Scribd Logo
Unggah

Selamat datang di Scribd!

  • 7183T - TP3 - S7 - R1

    Diunggah oleh

    Ucok Aja
    42 tayangan5 halaman
    Tugas IT Risk Management

    Judul Asli

    1412407991_7183T - TP3 - S7 - R1(1)

    Hak Cipta

    © © All Rights Reserved

    Format Tersedia

    DOC, PDF, TXT atau baca online dari Scribd

    Apakah menurut Anda dokumen ini bermanfaat?

    Apakah konten ini tidak pantas?

    Laporkan Dokumen Ini
    Tugas IT Risk Management

    Hak Cipta:

    © All Rights Reserved
    Unduh sebagai DOC, PDF, TXT atau baca online dari Scribd
    Tandai sebagai konten tidak pantas
    42 tayangan5 halaman

    7183T - TP3 - S7 - R1

    Diunggah oleh

    Ucok Aja
    Tugas IT Risk Management

    Hak Cipta:

    © All Rights Reserved
    Unduh sebagai DOC, PDF, TXT atau baca online dari Scribd
    Tandai sebagai konten tidak pantas
    dari 5

    Personal Assignment 3

    Session 7

    1. What is the classic triad?


    2. Please explain the 6 atomic elements of infosec.
    3. What are the techniques to steal the identity? Please explain at least 6 techniques.
    4. How do we avoid the identity theft?

    Name : Togi Josua Hutapea

    1. The classic triad of information security: Confidentiality, Integrity and Availability (CIA).
    Integrity:
    In information security, data integrity means maintaining and assuring the accuracy and
    consistency of data over its entire life-cycle. This means that data cannot be modified in
    an unauthorized or undetected manner.
    Availability:
    For any information system to serve its purpose, the information must be available when
    it is needed. This means that the computing systems used to store and process the
    information, the security controls used to protect it, and the communication channels used
    to access it must be functioning correctly. High availability systems aim to remain
    available at all times, preventing service disruptions due to power outages, hardware
    failures, and system upgrades.
    Confidentiality:
    Mechanisms enforce the secrecy of your data like prevent unauthorized individuals from
    accessing the system.

    Figure 1 CIA triangle

    2. The 6 atomic elements of information security :


    Confidentiality: refers to limits on who can get what kind of information.
    Possession or Control: Suppose a thief were to steal a sealed envelope containing a bank
    debit card and its personal identification number. Even if the thief did not open that
    envelope, it's reasonable for the victim to be concerned that the thief could do so at any
    time. That situation illustrates a loss of control or possession of information but does not
    involve the breach of confidentiality.
    Integrity: refers to being correct or consistent with the intended state of information.
    Authenticity: refers to the veracity of the claim of origin or authorship of the information.
    Availability: means having timely access to information.
    Utility: means usefulness. For example, suppose someone encrypted data on disk to
    prevent unauthorized access or undetected modifications and then lost the decryption
    key: that would be a breach of utility.

    Figure 2 6 atomic elements of information security

    3. Techniques to steal the identity :


    a. Unsecured Online Transactions - Online shopping at a site that is not secured
    can potentially put you at risk of having your information stolen. Websites may
    also collect and sell some of your information without your knowledge unless
    their posted Privacy Policy states otherwise.
    b. Spyware - A new threat on the scene is from computer viruses that spy on you
    while you shop or do banking online. Any website that you enter personal
    information into can be spied on putting you at risk.
    c. Skimming - Thieves have access to tools of the trade that allow them to steal
    information from your card at ATMs or during a card swipe for a purchase. These
    data storing devices capture your information without your realizing it.
    d. Phishing or Pretexting - Online or over the phone there are unscrupulous
    individuals masquerading as legitimate businesses in an attempt to convince you
    to pass on personal information for illegal purposes. Any requests to validate
    account information by providing personal information online or over the phone
    should be questioned.
    e. Dumpster diving - A thief will rummage through your trash to get your personal
    or business information.
    f. Raiding your old computer - When you discard a computer or any electronic
    storage device, use special software to completely erase all information so that a
    thief can't retrieve it. Simply deleting files does not physically erase the data from
    hard drives.

    4. Avoid the identity theft


    -

    Commit all passwords to memory. Never write them down or carry them with you.

    Choose good passwords and PINs

    Protect your computer.

    When using an ATM machine, make sure no one is hovering over you and can see
    you enter your password.

    When participating in an online auction, try to pay the seller directly with a credit
    card so you can dispute the charges if the merchandise does not arrive or was
    misrepresented. If possible, avoid paying by check or money order.

    Adopt an attitude of healthy skepticism toward websites that offer prizes or


    giveaways. Chances are, all thats been won is the opportunity to buy something
    you didnt want in the first place.

    Choose a commercial online service that offers parental control features.

    Tell your children never to give out their address telephone number password school
    name or any other personal information.

    Shred any documents with identifying information on them.

    Anda mungkin juga menyukai