ABSTRACT
The data-information-knowledge-wisdom (DIKW) hierarchy is introduced. Concepts in information assurance and security are covered, emphasizing confidentiality, integrity, and availability. Steps involved in risk management are explored: How to perform risk assessment and disaster recovery planning. The chapter next explores specific IT threats and some known solutions. Threats covered include social engineering and phishing, known software vulnerabilities of buffer overflow and SQL injection, forms of network protocol attack, malware, and password cracking. Data backups are explored. The chapter also examines encryption algorithms; public key and private key technologies are explored as well as encryption software. The chapter ends with a brief look at US laws to protect data.
