c/when make information security is important to understanding the confidentiality
d/I work in secure building so discuses information in an closed work area
e/security system development is life cycle
………………………………………………………………………………………………………………………………………………………………
Q:03
Plan 1: Divide all employees of the company into three types according to their safety class A, B, C
Class A includes the company’s owner, chairman and management, Class B includes senior staff, Class C includes new employees And the system will always follow them The system is always followed by external dialects and class a,b
Plan 02: Provide all the devices and points of contact through the work of groups and one official who has the powers such as amendment and others, The system must focus with external dialects and with the responsibility of each group.
………………………………………………………………………………………………………………………………………………………………
الامير جمال رمضان .
question(1)
a) Information security refers to the processes and tools designed to protect sensitive business information from modification, disruption, destruction and inspection.
-importance of information security-
Information systems security is very important to help protect against this type of theft. Companies and organizations are especially vulnerable since they have a wealth of information from their employees. This can include names, addresses, telephone numbers, social security numbers, payrolls, etc. This information is sensitive and needs to be protected
b)An information security management system (ISMS) is a set of policies and procedures for systematically managing an organization’s sensitive data,it requires minimization the risk and ensures business continuity by pro-actively limiting the impact of a security breach
question(2)
1) False ( m_a137@br&sv this is one of best passwords)
2) False ( Money is important after IS is done for maintenance and development)
3)true
4) False ( information discussion shouldn’t be in an open work area because information is the backbone of system security)
5) True
question(3)
1. Manage who has access
First, as an organization, take inventory of what data every employee may or may not have access to. Determine which employees still need access and which do not in an effort to limit the amount of data access by employees/admins to a small, manageable number. In addition, have your admins determine which type of access each department/employee needs.
According to infoworld.com:
“Credential hygiene is essential to strong database security because attackers often, if not nearly always, seek to compromise privileged accounts to gain access to confidential data. Minimizing permanent privileged accounts reduces the risk that one of those accounts will be compromised and used maliciously.”
2. Know and protect your most important data
If a data breach occurred in the next hour, could you quickly identify your most valuable data? As a company, it’s important to take the time to identify what you consider the most valuable data and work on protecting that first.
Commonly referred as the “crown jewels” of data, this type of data usually makes up 5-10 percent of the company’s data, and if it were compromised, would cause the most damage to the company. Once identified, work on procedures to not only secure the data but also limit the amount of employees that have access to it.
3. Develop a data security plan/policy
Another important strategy when looking to improve data security is developing a data security policy. It’s important to have a plan in place when hacks and breaches occur and a plan that determines which employees need and have access to data, as mentioned above. Thus, these sorts of policies can keep employees in line and organized.
This policy should also be open to changes and edits as amendments will need to be made to match the growing technology innovations and new company policies. By having data access rules that are strictly enforced, the better you protect your data on a day-to-day basis.
4. Develop stronger passwords throughout your organization
Employees need to have stronger and more complicated passwords. Work to help employees develop passwords that are a combination of capital letters, numbers and special characters that will make it much harder for hackers to crack.
A good rule of thumb when creating a new password is to have it be at least 12 characters and to not include a combination of dictionary words, such as “green desk.” All and all, passwords should be unique to employees and difficult for computers to guess.
5. Regularly backup data
Lastly, it’s important to backup your data on a regular basis. In addition to hacks, loss of data is a serious issue, and organizations need to be prepared for the unexpected. As a business, get in the habit of either automatically or manually backing up data on a weekly or daily basis.
Also, make sure the backup data is equally secure from potential hackers. With a strong software program or IT department, it can help businesses fight off potential threats and build business values around the importance data security.
Avoid becoming the next major data breach story by taking action and initiative with your data security and protecting what’s valuable to your organization.
Question (1)
1) Information security refers to the processes and tools designed to protect sensitive business information from modification, disruption, destruction and inspection.
Information security is important to help protect against types of theft. Companies and organizations are especially vulnerable since they have a wealth of information from their employees. This can include names, addresses, telephone numbers, social security numbers, etc. This information is sensitive and needs to be protected.
2) ISMS requires minimization the risk and ensures business continuity by pro-actively limiting the impact of a security breach. It typically addresses employee behavior and processes as well as data and tech. It can be targeted towards a particular type of data, such as customer data, or it can be implemented in a comprehensive way that becomes part of the company’s culture.
Question (2)
1) False –> ^&$%GHabc123 this is one of best passwords.
2) False –> Money is important after IS is done for maintenance and development.
3)
4) False –> You need to discuss information in a secure work-space.
5) True.
Question (3)
To enhance the security of data:
Plan(1) “Costly”:
1- Have backups in place
It’s not just about protection; it’s about having backups to restore your info in case your systems need to be rebooted. That’s something you need to invest in.
2-Plan and protect for a security breach.
With the growth of the IoT, chances of a security breach continue to rise. Sure, you would like to keep this from happening to your company, but the goal is to limit the damage in the event this does happen. You can do this by keeping a backup in case of a breach, installing endpoint protection software, and keeping your system up to date with security fixes.
3-Consult an expert.
There are lots of little tweaks and hacks that can be done to bolster protection, but unless someone is looking at a company from a holistic point of view, it’s bound to have vulnerabilities. I feel the only safe way to protect a company as the stakes get higher is to work with an outsourced firm that specializes in security, or bring someone in-house.
4-Add a web application firewall
5-Remain vigilant and resilient.
Being vigilant is a matter of continual monitoring to make sure systems are still secure. Being resilient includes being able to quickly address and recover from threats.
6-Have a two-step verification process
This adds another layer of protection for data, which is essential when there are so many devices now being connected together with the same username and password. Longer passwords are also part of this extra security measure, making it more difficult to compromise the system.
7-Encrypt everything
The IoT will lead to the omnipresence of smart, connected devices. It’s impractical to determine the trustworthiness of every single device that data might pass through or be stored on, even those within firewalled networks. The solution is to ensure that all data, both at rest and in transit, is encrypted. Trust will move from the level of the network to the device or individual. Only peoplewith the authentication credentials or a pre-verified device will have access to data that is encrypted unless it’s being actively used.
8-Have users change passwords no less than every 90 days.
Most data breaches come from people using very easy to guess passwords. There are a number of strategies you can deploy to require users to take extra steps, including basic things like requiring the use of capital letters, numbers and symbols (or combinations thereof), but what I’ve found to be even more secure is requiring users to change their password no less than every 90 days. This helps to protect from internal intruders, as well as workplace breaches.
9-Use a mobile device management-like approach
We can replicate the MDM approach for IoT so that we can manage and monitor the devices, which are connected to the IoT network. Companies can inject the data encryptions from the remote locations and change it whenever needed. Devices can also be profiled or removed from access.
10-Constantly test
The only way to make sure something is consistently secure is to test it all the time. It isn’t unusual for deeply data-sensitive organizations to hire an experienced respectable hacker to test their security structure. Vulnerability scanning and evaluations are equally important inside and outside your security system. If you can find a way to get illegitimate access to your data, the outside world can as well.
Plan(2) “Less expensive”:
1-Limit Data Access
Most of the organizations give privileged access to their sensitive data to a number of employees and insiders.Organization’s should determine what an employee needs access to and ensure they have access to only what they need.
2-Know and protect your most important data
If a data breach occurred in the next hour, could you quickly identify your most valuable data? As a company, it’s important to take the time to identify what you consider the most valuable data and work on protecting that first. Commonly referred as the “crown jewels” of data, this type of data usually makes up 5-10 percent of the company’s data, and if it were compromised, would cause the most damage to the company.
3-Pre-Planned Data Security Policy
When looking at the operations and processes needed to mitigate a cyber-attack, an important step is to prepare a list of security measures and data security policies. This sort of plan by an organizations could help significantly in critical situation and times of incident response. Through policies, you can immediately react in order to prevent extreme impacts of a cyber-attack.
4-Strong and Different Passwords for Every Department
Sensitive data in an organization should be locked away with strong passwords. Making stronger passwords is necessary for fighting a number of password hacking tools that are easy to get on the market. Try ensuring that there are a combination of different characters including alphabets, numbers, symbols and other capital letters.
5-Regular Data Backup and Update
Last on the list of important data security measures is having regular security checks and data backups. For an unexpected attack or data breach, it is really helpful to have an organization back up their data. To have a successful business, you must keep a habit of automatic or manual data backup on a weekly or daily basis.
محمد نصحى محمود محمد
المستوى الرابع
Q1_علم متخصص بتامين المعلومات المتداوله عبر شبكه الانترنت من المخاطر التي تهددها
هو العلم الذي يعمل ع توفير الحمايه للمعلومات من المخاطر التي تهددها ويمنع الاعتداء عليها
information security is important to help protect against types of theft. Companies and organizations are especially vulnerable since they have a wealth of information from their employees. This can include names, addresses, telephone numbers, social security numbers, etc. This information is sensitive and needs to be protected.
2_An ISMS is a set of controls that an organization implements to protect its own informational assets and other information assets for which it is responsible.
Q2
1_ NSTH$PY123 good password
2_ false – هام جدا لان النظام فى حالة دائمة فى التطور ولمواكبة هذا التطور يجب اى يتم تحديث النظام وترقيع الثغرات الامنية خلال نظم الحماية لديك
3) true
4)false – لا يجب ان يتم مشاركة اى بيانت خاصة بالعمل فى الخارج لان من الممكن استغلال هذة المعلومات فى اختراق الشركة حتى لو كانت بدون اهمية بنسبة لك
5)true_
Q3 _
•1- التخطيط لاستمرار العمل، وهو كيفية تمكين الشركات لاستمرار العمل بعد حصول إخفاق أو كارثة لا سامح الله.
•2- التحكم بالوصول إلى النظام ألمعلوماتي، هو القدرة على الوصول إلى المعلومات وكذلك اكتشاف النشاطات الغير مرخصة فيها.
•3- الأمان المادي والبيئي , ضمان عدم الوصول الغير مرخص لنظام المعلومات أو الأضرار المادي به بغض النضر عن نوايا الوصول .
•4- التقيد , هو عدم مخالفة أي قانون مدني أو جزائي أو تنظيمي أو شروط تعاقدية وذلك من خلال التدقيق من تحقيق المتطلبات الأمنية والتدقيق في تطبيقها وفق تلك المتطلبات .
•5- أمان الموظفين, هو تقليل أضرار الحوادث الأمنية من خلال تخفيض الأخطاء البشرية أو السرقة أو إساءة الاستخدام.
•6- تنظيم الأمان , تبين كيفية صيانة وإدارة امن المعلومات ضمن الشركة .
•7- الكومبيوتر وإدارة العمليات . هو وقاية المعلومات لمنع خسارتها أو التعديل عليها أو إساءة استخدامها من خلال معرفة كيف تجزئة الأخطار وتصغيرها واحتوائها .
Q1
1)Information security (IS) is designed to protect the confidentiality, integrity and availability of computer system data from those with malicious intentions. Confidentiality, integrity and availability are sometimes referred to as the CIA Triad of information security. This triad has evolved into what is commonly termed the Parkerian hexad, which includes confidentiality, possession (or control), integrity, authenticity, availability and utility.
information security is very important in an organization to protect the applications that implemented in organizations and protect the data store in computer as well. … In an organization, information is important business assets and essential for the business and thus need appropriate protected
2)An information security management system (ISMS) is a set of policies and procedures for systematically managing an organization’s sensitive data. The goal of an ISMS is to minimize risk and ensure business continuity by pro-actively limiting the impact of a security breach.
Q2
1) Qxxxd$123 is strong passwords
2) False ( Money is important after IS is done for maintenance and development)
3)true
4) False ( information discussion shouldn’t be in an open work area because information is the backbone of system security)
5) True
Q3
•1- التخطيط لاستمرار العمل، وهو كيفية تمكين الشركات لاستمرار العمل بعد حصول إخفاق أو كارثة لا سامح الله.
•2- التحكم بالوصول إلى النظام ألمعلوماتي، هو القدرة على الوصول إلى المعلومات وكذلك اكتشاف النشاطات الغير مرخصة فيها.
•3- الأمان المادي والبيئي , ضمان عدم الوصول الغير مرخص لنظام المعلومات أو الأضرار المادي به بغض النضر عن نوايا الوصول .
•4- التقيد , هو عدم مخالفة أي قانون مدني أو جزائي أو تنظيمي أو شروط تعاقدية وذلك من خلال التدقيق من تحقيق المتطلبات الأمنية والتدقيق في تطبيقها وفق تلك المتطلبات .
•5- أمان الموظفين, هو تقليل أضرار الحوادث الأمنية من خلال تخفيض الأخطاء البشرية أو السرقة أو إساءة الاستخدام.
•6- تنظيم الأمان , تبين كيفية صيانة وإدارة امن المعلومات ضمن الشركة .
•7- الكومبيوتر وإدارة العمليات . هو وقاية المعلومات لمنع خسارتها أو التعديل عليها أو إساءة استخدامها من خلال معرفة كيف تجزئة الأخطار وتصغيرها واحتوائها .
•8- تصنيف الأصول والتحكم بها , هو ضمان إن أصول المعلومات تتلقى مستوى مناسب من الحماية وكذلك كيفية المحافظة على الحماية الملائمة لأصول الشركة .
•9- تطوير النظام وصيانته, هو عملية حماية أصول الشركات وتحصين مبانيها في كل نواحي أنظمة تكنولوجيا المعلومات والبرامج والبيانات التابعة لها .
Q1:
information security:
Information security, often referred to as InfoSec, refers to the processes and tools designed and deployed to protect sensitive business information from modification, disruption, destruction, and inspection.
“Info Sec” is a crucial part of cybersecurity, but it refers exclusively to the processes designed for data security. Cybersecurity is a more general term that includes InfoSec.
a set of strategies for managing the processes, tools and policies necessary to prevent, detect, document and counter threats to digital and non-digital information. Infosec responsibilities include establishing a set of business processes that will protect information assets regardless of how the information is formatted or whether it is in transit, is being processed or is at rest in storage.
The improtance: is very important in an organization to protect the applications that implemented in organizations and protect the data store in computer as well. … In an organization, information is important business assets and essential for the business and thus need appropriate protected.
Q2:
information security management:
If you start making forays into the world of information security and management systems, you will quickly stumble across the term ‘ISMS’. An ISMS, or information security management system, is a defined, documented management system that consists of a set of policies, processes, and systems to manage risks to organizational data, with the objective of ensuring acceptable levels of information security risk.
By designing, implementing, managing, and maintaining an ISMS, an organization is able to protect its confidential, personal, and sensitive data from being leaked, damaged, destroyed, or exposed to harmful elements. The point of an ISMS is to proactively limit the impact of a data security breach.
The ISMS is relevant for a defined organization or business unit that falls within the scope of the ISMS.
The motivation behind information security management is to guarantee business coherence and decrease business harm by counteracting and limiting the effect of security incidences. An Information Security Management System (ISMS) empowers data to be shared while guaranteeing the assurance of data and registering resources.
Q3:
a:fulse is best password
b:fulse “money is important after IS by maintanince”
c:true
d:fulse “must be in secure work space”
f:true
Q4:
plane1:
1-Limit Data Access
Most of the organizations give privileged access to their sensitive data to a number of employees and insiders. Think about who in your organization has access to sensitive customer data? Can you identify everyone’s access rights? Most company executives are unaware of the details about individual employees who have access to data and why they access it. This is a huge risk to data loss, theft and hacking.
This means it is necessary for businesses to limit the data access. Organization’s should determine what an employee needs access to and ensure they have access to only what they need. Not anything else. These all limitations could help organizations to manage their data more efficiently and ensure it is being safeguarded from theft or loss.
2-Identify Sensitive Data
For companies, it is really important to be aware of where their most important data and sensitive business information lies. This will ensure you have the right information and allocate more resources to protecting your most sensitive and crucial assets.
Although sensitive business data is only probably around 5-10% of your total business data, a data compromise involving sensitive or personal data could result in an immense loss of reputation and revenue to a company. If we go back to access management and rights, we should be putting more strict measures on sensitive data over other business data.
3-Pre-Planned Data Security Policy
When looking at the operations and processes needed to mitigate a cyber-attack, an important step is to prepare a list of security measures and data security policies. This sort of plan by an organizations could help significantly in critical situation and times of incident response. Through policies, you can immediately react in order to prevent extreme impacts of a cyber-attack.
As with access management and rights, employee access could be identified easily and you would remain aware of which users in your organization could have potentially been breached. It’s important to remember that a policy and process plan is only as good as it’s last revision. Technology, industry regulation and best practice is always changing. Someone therefore needs to own this policy and process guide and always look at new ways of updating it to keep it relevant.
3-
23 Jun 2017
5 Ways to Enhance Data Security
The world of cybersecurity is progressing at a huge speed and in at the same time, improvements in technologies are becoming increasingly better at assisting the hackers and cyber-criminals to exploit data security loopholes. The constant increasing graph of cybersecurity attacks are a major concern for internet users and business organizations. And they should be!
One recent example of the growing scale of such attacks is the recent ransomware attack known as WannaCry. It was one of the largest attacks in recent years affecting a large number of businesses all over the world. Here’s where the question arises; ‘why have both large and small businesses been affected and influenced by this attack?’. It seems like the world is starting to see that increased security measures are not just a matter of protecting data, but in protecting data, we are protecting the very infrastructure of our business.
There are many ways organizations can protect their business from cyber-attacks. The article is from a PrivacyEnd post which outlines several measures including; updated software, improved technologies, skilled employees and pre-planned precautionary measures.
I have extracted the five suggestions from the PrivacyEnd article that I wish to explore in more depth to provide you with recommendations and tips for enhancing your organization’s data security.
Limit Data Access
Most of the organizations give privileged access to their sensitive data to a number of employees and insiders. Think about who in your organization has access to sensitive customer data? Can you identify everyone’s access rights? Most company executives are unaware of the details about individual employees who have access to data and why they access it. This is a huge risk to data loss, theft and hacking.
This means it is necessary for businesses to limit the data access. Organization’s should determine what an employee needs access to and ensure they have access to only what they need. Not anything else. These all limitations could help organizations to manage their data more efficiently and ensure it is being safeguarded from theft or loss.
According to Dircks, Bomgar CEO,
With the continuation of high-profile data breaches, many of which were caused by compromised privileged access and credentials, it’s crucial that organizations control, manage, and monitor privileged access to their networks to mitigate that risk. The findings of this report tell us that many companies can’t adequately manage the risk related to privileged access. Insider breaches, whether malicious or unintentional, have the potential to go undetected for weeks, months, or even years – causing devastating damage to a company.
Identify Sensitive Data
For companies, it is really important to be aware of where their most important data and sensitive business information lies. This will ensure you have the right information and allocate more resources to protecting your most sensitive and crucial assets.
Although sensitive business data is only probably around 5-10% of your total business data, a data compromise involving sensitive or personal data could result in an immense loss of reputation and revenue to a company. If we go back to access management and rights, we should be putting more strict measures on sensitive data over other business data.
Pre-Planned Data Security Policy
When looking at the operations and processes needed to mitigate a cyber-attack, an important step is to prepare a list of security measures and data security policies. This sort of plan by an organizations could help significantly in critical situation and times of incident response. Through policies, you can immediately react in order to prevent extreme impacts of a cyber-attack.
As with access management and rights, employee access could be identified easily and you would remain aware of which users in your organization could have potentially been breached. It’s important to remember that a policy and process plan is only as good as it’s last revision. Technology, industry regulation and best practice is always changing. Someone therefore needs to own this policy and process guide and always look at new ways of updating it to keep it relevant.
Strong and Different Passwords for Every Department
Sensitive data in an organization should be locked away with strong passwords. Making stronger passwords is necessary for fighting a number of password hacking tools that are easy to get on the market. Try ensuring that there are a combination of different characters including alphabets, numbers, symbols and other capital letters.
Additionally, using the same passwords for different programs and access is also a risk. Once your password is cracked, a hacker will try the same password on all major accounts you own.
Therefore, organizations should keep unique passwords for all employees as well as the departments. This can be easily managed using a password manager tool and ensuring that all employees receive proper data security training and password tips.
Where possible, it is also advised that multi-factor authentication is used. Adding another step to a password login means another step that hackers need to crack, making the hack much more unlikely and difficult. Some good examples of multi-factor authentication include biometrics, push notifications to phones, smartcards and token authentication.
4-Regular Data Backup and Update
Last on the list of important data security measures is having regular security checks and data backups. For an unexpected attack or data breach, it is really helpful to have an organization back up their data. To have a successful business, you must keep a habit of automatic or manual data backup on a weekly or daily basis.
In addition, the data should be protected through updated software and efficient antivirus tools. However, to attain this, you must have progressive and efficient IT department. Make sure you are hiring someone with the right skills who you can trust to do the job properly.
plane2:
1. Encrypt all data stored in the cloud
Simply put, encryption protects your data, whether it’s stored in a data center or being transmitted around the Internet. Encryption protects your data from all unwanted eyes, including business partners, competitors, malicious hackers, and even regular people who have no business knowing your company’s sensitive information. Encryption is most effective when it’s ubiquitous and integrated into your existing workflow; you shouldn’t have to turn on/off data encryption, it should be an automatic process when sharing files via the cloud.
2. Manage file access permissions
Although data breaches from external attacks often get the biggest headlines, data loss is often a result of employee error. Define who needs to have access to specific client data, how to remove permissions should an employee leave the business, and the rights your staff should have to print, email, export or save documents outside of your designated cloud or on-premises software.
If an attorney, account manager, finance administrator or other employee isn’t involved in the day-to-day interactions with a client, or doesn’t need oversight into the process of that business, they shouldn’t have rights to view, delete or even know that certain files exist. Keep a tight line of permissions around those sorts of files, and the likelihood of data leaking drops rapidly. Also consider the use of Enterprise Digital Rights Management solution to help control assets that need to be sent outside of the security perimeter.
3. Protect data across all applications and devices
It’s a real double-edged sword: laptops and mobile devices equipped with cloud applications make it easy to access files from outside the office, helping move business forward despite physical boundaries. However, file sharing outside your network firewall, especially via the cloud, introduces a number of vulnerabilities to your information.
You can establish policies on the sorts of files which can be accessed outside the office. Or, you can adopt a data protection system that offers secure mobile applications for Android or iOS devices. Do your employees or customers prefer to use cloud services like Dropbox or Office 365 for email and client files? Virtual data room applications, integrated to these cloud services increases adoption and appreciation for secure collaboration. Make sure your online file sharing service is secure- cybersecurity matters in every aspect of your business that takes place on the internet.
4. Stay current on news and trends
Hackers never sleep. New malware, vulnerabilities and “zero day” attacks occur frequently. Don’t let malicious attackers, or even your competitors, get their hands on information that is critical to your business or the privacy of your clients. Companies that are dedicated to managing the private affairs of other organizations and individuals are often have the largest target on their back.
Keep up to date on the latest strengths, weaknesses, opportunities and threats by following the CapLinked blog and other reputable infosec news sources, especially Twitter, which can provide near live updates as data breach stories emerge. Knowledge is the key to protecting your company against data leaks, so make sure to keep your entire organization up to speed on new technology and vulnerabilities.
Q1
1)Information security (IS) is designed to protect the confidentiality, integrity and availability of computer system data from those with malicious intentions. Confidentiality, integrity and availability are sometimes referred to as the CIA Triad of information security. This triad has evolved into what is commonly termed the Parkerian hexad, which includes confidentiality, possession (or control), integrity, authenticity, availability and utility. information security management system (ISMS) is a set of policies and procedures for systematically managing an organization’s sensitive data. The goal of an ISMS is to minimize risk and ensure business continuity by pro-actively limiting the impact of a security breach.
Question (2)
1-(false)
(AbD12&%dBa&s)this is one of best password2) False –> Money is important after IS is done for maintenance and development.
3)
4) False –> You need to discuss information in a secure work-space.
5) True.
Sayed Kenawy
Sayed Kenawy
Professor Associate
Sayed Kenawy® Sayedkenawy.com
List
Midterm Exam
March 4, 2019 | sayed kenawy | information security
9 Responses to “Midterm Exam”
خالد محمد عبد اللطيف March 5, 2019 at 2:56 pm
question(1)
a) الأمن المعلومات هو العلم الذي يعمل علي توثيق الحماية من المخاطر الذي تهددها أو اعتداء عليها وذلك من خلل توثيق الأدوات ووسائل اللازمة لحماية معلومات من مخاطر الداخلية والخارجية أي وضع برنامج امن لمعلومات وذلك لمنع وصول المعلومات إلي أشخاص عير مخولين عبر اتصال ولضمان صحة هذه اتصال
اهمية تكمن فى الحفاظ على المعلومات الخاصة بالعميل او المور الشخطية سواء كانت لمؤسة او جهات اخرى من التسريب او الاختراق
b)An information security management system (ISMS) is a set of policies and procedures for systematically managing an organization’s sensitive data. The goal of an ISMS is to minimize risk and ensure business continuity by pro-actively limiting the impact of a security breach.
question(2)
1) false – to be more secure we should like that [q=8H9s/fCW*’#qcT]
2) false – هام جدا لان النظام فى حالة دائمة فى التطور ولمواكبة هذا التطور يجب اى يتم تحديث النظام وترقيع الثغرات الامنية خلال نظم الحماية لديك
3) true
4)false – لا يجب ان يتم مشاركة اى بيانت خاصة بالعمل فى الخارج لان من الممكن استغلال هذة المعلومات فى اختراق الشركة حتى لو كانت بدون اهمية بنسبة لك
5)true
question(3)
اولا يجب ان نكون على علم ان معظم الاختراقات التى حدثت فى اخر 5 سنوات هيا اختراقات مبنية على استغلال العامل البشرى فيها من خلال الهندسة الاجتماعية والاصطياد الالكترونى من خلال الصفحات المزورة او غيرها
ولكى يتم بناء منظومة امن معلومات اكثر امانا يجب توعية العامل اولا باهمية امن الملعومات ومخاطرها
ثانية يتم عمل نظام حماية قادر على اكتشاف الاختراقات الامنية اول باول
وهذا يكون على الاقل استخدام 2 من مهندسن امن المعلوامات ذو الكفاءة فى ادارة النظام واستخدام برامج ذات حماية علية واستخدام جدار حمية جيد وهذا من الممكن ان يكلف فى بداية الامر ولكن سوف يعمل على حماية النظام
plan (2)
هو عمل نظام قادر على قفل النظام فى حالة الاختراقات الامنية
وعلم نسخة احتياطية من البيانات وفصلها عن النظام فى الحالات الطارقة وغيرها حتى وصول المشرفين على النظام
Reply
Tasnem Rageh March 5, 2019 at 3:12 pm
Q(1)
1) Information security refers to the processes and tools designed to protect sensitive business information from modification, disruption, destruction and inspection.
Information security is important to help protect against types of theft. Companies and organizations are especially vulnerable since they have a wealth of information from their employees. This can include names, addresses, telephone numbers, social security numbers, etc. This information is sensitive and needs to be protected.
2) ISMS requires minimization the risk and ensures business continuity by pro-actively limiting the impact of a security breach. It typically addresses employee behavior and processes as well as data and tech. It can be targeted towards a particular type of data, such as customer data, or it can be implemented in a comprehensive way that becomes part of the company’s culture.
———————————————————————–
Q(2)
1) False –> ^&$%GHabc123 this is one of best passwords.
2) False –> Money is important after IS is done for maintenance and development.
3)
4) False –> You need to discuss information in a secure work-space.
5) True.
————————————————————————–
Q(3)
To enhance the security of data:
Plan(1) “Costly”:
1- Have backups in place
It’s not just about protection; it’s about having backups to restore your info in case your systems need to be rebooted. That’s something you need to invest in.
2-Plan and protect for a security breach.
With the growth of the IoT, chances of a security breach continue to rise. Sure, you would like to keep this from happening to your company, but the goal is to limit the damage in the event this does happen. You can do this by keeping a backup in case of a breach, installing endpoint protection software, and keeping your system up to date with security fixes.
3-Consult an expert.
There are lots of little tweaks and hacks that can be done to bolster protection, but unless someone is looking at a company from a holistic point of view, it’s bound to have vulnerabilities. I feel the only safe way to protect a company as the stakes get higher is to work with an outsourced firm that specializes in security, or bring someone in-house.4- Patch OS and Application Software
Check for security advisories on a regular basis. If your vendor says you should apply an important security patch, you really need to get it done.
5- Use Strong Passwords
Do not use your favorite color. Do not use the name of your dog (or cat, parakeet, critter,). Do not change letters to clever number and punctuation replacements (c!3v3r, n0? No!). These all can be cracked in no time. Better yet, consider a stronger authentication mechanism.
6- Don’t open email attachments!
Delete email from unknown and unexpected sources outright. But even email that appears to be coming from friends, relatives and associates can be dangerous. Many worms have used personal address books to propagate themselves.
Sayed Kenawy
Sayed Kenawy
Professor Associate
Sayed Kenawy® Sayedkenawy.com
List
Midterm Exam
March 4, 2019 | sayed kenawy | information security
9 Responses to “Midterm Exam”
خالد محمد عبد اللطيف March 5, 2019 at 2:56 pm
question(1)
a) الأمن المعلومات هو العلم الذي يعمل علي توثيق الحماية من المخاطر الذي تهددها أو اعتداء عليها وذلك من خلل توثيق الأدوات ووسائل اللازمة لحماية معلومات من مخاطر الداخلية والخارجية أي وضع برنامج امن لمعلومات وذلك لمنع وصول المعلومات إلي أشخاص عير مخولين عبر اتصال ولضمان صحة هذه اتصال
اهمية تكمن فى الحفاظ على المعلومات الخاصة بالعميل او المور الشخطية سواء كانت لمؤسة او جهات اخرى من التسريب او الاختراق
b)An information security management system (ISMS) is a set of policies and procedures for systematically managing an organization’s sensitive data. The goal of an ISMS is to minimize risk and ensure business continuity by pro-actively limiting the impact of a security breach.
question(2)
1) false – to be more secure we should like that [q=8H9s/fCW*’#qcT]
2) false – هام جدا لان النظام فى حالة دائمة فى التطور ولمواكبة هذا التطور يجب اى يتم تحديث النظام وترقيع الثغرات الامنية خلال نظم الحماية لديك
3) true
4)false – لا يجب ان يتم مشاركة اى بيانت خاصة بالعمل فى الخارج لان من الممكن استغلال هذة المعلومات فى اختراق الشركة حتى لو كانت بدون اهمية بنسبة لك
5)true
question(3)
اولا يجب ان نكون على علم ان معظم الاختراقات التى حدثت فى اخر 5 سنوات هيا اختراقات مبنية على استغلال العامل البشرى فيها من خلال الهندسة الاجتماعية والاصطياد الالكترونى من خلال الصفحات المزورة او غيرها
ولكى يتم بناء منظومة امن معلومات اكثر امانا يجب توعية العامل اولا باهمية امن الملعومات ومخاطرها
ثانية يتم عمل نظام حماية قادر على اكتشاف الاختراقات الامنية اول باول
وهذا يكون على الاقل استخدام 2 من مهندسن امن المعلوامات ذو الكفاءة فى ادارة النظام واستخدام برامج ذات حماية علية واستخدام جدار حمية جيد وهذا من الممكن ان يكلف فى بداية الامر ولكن سوف يعمل على حماية النظام
plan (2)
هو عمل نظام قادر على قفل النظام فى حالة الاختراقات الامنية
وعلم نسخة احتياطية من البيانات وفصلها عن النظام فى الحالات الطارقة وغيرها حتى وصول المشرفين على النظام
Reply
Tasnem Rageh March 5, 2019 at 3:12 pm
Q(1)
1) Information security refers to the processes and tools designed to protect sensitive business information from modification, disruption, destruction and inspection.
Information security is important to help protect against types of theft. Companies and organizations are especially vulnerable since they have a wealth of information from their employees. This can include names, addresses, telephone numbers, social security numbers, etc. This information is sensitive and needs to be protected.
2) ISMS requires minimization the risk and ensures business continuity by pro-actively limiting the impact of a security breach. It typically addresses employee behavior and processes as well as data and tech. It can be targeted towards a particular type of data, such as customer data, or it can be implemented in a comprehensive way that becomes part of the company’s culture.
———————————————————————–
Q(2)
1) False –> ^&$%GHabc123 this is one of best passwords.
2) False –> Money is important after IS is done for maintenance and development.
3)
4) False –> You need to discuss information in a secure work-space.
5) True.
————————————————————————–
Q(3)
To enhance the security of data:
Plan(1) “Costly”:
1- Have backups in place
It’s not just about protection; it’s about having backups to restore your info in case your systems need to be rebooted. That’s something you need to invest in.
2-Plan and protect for a security breach.
With the growth of the IoT, chances of a security breach continue to rise. Sure, you would like to keep this from happening to your company, but the goal is to limit the damage in the event this does happen. You can do this by keeping a backup in case of a breach, installing endpoint protection software, and keeping your system up to date with security fixes.
3-Consult an expert.
There are lots of little tweaks and hacks that can be done to bolster protection, but unless someone is looking at a company from a holistic point of view, it’s bound to have vulnerabilities. I feel the only safe way to protect a company as the stakes get higher is to work with an outsourced firm that specializes in security, or bring someone in-house.
4-Add a web application firewall
5-Remain vigilant and resilient.
Being vigilant is a matter of continual monitoring to make sure systems are still secure. Being resilient includes being able to quickly address and recover from threats.
6-Have a two-step verification process
This adds another layer of protection for data, which is essential when there are so many devices now being connected together with the same username and password. Longer passwords are also part of this extra security measure, making it more difficult to compromise the system.
7-Encrypt everything
The IoT will lead to the omnipresence of smart, connected devices. It’s impractical to determine the trustworthiness of every single device that data might pass through or be stored on, even those within firewalled networks. The solution is to ensure that all data, both at rest and in transit, is encrypted. Trust will move from the level of the network to the device or individual. Only peoplewith the authentication credentials or a pre-verified device will have access to data that is encrypted unless it’s being actively used.
8-Have users change passwords no less than every 90 days.
Most data breaches come from people using very easy to guess passwords. There are a number of strategies you can deploy to require users to take extra steps, including basic things like requiring the use of capital letters, numbers and symbols (or combinations thereof), but what I’ve found to be even more secure is requiring users to change their password no less than every 90 days. This helps to protect from internal intruders, as well as workplace breaches.
9-Use a mobile device management-like approach
We can replicate the MDM approach for IoT so that we can manage and monitor the devices, which are connected to the IoT network. Companies can inject the data encryptions from the remote locations and change it whenever needed. Devices can also be profiled or removed from access.
10-Constantly test
The only way to make sure something is consistently secure is to test it all the time. It isn’t unusual for deeply data-sensitive organizations to hire an experienced respectable hacker to test their security structure. Vulnerability scanning and evaluations are equally important inside and outside your security systemRegularly backup data
Lastly, it’s important to backup your data on a regular basis. In addition to hacks, loss of data is a serious issue, and organizations need to be prepared for the unexpected. As a business, get in the habit of either automatically or manually backing up data on a weekly or daily basis.
Also, make sure the backup data is equally secure from potential hackers. With a strong software program or IT department, it can help businesses fight off potential threats and build business values around the importance data security.
Avoid becoming the next major data breach story by taking action and initiative with your data security and protecting what’s valuable to your organization.
Q1):-
1-Information security is a set of strategies for managing the process , tools and polices necessary to prevent , detect document and counter threats to digital and non-digital information. its importance relies in As we store and access information in various devices such as laptops , mobiles and verbal documents . We handle various types of valuable information like customer data , financial information and business data .
Information is the asset that powers and enables our business and Any loss of information can affect the organization in terms of :
– time – reputation – Money .
2 – Business Obligations: Security commitments to the business. For example, security has a responsibility to ensure that information in the business is kept secure and is available when needed.
Regulatory Obligations: Legal, compliance, or contractual obligations that security must fulfil. For example, organizations in the healthcare industry must be HIPAA compliant.
Customer Obligations: Security commitments that the customer expects the organization to keep. For example, the customer of a manufacturer may require all their blueprint files to be encrypted.
Q2 ) :-
1- (false) the best password should contain letters which are capitalized and small ones , symbols and numbers .
2- (false) money is important all the time during the life time of the project as we might need maintenance works after we finish the IS .
3- (true ) .
4- (false) you do not know whether these information you share could be important for your rivals or not .
5- (true) .
Q3):-
1 – you should encrypt your data :
Data encryption isn’t just for technology geeks; modern tools make it possible for anyone to encrypt emails and other information.
2- backup your data :-
One of the most basic, yet often overlooked, data protection tips is backing up your data. Basically, this creates a duplicate copy of your data so that if a device is lost, stolen, or compromised, you don’t also lose your important information. It’s best to create a backup on a different device, such as an external hard drive, so that you can easily recover your information when the original device becomes compromised.
3-The cloud provides a viable backup option:-
While you should use sound security practices when you’re making use of the cloud, it can provide an ideal solution for backing up your data. Since data is not stored on a local device, it’s easily accessible even when your hardware becomes compromised. “Cloud storage, where data is kept offsite by a provider, is a guarantee of adequate disaster recovery.
1-a Information security (infosec) is a set of strategies for managing the processes, tools and policies necessary to prevent, detect, document and counter threats to digital and non-digital information. Infosec responsibilities include establishing a set of business processes that will protect information assets regardless of how the information is formatted or whether it is in transit, is being processed or is at rest in storage
Information security is designed to protect the confidentiality, integrity and availability of computer system data from those with malicious intentions. Confidentiality, integrity and availability are sometimes referred to as the CIA Triad of information security. This triad has evolved into what is commonly termed the Parkerian hexad, which includes confidentiality, possession (or control), integrity, authenticity, availability and utility.
b
An information security management system (ISMS) is a set of policies and procedures for systematically managing an organization’s sensitive data. The goal of an ISMS is to minimize risk and ensure business continuity by pro-actively limiting the impact of a security breach.
2-a false P@$sw00rd
b false is important
C true
D false secure work area
E true
3-plan 1
First, as an organization, take inventory of what data every employee may or may not have access to. Determine which employees still need access and which do not in an effort to limit the amount of data access by employees/admins to a small, manageable number. In addition, have your admins determine which type of access each department/employee needs.
Plan 2
Another important strategy when looking to improve data security is developing a data security policy. It’s important to have a plan in place when hacks and breaches occur and a plan that determines which employees need and have access to data, as mentioned above. Thus, these sorts of policies can keep employees in line and organized.
This policy should also be open to changes and edits as amendments will need to be made to match the growing technology innovations and new company policies. By having data access rules that are strictly enforced, the better you protect your data on a day-to-day basis.
Information security is a set of strategies for managing the processes, tools and policies necessary to prevent, detect, document and counter threats to digital and non-digital information-information
information security is very important in an organization to protect the applications that implemented in organizations and protect the data store in computer as well. … In an organization, information is important business assets and essential for the business and thus need appropriate protected
b-An information security management system (ISMS) is a set of policies and procedures for systematically managing an organization’s sensitive data.
2-
a- false
A@mn_125 is best pass
b-false
Money important
C – true
d-false
information discussion shouldn’t be in an open work area
d – true
3-plan 1
The effort needed in achieving total computer system security seems overwhelming. There is always something else you could do to improve your security stance. You might be surprised, then, if I told you that just one step could accomplish this goal:
Eliminate all computer systems from your business and use paper instead!
Of course, for most businesses this is not a realistic solution, but then, achieving total computer system security is not a realistic goal. Like crossing the street, there is an element of risk no matter how careful you are. So what can you do to mitigate this risk in a reasonable way, without consuming endless resources
Plan 2
Provide all the devices and points of contact through the work of groups and one official who has the powers such as amendment and others, The system must focus with external dialects and with the responsibility of each group.
Q1
1-Information Security : is Safe-guarding an organization’s data from unauthorized access or modification to ensure its availability, confidentiality, and integrity.
It’s important to help your organizations or clients to understand their strengths and weaknesses as it pertains to security. This baseline creates a starting point for ramping up for success. Once you understand where your organization needs to focus its attention, you can quickly set an actionable plan to help improve your security measures, and ultimately improve your security posture within your industry.
2- Information security management : is a set of guidelines and processes created to help organizations in a data breach scenario. By having a formal set of guidelines, businesses can minimize risk and can ensure work continuity in case of a staff change.
Q2
1-false (hd89@3Q) is one of best password
2-false (money is important after IS because its maintenance
3-True
4-false ( discuses information can’t be in an open work area because it is possible to exploit this information to penetrate the company)
5-True
Q3
These sever tips are important to secure your company.
1- Antivirus
Make sure each of your organization’s computers has antivirus and antispyware. If you have even one weakness in your organization, you are putting all your data and assets at risk. Your antivirus and antispyware software should be updated regularly.
2- Internet Connection
You can’t work without internet. But you can’t work securely on the web without using a firewall, encryption for sensitive information, and a hidden wi-fi network.
3- Educate Employees
According to a recent study, human error is responsible for more than three-quarters of data breaches. If your employees know more about cyber threats and how to protect your organization’s data, your entire organization will be safer.
4- Policies
Having security practices and policies is important. Your company should have these official policies in place, and all employees should be aware of them.
5-Passwords
It may sound like the most trivial security item, but this fundamental stronghold is important. A password that includes capitals, numbers, and preferably a phrase will up your security in a big way.
6- Data Loss Protection
Invest in data loss protection software. You should also encrypt your data in transit. Using two-factor authentication is another data loss protection must.
7- Website
Protect all public-facing web pages, not just checkout and sign-in pages.
Q1.
1-Information security is a set of strategies for managing the process , tools and polices necessary to prevent , detect document and counter threats to digital and non-digital information. its importance relies in As we store and access information in various devices such as laptops , mobiles and verbal documents . We handle various types of valuable information like customer data , financial information and business data .
Information is the asset that powers and enables our business and Any loss of information can affect the organization in terms of :
– time – reputation – Money .
2 – Business Obligations: Security commitments to the business. For example, security has a responsibility to ensure that information in the business is kept secure and is available when needed.
Regulatory Obligations: Legal, compliance, or contractual obligations that security must fulfil. For example, organizations in the healthcare industry must be HIPAA compliant.
Customer Obligations: Security commitments that the customer expects the organization to keep. For example, the customer of a manufacturer may require all their blueprint files to be encrypted.
Q2 ;
1- (false) the best password should contain letters which are capitalized and small ones , symbols and numbers .
2- (false) money is important all the time during the life time of the project as we might need maintenance works after we finish the IS .
3- (true ) .
4- (false) you do not know whether these information you share could be important for your rivals or not .
5- (true) .
Q3;
1 – you should encrypt your data :
Data encryption isn’t just for technology geeks; modern tools make it possible for anyone to encrypt emails and other information.
2- backup your data :-
One of the most basic, yet often overlooked, data protection tips is backing up your data. Basically, this creates a duplicate copy of your data so that if a device is lost, stolen, or compromised, you don’t also lose your important information. It’s best to create a backup on a different device, such as an external hard drive, so that you can easily recover your information when the original device becomes compromised.
3-The cloud provides a viable backup option:-
While you should use sound security practices when you’re making use of the cloud, it can provide an ideal solution for backing up your data. Since data is not stored on a local device, it’s easily accessible even when your hardware becomes compromised. “Cloud storage, where data is kept offsite by a provider, is a guarantee of adequate disaster recovery.
Q1.
1) Information security refers to the processes and tools designed to protect sensitive business information from modification, disruption, destruction and inspection.
Information security is important to help protect against types of theft. Companies and organizations are especially vulnerable since they have a wealth of information from their employees. This can include names, addresses, telephone numbers, social security numbers, etc. This information is sensitive and needs to be protected.
…………………………………………………………………………………………………………………….
2- Information security management : is a set of guidelines and processes created to help organizations in a data breach scenario. By having a formal set of guidelines, businesses can minimize risk and can ensure work continuity in case of a staff change.
……………………………………………………………………………………..
Question (2)
1) False –> ^&%asde123 this is one of best passwords.
2) False –> Money is important after IS is done for maintenance and development.
3)True.
4) False –>discuses information can’t be in an open work area because it is possible to exploit this information to penetrate the company.
5) True.
>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
Q3.
These sever tips are important to secure your company.
1- PERFORM REGULAR BACKUPS!
Sorry about shouting, but I cannot stress this one enough. If you do nothing else, save your work, including contacts, accounting and stored email. And keep your backups somewhere else, away from your office or place of business.
2- Scan for Viruses
Effectively use your virus scanner on all desktop workstations and servers (you do have scanning software, right?). That means regular scans and regular updates. Most scanners will do this for you, but what if an employee disables this feature? (Maybe it slows down his web surfing experience or something). You need to be sure!
3- Use Firewalls
No, firewalls are not going to save us all from all the evil hackers in the world, but they go a long way to making it more difficult for them. If you already have one, make sure it’s configured to allow nothing but the essential traffic. Consider using personal (software) firewalls on each workstation and server, too. A layered approach is best always!
4- Patch OS and Application Software
Check for security advisories on a regular basis. If your vendor says you should apply an important security patch, you really need to get it done.
5- Use Strong Passwords
Do not use your favorite color. Do not use the name of your dog (or cat, parakeet, critter,). Do not change letters to clever number and punctuation replacements (c!3v3r, n0? No!). These all can be cracked in no time. Better yet, consider a stronger authentication mechanism.
6- Don’t open email attachments!
Delete email from unknown and unexpected sources outright. But even email that appears to be coming from friends, relatives and associates can be dangerous. Many worms have used personal address books to propagate themselves.
7-Develop a security policy
Even creating a simple security policy will force you to think about what needs protection and the threats specific to your business. If you have employees, make sure they understand the importance of your policy. Educate them (and yourself, in the process!)
// There are many software programs that vary in price and there are also some free ones that can be used for (System protection) and determine the number of employees according to the available cost //
عبدالرحمن عادل قطب الصاوى
الفرقه الرابعه/ اتصلات
1-
-information security:Information security (infosec) is a set of strategies for managing the processes, tools and policies necessary to prevent, detect, document and counter threats to digital and non-digital information. Infosec responsibilities include establishing a set of business processes that will protect information assets regardless of how the information is formatted or whether it is in transit, is being processed or is at rest in storage.
-importants:No matter how big or small a company may be, there is vital importance in ensuring information security for both your own and your client’s data. The careful planning, implementation, monitoring and maintenance of strict controls is necessary to protect all assets, especially information- which is extremely valuable to any organization.
2-
1- false: the best Use a word or phrase and mix it with shortcuts, nicknames, and acronyms.
for example: S3$$0011and0
2-false:it is important for Future maintenance and modification.
3-True
4-false:Because it is possible to exploit this data
5-True
3-
-Look Beyond IT
Too often, information security is framed in an overly technical light. While the technical aspect is critical, it is not the only context needed to fully understand which information is most vulnerable. By shifting the emphasis to business processes, you create a broader perspective that allows the security team to understand how information moves throughout the organization, which helps them to make decisions about which security controls would be most effective.
-Document Business Processes
A full understanding of business processes requires documentation. Process documentation has to be a collaborative effort between the personnel and the security team. The business value of the information is lost upon the security team, while the potential threat doesn’t register as strongly to the owner of the business information. Additionally, documentation will play a major role as your information security plan matures. Evidence-based controls assurance is increasingly becoming a required competency for security teams. What is more, proper process documentation will ensure that audits will be more efficient and less disruptive to your organization.
-Reduce Complexity Through Automation
The most successful information security plans are those that can be executed. For that reason, it is crucial to ensure that it is simple for everyone to follow the instructions for securing their data. Automation goes a long way towards reducing complexity. For example, it is easier on your organization if you have a central policy engine that decides whether an email needs encryption, so that all the user has to do is press send.
-Don’t Forget Internal Threats
While organizations certainly need to protect themselves and their information from external threat, company policy also needs to reflect the reality that internal threats can be as large as external ones. Damage can be done by personnel both consciously and unconsciously, so security measures and training programs need to be implemented to mitigate that risk. It is important to remember that workforce adoption of the security measures is critical, because an information security policy is only as strong as its weakest link.
1-Abstract: Currently information security is crucial to all organization to protect their information and conducts their business. Information security is defined as the protection of information and the system, and hardware that use, store and transmit that information. Information security performs four important for an organization which is protect the organization’s ability to function, enable the safe operation of applications implemented on the organization’s IT systems, protect the data the organization collect and uses, and lastly is safeguards the technology assets in use at the organization. There are also challenges and risk involves in implemented information security in organization.
2-An information security management system (ISMS) is a set of policies and procedures for systematically managing an organization’s sensitive data. The goal of an ISMS is to minimize risk and ensure business continuity by pro-actively limiting the impact of a security breach.
An ISMS typically addresses employee behavior and processes as well as data and technology. It can be targeted towards a particular type of data, such as customer data, or it can be implemented in a comprehensive way that becomes part of the company’s culture
1-false-doesn’t contain special words or # or \ and easy to impact
2-false-because we will need to make maintain
3-true
4-false-because the importance of this information
5-true
plan-1:
–first we need to know all the opening point in the system
–we fix all opening point
–Designation an employee with professional experience on the system
–make all passwords strong
–know who can enter the system and his permission
plan-2;
–we make an Competition for all programmers to penetrate our system
–we fix all this points
–we encrypt our information to make it secure
–our devices can’t enter the internet while the administrator proved
–record every entry to the system with time and the name
Q1) a-
Information security ensures that people deal with the reliable information and data regarding confidentiality , integrity and availability and it is an important prerequisite in the pursuit of a better and above all more reliable service offering .
Failure of a computer systems database is failing into the wrong hands or the abuse of confidential information can have series consequences for organizations ,businesses and citizens . these includes loss of image compensation claims and even political consequences
b-
documents “ .
We handle various types of valuable information like “ customer data – financial information – business data “.
Information is the asset that powers and enables our business. Any loss of information can affect the organization in terms of ( time – reputation – money )
Here are some information security practices important to be followed :
• E-mail security : does an email have a suspicious link or an attachment ? don’t click or open it.
• Internet security: while using internet , don’t download free or unauthorized software , even if you have admin access.
• Social media usage : while participating in social media , don’t disclose confidential information .
• Connecting to WiFi: always connect to secure WiFi hotspots.
ـــــــــــــــــــــــــــــــــــــــــ
Q2)
1- false (123Aa@fbi )
2- false ( Money is important after IS done )
3- false ( ) i don’t have any idea
4- false ( in security area )
5- True
ـــــــــــــــــــــــــــــــــــــــــ
Q3)
Plan A:
1-Limit Data Access
2-Identify Sensitive Data
3-Pre-Planned Data Security Policy
5 Ways to Enhance Data Security
The world of cybersecurity is progressing at a huge speed and in at the same time, improvements in technologies are becoming increasingly better at assisting the hackers and cyber-criminals to exploit data security loopholes. The constant increasing graph of cybersecurity attacks are a major concern for internet users and business organizations. And they should be!
Limit Data Access
Most of the organizations give privileged access to their sensitive data to a number of employees and insiders. Think about who in your organization has access to sensitive customer data? Can you identify everyone’s access rights? Most company executives are unaware of the details about individual employees who have access to data and why they access it. This is a huge risk to data loss, theft and hacking.
Identify Sensitive Data
For companies, it is really important to be aware of where their most important data and sensitive business information lies. This will ensure you have the right information and allocate more resources to protecting your most sensitive and crucial assets.
Pre-Planned Data Security Policy
When looking at the operations and processes needed to mitigate a cyber-attack, an important step is to prepare a list of security measures and data security policies. This sort of plan by an organizations could help significantly in critical situation and times of incident response. Through policies, you can immediately react in order to prevent extreme impacts of a cyber-attack.
Strong and Different Passwords for Every Department
Sensitive data in an organization should be locked away with strong passwords. Making stronger passwords is necessary for fighting a number of password hacking tools that are easy to get on the market. Try ensuring that there are a combination of different characters including alphabets, numbers, symbols and other capital letters.
Regular Data Backup and Update
Last on the list of important data security measures is having regular security checks and data backups. For an unexpected attack or data breach, it is really helpful to have an organization back up their data. To have a successful business, you must keep a habit of automatic or manual data backup on a weekly or daily basis.
Plane2:
1. Encrypt all data stored in the cloud
Simply put, encryption protects your data, whether it’s stored in a data center or being transmitted around the Internet. Encryption protects your data from all unwanted eyes, including business partners, competitors, malicious hackers, and even regular people who have no business knowing your company’s sensitive information. Encryption is most effective when it’s ubiquitous and integrated into your existing workflow; you shouldn’t have to turn on/off data encryption, it should be an automatic process when sharing files via the cloud.
2. Manage file access permissions
Although data breaches from external attacks often get the biggest headlines, data loss is often a result of employee error. Define who needs to have access to specific client data, how to remove permissions should an employee leave the business, and the rights your staff should have to print, email, export or save documents outside of your designated cloud or on-premises software.
If an attorney, account manager, finance administrator or other employee isn’t involved in the day-to-day interactions with a client, or doesn’t need oversight into the process of that business, they shouldn’t have rights to view, delete or even know that certain files exist. Keep a tight line of permissions around those sorts of files, and the likelihood of data leaking drops rapidly. Also consider the use of Enterprise Digital Rights Management solution to help control assets that need to be sent outside of the security perimeter.
3. Protect data across all applications and devices
It’s a real double-edged sword: laptops and mobile devices equipped with cloud applications make it easy to access files from outside the office, helping move business forward despite physical boundaries. However, file sharing outside your network firewall, especially via the cloud, introduces a number of vulnerabilities to your information.
You can establish policies on the sorts of files which can be accessed outside the office. Or, you can adopt a data protection system that offers secure mobile applications for Android or iOS devices. Do your employees or customers prefer to use cloud services like Dropbox or Office 365 for email and client files? Virtual data room applications, integrated to these cloud services increases adoption and appreciation for secure collaboration. Make sure your online file sharing service is secure- cybersecurity matters in every aspect of your business that takes place on the internet.
4. Stay current on news and trends
Hackers never sleep. New malware, vulnerabilities and “zero day” attacks occur frequently. Don’t let malicious attackers, or even your competitors, get their hands on information that is critical to your business or the privacy of your clients. Companies that are dedicated to managing the private affairs of other organizations and individuals are often have the largest target on their back.
Quesion one :
(1) Information security (IS) is designed to protect the confidentiality, integrity and availability of computer system data from those with malicious intentions. Confidentiality, integrity and availability are sometimes referred to as the CIA Triad of information security. This triad has evolved into what is commonly termed the Parkerian hexad, which includes confidentiality, possession (or control), integrity, authenticity, availability and utility.
(2) Step One: Asset Identification and Valuation
Confidentiality/// Integrity //// Availability////
Step Two: Conduct a Detailed Risk Assessment
Threats//// Vulnerabilities //// Impact and Likelihood/// Mitigation
Step Three: Establish the ISMS
Question Two :
(1) False ,,,,,,,,,,, easy password
correct answer is GYojfdelouyd!!!??123&@
(2) False ,,,,,,,,,,,, Money is important after IS is done for maintenance and development.
(3) True
(4) False ,,,,,,,,,,,, information discussion shouldn’t be in an open work area because information is the backbone of system security
(5) True
Question Three :
plan (1) by building a program that scan of an virus or using print finger that program admin by two or three information security engineer
plan(2) by using difficult operation and ask many question before log in any user
Mohamed Ayman Mosa Selim
Level Four
Communication and electronics department
Q1 :- a)# Information Security is securing information transmitted via the Internet from the risks that
threaten it. It is also the practice of preventing unauthorized access, use, disclosure,
disruption, modification, inspection, recording or destruction of information.
#The information security performs four important functions for an organization which is:-
– Enables the safe operation of application implemented on the organization’s Information
Technology (IT) systems.
– Protects the data the organizations collects and use.
– Safeguards the technology assets in use at the organization
– Protects the organization’s ability to function.
b) Information security management (ISM) describes controls that an organization needs to
implement to ensure that it is sensibly protecting the confidentiality, availability, and
integrity of assets from threats and vulnerabilities.
Q2 :- 1) False
S@r@.21# this is one of the best password
2)False
In any business there are two terms Capex which refers to the amounts that companies use
to purchase major physical goods or services that will be used & Opex which means
Operating expenses represent the other day-to-day expenses necessary to keep the business
running .
3) True .
4) False
Information discussion shouldn’t be in an open work area because information is the
backbone of system security.
5) True .
Q3 :- Plan (1)
– First an organization, take inventory of what data every employee may or may not have access
to.
– Determine which employees still need access and which do not in an effort to limit the amount
of data access by employees/admins to a small, manageable number.
– In addition, have your admins determine which type of access each department/employee
needs.
Plan (2)
Provide all the devices and points of contact through the work of groups and one official who
has the powers such as amendment and others, The system must focus with external dialects
and with the responsibility of each group.
Q1
1-Information Security : is Safe-guarding an organization’s data from unauthorized access or modification to ensure its availability, confidentiality, and integrity.
It’s important to help your organizations or clients to understand their strengths and weaknesses as it pertains to security. This baseline creates a starting point for ramping up for success. Once you understand where your organization needs to focus its attention, you can quickly set an actionable plan to help improve your security measures, and ultimately improve your security posture within your industry.
2- Information security management : is a set of guidelines and processes created to help organizations in a data breach scenario. By having a formal set of guidelines, businesses can minimize risk and can ensure work continuity in case of a staff change.
3-a false P@$sw00rd
b false is important
C true
D false secure work area
E true
Question (3)
1. Manage who has access
First, as an organization, take inventory of what data every employee may or may not have access to. Determine which employees still need access and which do not in an effort to limit the amount of data access by employees/admins to a small, manageable number. In addition, have your admins determine which type of access each department/employee needs.
According to infoworld.com:
“Credential hygiene is essential to strong database security because attackers often, if not nearly always, seek to compromise privileged accounts to gain access to confidential data. Minimizing permanent privileged accounts reduces the risk that one of those accounts will be compromised and used maliciously.”
2. Know and protect your most important data
If a data breach occurred in the next hour, could you quickly identify your most valuable data? As a company, it’s important to take the time to identify what you consider the most valuable data and work on protecting that first.
Commonly referred as the “crown jewels” of data, this type of data usually makes up 5-10 percent of the company’s data, and if it were compromised, would cause the most damage to the company. Once identified, work on procedures to not only secure the data but also limit the amount of employees that have access to it.
3. Develop a data security plan/policy
Another important strategy when looking to improve data security is developing a data security policy. It’s important to have a plan in place when hacks and breaches occur and a plan that determines which employees need and have access to data, as mentioned above. Thus, these sorts of policies can keep employees in line and organized.
This policy should also be open to changes and edits as amendments will need to be made to match the growing technology innovations and new company policies. By having data access rules that are strictly enforced, the better you protect your data on a day-to-day basis.
4. Develop stronger passwords throughout your organization
Employees need to have stronger and more complicated passwords. Work to help employees develop passwords that are a combination of capital letters, numbers and special characters that will make it much harder for hackers to crack.
A good rule of thumb when creating a new password is to have it be at least 12 characters and to not include a combination of dictionary words, such as “green desk.” All and all, passwords should be unique to employees and difficult for computers to guess.
5. Regularly backup data
Lastly, it’s important to backup your data on a regular basis. In addition to hacks, loss of data is a serious issue, and organizations need to be prepared for the unexpected. As a business, get in the habit of either automatically or manually backing up data on a weekly or daily basis.
Also, make sure the backup data is equally secure from potential hackers. With a strong software program or IT department, it can help businesses fight off potential threats and build business values around the importance data security.
Avoid becoming the next major data breach story by taking action and initiative with your data security and protecting what’s valuable to your organization.
Q(1)
1) Information security refers to the processes and tools designed to protect sensitive business information from modification, disruption, destruction and inspection.
Information security is important to help protect against types of theft. Companies and organizations are especially vulnerable since they have a wealth of information from their employees. This can include names, addresses, telephone numbers, social security numbers, etc. This information is sensitive and needs to be protected.
2) ISMS requires minimization the risk and ensures business continuity by pro-actively limiting the impact of a security breach. It typically addresses employee behavior and processes as well as data and tech. It can be targeted towards a particular type of data, such as customer data, or it can be implemented in a comprehensive way that becomes part of the company’s culture.
———————————————————————–
Q(2)
1) False –> ^&$%GHabc123 this is one of best passwords.
2) False –> Money is important after IS is done for maintenance and development.
3)True
4) False –> You need to discuss information in a secure work-space.
5) True.
————————————————————————–
Q(3)
To enhance the security of data:
Plan(1) “Costly”:
1- Have backups in place
It’s not just about protection; it’s about having backups to restore your info in case your systems need to be rebooted. That’s something you need to invest in.
2-Plan and protect for a security breach.
With the growth of the IoT, chances of a security breach continue to rise. Sure, you would like to keep this from happening to your company, but the goal is to limit the damage in the event this does happen. You can do this by keeping a backup in case of a breach, installing endpoint protection software, and keeping your system up to date with security fixes.
3-Consult an expert.
There are lots of little tweaks and hacks that can be done to bolster protection, but unless someone is looking at a company from a holistic point of view, it’s bound to have vulnerabilities. I feel the only safe way to protect a company as the stakes get higher is to work with an outsourced firm that specializes in security, or bring someone in-house.
4-Add a web application firewall
5-Remain vigilant and resilient.
Being vigilant is a matter of continual monitoring to make sure systems are still secure. Being resilient includes being able to quickly address and recover from threats.
6-Have a two-step verification process
This adds another layer of protection for data, which is essential when there are so many devices now being connected together with the same username and password. Longer passwords are also part of this extra security measure, making it more difficult to compromise the system.
7-Encrypt everything
The IoT will lead to the omnipresence of smart, connected devices. It’s impractical to determine the trustworthiness of every single device that data might pass through or be stored on, even those within firewalled networks. The solution is to ensure that all data, both at rest and in transit, is encrypted. Trust will move from the level of the network to the device or individual. Only peoplewith the authentication credentials or a pre-verified device will have access to data that is encrypted unless it’s being actively used.
8-Have users change passwords no less than every 90 days.
Most data breaches come from people using very easy to guess passwords. There are a number of strategies you can deploy to require users to take extra steps, including basic things like requiring the use of capital letters, numbers and symbols (or combinations thereof), but what I’ve found to be even more secure is requiring users to change their password no less than every 90 days. This helps to protect from internal intruders, as well as workplace breaches.
9-Use a mobile device management-like approach
We can replicate the MDM approach for IoT so that we can manage and monitor the devices, which are connected to the IoT network. Companies can inject the data encryptions from the remote locations and change it whenever needed. Devices can also be profiled or removed from access.
10-Constantly test
The only way to make sure something is consistently secure is to test it all the time. It isn’t unusual for deeply data-sensitive organizations to hire an experienced respectable hacker to test their security structure. Vulnerability scanning and evaluations are equally important inside and outside your security system. If you can find a way to get illegitimate access to your data, the outside world can as well.
Plan(2) “Less expensive”:
1-Limit Data Access
Most of the organizations give privileged access to their sensitive data to a number of employees and insiders.Organization’s should determine what an employee needs access to and ensure they have access to only what they need.
2-Know and protect your most important data
If a data breach occurred in the next hour, could you quickly identify your most valuable data? As a company, it’s important to take the time to identify what you consider the most valuable data and work on protecting that first. Commonly referred as the “crown jewels” of data, this type of data usually makes up 5-10 percent of the company’s data, and if it were compromised, would cause the most damage to the company.
3-Pre-Planned Data Security Policy
When looking at the operations and processes needed to mitigate a cyber-attack, an important step is to prepare a list of security measures and data security policies. This sort of plan by an organizations could help significantly in critical situation and times of incident response. Through policies, you can immediately react in order to prevent extreme impacts of a cyber-attack.
4-Strong and Different Passwords for Every Department
Sensitive data in an organization should be locked away with strong passwords. Making stronger passwords is necessary for fighting a number of password hacking tools that are easy to get on the market. Try ensuring that there are a combination of different characters including alphabets, numbers, symbols and other capital letters.
5-Regular Data Backup and Update
Last on the list of important data security measures is having regular security checks and data backups. For an unexpected attack or data breach, it is really helpful to have an organization back up their data. To have a successful business, you must keep a habit of automatic or manual data backup on a weekly or daily basis.
…………………………………………………………………………………………..
Ahmed Adel AbdelAziz
(4 C)
Q1) a-
Information security ensures that people deal with the reliable information and data regarding confidentiality , integrity and availability and it is an important prerequisite in the pursuit of a better and above all more reliable service offering .
Failure of a computer systems database is failing into the wrong hands or the abuse of confidential information can have series consequences for organizations ,businesses and citizens . these includes loss of image compensation claims and even political consequences.
2) ISMS requires minimization the risk and ensures business continuity by pro-actively limiting the impact of a security breach. It typically addresses employee behavior and processes as well as data and tech. It can be targeted towards a particular type of data, such as customer data, or it can be implemented in a comprehensive way that becomes part of the company’s culture.
ـــــــــــــــــــــــــــــــــــــــــ
Q2)
1- false….. (Ob7ob&aY )
2- false …… Money is important after IS done
3-
4- false
5- True
ـــــــــــــــــــــــــــــــــــــــــ
Q3)
Plan A:
1-Limit Data Access
2-Identify Sensitive Data
3-Pre-Planned Data Security Policy
5 Ways to Enhance Data Security
The world of cybersecurity is progressing at a huge speed and in at the same time, improvements in technologies are becoming increasingly better at assisting the hackers and cyber-criminals to exploit data security loopholes. The constant increasing graph of cybersecurity attacks are a major concern for internet users and business organizations. And they should be!
Limit Data Access
Most of the organizations give privileged access to their sensitive data to a number of employees and insiders. Think about who in your organization has access to sensitive customer data? Can you identify everyone’s access rights? Most company executives are unaware of the details about individual employees who have access to data and why they access it. This is a huge risk to data loss, theft and hacking.
Identify Sensitive Data
For companies, it is really important to be aware of where their most important data and sensitive business information lies. This will ensure you have the right information and allocate more resources to protecting your most sensitive and crucial assets.
Pre-Planned Data Security Policy
When looking at the operations and processes needed to mitigate a cyber-attack, an important step is to prepare a list of security measures and data security policies. This sort of plan by an organizations could help significantly in critical situation and times of incident response. Through policies, you can immediately react in order to prevent extreme impacts of a cyber-attack.
Strong and Different Passwords for Every Department
Sensitive data in an organization should be locked away with strong passwords. Making stronger passwords is necessary for fighting a number of password hacking tools that are easy to get on the market. Try ensuring that there are a combination of different characters including alphabets, numbers, symbols and other capital letters.
Regular Data Backup and Update
Last on the list of important data security measures is having regular security checks and data backups. For an unexpected attack or data breach, it is really helpful to have an organization back up their data. To have a successful business, you must keep a habit of automatic or manual data backup on a weekly or daily basis.
Plane( B)
1. Encrypt all data stored in the cloud
Simply put, encryption protects your data, whether it’s stored in a data center or being transmitted around the Internet. Encryption protects your data from all unwanted eyes, including business partners, competitors, malicious hackers, and even regular people who have no business knowing your company’s sensitive information. Encryption is most effective when it’s ubiquitous and integrated into your existing workflow; you shouldn’t have to turn on/off data encryption, it should be an automatic process when sharing files via the cloud.
2. Manage file access permissions
Although data breaches from external attacks often get the biggest headlines, data loss is often a result of employee error. Define who needs to have access to specific client data, how to remove permissions should an employee leave the business, and the rights your staff should have to print, email, export or save documents outside of your designated cloud or on-premises software.
If an attorney, account manager, finance administrator or other employee isn’t involved in the day-to-day interactions with a client, or doesn’t need oversight into the process of that business, they shouldn’t have rights to view, delete or even know that certain files exist. Keep a tight line of permissions around those sorts of files, and the likelihood of data leaking drops rapidly. Also consider the use of Enterprise Digital Rights Management solution to help control assets that need to be sent outside of the security perimeter.
3. Protect data across all applications and devices
It’s a real double-edged sword: laptops and mobile devices equipped with cloud applications make it easy to access files from outside the office, helping move business forward despite physical boundaries. However, file sharing outside your network firewall, especially via the cloud, introduces a number of vulnerabilities to your information.
You can establish policies on the sorts of files which can be accessed outside the office. Or, you can adopt a data protection system that offers secure mobile applications for Android or iOS devices. Do your employees or customers prefer to use cloud services like Dropbox or Office 365 for email and client files? Virtual data room applications, integrated to these cloud services increases adoption and appreciation for secure collaboration. Make sure your online file sharing service is secure- cybersecurity matters in every aspect of your business that takes place on the internet.
4. Stay current on news and trends
Hackers never sleep. New malware, vulnerabilities and “zero day” attacks occur frequently. Don’t let malicious attackers, or even your competitors, get their hands on information that is critical to your business or the privacy of your clients. Companies that are dedicated to managing the private affairs of other organizations and individuals are often have the largest target on their back.
Q1)
A)
Information security (IS) is designed to protect the confidentiality, integrity and availability of computer system data from those with malicious intentions. Confidentiality, integrity and availability are sometimes referred to as the CIA Triad of information security. This triad has evolved into what is commonly termed the Parkerian hexad, which includes confidentiality, possession (or control), integrity, authenticity, availability and utility.
information security is very important in an organization to protect the applications that implemented in organizations and protect the data store in computer as well. … In an organization, information is important business assets and essential for the business and thus need appropriate protected
B)
Information security management : is a set of guidelines and processes created to help organizations in a data breach scenario. By having a formal set of guidelines, businesses can minimize risk and can ensure work continuity in case of a staff change.
Q2)
1) False ***($abc&&987#) this is one of best passwords.
2) False *** Money is important after IS is done for maintenance and development.
3) True
4) False *** information discussion shouldn’t be in an open work area because information is the backbone of system security
5) True
Q3)
plan (1)
First, as an organization, take inventory of what data every employee may or may not have access to. Determine which employees still need access and which do not in an effort to limit the amount of data access by employees/admins to a small, manageable number. In addition, have your admins determine which type of access each department/employee needs.
Plan( 2)
Another important strategy when looking to improve data security is developing a data security policy. It’s important to have a plan in place when hacks and breaches occur and a plan that determines which employees need and have access to data, as mentioned above. Thus, these sorts of policies can keep employees in line and organized.
This policy should also be open to changes and edits as amendments will need to be made to match the growing technology innovations and new company policies. By having data access rules that are strictly enforced, the better you protect your data on a day-to-day basis.
Q1)
a)Information security (infosec) is a set of strategies for managing the processes, tools and policies necessary to prevent, detect, document and counter threats to digital and non-digital information.
information security is very important in an organization to protect the applications that implemented in organizations and protect the data store in computer as well. Besides protect the data, the application installed also need to be protect because it can contribute to information lost or damages.
b)An information security management system (ISMS) is a set of policies and procedures for systematically managing an organization’s sensitive data. The goal of an ISMS is to minimize risk and ensure business continuity by pro-actively limiting the impact of a security breach.
Q2)
1) False —-> because abc123 is easily recognizable Password so any hacker can get it without any difficulty so ur Password must be more difficult for example a@b1*c2$3
2) False —–> In any business there are two terms Capex which refers to the amounts that companies use to purchase major physical goods or services that will be used in this example (build Security System) / and Opex which means Operating expenses represent the other day-to-day expenses necessary to keep the business running.in this example (System admin)
3) True.
4) False ——> because there are two types of attacks (External attack) Carried out by node that do not belong to the domain of the network. and (Internal attack) It is from compromised nodes, which are actually part of the network, So you have to be careful about confidentiality
5) True.
Q3)
plan 1
First, as an organization, take inventory of what data every employee may or may not have access to. Determine which employees still need access and which do not in an effort to limit the amount of data access by employees/admins to a small, manageable number. In addition, have your admins determine which type of access each department/employee needs.
Plan 2
Another important strategy when looking to improve data security is developing a data security policy. It’s important to have a plan in place when hacks and breaches occur and a plan that determines which employees need and have access to data, as mentioned above. Thus, these sorts of policies can keep employees in line and organized.
This policy should also be open to changes and edits as amendments will need to be made to match the growing technology innovations and new company policies. By having data access rules that are strictly enforced, the better you protect your data on a day-to-day basis.
1:information security refers to the process and tools designed to protect sensitive business information from modification,disruption and inspection
information security is very important to help protect against this types of hacks and virus
Companies used it to protect these systems and information from stolen
2 :it is the processes created to help organization in a data breach scenario by having a formal set of guidelines, businesses can minimize risk and ensure work continuity
Q 2:
1) false it is not secure to be secure it must contain numbers ,letters and shapes like this Ahf1342&%2@@d
2) false:money important
3)true
4)false: Because it is possible to exploit this data
5)true
Q 3
Limit Data Access
Most of the organizations give privileged access to their sensitive data to a number of employees and insiders. Think about who in your organization has access to sensitive customer data? Can you identify everyone’s access rights? Most company executives are unaware of the details about individual employees who have access to data and why they access it. This is a huge risk to data loss, theft and hacking.
Strong and Different Passwords for Every Department
Sensitive data in an organization should be locked away with strong passwords. Making stronger passwords is necessary for fighting a number of password hacking tools that are easy to get on the market. Try ensuring that there are a combination of different characters including alphabets, numbers, symbols and other capital letters.
Regular Data Backup and Update
Last on the list of important data security measures is having regular security checks and data backups. For an unexpected attack or data breach, it is really helpful to have an organization back up their data. To have a successful business, you must keep a habit of automatic or manual data backup on a weekly or daily basis.
Question 1
a)The processes and tools designed and deployed to protect sensitive business information from unauthorized access, use, disclosure, disruption, modification, inspection, recording or destruction.
The information security performs four important functions for an organization which is:-
– Enables the safe operation of application implemented on the organization’s Information Technology (IT) systems.
-Protects the data the organizations collects and use.
-Safeguards the technology assets in use at the organization
-Protects the organization’s ability to function.
b)The goal of an ISMS is to minimize risk and ensure business continuity by pro-actively limiting the impact of a security breach.
Question 2
1) False -> Za*732Ho
2)False -> Money is important after IS is done for maintenance and development
3)True
4)False ->there are two types of attacks:
External attack: Carried out by node that do not belong to the domain of the network.
Internal attack: It is from compromised nodes, which are actually part of the network, So you have to be careful about confidentiality.
5) True
Question 3
Plan A
1)Manage who has access
2)Know and protect your most important data
3)Develop a data security plan/policy
4) Develop stronger passwords throughout your organization
5)Regularly backup data
Plan B
1)Establishing and maintaining a meaningful and relevant security policy
2)Ensuring that your security policy has teeth and is enforced
3)Providing tools to help your IT staff implement your security policy
4)Closing an increasingly popular network back door
5)Plugging security holes in cohosting situations
Q1
A/ What is information security ? —–> Information security, often referred to as InfoSec, refers to the processes and tools designed and deployed to protect sensitive business information from modification, disruption, destruction, and inspection.
Information systems security is very important to help protect against this type of theft. Companies and organizations are especially vulnerable since they have a wealth of information from their employees. This can include names, addresses, telephone numbers, social security numbers, payrolls, etc. This information is sensitive and needs to be protecte
B/ ISMS requires minimization the risk and ensures business continuity by pro-actively limiting the impact of a security breach. It typically addresses employee behavior and processes as well as data and tech. It can be targeted towards a particular type of data, such as customer data, or it can be implemented in a comprehensive way that becomes part of the company’s culture.
Q2
1) False –> ^&%asde123 this is one of best passwords.
2) False –> Money is important after IS is done for maintenance and development.
3)True.
4) False –>discuses information can’t be in an open work area because it is possible to exploit this information to penetrate the company.
5) True.
Q3
Plan A
1)Manage who has access
2)Know and protect your most important data
3)Develop a data security plan/policy
4) Develop stronger passwords throughout your organization
5)Regularly backup data
Plan B
1)Establishing and maintaining a meaningful and relevant security policy
2)Ensuring that your security policy has teeth and is enforced
3)Providing tools to help your IT staff implement your security policy
4)Closing an increasingly popular network back door
5)Plugging security holes in cohosting situations
Ghada salah
Q1
1:information security refers to the process and tools designed to protect sensitive business information from modification,disruption and inspection
information security is very important to help protect against this types of hacks and virus
Companies used it to protect these systems and information from stolen
2 :it is the processes created to help organization in a data breach scenario by having a formal set of guidelines, businesses can minimize risk and ensure work continuity
Q2
1) False ***($abc&&987#) this is one of best passwords.
2) False *** Money is important after IS is done for maintenance and development.
3) True
4) False *** information discussion shouldn’t be in an open work area because information is the backbone of system security
5) True
Q3
Plan A
1)Manage who has access
2)Know and protect your most important data
3)Develop a data security plan/policy
4) Develop stronger passwords throughout your organization
5)Regularly backup data
Plan B
1)Establishing and maintaining a meaningful and relevant security policy
2)Ensuring that your security policy has teeth and is enforced
3)Providing tools to help your IT staff implement your security policy
4)Closing an increasingly popular network back door
5)Plugging security holes in cohosting situations
Q1:
a) Information Security is not all about securing information from unauthorized access. Information Security is basically the practice of preventing unauthorized access, use, disclosure, disruption, modification, inspection, recording or destruction of information. Information can be physical or electrical one. Information can be anything like Your details or we can say your profile on social media, your data in mobile phone, your biometrics etc. Thus Information Security spans so many research areas like Cryptography, Mobile Computing, Cyber Forensics, Online Social Media etc.
During First World War, Multi-tier Classification System was developed keeping in mind sensitivity of information. With the beginning of Second World War formal alignment of Classification System was done. Alan Turing was the one who successfully decrypted Enigma Machine which was used by Germans to encrypt warfare data.
Information Security programs are build around 3 objectives, commonly known as CIA – Confidentiality, Integrity, Availability.
1. Confidentiality – means information is not disclosed to unauthorized individuals, entities and process. For example if we say I have a password for my Gmail account but someone saw while I was doing a login into Gmail account. In that case my password has been compromised and Confidentiality has been breached.
2. Integrity – means maintaining accuracy and completeness of data. This means data cannot be edited in an unauthorized way. For example if an employee leaves an organization then in that case data for that employee in all departments like accounts, should be updated to reflect status to JOB LEFT so that data is complete and accurate and in addition to this only authorized person should be allowed to edit employee data.
3. Availability – means information must be available when needed. For example if one needs to access information of a particular employee to check whether employee has outstanded the number of leaves, in that case it requires collaboration from different organizational teams like network operations, development operations, incident response and policy/change management.
Denial of service attack is one of the factor that can hamper the availability of information.
The Importance of Information Security
Organizations have recognized the importance of having roadblocks to protect the private information from becoming public, especially when that information is privileged. The 2017 Cybersecurity Trends Report provided findings that express the need for skilled information security personnel based on current cyberattack predictions and concerns.
Feeling confident about their organization’s security level: When information security community members participated in the Cybersecurity Trends Report, they were asked how positive they felt about their security stance. 62% reported feeling only moderately to not at all confident; only 7% were extremely confident. “Cybersecurity professionals are most concerned about phishing attacks, malicious insiders and malware,” the report stated.
The need for skilled workers and allocation of funds for security within their budget: Companies are making the effort to allocate more funds in their budgets for security. As cyberattack threats increase, information security experts are pushing for more focus on protecting the companies from losing time due to network defense disruptions.
Disruptions in their day-to-day business: Time is money. Security disruptions that interfere with a company’s essential functioning is a threat that can be fought against with skilled information security professionals stopping an infiltration that initially went undetected.
b) Information security management (ISM) describes controls that an organization needs to implement to ensure that it is sensibly protecting the confidentiality, availability, and integrity of assets from threatsand vulnerabilities. By extension, ISM includes information risk management, a process which involves the assessment of the risks an organization must deal with in the management and protection of assets, as well as the dissemination of the risks to all appropriate stakeholders.[1] This of course requires proper asset identification and valuation steps, including evaluating the value of confidentiality, integrity, availability, and replacement of assets.[2] As part of information security management, an organization may implement an information security management system and other best practices found in the ISO/IEC 27001, ISO/IEC 27002, and ISO/IEC 27035 standards on information security.
———————————————————————————-
Q2:
1-(False) Nm@#$20_60A is one of the best passwords.
2-(False) Money is important after IS is done for maintenance and development.
3-(False)discuses information in an close and secure work area.
4-(True)
——————————————————–
Q3:
Plan 1 :
Have backups in place
As security hazards evolve, so must security measures. I don’t think it’s just about protection; it’s about having backups to restore your info in case your systems need to be rebooted. That’s something you need to invest in.
Plan and protect for a security breach
With the growth of the IoT, chances of a security breach continue to rise. Sure, you would like to keep this from happening to your company, but the goal is to limit the damage in the event this does happen. You can do this by keeping a backup in case of a breach, installing endpoint protection software, and keeping your system up to date with security fixes. If you have any questions, consult an expert.
Consult an expert
Traditional industries that haven’t had to think about security are now being tasked with this endeavor. There are lots of little tweaks and hacks that can be done to bolster protection, but unless someone is looking at a company from a holistic point of view, it’s bound to have vulnerabilities. I feel the only safe way to protect a company as the stakes get higher is to work with an outsourced firm that specializes in security, or bring someone in-house.
Add a web application firewall and real-time backups
At the current state of internet security, I think every business should add a Web Application Firewall (WAF) for their websites. I’m talking about services like CloudFlare and Sucuri which help protect you against DDoS attacks, XSS vulnerabilities, and other vectors of attacks. You should also keep real-time backups of your website, customer data and everything else. This is the best fall-back plan and allows you to recover from any data loss during the attack.
Remain secure, vigilant and resilient
These three principles should be first and foremost for companies as they think about cybersecurity. These principles focus on prevention and taking control of the many layers of data produced by a company. Being vigilant is a matter of continual monitoring to make sure systems are still secure. Being resilient includes being able to quickly address and recover from threats. Allocating budget and creating awareness to the potential risks and threats will help create a culture of security, whereby management at all levels is aware of the potential risks and has a program to test and execute security. Employing hackers to find the potential dangers should be considered as a proactive way to address security before breaches happen.
Have a two-step verification process
Having a two-step verification process adds another layer of protection for data, which is essential when there are so many devices now being connected together with the same username and password. Longer passwords are also part of this extra security measure, making it more difficult to compromise the system.
Encrypt everything
The IoT will lead to the omnipresence of smart, connected devices. It’s impractical to determine the trustworthiness of every single device that data might pass through or be stored on, even those within firewalled networks. The solution is to ensure that all data, both at rest and in transit, is encrypted. Trust will move from the level of the network to the device or individual. Only people with the authentication credentials or a pre-verified device will have access to data that is encrypted unless it’s being actively used. We’re already seeing something of how this will work with Google’s BeyondCorp initiative, which dispenses with the idea of a secure network perimeter to an internal trusted network. Access depends only on the device and the user authentication.
Reduce the amount of digitized confidential information
A not-so-common approach to data security is to actually limit the amount of confidential data you store online to what is absolutely necessary. Make hard copies and delete unnecessarily risky files.
Safely store your data in the cloud with strict permission levels
More and more companies are storing their data in the cloud. However, if you wish to store information virtually, you must consider the added risk that your information may be accessible to others, potentially including people who you do not wish to have access. We highly recommend putting strict permission levels in place so only certain individuals who really need to see those files or folders have access to them. Having a cloud server also restricts staff from saving their files on their personal computer. At our agency, the cloud servers are a remote drive on their computers so all files gets stored and saved in the cloud.
Have users change passwords no less than every 90 days
Most data breaches come from people using very easy to guess passwords. There are a number of strategies you can deploy to require users to take extra steps, including basic things like requiring the use of capital letters, numbers and symbols (or combinations thereof), but what I’ve found to be even more secure is requiring users to change their password no less than every 90 days. This helps to protect from internal intruders, as well as workplace breaches, and maximizes global data security across your business.
Use a mobile device management-like approach
We can replicate the MDM approach for IoT so that we can manage and monitor the devices, which are connected to the IoT network. Companies can inject the data encryptions from the remote locations and change it whenever needed. Devices can also be profiled or removed from access. We can also manage the apps that run on IoT devices. The MDM infrastructure already exists and just needs some modification for IoT.
Educate yourself
There are many ways to ensure protection of data with the growth of IoT. First and foremost, stay educated on the latest security practices. By knowing the latest security trends, you can be proactive and keep your company secure. Also, make sure to limit who is authorized to the data and set secure passwords that change frequently. If you detect any shortcomings in your security, act quickly.
Constantly test
The only way to make sure something is consistently secure is to test it all the time. It isn’t unusual for deeply data-sensitive organizations to hire an experienced respectable hacker to test their security structure. Vulnerability scanning and evaluations are equally important inside and outside your security system. If you can find a way to get illegitimate access to your data, the outside world can as well.
Plan 2 :
1. Protect with passwords. This may seem like a no-brainer, but many cyber attacks succeed precisely because of weak password protocols. Access to all equipment, wireless networks and sensitive data should be guarded with unique user names and passwords keyed to specific individuals. The strongest passwords contain numbers, letters and symbols, and aren’t based on commonplace words, standard dictionary terms or easy-to-guess dates such as birthdays. Each user should further have a unique password wherever it appears on a device or network. If you create a master document containing all user passcodes, be sure to encrypt it with its own passcode and store it in a secure place.
2. Design safe systems. Reduce exposure to hackers and thieves by limiting access to your technology infrastructure. Minimize points of failure by eliminating unnecessary access to hardware and software, and restricting individual users’ and systems’ privileges only to needed equipment and programs. Whenever possible, minimize the scope of potential damage to your networks by using a unique set of email addresses, logins, servers and domain names for each user, work group or department as well.
3. Conduct screening and background checks. While rogue hackers get most of the press, the majority of unauthorized intrusions occur from inside network firewalls. Screen all prospective employees from the mailroom to the executive suite. Beyond simply calling references, be certain to research their credibility as well. An initial trial period, during which access to sensitive data is either prohibited or limited, is also recommended. And it wouldn’t hurt to monitor new employees for suspicious network activity.
4. Provide basic training. Countless security breaches occur as a result of human error or carelessness. You can help build a corporate culture that emphasizes computer security through training programs that warn of the risks of sloppy password practices and the careless use of networks, programs and devices. All security measures, from basic document-disposal procedures to protocols for handling lost passwords, should be second-nature to members of your organization.
5. Avoid unknown email attachments. Never, ever click on unsolicited email attachments, which can contain viruses, Trojan programs or computer worms. Before opening them, always contact the sender to confirm message contents. If you’re unfamiliar with the source, it’s always best to err on the side of caution by deleting the message, then potentially blocking the sender’s account and warning others to do the same.
6. Hang up and call back. So-called “social engineers,” or cons with a gift for gab, often prey on unsuspecting victims by pretending to be someone they’re not. If a purported representative from the bank or strategic partner seeking sensitive data calls, always end the call and hang up. Then dial your direct contact at that organization, or one of its public numbers to confirm the call was legitimate. Never try to verify suspicious calls with a number provided by the caller.
7. Think before clicking. Phishing scams operate by sending innocent-looking emails from apparently trusted sources asking for usernames, passwords or personal information. Some scam artists even create fake Web sites that encourage potential victims from inputting the data themselves. Always go directly to a company’s known Internet address or pick up the phone before providing such info or clicking on suspicious links.
8. Use a virus scanner, and keep all software up-to-date. Whether working at home or on an office network, it pays to install basic virus scanning capability on your PC. Many network providers now offer such applications for free. Keeping software of all types up to date is also imperative, including scheduling regular downloads of security updates, which help guard against new viruses and variations of old threats.
9. Keep sensitive data out of the cloud. Cloud computing offers businesses many benefits and cost savings. But such services also could pose additional threats as data are housed on remote servers operated by third parties who may have their own security issues. With many cloud-based services still in their infancy, it’s prudent to keep your most confidential data on your own networks.
10. Stay paranoid. Shred everything, including documents with corporate names, addresses and other information, including the logos of vendors and banks you deal with. Never leave sensitive reports out on your desk or otherwise accessible for any sustained period of time, let alone overnight. Change passwords regularly and often, especially if you’ve shared them with an associate. It may seem obsessive, but a healthy dose of paranoia could prevent a major data breach.
The average cost to an organization to recover from such a breach is $6.75 million, according to Javelin Strategy & Research. And that doesn’t count damage to your reputation or relationships. So be proactive and diligent about prevention. An ounce far outweighs a pound of cure.
Question 1
a)The processes and tools designed and deployed to protect sensitive business information from unauthorized access, use, disclosure, disruption, modification, inspection, recording or destruction.
The information security performs four important functions for an organization which is:-
– Enables the safe operation of application implemented on the organization’s Information Technology (IT) systems.Protects the data the organizations collects and use.
-Safeguards the technology assets in use at the organization
-Protects the organization’s ability to function.
b)The goal of an ISMS is to minimize risk and ensure business continuity by pro-actively limiting the impact of a security breach.
Question 2
1) False -> Aa#79031mo
2)False -> Money is important after IS is done for maintenance and development
3)True
4)False ->there are two types of attacks:
External attack: Carried out by node that do not belong to the domain of the network.
Internal attack: It is from compromised nodes, which are actually part of the network, So you have to be careful about confidentiality.
5) True
Question 3
Plan A
1)Manage who has access
2)Know and protect your most important data
3)Develop a data security plan/policy
4) Develop stronger passwords throughout your organization
5)Regularly backup data
Plan B
Provide all the devices and points of contact through the work of groups and one official who
has the powers such as amendment and others, The system must focus with external dialects
and with the responsibility of each group.
Question 1
a)-What is information security?
Is a science that uses scientific theories in computer science and other sciences
To protect data from threats
– Why information security is important?
.it is important Because we store and access information in various devise and forms such as laptops,mobile and documents
We handle various types of valuable information like customer data and business data
And any loss of information can affect the organization in terms of time,money and reputation.
b)what is information security management system required?
information security management system (ISMS) is a set of policies and procedures for systematically managing an organization’s sensitive data. The goal of an ISMS is to minimize risk and ensure business continuity by pro-actively limiting the impact of a security breach.
Question 2
1-(false) (AbD12&%dBa&s) is more secure
2-(false) bacause maintenance
3-(true)
4-(false) because there are two types of attacks (External attack) Carried out by node that do not belong to the domain of the network. and (Internal attack) It is from compromised nodes, which are actually part of the network, So you have to be careful about confidentiality
5-(true)
Question 3
Plan |A|
The effort needed in achieving total computer system security seems overwhelming. There is always something else you could do to improve your security stance. You might be surprised, then, if I told you that just one step could accomplish this goal:
Eliminate all computer systems from your business and use paper instead!
Of course, for most businesses this is not a realistic solution, but then, achieving total computer system security is not a realistic goal. Like crossing the street, there is an element of risk no matter how careful you are. So what can you do to mitigate this risk in a reasonable way, without consuming endless resources?
Plan |B|
While there can be no single answer that applies to every system and every business, you can make significant improvements in your overall security stance by taking some simple actions. Here are seven steps:
1- PERFORM REGULAR BACKUPS!
Sorry about shouting, but I cannot stress this one enough. If you do nothing else, save your work, including contacts, accounting and stored email. And keep your backups somewhere else, away from your office or place of business.
2- Scan for Viruses
Effectively use your virus scanner on all desktop workstations and servers (you do have scanning software, right?). That means regular scans and regular updates. Most scanners will do this for you, but what if an employee disables this feature? (Maybe it slows down his web surfing experience or something). You need to be sure!
3- Use Firewalls
No, firewalls are not going to save us all from all the evil hackers in the world, but they go a long way to making it more difficult for them. If you already have one, make sure it’s configured to allow nothing but the essential traffic. Consider using personal (software) firewalls on each workstation and server, too. A layered approach is best always!
4- Patch OS and Application Software
Check for security advisories on a regular basis. If your vendor says you should apply an important security patch, you really need to get it done.
5- Use Strong Passwords
Do not use your favorite color. Do not use the name of your dog (or cat, parakeet, critter,). Do not change letters to clever number and punctuation replacements (c!3v3r, n0? No!). These all can be cracked in no time. Better yet, consider a stronger authentication mechanism.
6- Don’t open email attachments!
Delete email from unknown and unexpected sources outright. But even email that appears to be coming from friends, relatives and associates can be dangerous. Many worms have used personal address books to propagate themselves.
7-Develop a security policy
Even creating a simple security policy will force you to think about what needs protection and the threats specific to your business. If you have employees, make sure they understand the importance of your policy. Educate them (and yourself, in the process!)
// There are many software programs that vary in price and there are also some free ones that can be used for (System protection) and determine the number of employees according to the available cost //
// This plan will not cost you much money and you will not need more staff, It can be implemented anywhere in any country //
Question (1)
a)what is information security and its important?
information security is designed to protect the confidentiality, integrity and availability of computer system data from those with malicious intentions.
why important?
security is very important in an organization to protect the applications that implemented in organizations and protect the data store in computer as well. Besides protect the data, the application installed also need to be protect because it can contribute to information lost or damages
b) what is information security management system required?
An ISMS is a set of controls that an organization implements to protect its own informational assets and other information assets for which it is responsible. Organizations that design and implement their own ISMS will find ways to reduce the likelihood of a data breach occurring, ways to limit their liability when a data breach does occur, and other ways to mitigate the impact of any data security issues.
Question (2)
1) false S@00EeD
2)false is important
3)true
4)false secure work area
5)true
Question (3)
Plan (A)
1- Educate Your Staff and Enforce Stringent Security Policies
Your staff should be trained to always take security extremely seriously, particularly when it comes to the company’s IT systems. In many cases, it is the negligence of a member of staff, often one who is not familiar with IT security, which opens up the path to a potentially devastating security breach. Always stress the importance of avoiding information leak and see that proper monitoring systems are in place to ensure that your company’s employees are using IT resources appropriately.
2- Use Reliable Security Software
Gone are the days when computer viruses, usually designed for the sole reason of causing disruption rather than fraud, were the main threat in IT security systems. These days, there are many other threats too, many of them designed to allow a hacker access to financial and personal information. Security software should be in place on every computer and mobile device used in your company. Good security software provides many features such as real-time malware monitoring, email attachment scanning and much more. To get the most out of your security software, however, it should always be kept up to date. For best results, configure the software to take care of this automatically.
3- Use Strong Passwords
Whether it is for a company email account, an online banking account or anything else which requires a user name and password to log in, always enforce a strict password policy in your company. Short passwords containing only letters, or, even worse, whole words, are easy to crack using a variety of methods. The longer the password, the harder it is to crack. Also, a password which contains a greater variety of characters such as numbers and symbols is even more secure. Alphanumeric passwords of ten or more characters are often impossible to crack within a human lifetime.
4- Know What You Need to Protect
Make an inventory of all of the computers and devices in your company which you need to protect. You should always know exactly where sensitive data is stored and take the necessary precautions. Some of the most often overlooked items are mobile devices used by employees. In many cases, these contain sensitive information which is easily accessible to anyone who has the device since most people don’t use password protection on such devices. With the relatively high risk of theft when it comes to mobile devices, it is easy to see why this is a potential problem.
5- Always Have a Contingency Plan
No matter how well you take care of your company’s IT security systems – the threat of a security breach will always be there, even if relatively small. For this reason, always keep backups of important data using reliable media which is protected with limited access rights. Having a plan in the event of a security disaster can help you to avoid a lot of trouble later on. Always test your backup systems and their secureness regularly.
Plan (B)
1) Know your network. Inventory all devices on your network with an asset recovery tool. Record network addresses, machine names, the purpose of each device and person responsible for it. Encrypt this information. Likewise, devise an encrypted list of software authorized to run on your network. Periodically test your software inventory tool by deploying new software to see when it’s detected. Note the delay; that’s a vulnerable time.
2) Test and verify. Document and test security settings on system images before deploying laptops, workstations and servers. Sample systems once a month to see that settings are correct. Store master images on secured servers or offline machines.
3) Seize control. At network connection points, implement filters to allow use of only those ports and protocols with a documented business need. Use two-factor authentication and encrypted sessions on all network devices. Require people logging in remotely to use two-factor authentication, too.
4) Be suspicious. Set audit logs to record dates, time stamps and source and destination addresses for each piece of software. Devise profiles of common activity and tune logs to look for anomalies. Deploy firewalls to look for common Web attacks. Test source code for malware and backdoors before deploying.
5) Watch your back. Run vulnerability scans at least weekly (preferably daily). Compare sequential scans to ensure previous problems were addressed. Install critical patches within a week. Report daily on locked-out and disabled accounts, as well as accounts with passwords set to never expire or with passwords exceeding maximum age. Get explanations for these accounts. Check machines daily and push out updates for malware protection.
Q 1:_
A) What is information security ? And its Importance ?
information security is defined as the protection of information and the system, and hardware that use, store and transmit that information.
its Importance:
_ protect the organization’s ability to function
_enable the safe operation of applications implemented on the organization’s IT systems
_protect the data the organization collect and uses
_is safeguards the technology assets in use at the organization
…………………………………………………….
b)what is information security management system required?
An information security management system (ISMS) is a set of policies and procedures for systematically managing an organization’s sensitive data.
………………………………………………………………………………………………….
Q 2 :-
1) False (MO2234`\\\)
2) False ( Money is important after IS is done for maintenance and development )
3) true
4)false( must be discuss information in a secure work-space.)
5-(true)
………………………………………………………………………………………………….
Q 3 :-
There are steps to enhance data to be more security such as:
1. Manage who has access
First, as an organization, take inventory of what data every employee may or may not have access to. Determine which employees still need access and which do not in an effort to limit the amount of data access by employees/admins to a small, manageable number. In addition, have your admins determine which type of access each department/employee needs.
2. Know and protect your most important data
If a data breach occurred in the next hour, could you quickly identify your most valuable data? As a company, it’s important to take the time to identify what you consider the most valuable data and work on protecting that first.
Commonly referred as the “crown jewels” of data, this type of data usually makes up 5-10 percent of the company’s data, and if it were compromised, would cause the most damage to the company. Once identified, work on procedures to not only secure the data but also limit the amount of employees that have access to it.
3. Develop a data security plan/policy
Another important strategy when looking to improve data security is developing a data security policy. It’s important to have a plan in place when hacks and breaches occur and a plan that determines which employees need and have access to data, as mentioned above. Thus, these sorts of policies can keep employees in line and organized.
This policy should also be open to changes and edits as amendments will need to be made to match the growing technology innovations and new company policies. By having data access rules that are strictly enforced, the better you protect your data on a day-to-day basis.
4. Develop stronger passwords throughout your organization
Employees need to have stronger and more complicated passwords. Work to help employees develop passwords that are a combination of capital letters, numbers and special characters that will make it much harder for hackers to crack.
A good rule of thumb when creating a new password is to have it be at least 12 characters and to not include a combination of dictionary words, such as “green desk.” All and all, passwords should be unique to employees and difficult for computers to guess.
5. Regularly backup data
Lastly, it’s important to backup your data on a regular basis. In addition to hacks, loss of data is a serious issue, and organizations need to be prepared for the unexpected. As a business, get in the habit of either automatically or manually backing up data on a weekly or daily basis.
Also, make sure the backup data is equally secure from potential hackers. With a strong software program or IT department, it can help businesses fight off potential threats and build business values around the importance data security.
Definition – What does Information Security (IS) mean?
Information security (IS) is designed to protect the confidentiality, integrity and availability of computer system data from those with malicious intentions.
And Why information security is important?
Information security is defined as the protection of information and the system, and hardware that use, store and transmit that information. Information security performs four important for an organization which is protect the organization’s ability to function, enable the safe operation of applications implemented on the organization’s IT systems, protect the data the organization collect and uses, and lastly is safeguards the technology assets in use at the organization. There are also challenges and risk involves in implemented information security in organization.
what is the information security management system required?
Information security management (ISM) describes controls that an organization needs to implement to ensure that it is sensibly protecting the confidentiality, availability, and integrity of assets from threats and vulnerabilities. By extension, ISM includes information risk management, a process which involves the assessment of the risks an organization must deal with in the management and protection of assets, as well as the dissemination of the risks to all appropriate stakeholders.[1] This of course requires proper asset identification and valuation steps, including evaluating the value of confidentiality, integrity, availability, and replacement of assets.[2] As part of information security management, an organization may implement an information security management system and other best practices found in the ISO/IEC 27001, ISO/IEC 27002, and ISO/IEC 27035 standards on information security.[3][4]
question(2)
1)false>> &^FGH189$ this is one of best password
2) False>> Money is important after IS is done for maintenance and development.
3)True
4) False >> You need to discuss information in a secure work-space.
5) True.
Plan A
1)Manage who has access
2)Know and protect your most important data
3)Develop a data security plan/policy
4) Develop stronger passwords throughout your organization
5)Regularly backup data
Provide all the devices and points of contact through the work of groups and one official who
has the powers such as amendment and others, The system must focus with external dialects
and with the responsibility of each group.
Question (1)
a) Information security :Is refers to the processes and tools designed and deployed to protect sensitive business information from modification, disruption, destruction, and inspection.
Information security is very important to help protect against this type of theft.Information systems security covers a number of jobs and careers for people to choose from too. It provides procedures to manage risk. It protects the company, assets, shareholders, employees and clients from theft. It keeps confidential information secure.
b)information security management system is how you ensure information security within an organization.
It is a management activity within the corporate governance framework which provides the strategic direction for security activities and ensure objectives are achieved .
The purpose of ISM is to provide a focus for all aspects of IT security and manage all IT security activities.
The term information is used as a general term and includes date to store databases and metadata.
The objective of information security is to protect the interest of those relying on information and the systems and communication that deliver the information from harm resulting from failure of availability , confidentiality and integrity .
Question (2)
1) false —> werv@18569ao#8
2)2- false —> Money is important after IS done.
3)True.
4) False—>information discussion shouldn’t be in an open work area because information is the backbone of system security.
5) True.
Question (3)
Plan(1)>>> Internet Connection
You can’t work without internet. But you can’t work securely on the web without using a firewall, encryption for sensitive information, and a hidden wi-fi network.
Plan (2) >> Educate Employees
According to a recent study, human error is responsible for more than three-quarters of data breaches. If your employees know more about cyber threats and how to protect your organization’s data, your entire organization will be safer.
Plan (3)>>>Policies
Having security practices and policies is important. Your company should have these official policies in place, and all employees should be aware of them.
Plan (3)>>>Passwords
It may sound like the most trivial security item, but this fundamental stronghold is important. A password that includes capitals, numbers, and preferably a phrase will up your security in a big way.
– Question 1 : a
What is information security? And Why information security is important?
Is a science that uses scientific theories in computer science and other sciences
To protect data from threats.it is important Because we store and access information in various devise and forms such as laptops,mobile and documents
We handle various types of valuable information like customer data and business data
And any loss of information can affect the organization in terms of time,money and reputation .
– Question 1 : b
what is information security management system required?
is a set of policies and procedures for systematically managing an organization’s sensitive data. The goal of an ISMS is to minimize risk and ensure business continuity by pro-actively limiting the impact of a security breach.
– Question 2 :
1) False: abc123 is easy Password , must be more difficult for example @3$sfvc&#
2) False : In any business there are two terms Capex which refers to the amounts that companies use to purchase major physical goods or services that will be used in this example (build Security System) / and Opex which means Operating expenses represent the other day-to-day expenses necessary to keep the business running.in this example (System admin)
3) True.
4) False : because there are two types of attacks (External attack) Carried out by node that do not belong to the domain of the network. and (Internal attack) It is from compromised nodes, which are actually part of the network, So you have to be careful about confidentiality
5) True.
– Question (3) :
Plan (A)
The effort needed in achieving total computer system security seems overwhelming. There is always something else you could do to improve your security stance. You might be surprised, then, if I told you that just one step could accomplish this goal:
Eliminate all computer systems from your business and use paper instead!
Of course, for most businesses this is not a realistic solution, but then, achieving total computer system security is not a realistic goal. Like crossing the street, there is an element of risk no matter how careful you are. So what can you do to mitigate this risk in a reasonable way, without consuming endless resources? Plan “B”
Plan (B)
While there can be no single answer that applies to every system and every business, you can make significant improvements in your overall security stance by taking some simple actions. Here are seven steps:
1- PERFORM REGULAR BACKUPS!
Sorry about shouting, but I cannot stress this one enough. If you do nothing else, save your work, including contacts, accounting and stored email. And keep your backups somewhere else, away from your office or place of business.
2- Scan for Viruses
Effectively use your virus scanner on all desktop workstations and servers (you do have scanning software, right?). That means regular scans and regular updates. Most scanners will do this for you, but what if an employee disables this feature? (Maybe it slows down his web surfing experience or something). You need to be sure!
3- Use Firewalls
No, firewalls are not going to save us all from all the evil hackers in the world, but they go a long way to making it more difficult for them. If you already have one, make sure it’s configured to allow nothing but the essential traffic. Consider using personal (software) firewalls on each workstation and server, too. A layered approach is best always!
4- Patch OS and Application Software
Check for security advisories on a regular basis. If your vendor says you should apply an important security patch, you really need to get it done.
5- Use Strong Passwords
Do not use your favorite color. Do not use the name of your dog (or cat, parakeet, critter, …). Do not change letters to clever number and punctuation replacements (c!3v3r, n0? No!). These all can be cracked in no time. Better yet, consider a stronger authentication mechanism.
6- Don’t open email attachments!
Delete email from unknown and unexpected sources outright. But even email that appears to be coming from friends, relatives and associates can be dangerous. Many worms have used personal address books to propagate themselves.
7-Develop a security policy
Even creating a simple security policy will force you to think about what needs protection and the threats specific to your business. If you have employees, make sure they understand the importance of your policy. Educate them (and yourself, in the process!)
Q:01/a
What is information security? And Why information security is important?
Is a science that uses scientific theories in computer science and other sciences
To protect data from threats.it is important Because we store and access information in various devise and forms such as laptops,mobile and documents
We handle various types of valuable information like customer data and business data
And any loss of information can affect the organization in terms of time,money and reputation.
Q:01/b
what is information security management system required?
is a set of policies and procedures for systematically managing an organization’s sensitive data. The goal of an ISMS is to minimize risk and ensure business continuity by pro-actively limiting the impact of a security breach.
Question (2) : –
1) False —-> because abc123 is easily recognizable Password so any hacker can get it without any difficulty so ur Password must be more difficult for example a@b1*cs76
2) False —–> In any business there are two terms Capex which refers to the amounts that companies use to purchase major physical goods or services that will be used in this example (build Security System) / and Opex which means Operating expenses represent the other day-to-day expenses necessary to keep the business running.in this example (System admin)
3) True.
4) False ——> because there are two types of attacks (External attack) Carried out by node that do not belong to the domain of the network. and (Internal attack) It is from compromised nodes, which are actually part of the network, So you have to be careful about confidentiality
5) True.
Q(3)
Plan 1: Divide all employees of the company into three types according to their safety class A, B, C
Class A includes the company’s owner, chairman and management, Class B includes senior staff, Class C includes new employees And the system will always follow them The system is always followed by external dialects and class a,b
Plan 02: Provide all the devices and points of contact through the work of groups and one official who has the powers such as amendment and others, The system must focus with external dialects and with the responsibility of each group.
Q:01/a
What is information security? And Why information security is important?
Is a science that uses scientific theories in computer science and other sciences
To protect data from threats.it is important Because we store and access information in various devise and forms such as laptops,mobile and documents
We handle various types of valuable information like customer data and business data
And any loss of information can affect the organization in terms of time,money and reputation.
………………………………………………………………………………………………………………………………………………………………….
Q:01/b
what is information security management system required?
is a set of policies and procedures for systematically managing an organization’s sensitive data. The goal of an ISMS is to minimize risk and ensure business continuity by pro-actively limiting the impact of a security breach.
هي مجموعة من السياسات والإجراءات لإدارة البيانات الحساسة للمؤسسة بشكل منهجي. الهدف من ISMS هو تقليل المخاطر وضمان استمرارية العمل من خلال الحد بشكل استباقي من تأثير الخرق الأمني.
………………………………………………………………………………………………………………………………………………………………….
Q:02
a/my **PHoNe**2020## this is on of best password
b/the cost important when information security done
c/when make information security is important to understanding the confidentiality
d/I work in secure building so discuses information in an closed work area
e/security system development is life cycle
…………………………………………………………………………………………………………………………………………………………………
Q:03
Plan 1: Divide all employees of the company into three types according to their safety class A, B, C
Class A includes the company’s owner, chairman and management, Class B includes senior staff, Class C includes new employees And the system will always follow them The system is always followed by external dialects and class a,b
Plan 02: Provide all the devices and points of contact through the work of groups and one official who has the powers such as amendment and others, The system must focus with external dialects and with the responsibility of each group
Question (1)
(A) Information security, often referred to as InfoSec, refers to the processes and tools designed and deployed to protect sensitive business information from modification, disruption, destruction, and inspection.
Information systems security is very important to help protect against this type of theft. Companies and organizations are especially vulnerable since they have a wealth of information from their employees. This can include names, addresses, telephone numbers, social security numbers, payrolls, etc. This information is sensitive and needs to be protected.
(B)
Step One: Asset Identification and Valuation
Confidentiality/// Integrity //// Availability////
Step Two: Conduct a Detailed Risk Assessment
Threats//// Vulnerabilities //// Impact and Likelihood/// Mitigation
Step Three: Establish the ISMS
Question (2)
(1) False ***abc123 is easily
Strong password (MsdGfA@498765@)
(2) False ****must be important
Which need it in maintenance
(3) True ***
(4) False ******
Because there are two type of attacks (external attack) carried out by node that do not belong to the domain of the network and there are (internal attack) it is from compromised node which are actually part of the net work
(5) True ***
Question (3)
Plan |A|
The effort needed in achieving total computer system security seems overwhelming. There is always something else you could do to improve your security stance. You might be surprised, then, if I told you that just one step could accomplish this goal:
Eliminate all computer systems from your business and use paper instead!
Of course, for most businesses this is not a realistic solution, but then, achieving total computer system security is not a realistic goal. Like crossing the street, there is an element of risk no matter how careful you are. So what can you do to mitigate this risk in a reasonable way, without consuming endless resources?
Plan |B|
While there can be no single answer that applies to every system and every business, you can make significant improvements in your overall security stance by taking some simple actions. Here are seven steps:
1- PERFORM REGULAR BACKUPS!
Sorry about shouting, but I cannot stress this one enough. If you do nothing else, save your work, including contacts, accounting and stored email. And keep your backups somewhere else, away from your office or place of business.
2- Scan for Viruses
Effectively use your virus scanner on all desktop workstations and servers (you do have scanning software, right?). That means regular scans and regular updates. Most scanners will do this for you, but what if an employee disables this feature? (Maybe it slows down his web surfing experience or something). You need to be sure!
3- Use Firewalls
No, firewalls are not going to save us all from all the evil hackers in the world, but they go a long way to making it more difficult for them. If you already have one, make sure it’s configured to allow nothing but the essential traffic. Consider using personal (software) firewalls on each workstation and server, too. A layered approach is best always!
4- Patch OS and Application Software
Check for security advisories on a regular basis. If your vendor says you should apply an important security patch, you really need to get it done.
5- Use Strong Passwords
Do not use your favorite color. Do not use the name of your dog (or cat, parakeet, critter,). Do not change letters to clever number and punctuation replacements (c!3v3r, n0? No!). These all can be cracked in no time. Better yet, consider a stronger authentication mechanism.
6- Don’t open email attachments!
Delete email from unknown and unexpected sources outright. But even email that appears to be coming from friends, relatives and associates can be dangerous. Many worms have used personal address books to propagate themselves.
7-Develop a security policy
Even creating a simple security policy will force you to think about what needs protection and the threats specific to your business. If you have employees, make sure they understand the importance of your policy. Educate them (and yourself, in the process
Q:01/a
What is information security? And Why information security is important?
Is a science that uses scientific theories in computer science and other sciences
To protect data from threats.it is important Because we store and access information in various devise and forms such as laptops,mobile and documents
We handle various types of valuable information like customer data and business data
And any loss of information can affect the organization in terms of time,money and reputation.
………………………………………………………………………………………………………………………………………………………………….
Q:01/b
what is information security management system required?
is a set of policies and procedures for systematically managing an organization’s sensitive data. The goal of an ISMS is to minimize risk and ensure business continuity by pro-actively limiting the impact of a security breach.
هي مجموعة من السياسات والإجراءات لإدارة البيانات الحساسة للمؤسسة بشكل منهجي. الهدف من ISMS هو تقليل المخاطر وضمان استمرارية العمل من خلال الحد بشكل استباقي من تأثير الخرق الأمني.
………………………………………………………………………………………………………………………………………………………………….
Q:02
a/my **PHoNe**2020## this is on of best password
b/the cost important when information security done
c/when make information security is important to understanding the confidentiality
d/I work in secure building so discuses information in an closed work area
e/security system development is life cycle
…………………………………………………………………………………………………………………………………………………………………
Q:03
Plan 1: Divide all employees of the company into three types according to their safety class A, B, C
Class A includes the company’s owner, chairman and management, Class B includes senior staff, Class C includes new employees And the system will always follow them The system is always followed by external dialects and class a,b
Plan 02: Provide all the devices and points of contact through the work of groups and one official who has the powers such as amendment and others, The system must focus with external dialects and with the responsibility of each group.
Q:01/a
What is information security? And Why information security is important?
Is a science that uses scientific theories in computer science and other sciences
To protect data from threats.it is important Because we store and access information in various devise and forms such as laptops,mobile and documents
We handle various types of valuable information like customer data and business data
And any loss of information can affect the organization in terms of time,money and reputation.
………………………………………………………………………………………………………………………………………………………………….
Q:01/b
what is information security management system required?
is a set of policies and procedures for systematically managing an organization’s sensitive data. The goal of an ISMS is to minimize risk and ensure business continuity by pro-actively limiting the impact of a security breach.
هي مجموعة من السياسات والإجراءات لإدارة البيانات الحساسة للمؤسسة بشكل منهجي. الهدف من ISMS هو تقليل المخاطر وضمان استمرارية العمل من خلال الحد بشكل استباقي من تأثير الخرق الأمني.
………………………………………………………………………………………………………………………………………………………………….
Q:02
a/my **PHoNe**2020## this is on of best password
b/the cost important when information security done
c/when make information security is important to understanding the confidentiality
d/I work in secure building so discuses information in an closed work area
e/security system development is life cycle
…………………………………………………………………………………………………………………………………………………………………
Q:03
Plan 1: Divide all employees of the company into three types according to their safety class A, B, C
Class A includes the company’s owner, chairman and management, Class B includes senior staff, Class C includes new employees And the system will always follow them The system is always followed by external dialects and class a,b
Plan 02: Provide all the devices and points of contact through the work of groups and one official who has the powers such as amendment and others, The system must focus with external dialects and with the responsibility of each group.
Q1) a
-Information security (IS) is designed to protect the confidentiality, integrity and availability of computer system data from those with malicious intentions. Confidentiality, integrity and availability are sometimes referred to as the CIA Triad of information security.
-information security refers to the processes and tools designed and deployed to protect sensitive business information from modification, disruption, destruction, and inspection.
-In the era of Internet, securing the information is similar to protecting the property which is highly important. The organisations which have confidential data need to be alert of the risks of information leak that can cause huge damage to the company.
-Information security tops the list of sectors like military and defence where, enemy countries eye to fetch the confidential information and harm the nation.
Q1) b
An information security management system (ISMS) is a set of policies and procedures for systematically managing an organization’s sensitive data. The goal of an ISMS is to minimize risk and ensure business continuity by pro-actively limiting the impact of a security breach.
-describes controls that an organization needs to implement to ensure that it is sensibly protecting the confidentiality, availability, and integrity of assets from threats and vulnerabilities. By extension, ISM includes information risk management, a process which involves the assessment of the risks an organization must deal with in the management and protection of assets.
Q2)
1-false
one of best password **5679-0##** am//era //
2- false
money is important afterIS because maintenance
3-true
4-false
discuss information in a secure work_space
5-true
Q3)
There are many ways organizations can protect their business from cyber-attacks. The article is from a PrivacyEnd post which outlines several measures including; updated software, improved technologies, skilled employees and pre-planned precautionary measures.
Limit Data Access
Most of the organizations give privileged access to their sensitive data to a number of employees and insiders. Think about who in your organization has access to sensitive customer data? Can you identify everyone’s access rights? Most company executives are unaware of the details about individual employees who have access to data and why they access it. This is a huge risk to data loss, theft and hacking.
This means it is necessary for businesses to limit the data access. Organization’s should determine what an employee needs access to and ensure they have access to only what they need. Not anything else. These all limitations could help organizations to manage their data more efficiently and ensure it is being safeguarded from theft or loss.
Identify Sensitive Data
For companies, it is really important to be aware of where their most important data and sensitive business information lies. This will ensure you have the right information and allocate more resources to protecting your most sensitive and crucial assets.
Although sensitive business data is only probably around 5-10% of your total business data, a data compromise involving sensitive or personal data could result in an immense loss of reputation and revenue to a company. If we go back to access management and rights, we should be putting more strict measures on sensitive data over other business data.
Pre-Planned Data Security Policy
When looking at the operations and processes needed to mitigate a cyber-attack, an important step is to prepare a list of security measures and data security policies. This sort of plan by an organizations could help significantly in critical situation and times of incident response. Through policies, you can immediately react in order to prevent extreme impacts of a cyber-attack.
As with access management and rights, employee access could be identified easily and you would remain aware of which users in your organization could have potentially been breached. It’s important to remember that a policy and process plan is only as good as it’s last revision. Technology, industry regulation and best practice is always changing. Someone therefore needs to own this policy and process guide and always look at new ways of updating it to keep it relevant.
Strong and Different Passwords for Every Department
Sensitive data in an organization should be locked away with strong passwords. Making stronger passwords is necessary for fighting a number of password hacking tools that are easy to get on the market. Try ensuring that there are a combination of different characters including alphabets, numbers, symbols and other capital letters.
Additionally, using the same passwords for different programs and access is also a risk. Once your password is cracked, a hacker will try the same password on all major accounts you own.
Regular Data Backup and Update
Last on the list of important data security measures is having regular security checks and data backups. For an unexpected attack or data breach, it is really helpful to have an organization back up their data. To have a successful business, you must keep a habit of automatic or manual data backup on a weekly or daily basis.
In addition, the data should be protected through updated software and efficient antivirus tools. However, to attain this, you must have progressive and efficient IT department. Make sure you are hiring someone with the right skills who you can trust to do the job properly.
Question 1
1-Information security (IS) is designed to protect the confidentiality, integrity and availability of computer system data from those with malicious intentions. Confidentiality, integrity and availability are sometimes referred to as the CIA Triad of information security.
Information systems security is very important to help protect against this type of theft. Companies and organizations are especially vulnerable since they have a wealth of information from their employees. … The main focus of this industry is to protect these systems and to prevent the information from being stolen too.
2-An information security management system (ISMS) is a set of policies and procedures for systematically managing an organization’s sensitive data. The goal of an ISMS is to minimize risk and ensure business continuity by pro-actively limiting the impact of a security breach.
Question 2
1- False –> ^#$*fegc584this is one of best passwords.
2- False –> Money is important after IS is done for maintenance and development.
3-Ture
4- False –> You need to discuss information in a secure work-space.
5- True
Question 3
plan (1)
First, as an organization, take inventory of what data every employee may or may not have access to. Determine which employees still need access and which do not in an effort to limit the amount of data access by employees/admins to a small, manageable number. In addition, have your admins determine which type of access each department/employee needs.
Plan(2)
1 Keep pace with compliance
Organisations need to adhere to the Data Protection Act and the Housing Act 2004 but there is no information security standard to help guide housing associations. Appointing a trained data protection officer at a senior level can help improve data privacy and the management now and into the future.
2 Analyse the information estate
Analyse the data and the applications which store it to see exactly what information is accessed across the business, who accesses it, and what it is used for – whether it be personal data (criminal convictions, benefits and allowances etc) to details on property portfolios, market and rental values, and maintenance and repair databases. You need to know what it is used for and who can access it.
3 Perform a security gap analysis
A gap analysis provides a benchmark and determines where data security needs to be improved. This can be used to advise upon improvements to security processes and controls, from encouraging staff to observe appropriate security policies to the introduction of technical measures such as secure access and authentication. Data security is not just about bits and bytes; the gap analysis should include physical security too, such as locations from where services are provided. Are screens visible to non-users? Are new staff vetted and regularly retrained? Are security policies in place and made accessible to them?
4 Carry out data-landscaping
This catalogues the data used by the organisation and seeks to determine its value should it be lost or compromised. What would the impact be if data was released to unauthorised entities, altered, misrepresented or simply made unavailable? A database of gas boiler service dates may seem trivial, but if the data is incorrect it could pose risks to health and safety. Once value is understood, data ownership should be assigned at a managerial level of responsibility.
5 Invest in information management systems
This provides structure for handling data. It enables data to be created, collected, filtered, and distributed using set patterns. This in turn makes it much easier to prove that compliance regulations have been adhered to.
Many believe it’s only a matter of time before governance regimes are brought in to prevent data loss and mishandling across the housing sector, and the Information Commissioner’s Office already has the powers to fine organisations up to £500,000 for the misuse of personal data on UK citizens.
Housing associations that address data security now will avoid incurring the wrath of the regulator and remain ahead of the curve when legislative reforms arrive.
Q1):-
1-Information security is a set of strategies for managing the process , tools and polices necessary to prevent , detect document and counter threats to digital and non-digital information. its importance relies in As we store and access information in various devices such as laptops , mobiles and verbal documents . We handle various types of valuable information like customer data , financial information and business data .
Information is the asset that powers and enables our business and Any loss of information can affect the organization in terms of :
– time – reputation – Money .
2 – Business Obligations: Security commitments to the business. For example, security has a responsibility to ensure that information in the business is kept secure and is available when needed.
Regulatory Obligations: Legal, compliance, or contractual obligations that security must fulfil. For example, organizations in the healthcare industry must be HIPAA compliant.
Customer Obligations: Security commitments that the customer expects the organization to keep. For example, the customer of a manufacturer may require all their blueprint files to be encrypted.
Q2 ) :-
1- (false) the best password should contain letters which are capitalized and small ones , symbols and numbers .
2- (false) money is important all the time during the life time of the project as we might need maintenance works after we finish the IS .
3- (true ) .
4- (false) you do not know whether these information you share could be important for your rivals or not .
5- (true) .
Q3):-
1 – you should encrypt your data :
Data encryption isn’t just for technology geeks; modern tools make it possible for anyone to encrypt emails and other information.
2- backup your data :-
One of the most basic, yet often overlooked, data protection tips is backing up your data. Basically, this creates a duplicate copy of your data so that if a device is lost, stolen, or compromised, you don’t also lose your important information. It’s best to create a backup on a different device, such as an external hard drive, so that you can easily recover your information when the original device becomes compromised.
3-The cloud provides a viable backup option:-
While you should use sound security practices when you’re making use of the cloud, it can provide an ideal solution for backing up your data. Since data is not stored on a local device, it’s easily accessible even when your hardware becomes compromised. “Cloud storage, where data is kept offsite by a provider, is a guarantee of adequate disaster recovery.
Question (1)
(A) Information security, often referred to as InfoSec, refers to the processes and tools designed and deployed to protect sensitive business information from modification, disruption, destruction, and inspection.
Information systems security is very important to help protect against this type of theft. Companies and organizations are especially vulnerable since they have a wealth of information from their employees. This can include names, addresses, telephone numbers, social security numbers, payrolls, etc. This information is sensitive and needs to be protected.
(B)
Step One: Asset Identification and Valuation
Confidentiality/// Integrity //// Availability////
Step Two: Conduct a Detailed Risk Assessment
Threats//// Vulnerabilities //// Impact and Likelihood/// Mitigation
Step Three: Establish the ISMS
Question (2)
(1) False ***abc123 is easily
Strong password (MsdGfA@498765@)
(2) False ****must be important
Which need it in maintenance
(3) True ***
(4) False ******
Because there are two type of attacks (external attack) carried out by node that do not belong to the domain of the network and there are (internal attack) it is from compromised node which are actually part of the net work
(5) True ***
Question (3)
Plan |A|
The effort needed in achieving total computer system security seems overwhelming. There is always something else you could do to improve your security stance. You might be surprised, then, if I told you that just one step could accomplish this goal:
Eliminate all computer systems from your business and use paper instead!
Of course, for most businesses this is not a realistic solution, but then, achieving total computer system security is not a realistic goal. Like crossing the street, there is an element of risk no matter how careful you are. So what can you do to mitigate this risk in a reasonable way, without consuming endless resources?
Plan |B|
While there can be no single answer that applies to every system and every business, you can make significant improvements in your overall security stance by taking some simple actions. Here are seven steps:
1- PERFORM REGULAR BACKUPS!
Sorry about shouting, but I cannot stress this one enough. If you do nothing else, save your work, including contacts, accounting and stored email. And keep your backups somewhere else, away from your office or place of business.
2- Scan for Viruses
Effectively use your virus scanner on all desktop workstations and servers (you do have scanning software, right?). That means regular scans and regular updates. Most scanners will do this for you, but what if an employee disables this feature? (Maybe it slows down his web surfing experience or something). You need to be sure!
3- Use Firewalls
No, firewalls are not going to save us all from all the evil hackers in the world, but they go a long way to making it more difficult for them. If you already have one, make sure it’s configured to allow nothing but the essential traffic. Consider using personal (software) firewalls on each workstation and server, too. A layered approach is best always!
4- Patch OS and Application Software
Check for security advisories on a regular basis. If your vendor says you should apply an important security patch, you really need to get it done.
5- Use Strong Passwords
Do not use your favorite color. Do not use the name of your dog (or cat, parakeet, critter,). Do not change letters to clever number and punctuation replacements (c!3v3r, n0? No!). These all can be cracked in no time. Better yet, consider a stronger authentication mechanism.
6- Don’t open email attachments!
Delete email from unknown and unexpected sources outright. But even email that appears to be coming from friends, relatives and associates can be dangerous. Many worms have used personal address books to propagate themselves.
7-Develop a security policy
Even creating a simple security policy will force you to think about what needs protection and the threats specific to your business. If you have employees, make sure they understand the importance of your policy. Educate them (and yourself, in the process!)
// There are many software programs that vary in price and there are also some free ones that can be used for (System protection) and determine the number of employees according to the available cost //
// This plan will not cost you much money and you will not need more staff, It can be implemented anywhere in any country //
Q:01/a
What is information security? And Why information security is important?
Is a science that uses scientific theories in computer science and other sciences
To protect data from threats.it is important Because we store and access information in various devise and forms such as laptops,mobile and documents
We handle various types of valuable information like customer data and business data
And any loss of information can affect the organization in terms of time,money and reputation.
Q:01/b
what is information security management system required?
is a set of policies and procedures for systematically managing an organization’s sensitive data. The goal of an ISMS is to minimize risk and ensure business continuity by pro-actively limiting the impact of a security breach.
Q:02
a/my **PHoNe**2020## this is on of best password
b/the cost important when information security done
c/when make information security is important to understanding the confidentiality
d/I work in secure building so discuses information in an closed work area
e/security system development is life cycle.
Q:03
Plan 1: Divide all employees of the company into three types according to their safety class A, B, C
Class A includes the company’s owner, chairman and management, Class B includes senior staff, Class C includes new employees And the system will always follow them The system is always followed by external dialects and class a,b
Plan 02: Provide all the devices and points of contact through the work of groups and one official who has the powers such as amendment and others, The system must focus with external dialects and with the responsibility of each group.
question(1)
a) الأمن المعلومات هو العلم الذي يعمل علي توثيق الحماية من المخاطر الذي تهددها أو اعتداء عليها وذلك من خلل توثيق الأدوات ووسائل اللازمة لحماية معلومات من مخاطر الداخلية والخارجية أي وضع برنامج امن لمعلومات وذلك لمنع وصول المعلومات إلي أشخاص عير مخولين عبر اتصال ولضمان صحة هذه اتصال
اهمية تكمن فى الحفاظ على المعلومات الخاصة بالعميل او المور الشخطية سواء كانت لمؤسة او جهات اخرى من التسريب او الاختراق
b)An information security management system (ISMS) is a set of policies and procedures for systematically managing an organization’s sensitive data. The goal of an ISMS is to minimize risk and ensure business continuity by pro-actively limiting the impact of a security breach.
question(2)
1) false – to be more secure we should like that [q=8H9s/fCW*’#qcT]
2) false – هام جدا لان النظام فى حالة دائمة فى التطور ولمواكبة هذا التطور يجب اى يتم تحديث النظام وترقيع الثغرات الامنية خلال نظم الحماية لديك
3) true
4)false – لا يجب ان يتم مشاركة اى بيانت خاصة بالعمل فى الخارج لان من الممكن استغلال هذة المعلومات فى اختراق الشركة حتى لو كانت بدون اهمية بنسبة لك
5)true
question(3)
اولا يجب ان نكون على علم ان معظم الاختراقات التى حدثت فى اخر 5 سنوات هيا اختراقات مبنية على استغلال العامل البشرى فيها من خلال الهندسة الاجتماعية والاصطياد الالكترونى من خلال الصفحات المزورة او غيرها
ولكى يتم بناء منظومة امن معلومات اكثر امانا يجب توعية العامل اولا باهمية امن الملعومات ومخاطرها
ثانية يتم عمل نظام حماية قادر على اكتشاف الاختراقات الامنية اول باول
وهذا يكون على الاقل استخدام 2 من مهندسن امن المعلوامات ذو الكفاءة فى ادارة النظام واستخدام برامج ذات حماية علية واستخدام جدار حمية جيد وهذا من الممكن ان يكلف فى بداية الامر ولكن سوف يعمل على حماية النظام
plan (2)
هو عمل نظام قادر على قفل النظام فى حالة الاختراقات الامنية
وعلم نسخة احتياطية من البيانات وفصلها عن النظام فى الحالات الطارقة وغيرها حتى وصول
Q:01/a
What is information security? And Why information security is important?
Is a science that uses scientific theories in computer science and other sciences
To protect data from threats.it is important Because we store and access information in various devise and forms such as laptops,mobile and documents
We handle various types of valuable information like customer data and business data
And any loss of information can affect the organization in terms of time,money and reputation.
………………………………………………………………………………………………………………………………………………………………….
Q:01/b
what is information security management system required?
is a set of policies and procedures for systematically managing an organization’s sensitive data. The goal of an ISMS is to minimize risk and ensure business continuity by pro-actively limiting the impact of a security breach.
هي مجموعة من السياسات والإجراءات لإدارة البيانات الحساسة للمؤسسة بشكل منهجي. الهدف من ISMS هو تقليل المخاطر وضمان استمرارية العمل من خلال الحد بشكل استباقي من تأثير الخرق الأمني.
………………………………………………………………………………………………………………………………………………………………….
Q:02
a/my **PHoNe**2020## this is on of best password
b/the cost important when information security done
c/when make information security is important to understanding the confidentiality
d/I work in secure building so discuses information in an closed work area
e/security system development is life cycle
…………………………………………………………………………………………………………………………………………………………………
Q:03
Plan 1: Divide all employees of the company into three types according to their safety class A, B, C
Class A includes the company’s owner, chairman and management, Class B includes senior staff, Class C includes new employees And the system will always follow them The system is always followed by external dialects and class a,b
Plan 02: Provide all the devices and points of contact through the work of groups and one official who has the powers such as amendment and others, The system must focus with external dialects and with the responsibility of each group.
Question 1:
a-What is information security?
(IS) is designed to protect the confidentiality, integrity and availability of computer system data from those with malicious intentions. Confidentiality, integrity and availability are sometimes referred to as the CIA Triad of information security.
b-What is information security management?
(ISM) describes controls that an organization needs to implement to ensure that it is sensibly protecting the confidentiality, availability, and integrity of assets from threats and vulnerabilities.
Question 2:
1-(false) best–>worst
2-(false) money is important after IS is done for maintenance and development
3-(true)
4-(false) there are two types external attacks , internal attacks
5-(true)
Question 3:
first plan:
number of employee :2
cost:according to works of them
countery: small
seconed plan:
number of employee :20
cost:according to works of them
countery: intermediate
Q(1)
1) Information security refers to the processes and tools designed to protect sensitive business information from modification, disruption, destruction and inspection.
Information security is important to help protect against types of theft. Companies and organizations are especially vulnerable since they have a wealth of information from their employees. This can include names, addresses, telephone numbers, social security numbers, etc. This information is sensitive and needs to be protected.
2) ISMS requires minimization the risk and ensures business continuity by pro-actively limiting the impact of a security breach. It typically addresses employee behavior and processes as well as data and tech. It can be targeted towards a particular type of data, such as customer data, or it can be implemented in a comprehensive way that becomes part of the company’s culture.
———————————————————————–
Q(2)
1) False –> ^&$%GHabc123 this is one of best passwords.
2) False –> Money is important after IS is done for maintenance and development.
3)
4) False –> You need to discuss information in a secure work-space.
5) True.
————————————————————————–
Q(3)
To enhance the security of data:
Plan(1) “Costly”:
1- Have backups in place
It’s not just about protection; it’s about having backups to restore your info in case your systems need to be rebooted. That’s something you need to invest in.
2-Plan and protect for a security breach.
With the growth of the IoT, chances of a security breach continue to rise. Sure, you would like to keep this from happening to your company, but the goal is to limit the damage in the event this does happen. You can do this by keeping a backup in case of a breach, installing endpoint protection software, and keeping your system up to date with security fixes.
3-Consult an expert.
There are lots of little tweaks and hacks that can be done to bolster protection, but unless someone is looking at a company from a holistic point of view, it’s bound to have vulnerabilities. I feel the only safe way to protect a company as the stakes get higher is to work with an outsourced firm that specializes in security, or bring someone in-house.
4-Add a web application firewall
5-Remain vigilant and resilient.
Being vigilant is a matter of continual monitoring to make sure systems are still secure. Being resilient includes being able to quickly address and recover from threats.
6-Have a two-step verification process
This adds another layer of protection for data, which is essential when there are so many devices now being connected together with the same username and password. Longer passwords are also part of this extra security measure, making it more difficult to compromise the system.
7-Encrypt everything
The IoT will lead to the omnipresence of smart, connected devices. It’s impractical to determine the trustworthiness of every single device that data might pass through or be stored on, even those within firewalled networks. The solution is to ensure that all data, both at rest and in transit, is encrypted. Trust will move from the level of the network to the device or individual. Only peoplewith the authentication credentials or a pre-verified device will have access to data that is encrypted unless it’s being actively used.
8-Have users change passwords no less than every 90 days.
Most data breaches come from people using very easy to guess passwords. There are a number of strategies you can deploy to require users to take extra steps, including basic things like requiring the use of capital letters, numbers and symbols (or combinations thereof), but what I’ve found to be even more secure is requiring users to change their password no less than every 90 days. This helps to protect from internal intruders, as well as workplace breaches.
9-Use a mobile device management-like approach
We can replicate the MDM approach for IoT so that we can manage and monitor the devices, which are connected to the IoT network. Companies can inject the data encryptions from the remote locations and change it whenever needed. Devices can also be profiled or removed from access.
10-Constantly test
The only way to make sure something is consistently secure is to test it all the time. It isn’t unusual for deeply data-sensitive organizations to hire an experienced respectable hacker to test their security structure. Vulnerability scanning and evaluations are equally important inside and outside your security system. If you can find a way to get illegitimate access to your data, the outside world can as well.
Plan(2) “Less expensive”:
1-Limit Data Access
Most of the organizations give privileged access to their sensitive data to a number of employees and insiders.Organization’s should determine what an employee needs access to and ensure they have access to only what they need.
2-Know and protect your most important data
If a data breach occurred in the next hour, could you quickly identify your most valuable data? As a company, it’s important to take the time to identify what you consider the most valuable data and work on protecting that first. Commonly referred as the “crown jewels” of data, this type of data usually makes up 5-10 percent of the company’s data, and if it were compromised, would cause the most damage to the company.
3-Pre-Planned Data Security Policy
When looking at the operations and processes needed to mitigate a cyber-attack, an important step is to prepare a list of security measures and data security policies. This sort of plan by an organizations could help significantly in critical situation and times of incident response. Through policies, you can immediately react in order to prevent extreme impacts of a cyber-attack.
4-Strong and Different Passwords for Every Department
Sensitive data in an organization should be locked away with strong passwords. Making stronger passwords is necessary for fighting a number of password hacking tools that are easy to get on the market. Try ensuring that there are a combination of different characters including alphabets, numbers, symbols and other capital letters.
5-Regular Data Backup and Update
Last on the list of important data security measures is having regular security checks and data backups. For an unexpected attack or data breach, it is really helpful to have an organization back up their data. To have a successful business, you must keep a habit of automatic or manual data backup on a weekly or daily basis.
Question 1:
a-What is information security?
(IS) is designed to protect the confidentiality, integrity and availability of computer system data from those with malicious intentions. Confidentiality, integrity and availability are sometimes referred to as the CIA Triad of information security.
b-What is information security management?
(ISM) describes controls that an organization needs to implement to ensure that it is sensibly protecting the confidentiality, availability, and integrity of assets from threats and vulnerabilities.
Question 2:
1-(false) best–>worst.
2-(false) money is important after IS is done for maintenance and development.
3-(true).
4-(false) there are two types external attacks , internal attacks.
5-(true).
Question 3:
first plan:
number of employee :2.
cost:according to works of them.
countery: small.
seconed plan:
number of employee :20.
cost:according to works of them.
countery: intermediate.
question(1)
a) الأمن المعلومات هو العلم الذي يعمل علي توثيق الحماية من المخاطر الذي تهددها أو اعتداء عليها وذلك من خلل توثيق الأدوات ووسائل اللازمة لحماية معلومات من مخاطر الداخلية والخارجية أي وضع برنامج امن لمعلومات وذلك لمنع وصول المعلومات إلي أشخاص عير مخولين عبر اتصال ولضمان صحة هذه اتصال
اهمية تكمن فى الحفاظ على المعلومات الخاصة بالعميل او المور الشخطية سواء كانت لمؤسة او جهات اخرى من التسريب او الاختراق
b)An information security management system (ISMS) is a set of policies and procedures for systematically managing an organization’s sensitive data. The goal of an ISMS is to minimize risk and ensure business continuity by pro-actively limiting the impact of a security breach.
Q(2)
1) False –> ^&$%GHabc123 this is one of best passwords.
2) False –> Money is important after IS is done for maintenance and development.
3)
4) False –> You need to discuss information in a secure work-space.
5) True.
Question (3) : –
Plan |A|
The effort needed in achieving total computer system security seems overwhelming. There is always something else you could do to improve your security stance. You might be surprised, then, if I told you that just one step could accomplish this goal:
Eliminate all computer systems from your business and use paper instead!
Of course, for most businesses this is not a realistic solution, but then, achieving total computer system security is not a realistic goal. Like crossing the street, there is an element of risk no matter how careful you are. So what can you do to mitigate this risk in a reasonable way, without consuming endless resources? 😀 Plan “B”
// This plan will not cost you much money and you will not need more staff, It can be implemented anywhere in any country //
Plan |B|
While there can be no single answer that applies to every system and every business, you can make significant improvements in your overall security stance by taking some simple actions. Here are seven steps:
1- PERFORM REGULAR BACKUPS!
Sorry about shouting, but I cannot stress this one enough. If you do nothing else, save your work, including contacts, accounting and stored email. And keep your backups somewhere else, away from your office or place of business.
2- Scan for Viruses
Effectively use your virus scanner on all desktop workstations and servers (you do have scanning software, right?). That means regular scans and regular updates. Most scanners will do this for you, but what if an employee disables this feature? (Maybe it slows down his web surfing experience or something). You need to be sure!
3- Use Firewalls
No, firewalls are not going to save us all from all the evil hackers in the world, but they go a long way to making it more difficult for them. If you already have one, make sure it’s configured to allow nothing but the essential traffic. Consider using personal (software) firewalls on each workstation and server, too. A layered approach is best always!
4- Patch OS and Application Software
Check for security advisories on a regular basis. If your vendor says you should apply an important security patch, you really need to get it done.
5- Use Strong Passwords
Do not use your favorite color. Do not use the name of your dog (or cat, parakeet, critter, …). Do not change letters to clever number and punctuation replacements (c!3v3r, n0? No!). These all can be cracked in no time. Better yet, consider a stronger authentication mechanism.
6- Don’t open email attachments!
Delete email from unknown and unexpected sources outright. But even email that appears to be coming from friends, relatives and associates can be dangerous. Many worms have used personal address books to propagate themselves.
7-Develop a security policy
Even creating a simple security policy will force you to think about what needs protection and the threats specific to your business. If you have employees, make sure they understand the importance of your policy. Educate them (and yourself, in the process!)
// There are many software programs that vary in price and there are also some free ones that can be used for (System protection) and determine the number of employees according to the available cost //
question(1)
a) Information security refers to the processes and tools designed to protect sensitive business information from modification, disruption, destruction and inspection.
-importance of information security-
Information systems security is very important to help protect against this type of theft. Companies and organizations are especially vulnerable since they have a wealth of information from their employees. This can include names, addresses, telephone numbers, social security numbers, payrolls, etc. This information is sensitive and needs to be protected
b)An information security management system (ISMS) is a set of policies and procedures for systematically managing an organization’s sensitive data,it requires minimization the risk and ensures business continuity by pro-actively limiting the impact of a security breach
question(2)
1) False ( m_a137@br&sv this is one of best passwords)
2) False ( Money is important after IS is done for maintenance and development)
3)true
4) False ( information discussion shouldn’t be in an open work area because information is the backbone of system security)
5) True
question(3)
1. Manage who has access
First, as an organization, take inventory of what data every employee may or may not have access to. Determine which employees still need access and which do not in an effort to limit the amount of data access by employees/admins to a small, manageable number. In addition, have your admins determine which type of access each department/employee needs.
According to infoworld.com:
“Credential hygiene is essential to strong database security because attackers often, if not nearly always, seek to compromise privileged accounts to gain access to confidential data. Minimizing permanent privileged accounts reduces the risk that one of those accounts will be compromised and used maliciously.”
2. Know and protect your most important data
If a data breach occurred in the next hour, could you quickly identify your most valuable data? As a company, it’s important to take the time to identify what you consider the most valuable data and work on protecting that first.
Commonly referred as the “crown jewels” of data, this type of data usually makes up 5-10 percent of the company’s data, and if it were compromised, would cause the most damage to the company. Once identified, work on procedures to not only secure the data but also limit the amount of employees that have access to it.
3. Develop a data security plan/policy
Another important strategy when looking to improve data security is developing a data security policy. It’s important to have a plan in place when hacks and breaches occur and a plan that determines which employees need and have access to data, as mentioned above. Thus, these sorts of policies can keep employees in line and organized.
This policy should also be open to changes and edits as amendments will need to be made to match the growing technology innovations and new company policies. By having data access rules that are strictly enforced, the better you protect your data on a day-to-day basis.
4. Develop stronger passwords throughout your organization
Employees need to have stronger and more complicated passwords. Work to help employees develop passwords that are a combination of capital letters, numbers and special characters that will make it much harder for hackers to crack.
A good rule of thumb when creating a new password is to have it be at least 12 characters and to not include a combination of dictionary words, such as “green desk.” All and all, passwords should be unique to employees and difficult for computers to guess.
5. Regularly backup data
Lastly, it’s important to backup your data on a regular basis. In addition to hacks, loss of data is a serious issue, and organizations need to be prepared for the unexpected. As a business, get in the habit of either automatically or manually backing up data on a weekly or daily basis.
Also, make sure the backup data is equally secure from potential hackers. With a strong software program or IT department, it can help businesses fight off potential threats and build business values around the importance data security.
Avoid becoming the next major data breach story by taking action and initiative with your data security and protecting what’s valuable to your organization.
(1).
1) Information security refers to the processes and tools designed to protect sensitive business information from modification, disruption, destruction and inspection.
Information security is important to help protect against types of theft. Companies and organizations are especially vulnerable since they have a wealth of information from their employees. This can include names, addresses, telephone numbers, social security numbers, etc. This information is sensitive and needs to be protected.
2) ISMS requires minimization the risk and ensures business continuity by pro-actively limiting the impact of a security breach. It typically addresses employee behavior and processes as well as data and tech. It can be targeted towards a particular type of data, such as customer data, or it can be implemented in a comprehensive way that becomes part of the company’s culture.
b)An information security management system (ISMS) is a set of policies and procedures for systematically managing an organization’s sensitive data,it requires minimization the risk and ensures business continuity by pro-actively limiting the impact of a security breach
(2).
1) False ( m_a137@br&sv this is one of best passwords)
2) False ( Money is important after IS is done for maintenance and development)
3)true
4) False ( information discussion shouldn’t be in an open work area because information is the backbone of system security)
5) True
(3).
first plan:
number of employee :2.
cost:according to works of them.
countery: small.
seconed plan:
number of employee :20.
cost:according to works of them.
countery: intermediate.
Question (1) :-
1- information security refers to the process and tools designed to protect sensitive business information from modification, disruption and inspection.
it’s important:
1) To protect data from any attacks.
2) Protect it from accidental risks.
3) Prevent unauthorized people to access.
4) Easy recovery.
2- it describes controls that an organization needs to implement to ensure that it is sensibly protecting the confidentiality, availability, and integrity of assets from threats and vulnerabilities. a process which involves the assessment of the risks an organization must deal with in the management and protection of assets.
_______________________________________________________________________________________________________________________________
Question (2) :-
1- (False), AsQgkl@lg{ is the best Password.
2- (False), Money is important after IS is done for maintenance and development.
3- (True).
4- (False), information discussion mustn’t be in an open work area because information is the backbone of system security.
5- (True).
_________________________________________________________________________________________________________________________________
Question (3) :-
Plan (A):
1-Manage who has access.
2-Know and protect your important data.
3-Develop a data security policy.
4- Develop stronger passwords throughout company.
5-Regularly backup data.
Plan (B):
1-Establishing and maintaining a meaningful and relevant security policy.
2-Ensuring that security policy has teeth and is enforced.
3-Providing tools to help IT staff implement security policy.
4-Closing an increasingly popular network back door.
5-Plugging security holes in cohosting situations.
Q1-
(a)- information is one of the most important non-tangible assets of any organization, and like other assets, it is the responsibility of the management to protect it appropriately. Upcoming news about missing data scares organizations as they rely completely on information technology which carries an abundance of sensitive data and customer information. It is dated back to 1980 when the use of computers was limited to computer centers and the security of the computer stands for the physical computing infrastructure. However, the openness of internet has simplified processes with in-house information storage, but it also happens to be a great weakness in terms of information security.
The internet has evolved with the exchange of communication from a reliable group of trusted people to millions of frequently interacting anonymous users. Those on the internet are not bothered by lack of information but are more worried about handling excess unnecessary information that they come across. Morris Worm was the first internet worm that was developed in 1988 and infected 10% of systems. [1] Since then, these incidents have become increasingly complex and expensive. To combat this, awareness on information security has increased and many organizations have been making efforts to prioritize their data.
Information security, also known , is a process of formulating strategies, tools, and policies to detect, document, prevent, and combat threats targeted on digital and non-digital information devices. Information security in direct context is establishing well-defined security processes to protect information irrespective of its state of presence—transit, processed, or at rest.
When anyone thinks of securing information, the first tip that they would come across is to create a password that is tough to crack (often so tough that the user forgets it!), but protecting information is beyond just protecting data under a password. More and more businesses are becoming victims of cybercrime.
According to McAfee, the damages associated with cybercrime now stand at over $400 billion, up from $250 billion 2 years ago, showing that there is a significant spike in more sophisticated hacking. [2]To combat the situation, organizations are investing in security protocols and digital frontiers. However, many still believe that information security is a burden.
(B)-information security management system is how you ensure information security within an organization.
It is a management activity within the corporate governance framework which provides the strategic direction for security activities and ensure objectives are achieved .
The purpose of ISM is to provide a focus for all aspects of IT security and manage all IT security activities.
The term information is used as a general term and includes date to store databases and metadata.
The objective of information security is to protect the interest of those relying on information and the systems and communication that deliver the information from harm resulting from failure of availability , confidentiality and integrity .
Question (2)
1) false —> werv@18569ao#8
2)2- false —> Money is important after IS done.
3)True.
4) False—>information discussion shouldn’t be in an open work area because information is the backbone of system security.
5) True.
Plan(1)>>> Internet Connection
You can’t work without internet. But you can’t work securely on the web without using a firewall, encryption for sensitive information, and a hidden wi-fi network.
Plan (2) >> Educate Employees
According to a recent study, human error is responsible for more than three-quarters of data breaches. If your employees know more about cyber threats and how to protect your organization’s data, your entire organization will be safer.
Plan (3)>>>Policies
Having security practices and policies is important. Your company should have these official policies in place, and all employees should be aware of them.
Plan (3)>>>Passwords
It may sound like the most trivial security item, but this fundamental stronghold is important. A password that includes capitals, numbers, and preferably a phrase will up your security in a big way.
Hany Mohamed Amin
level 4
information security is protecting data from any attack and accidental risks, prevent unauthorized people to access it and easy recovery
information security management is a set of policies and procedures for systematically managing an organization’s sensitive data. The goal of an ISMS is to minimize risk and ensure business continuity by pro-actively limiting the impact of a security breach
Q2
1- false correct answer(123Aa@fbi )
2- false correct answer( Money is important after IS done )
3- true
4- false correct answer ( in security area )
5- True
Q3
A
q((1)):
(a)
-is the process of protecting information by reducing information risks. It is part of information risk management. It typically involves preventing or at least reducing the probability of unauthorized access to data, or the unlawful use of information
– #protcet data from attack
#protect data from accidental risks
#prevent unauthorized people to access data
#easy recovery
(b)
Describes controls that an organization needs to implement to ensure that it is well protecting the confidentiality, availability, and integrity of assets from threats and gaps. ISM includes information risk management, a process which involves the assessment of the risks that organization must deal with in the management and protection of assets
q((2)):
(1) False.
>because abc123 is easy to be guessed. for example: axy#z.30% is one of the best Passwords
(2) False.
>after (IS) is done, money is important for development and maintenance.
(3) True.
(4) False.
>I work in secure building so discuses information in a secured/closed work place to protect it from any foreigner
(5) True
q((3)):
plan A:
1.Manage who has access to data and choose the carefully
2.protect the most important data
3.Develop the data security system continuousley
4.apply stronger passwords
5.backup data Regularly
6.Use Reliable Security Software system
7.the number of employees is accurately what the company need and add afew other emplyees as spare
8.use medium cost tools and devices
9.in france
plan B:
1.employ large number of people but with low salary to avoid reduction of employees number while absence
2.Have a two-step verification process for employees to add another layer of protection for security
3.use touch id for any employee to prove his original character
4.use very difficult passwords to make sure that no one can memorize it
5.modify passwords continuously
6.backup data regularly
7.use perfect devices even these are high costs
8.in egypt
Question (1)
a)
information security is designed to protect the confidentiality, integrity and availability of computer system data from those with malicious intentions.
information security is very important in an organization to protect the applications that implemented in organizations and protect the data store in computer as well. Besides protect the data, the application installed also need to be protect because it can contribute to information lost or damages
b)
An information security management system is a set of controls that an organization implements to protect its own informational assets and other information assets for which it is responsible. Organizations that design and implement their own ISMS will find ways to reduce the likelihood of a data breach occurring, ways to limit their liability when a data breach does occur, and other ways to mitigate the impact of any data security issues.
Question 2
1- False ..> good pass like #MyPass*@15464IsMs .
2- False ..> Money is important after IS is done for maintenance and development.
3-Ture
4- False ..> You need to discuss information in a secure work-space.
5- True
Question (3)
Plan(1): Internet Connection
You can’t work without internet. But you can’t work securely on the web without using a firewall, encryption for sensitive information, and a hidden wi-fi network.
Plan (2): Educate Employees
According to a recent study, human error is responsible for more than three-quarters of data breaches. If your employees know more about cyber threats and how to protect your organization’s data, your entire organization will be safer.
Plan (3): Policies
Having security practices and policies is important. Your company should have these official policies in place, and all employees should be aware of them.
Plan (4): Passwords
It may sound like the most trivial security item, but this fundamental stronghold is important. A password that includes capitals, numbers, and preferably a phrase will up your security in a big way.
Question (1)
(A)
Information security is a set of practices intended to keep data secure from unauthorized access or alteration, here’s a broad look at the policies, principles, and people used to protect data.
Information security is very important to reducing the risk of data breaches and attacks in IT systems, applying security controls to prevent unauthorized access to sensitive information, Preventing disruption of services, e.g., denial-of-service attacks, protecting IT systems and networks from exploitation by outsiders.
(B)
The information security management system (ISMS) is a set of policies and procedures for systematically managing an organization’s sensitive data, it requires minimization the risk and ensures business continuity by pro-actively limiting the impact of a security breach.
Question (2)
1) False .. Mycar613FS.Rw$4pm this is one of best passwords
2) False .. Money is important after IS is done for maintenance and development
3)true
4) False .. Discuses information can’t be in an open work area because it is possible to exploit this information to penetrate the company
5) True
Question (3)
First you should encrypt your data ..
Data encryption isn’t just for technology geeks; modern tools make it possible for anyone to encrypt emails and other information.
2)backup your data ..
One of the most basic, yet often overlooked, data protection tips is backing up your data basically, this creates a duplicate copy of your data so that if a device is lost, stolen, or compromised, you don’t also lose your important information, It’s best to create a backup on a different device, such as an external hard drive, so that you can easily recover your information when the original device becomes compromised.
3)The cloud provides a viable backup option ..
While you should use sound security practices when you’re making use of the cloud, it can provide an ideal solution for backing up your data. Since data is not stored on a local device, it’s easily accessible even when your hardware becomes compromised. “Cloud storage, where data is kept offsite by a provider, is a guarantee of adequate disaster recovery.
………………. ………………. ……………….
Name: Mohamed samy sayed abdelkhalik
Q1:
a-
Information security definition:
Is about how to prevent attacks ,failing them and detecting.there are two general types of attacks:active and passive.
Importance of (is):
1- to protect data from any attack.
2- to protect data from accidental risks.
3- prevent unauthorized people to access it.
4- Easy recovery.
————
b-
Describes controls that an organization needs to implement to ensure that it is sensibly protecting the confidentiality, availability and integrity of assets from threats and vulnerabilities.
—————————————-
Q 2:
1- false
The correct : this password isn’t one of the best password .ex: 1x.2$11abe2%*4&.
2- false
The correct : after is done we will need money for development and maintainance.
3- True.
4- false .
The correct :
We should discuss information in a closed work area.
5- True.
————————————
Q 3:
First , we must know the abilities and economic status for every country to know what we have from money to enhance data to be more secure .
Plan A :
1-We need to control who can access data.
2-We need to choose perfect employees .
3- change passwords regularly and continuously to make data more secure.
4- Backup data regularly and continuously .
5- Using devices with high effeciency.
Plan B :
1-Protect data across all applications and devices.
2- use strong passwords which don’t contain personal information such as (ages, birthdayes and mobile numbers , etc)
3- Develope data security plan regularly .
4- Backup data reguraly and continuously.
5- use web application firewall.
6- encrypt all stored data
Q1:
a-
Information security definition:
Is about how to prevent attacks ,failing them and detecting.there are two general types of attacks:active and passive.
Importance of (is):
1- to protect data from any attack.
2- to protect data from accidental risks.
3- prevent unauthorized people to access it.
4- Easy recovery.
————
b-
Describes controls that an organization needs to implement to ensure that it is sensibly protecting the confidentiality, availability and integrity of assets from threats and vulnerabilities.
—————————————-
Q 2:
1- false
The correct : this password isn’t one of the best password .ex: 1x.2$11abe2%*4&.
2- false
The correct : after is done we will need money for development and maintainance.
3- True.
4- false .
The correct :
We should discuss information in a closed work area.
5- True.
————————————
Q 3:
First , we must know the abilities and economic status for every country to know what we have from money to enhance data to be more secure .
Plan A :
1-We need to control who can access data.
2-We need to choose perfect employees .
3- change passwords regularly and continuously to make data more secure.
4- Backup data regularly and continuously .
5- Using devices with high effeciency.
Plan B :
1-Protect data across all applications and devices.
2- use strong passwords which don’t contain personal information such as (ages, birthdayes and mobile numbers , etc)
3- Develope data security plan regularly .
4- Backup data reguraly and continuously.
5- use web application firewall.
6- encrypt all stored data
Q1
1-Information Security : is Safe-guarding an organization’s data from unauthorized access or modification to ensure its availability, confidentiality, and integrity.
It’s important to help your organizations or clients to understand their strengths and weaknesses as it pertains to security. This baseline creates a starting point for ramping up for success. Once you understand where your organization needs to focus its attention, you can quickly set an actionable plan to help improve your security measures, and ultimately improve your security posture within your industry.
2- Information security management : is a set of guidelines and processes created to help organizations in a data breach scenario. By having a formal set of guidelines, businesses can minimize risk and can ensure work continuity in case of a staff change.
3-a false P@$sw00rd
b false is important
C true
D false secure work area
E true
Question (3)
1. Manage who has access
First, as an organization, take inventory of what data every employee may or may not have access to. Determine which employees still need access and which do not in an effort to limit the amount of data access by employees/admins to a small, manageable number. In addition, have your admins determine which type of access each department/employee needs.
According to infoworld.com:
“Credential hygiene is essential to strong database security because attackers often, if not nearly always, seek to compromise privileged accounts to gain access to confidential data. Minimizing permanent privileged accounts reduces the risk that one of those accounts will be compromised and used maliciously.”
2. Know and protect your most important data
If a data breach occurred in the next hour, could you quickly identify your most valuable data? As a company, it’s important to take the time to identify what you consider the most valuable data and work on protecting that first.
Commonly referred as the “crown jewels” of data, this type of data usually makes up 5-10 percent of the company’s data, and if it were compromised, would cause the most damage to the company. Once identified, work on procedures to not only secure the data but also limit the amount of employees that have access to it.
3. Develop a data security plan/policy
Another important strategy when looking to improve data security is developing a data security policy. It’s important to have a plan in place when hacks and breaches occur and a plan that determines which employees need and have access to data, as mentioned above. Thus, these sorts of policies can keep employees in line and organized.
This policy should also be open to changes and edits as amendments will need to be made to match the growing technology innovations and new company policies. By having data access rules that are strictly enforced, the better you protect your data on a day-to-day basis.
4. Develop stronger passwords throughout your organization
Employees need to have stronger and more complicated passwords. Work to help employees develop passwords that are a combination of capital letters, numbers and special characters that will make it much harder for hackers to crack.
A good rule of thumb when creating a new password is to have it be at least 12 characters and to not include a combination of dictionary words, such as “green desk.” All and all, passwords should be unique to employees and difficult for computers to guess.
5. Regularly backup data
Lastly, it’s important to backup your data on a regular basis. In addition to hacks, loss of data is a serious issue, and organizations need to be prepared for the unexpected. As a business, get in the habit of either automatically or manually backing up data on a weekly or daily basis.
Also, make sure the backup data is equally secure from potential hackers. With a strong software program or IT department, it can help businesses fight off potential threats and build business values around the importance data security.
Avoid becoming the next major data breach story by taking action and initiative with your data security and protecting what’s valuable to your organization.
Q1
What is information security? And Why information security is important?
Is the collection of technologies standards policies and management practices that are applied to information to keep it secure.
Or
The practice of protecting both physical and digital information from destruction or unauthorized access.
It’s important:
1- To protect data from any attacks.
2- Protect it from accidental risks.
3- Prevent unauthorized people to access it
4- Easy recovery
what is an information security management system required?
Describes controls that an organization needs to implement to ensure that it is sensibly protecting the confidentiality, availability, and integrity of assets from threats and vulnerabilities. ISM includes information risk management, a process that involves the assessment of the risks an organization must deal with in the management and protection of assets.
Q2
1- false: Acq[@RNs is one of the best passwords
2- false: money not important after is done for Maintenance and development
3-True
4- false: information discussion musn’t be in an open work area because the information is the backbone of system security.
5- True
Q3
First plan:
1-manage who has access.
2-know and protect your important data
3-develop a data security policy
4-develop stronger passwords throughout an organization
5-regularly backup data
second plan:
1- Establishing and maintaining a meaningful and relevant security policy.
2- Ensuring that security policy has teeth and enforced.
3- Providing tools to help its staff implement a security policy.
4- Closing an increasingly popular network back door.
5- Plugging security holes in cohosting situations.
Q1
What is information security? And Why information security is important?
Is the collection of technologies standards policies and management practices that are applied to information to keep it secure.
Or
The practice of protecting both physical and digital information from destruction or unauthorized access.
Its important:
1- To protect data from any attacks.
2- Protect it from accidental risks.
3- Prevent unauthorized people to access it
4- Easy recovery
what is information security management system required?
Describes controls that an organization needs to implement to ensure that it is sensibly protecting the confidentiality, availability, and integrity of assets from threats and vulnerabilities. ISM includes information risk management, a process which involves the assessment of the risks an organization must deal with in the management and protection of assets.
Q2
1- false: Acq[@RNs is one of best password
2- false: money not important after is done for Maintance and development
3-True
4- false: information discussion musn’t be in an open work area , because information is the backbone of system security.
5- True
Q3
First plan:
1-manage who has access.
2-know and protect your important data
3-develop a data security policy
4-develop stronger passwords throughout organization
5-reqularly backup data
second plan:
1- Establishing and maintaining a meaningful and relevant security policy.
2- Ensuring that security policy has teeth and enforced.
3- Providing tools to help it staff implement security policy.
4- Closing an increasingly popular network back door.
5- Plugging security holes in cohosting situations.
// What is information security // —–> Information security, often referred to as InfoSec, refers to the processes and tools designed and deployed to protect sensitive business information from modification, disruption, destruction, and inspection.
// Importance of IS //——–> Today, you can order from any online stores and pay them online from your credit cards even better, make it EMI. You can pay your bills from home and book airline tickets from your mobile……All that just in a click.
Obviously, you love all this convenience and want to keep doing this, even you want the service providers to provide more such services. If you lose money from your bank account while doing a recharge, will you again try that? No. You are doing this conveniently because you know it is safe, your bank and vendors are convinced that it is secure and even if something bad happens, you know “some” people will make sure it won’t happen again. “Some” people are working to keep the system safe and improving it every day. This assurance is there due to these people and it is necessary.
B) What is information security management required?
Question (2) : –
1) False —-> because abc123 is an easily recognizable Password so any hacker can get it without any difficulty so ur Password must be more difficult for example a@b1*c2$3
2) False —–> In any business there are two terms Capex which refers to the amounts that companies use to purchase major physical goods or services that will be used in this example (build Security System) / and Opex which means Operating expenses represent the other day-to-day expenses necessary to keep the business running.in this example (System admin)
3) True.
4) False ——> because there are two types of attacks (External attack) Carried out by node that does not belong to the domain of the network. and (Internal attack) It is from compromised nodes, which are actually part of the network, So you have to be careful about confidentiality
5) True.
Question (3) : –
Plan |A|
The effort needed in achieving total computer system security seems overwhelming. There is always something else you could do to improve your security stance. You might be surprised, then, if I told you that just one step could accomplish this goal:
Eliminate all computer systems from your business and use paper instead!
Of course, for most businesses this is not a realistic solution, but then, achieving total computer system security is not a realistic goal. Like crossing the street, there is an element of risk no matter how careful you are. So what can you do to mitigate this risk reasonably, without consuming endless resources? 😀 Plan “B”
// This plan will not cost you much money and you will not need more staff, It can be implemented anywhere in any country //
Plan |B|
While there can be no single answer that applies to every system and every business, you can make significant improvements in your overall security stance by taking some simple actions. Here are seven steps:
1- PERFORM REGULAR BACKUPS!
Sorry about shouting, but I cannot stress this one enough. If you do nothing else, save your work, including contacts, accounting, and stored email. And keep your backups somewhere else, away from your office or place of business.
2- Scan for Viruses
Effectively use your virus scanner on all desktop workstations and servers (you do have scanning software, right?). That means regular scans and regular updates. Most scanners will do this for you, but what if an employee disables this feature? (Maybe it slows down his web surfing experience or something). You need to be sure!
3- Use Firewalls
No, firewalls are not going to save us all from all the evil hackers in the world, but they go a long way to making it more difficult for them. If you already have one, make sure it’s configured to allow nothing but the essential traffic. Consider using personal (software) firewalls on each workstation and server, too. A layered approach is best always!
4- Patch OS and Application Software
Check for security advisories regularly. If your vendor says you should apply an important security patch, you really need to get it done.
5- Use Strong Passwords
Do not use your favorite color. Do not use the name of your dog (or cat, parakeet, critter, …). Do not change letters to a clever number and punctuation replacements (c!3v3r, n0? No!). These all can be cracked in no time. Better yet, consider a stronger authentication mechanism.
6- Don’t open email attachments!
Delete email from unknown and unexpected sources outright. But even email that appears to be coming from friends, relatives, and associates can be dangerous. Many worms have used personal address books to propagate themselves.
7-Develop a security policy
Even creating a simple security policy will force you to think about what needs protection and the threats specific to your business. If you have employees, make sure they understand the importance of your policy. Educate them (and yourself, in the process!)
//many software programs vary in price and some free ones can be used for (System protection) and determine the number of employees according to the available cost //
ايه احمد السيد العموشي
Q1
What is information security? And Why information security is important?
Is the collection of technologies standards policies and management practices that are applied to information to keep it secure.
Or
The practice of protecting both physical and digital information from destruction or unauthorized access.
Its important:
1- To protect data from any attacks.
2- Protect it from accidental risks.
3- Prevent unauthorized people to access it
4- Easy recovery
what is information security management system required?
Describes controls that an organization needs to implement to ensure that it is sensibly protecting the confidentiality, availability, and integrity of assets from threats and vulnerabilities. ISM includes information risk management, a process which involves the assessment of the risks an organization must deal with in the management and protection of assets.
Q2
1- false: Acq[@RNs is one of best password
2- false: money not important after is done for Maintance and development
3-True
4- false: information discussion musn’t be in an open work area , because information is the backbone of system security.
5- True
Q3
First plan:
1-manage who has access.
2-know and protect your important data
3-develop a data security policy
4-develop stronger passwords throughout organization
5-reqularly backup data
second plan:
1- Establishing and maintaining a meaningful and relevant security policy.
2- Ensuring that security policy has teeth and enforced.
3- Providing tools to help it staff implement security policy.
4- Closing an increasingly popular network back door.
5- Plugging security holes in cohosting situations.
Q1
What is information security? And Why information security is important?
Is the collection of technologies standards policies and management practices that are applied to information to keep it secure.
Or
The practice of protecting both physical and digital information from destruction or unauthorized access.
Its important:
1- To protect data from any attacks.
2- Protect it from accidental risks.
3- Prevent unauthorized people to access it
4- Easy recovery
what is information security management system required?
Describes controls that an organization needs to implement to ensure that it is sensibly protecting the confidentiality, availability, and integrity of assets from threats and vulnerabilities. ISM includes information risk management, a process which involves the assessment of the risks an organization must deal with in the management and protection of assets.
Q2
1- false: Acq[@RNs is one of best password
2- false: money not important after is done for Maintance and development
3-True
4- false: information discussion musn’t be in an open work area , because information is the backbone of system security.
5- True
Q3
First plan:
1-manage who has access.
2-know and protect your important data
3-develop a data security policy
4-develop stronger passwords throughout organization
5-reqularly backup data
second plan:
1- Establishing and maintaining a meaningful and relevant security policy.
2- Ensuring that security policy has teeth and enforced.
3- Providing tools to help it staff implement security policy.
4- Closing an increasingly popular network back door.
5- Plugging security holes in cohosting situations.
Q1) A)
– The practice of protecting both physical and digital information from destruction or unauthorized access.
– Important because :
1- To protect data from any attacks.
2- Protect it from accidental risks.
3- Prevent unauthorized people to access it.
4- Easy recovery.
B)
Describes controls that an organization needs to implement to ensure that it is sensibly protecting the confidentiality, availability, and integrity of assets from threats and vulnerabilities. ISM includes information risk management, a process which involves the assessment of the risks an organization must deal with in the management and protection of assets.
Q2) A)
1- false: Acq[@RNs is one of best password
2- false: money not important after is done for Maintance and development
3-True
4- false: information discussion musn’t be in an open work area , because information is the backbone of system security.
5- True
Q3)
First plan:
1-manage who has access.
2-know and protect your important data
3-develop a data security policy
4-develop stronger passwords throughout organization
5-reqularly backup data
second plan:
1- Establishing and maintaining a meaningful and relevant security policy.
2- Ensuring that security policy has teeth and enforced.
3- Providing tools to help it staff implement security policy.
4- Closing an increasingly popular network back door.
5- Plugging security holes in cohosting situations.
What is information security? And Why information security is important?
policies and management practices that are applied to information to keep it secure or
The practice of protecting both physical and digital information from destruction or unauthorized access.
Why information security is important?
(1) Easy recovery
(2) Prevent unauthorized people to access it
(3)Protect it from accidental risks.
(4) To protect data from any attacks.
what is information security management system required?
ISM includes information risk management, a process which involves the assessment of the risks an organization must deal with in the management and protection of assets. Describes controls that an organization needs to implement to ensure that it is sensibly protecting the confidentiality, availability, and integrity of assets from threats and vulnerabilities.
Question2:
(1) ( false) Acq[@RNs is one of best password
(2) (false) money not important after is done for Maintance and development
(3) (True)
(4) (false) information discussion musn’t be in an open work area , because information is the backbone of system security.
(5) (True)
Question 3:
The First plan:
(1) develop a data security policy
(2) develop stronger passwords throughout organization
(3) manage who has access.
(4) know and protect your important data
(5) reqularly backup data
The second plan:
(1) Providing tools to help it staff implement security policy.
(2) Ensuring that security policy has teeth and enforced.
(3) Establishing and maintaining a meaningful and relevant security policy.
(4) Plugging security holes in cohosting situations.
(5) Closing an increasingly popular network back door.
Q1.
1-Information security is a set of strategies for managing the process , tools and polices necessary to prevent , detect document and counter threats to digital and non-digital information. its importance relies in As we store and access information in various devices such as laptops , mobiles and verbal documents . We handle various types of valuable information like customer data , financial information and business data .
Information is the asset that powers and enables our business and Any loss of information can affect the organization in terms of :
– time – reputation – Money .
2 – Business Obligations: Security commitments to the business. For example, security has a responsibility to ensure that information in the business is kept secure and is available when needed.
Regulatory Obligations: Legal, compliance, or contractual obligations that security must fulfil. For example, organizations in the healthcare industry must be HIPAA compliant.
Customer Obligations: Security commitments that the customer expects the organization to keep. For example, the customer of a manufacturer may require all their blueprint files to be encrypted.
Q2 ;
1- (false) the best password should contain letters which are capitalized and small ones , symbols and numbers .
2- (false) money is important all the time during the life time of the project as we might need maintenance works after we finish the IS .
3- (true ) .
4- (false) you do not know whether these information you share could be important for your rivals or not .
5- (true) .
Q3;
1 – you should encrypt your data :
Data encryption isn’t just for technology geeks; modern tools make it possible for anyone to encrypt emails and other information.
2- backup your data :-
One of the most basic, yet often overlooked, data protection tips is backing up your data. Basically, this creates a duplicate copy of your data so that if a device is lost, stolen, or compromised, you don’t also lose your important information. It’s best to create a backup on a different device, such as an external hard drive, so that you can easily recover your information when the original device becomes compromised.
3-The cloud provides a viable backup option:-
While you should use sound security practices when you’re making use of the cloud, it can provide an ideal solution for backing up your data. Since data is not stored on a local device, it’s easily accessible even when your hardware becomes compromised. “Cloud storage, where data is kept offsite by a provider, is a guarantee of adequate disaster recovery.
Q1)
( A) – The practice of protecting both physical and digital information from destruction or unauthorized access.
– Important because :
1- To protect data from any attacks.
2- Protect it from accidental risks.
3- Prevent unauthorized people to access it.
4- Easy recovery.
(B)… Describes controls that an organization needs to implement to ensure that it is sensibly protecting the confidentiality, availability, and integrity of assets from threats and vulnerabilities. ISM includes information risk management, a process which involves the assessment of the risks an organization must deal with in the management and protection of assets.
Q2)
(A)
1- false: Acq[@RNs is one of best password
2- false: money not important after is done for Maintance and development
3-True
4- false: information discussion musn’t be in an open work area , because information is the backbone of system
security.
5- True
Q3)
The First plan:
1-manage who has access.
2-know and protect your important data
3-develop a data security policy
4-develop stronger passwords throughout organization
5-reqularly backup data
The second plan:
1- Establishing and maintaining a meaningful and relevant security policy.
2- Ensuring that security policy has teeth and enforced.
3- Providing tools to help it staff implement security policy.
4- Closing an increasingly popular network back door.
5- Plugging security holes in cohosting situations
Question (1)
What is information security? And Why information security is important?
Is the collection of technologies standards policies and management practices that are applied to information to keep it secure.
Or
The practice of protecting both physical and digital information from destruction or unauthorized access.
Its important:
1- To protect data from any attacks.
2- Protect it from accidental risks.
3- Prevent unauthorized people to access it
4- Easy recovery
what is information security management system required?
Describes controls that an organization needs to implement to ensure that it is sensibly protecting the confidentiality, availability, and integrity of assets from threats and vulnerabilities. ISM includes information risk management, a process which involves the assessment of the risks an organization must deal with in the management and protection of assets.
Question (2)
1- false: Acq[@RNs is one of best password
2- false: money not important after is done for Maintance and development
3-True
4- false: information discussion musn’t be in an open work area , because information is the backbone of system security.
5- True
Question (3)
First plan:
1-. develop stronger passwords throughout organization
2- reqularly backup data
3-develop a data security policy
4- manage who has access
5- know and protect your important data
second plan:
1- Ensuring that security policy has teeth and enforced.
2- Establishing and maintaining a meaningful and relevant security policy.
3- Providing tools to help it staff implement security policy.
4- Plugging security holes in cohosting situations.
5- Closing an increasingly popular network back door.