01 Introduction To Information Security

Introduction to Information Security
JOE MARTIN J
0017134001
3
Scenario
An employee working for an organization,
downloads a software from a website. After
installing the software, however, his/her
machine reboots and starts to malfunction.
What happened to his/her machine?

What will you do, If you are in his/her place?
COPYRIGHT © WHITE HAT GLOBAL ACADEMY

ALL RIGHTS RESERVED. REPRODUCTION IS STRICTLY PROHIBITED.
4
Home-Computer Users at Risk Due to Use of 'Folk Model' Security
May 23, 2011

EAST LANSING, Mich. —Most home computers are vulnerable to hacker attacks because the
users either mistakenly think they have enough security in place or they don’t believe they have
enough valuable information that would be of interest to a hacker.
That’s the point of a paper published this month by Michigan State University’s Rick Wash, who
says that most home‐computer users rely on what are known as “folk models.” Those are beliefs
about what hackers or viruses are that people use to make decisions about security – to keep
their information safe.
Unfortunately, they don’t often work the way they should.
“Home security is hard because people are untrained in security,” said Wash, an assistant
professor in the Department of Telecommunication, Information Studies and Media. “But it isn’t
because people are idiots. Rather they try their best to make sense of what’s going on and
frequently make choices that leave them vulnerable.”
http://msutoday.msu.edu/

5
Module Objective
Security Essential Computer Potential

Incidents Terminologies Security Losses
Security Security Risks

What to
Elements & to Home
Secure?
Layers Users

6
Security Incident Occurrences Over Time
Security Incident Occurrences Over Time
Years
http://datalossdb.org/
7
Security Incidents by Breach Type - 2015
8
Security Breaches – World wide
9
Essential Terminologies
Threat Exploit Vulnerability
• An action or event • A software tool • Vulnerability is a

that has the designed to take weakness which
potential to advantage of a flaw in allows an attacker to
compromise and/or a computer system, reduce a system's
violate security typically for malicious information
purposes such as assurance
malware
Cracker, Attacker, or Attack Data Theft

Intruder
• An individual who • Any action derived • Stealing the

breaks into from intelligent information from
computer systems threats to violate the users’ system
in order to steal, the security of the
change, or destroy system
information

10
Computer Security
Computer security, also known as cyber security or IT

security, is security applied to computers, computer
networks, and the data stored and transmitted over
them.
Computer security covers all the processes and
mechanisms by which digital equipment, information
and services are protected from unintended or
unauthorized access, change or destruction and the
process of applying security measures to ensure
confidentiality, integrity, and availability of data both in
transit and at rest.

11
Why Security?
Computer security is important for Computer administration and
protecting the confidentiality, management have become more
integrity, and availability of complex which produces more
computer systems and their attack avenues
resources
Evolution of technology has focused Network environments and

on the ease of use while the skill network‐based applications provide
level needed for exploits has more attack paths
decreased

12
Potential Losses Due to Security Attacks
Identity
theft
Loss of Financial
trust loss
Misuse of
Data
computer
loss/theft
resources

13
Security Elements
Confidentiality
“Ensuring that information is accessible only to those who have authorized to access”
Authenticity
“The identification and assurance of the origin of information”
Integrity
“Ensuring that the information is complete, accurate, reliable, and is in its original form”
Availability
“Ensuring that the information is accessible to authorized persons when required without any delay”
Non - Repudiation
“Ensuring that a party to a contract or a communication cannot deny the authenticity of their signature on a document”

14
The Security, Functionality, and Ease of Use Triangle
Security
Functionality
Easy of use

15
Security Layers
User Security
• Ensures that a valid
Application user is using the
Security system
System Security • Protecting the

applications from
• Protecting system &
external threats
Network Security its information from
theft, unauthorised
• Protecting networks access etc.
Physical Security & their services from
unauthorised access
• Securing the assets
from physical threats

16
Security Risks to Home Users
Home computers are prone to various cyber attacks as they provide attackers easy targets due
to a low level of security awareness
Security risk to home users arise from various computer attacks and accidents causing physical
damage to computer systems
• Malware, virus attacks • Hard disk or other

• Denial of service and component failures
cross‐site scripting • Power failure and
attacks surges
• Identity theft and • Theft of a computing
computer frauds device
Computer Computer
Attacks Accidents
17
What to Secure?
Information Communication
Software
Hardware

18

01 Introduction To Information Security

Uploaded by

Copyright:

Available Formats

You might also like

01 Introduction To Information Security

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

01 Introduction To Information Security

Uploaded by

Copyright:

Available Formats

Introduction to Information Security

What happened to his/her machine?

COPYRIGHT © WHITE HAT GLOBAL ACADEMY

May 23, 2011

COPYRIGHT © WHITE HAT GLOBAL ACADEMY

Security Essential Computer Potential

Security Security Risks

COPYRIGHT © WHITE HAT GLOBAL ACADEMY

• An action or event • A software tool • Vulnerability is a

Cracker, Attacker, or Attack Data Theft

• An individual who • Any action derived • Stealing the

COPYRIGHT © WHITE HAT GLOBAL ACADEMY

Computer security, also known as cyber security or IT

COPYRIGHT © WHITE HAT GLOBAL ACADEMY

Evolution of technology has focused Network environments and

COPYRIGHT © WHITE HAT GLOBAL ACADEMY

COPYRIGHT © WHITE HAT GLOBAL ACADEMY

“The identification and assurance of the origin of information”

COPYRIGHT © WHITE HAT GLOBAL ACADEMY

COPYRIGHT © WHITE HAT GLOBAL ACADEMY

System Security • Protecting the

COPYRIGHT © WHITE HAT GLOBAL ACADEMY

• Malware, virus attacks • Hard disk or other

COPYRIGHT © WHITE HAT GLOBAL ACADEMY

You might also like