IAS 101: INFORMATION

ASSURANCE AND SECURITY 1

WEEK 2
 • IA environment protection pillars: “ensure the
availability, integrity, authenticity, confidentiality, and
non-repudiation of information”
• Attack detection: “timely attack detection and
reporting is key to initiating the restoration and
response processes.”
INFORMATION ASSURANCE • Capability restoration: “relies on established
FUNCTIONAL COMPONENTS procedures and mechanisms for prioritizing restoration
of essential functions. Capability restoration may rely
on backup or redundant links, information system
components, or alternative means of information
Note that IA is both transfer.” “A post-attack analysis should be conducted
to determine the command vulnerabilities and
proactive and reactive recommended security improvements.”
involving: protection, • Attack response: “involves determining actors and
detection, capability their motives, establishing cause and complicity, and
may involve appropriate action against perpetrators...
restoration, and response. contributes ... by removing threats and enhancing
deterrence.
 The 5 pillars of Information
Assurance:
1.Integrity
2.Availability
IA APPLIES TO INFO
INFRASTRUCTURE 3.Authentication
4.Confidentiality
Global Information Infrastructure
5.Nonrepudiation
includes worldwide interconnection
of communication networks, The five pillars of information
computers, databases, and assurance can be applied various
consumer electronics that make vast
amounts of information available to
ways, depending on the sensitivity of
users.” your organization’s information or
information systems. 
 IA deployments may involve multiple
disciplines of security:
COMPUSEC (Computer security)
COMSEC (Communications security),
IA RELATIONSHIP TO SIGSEC (Signals security) includes both
COMPUTER SECURITY communications security and electronics
security
IA includes considerations for non- TRANSEC (Transmission security)
security threats to information systems, EMSEC (Emanations security) denying
such as acts of nature and the process
access to information from unintended
of recovery from incidents. IA also
emphasizes management, process, emanations such as radio and electrical
and human involvement, and not signals
merely technology. OPSEC (Operations security) the processes
involved in protecting information
 THE DIFFERENCES BETWEEN COMPUTER
SECURITY (COMPUSEC) AND (COMSEC)

COMSEC (COMMUNICATIONS COMPUSEC (COMPUTER

SECURITY) SECURITY)

• COMSEC is involved with • COMPUSEC concerns

data that is being itself with protecting data
transmitted and protecting during the act of
the data while being processing or while being
transmitted. stored.
 COMSEC ≠ TRANSEC

• Communication Security • Transmission Security

(COMSEC) is commonly (TRANSEC) is used to
used to secure the ensure the availability of
confidentiality of data at transmissions and limit
rest (stored) or in motion intelligence collection
(transmission).  from the transmissions.
ACTIVITY #1
1-15
1.) Responsible for maintaining the original characteristics of
the data, as they were configured in their creation. In this way,
the information cannot be changed without authorization.
INTEGRITY

2.)Protects information from unauthorized access, establishing

privacy for your company’s data, avoiding situations of
cyberattacks or espionage. CONFIDENTIALITY

3.) This requires stability and permanent access to system data

through fast maintenance, constant updates, and debugging.
AVAILABILITY

4.) It include methods such as two-factor authentication, strong

passwords, biometrics, and other devices. 
AUTHENTICATION
5.) Someone with access to your organization’s information
system cannot deny having completed an action within the
system, as there should be methods in place to prove that they
did make said action. NONREPUDIATION
 JUMBLED LETTERS WORD SCRAMBLE

TUDAERNPOIONI Nonrepudiation
N
OCNICMTOIAMSUN Communications Security
ICSYEURT
UECTURRRITNSF Infrastructure
A
ANINSTIOMSRS Transmission Security
YETIURSC
MTRFNIONAIO Information Assurance
AEUASRSNC
 ABBREVIATIONS

COMPUSEC (Computer security)

EMSEC (Emanations security)

OPSEC (Operations security)

SIGSEC (Signals security)

TRANSEC (Transmission security)

ASSIGNMENT #2

Report it at the next meeting!

 • Physical Assets

ASSETS
• Logical Assets

An asset is the resource

being protected,
• System Assets
including:
 • Objects

SUBJECTS AND • Subjects

OBJECTS

Often a security
solution/policy is phrased • Actions
in terms of the following
three categories:
 • What are some
attributes associated
with subjects? With
ATTRIBUTES
objects? How are
Both subjects and objects have attributes
associated attributes. The security
mechanisms may operate in terms established/changed?
on the attributes and manipulation
of the attributes can be used to
subvert security
 • A. Availability
• B. Accuracy
• C. Authenticity
CRITICAL ASPECTS • D. Confidentiality
• E. Integrity
Information assets
(objects) may have • F. Utility
critical aspects such as: • G. Possession
 END!!!

HAVE A BLESSED SUNDAY! GOD BLESS…