It is the management and protection of knowledge, information, and data.
It combines two fields:
1. Information assurance, which focuses on ensuring the availability, integrity, authentication, confidentiality, and non-repudiation of information and systems. These measures may include providing for restoration of information systems by incorporating protection, detection, and reaction capabilities. 2. Information security, which centers on the protection of information and information systems from unauthorized access, use, disclosure, disruption, modification, or destruction in order to provide confidentiality, integrity, and availability. Set of integrated elements or components that collect, manipulate, store and disseminate data and information and provide feedback mechanism. Input - input is a piece of data which is embed in the system by the user for some use. - It is the activity of capturing and gathering of data. Process - This phase is used after input phase and take place in the internal pat of the system. - Main purpose it serve is to take inputted data and convert it into something usable. - What we see in today’s computer world is what we see is what we get Output: Process/display useful information. Feedback: used to make adjustment on output. These components are configured to collect, manipulate, store and process data and information. 1. HARDWARE- Consist of computer equipment used to perform input, processing to output activities. 2. SOFTWARE- Consist of computer programs and instruction given to the computer and user. 3. PEOPLE- It is the most important element. It includes personnel who manage, run program and maintain the computer system. 4. DATABASE- Organize collection of facts and information. 5. TELECOMMUNICATION- Allows organizations to link computer and user. 6. PROCEDURE- Include strategies, methods and rules that humans use to operate CBIS It is considered as the foundation of information security.
1. CONFIDENTIALITY- Allowing only authorized subjects to view sensitive
information. 2. INTEGRITY- Maintaining the accuracy and trustworthiness of data. 3. AVAILABILITY- Insuring data is available when and where it is needed for business operation. AUTHENTICATION - Verifying the identity of subject. AUTHORIZATION - Determining what a subject can access after authorization. * Course (example Application Process) * Fine (example, functions accessible within the application) ACCOUNTABILITY - What subject did what, where and when. Malware (malicious software) - Malware, or malicious software, is any program or file that is harmful to a computer user. TYPES OF MALWARES A virus is the most common type of malware which can execute itself and spread by infecting other programs or files. A worm can self-replicate without a host program and typically spreads without any human interaction or directives from the malware authors. A Trojan horse is designed to appear as a legitimate program in order to gain access to a system. Once activated following installation, Trojans can execute their malicious functions. Spyware is made to collect information and data on the device user and observe their activity without their knowledge. Theft of intellectual property means violation of intellectual property rights like copyrights, patents etc. Identity theft means to act someone else to obtain person’s personal information or to access vital information they have like accessing the computer or social media account of a person by login into the account by using their login credentials. Theft of equipment and information is increasing these days due to the mobile nature of devices and increasing information capacity. Sabotage means destroying company’s website to cause loss of confidence on part of its customer. Information extortion means theft of company’s property or information to receive payment in exchange. For example ransomware may lock victims file making them inaccessible thus forcing victim to make payment in exchange. Only after payment victim’s files will be unlocked.