- •Information Security
- •The Importance of Information Security
- •Vocabulary
- •Information, Information Security and Information Security Management
- •Positive and negative
- •Question
- •Unit 2 The Main Principles of Information Security
- •1. Read the text below and fill in the gaps in the following sentences.
- •Confidentiality, Integrity and Availability
- •2. Say if the following statements are True or False.
- •1. Read the text below and fill in the gaps in the following sentences.
- •The Notion of Information Security Management
- •2. Say if the following statements are True or False.
- •5. Find the words in the text which have the similar meaning to the words below.
- •6. Read the text below and choose the best option for each gap. Planning an Information Security Management System
- •Unit 4 Risks in Information Security
- •Read the text below and fill in the gaps in the following sentences.
- •Risk Assessment and Asset Identification
- •2. Say if the following statements are True or False.
- •Vocabulary
- •3. Find English equivalents of the following phrases in the text.
- •5. Find the words in the text which have the similar meaning to the words below.
- •6. Read the text below and choose the best option for each gap.
- •Information Assets
- •Identification and Authentication of Users
- •1. Read the text below and fill in the gaps in the following sentences.
- •Concept of Identification and Authentication
- •2. Say if the following statements are True or False.
- •Vocabulary
- •3. Find English equivalents of the following phrases in the text.
- •5. Find the words in the text which have the similar meaning to the words below.
- •6. Read the text below and choose the best option for each gap. Problems and Solutions
- •Unit 6 Network Security
- •1. Read the text below and fill in the gaps in the following sentences.
- •Processing of Data
- •2. Say if the following statements are True or False.
- •Vocabulary
- •3. Find English equivalents of the following phrases in the text.
- •5. Find the words in the text which have the similar meaning to the words below.
- •6. Read the text below and choose the best option for each gap.
- •Internet Security
- •Unit 7 Access Control
- •1. Read the text below and fill in the gaps in the following sentences.
- •Concept and Components of Access Control
- •2. Say if the following statements are True or False.
- •Vocabulary
- •3. Find English equivalents of the following phrases in the text.
- •5. Find the words in the text which have the similar meaning to the words below.
- •6. Read the text below and choose the best option for each gap. Access Control Models
- •Unit 8 Logging
- •1. Read the text below and fill in the gaps in the following sentences.
- •The Main Concepts of Logging
- •2. Say if the following statements are True or False.
- •Vocabulary
- •3. Find English equivalents of the following phrases in the text.
- •5. Find the words in the text which have the similar meaning to the words below.
- •6. Read the text below and choose the best option for each gap. Logging Best Practices
- •Unit 9 Firewalls
- •1. Read the text below and fill in the gaps in the following sentences.
- •Application of Firewalls
- •2. Say if the following statements are True or False.
- •Vocabulary
- •3. Find English equivalents of the following phrases in the text.
- •5. Find the words in the text which have the similar meaning to the words below.
- •6. Read the text below and choose the best option for each gap. Different Types of Firewalls
- •8. Find more information about different types of firewalls and complete a table of their advantages and disadvantages.
- •Unit 10 Network Architecture
- •1. Read the text below and fill in the gaps in the following sentences.
- •Osi and tcp/ip Network Models
- •2. Say if the following statements are True or False.
- •Vocabulary
- •3. Find English equivalents of the following phrases in the text.
- •5. Find the words in the text which have the similar meaning to the words below.
- •6. Read the text below and choose the best option for each gap. Secure Tunnel Information
Unit 4 Risks in Information Security
Warm Up
1. What is the difference between risk and threat?
2. Why is risk assessment an important question for information security?
3. What is information?
4. What models of organization do you know?
Reading
Read the text below and fill in the gaps in the following sentences.
1) The outcome of a threat is defined as the way in which the asset's security requirements would be breached if ……………………
2) The threats from deliberate actions by people can be further classified into…………. threats.
3) A threat is a way of breaching…………………….of an information asset.
4) A hacker who ……………………………. is taking advantage of vulnerabilities in the media and systems which handle them.
5) The aim of an ISMS must be …………………………………..
Risk Assessment and Asset Identification
A threat to an information asset is defined as a possible way in which the asset can have its security requirements breached, and the outcome of a threat is defined as the way in which the asset's security requirements would be breached if the threatened action were to occur. The threats are classified into four types, as follows:
- Deliberate actions by people, which can come from two groups of persons: those inside an organization and those outside it. Examples include a malcontent employee shredding important documents and a hacker attacking a password file. The threats from deliberate actions by people can be further classified into malicious and non-malicious threats.
- Accidental actions by people, which again can come from the same two groups: those inside and those outside an organization. Examples might be an employee accidentally deleting an important file and a family member spilling coffee on the keyboard of a computer.
- System problems, which include: hardware problems (for example, a server crash making the files on a hard disk unrecoverable); software problems (such as bugs, or the system clock being incorrect and causing a backup program to function incorrectly); and malicious code (maybe a virus or Trojan horse).
- Other events include power cuts, telecommunications failures, fire, rodents, meteorites, earthquakes, volcanic eruptions, cosmic rays, and so on. Even severe weather conditions can be a threat to some equipment.
Four possible outcomes for each threat are identified as follows:
- Disclosure of the asset, such as when a hacker releases an online trader’s customers’ credit card details. In this case, the outcome of the threat is a breach of an information asset’s confidentiality requirements.
- Modification of the asset, such as a fraudulent increase in the balance of a bank account. Here, the outcome is a breach of an information asset's integrity requirements.
- Destruction or loss of the asset, the hardware it resides upon, or the software that interacts with it, such as the loss of an important file due to scratched optical backup media. In this case the outcome is a breach of an information asset’s long-term availability requirements.
- Interruption of access to the asset, such as a web-server upgrade interrupting online access to an organization’s web services. Here the outcome is a breach of an information asset's short-term availability requirements.
Related to the concept of threat is that of attack: a threat is a way of breaching the security requirements of an information asset; an attack is an attempt to breach them. Any threat could turn into an attack, which could be successful or unsuccessful. An unsuccessful attack has no impact.
A hacker who threatens your organization’s information assets is taking advantage of vulnerabilities in the media and systems which handle them. Vulnerabilities and threats clearly go hand-in-hand: each threat is directed at vulnerability. The aim of an ISMS must be to identify and repair crucial vulnerabilities in media and systems.