CHAPTER 1

INFORMATION
SECURITY
OVERVIEW
INFORMATION SECURITY

Information security ensures good data management.

It involves the use of technologies, protocols, systems
and administrative measures to protect the
confidentiality, integrity and availability of information.
Information is the most valuable asset of an
organization, and any breach can destroy its reputation
and continuity.
Need for
Information Security
To check for compromised/stolen
To prevent data breaches credentials and broken authentication

A data breach is the intentional or Broken authentication refers to the vulnerabilities or

unintentional release of secure or weaknesses inherent in an online platform or
private/confidential information to an application that allows hackers to bypass the login
untrusted environment. security and gain access to all the privileges owned
by the hacked user.
Need for
Information Security
To avoid account hijacking
Phishing, fraud, and software
exploitations are still very
common.Companies relying on cloud
services are especially at risk because
they are an easy target for
cybercriminals, who can eavesdrop on
activities, modify data and manipulate
transactions. These third-party
applications can be used by attackers to
launch other attacks as well.
To mitigate cyber threats from
malicious insiders
An existing or former employee, a cunning business
partner, a system administrator or an intruder can
destroy the whole information infrastructure or
manipulate data for their own purpose. Therefore, it
is the responsibility of an organization to take
effective measures to control the encryption process
and keys. Effective monitoring, logging, and auditing
activities are extremely important to keep everything
under control.
Characteristics of
Information
Security
(CIA Triad)
Confidentiality
Ensuring that only those who are
authorized have access to specific
assets and that those who are
unauthorized are actively
prevented from obtaining access.
Integrity
Ensuring that data has not been
tampered with and, therefore, can
be trusted.
It is correct, authentic, and reliable
Availabilty
Networks, systems, and applications
are up and running.
It ensures that authorized users have
timely, reliable access to resources
when they are needed.
Security Models
IS A FRAMEWORK FOR SPECIFYING AND
ENFORCING SECURITY POLICIES.

It describes the entities governed by the policy

It states the rules that constitute the policy.

Types of Security
Models
Open Security Models

Closed Security Models

Restrictive Security Models

Open Security Models
Open Security Models
Closed Security Models
Closed Security Models
Restricted Security Models
Potential Risks
to Information
Security
The damage that a breach of, or attack on, an
information technology (IT) system could
cause.
Information
Theft
What is?

Crime of obtaining the personal or

financial information of another person to
use their identity to commit fraud, such
as making unauthorized transactions or
purchases.
Unauthorized
Disclosure
What is?

To reveal information to an individual

who is not authorized to receive it.
Information
Warfare
What is?

The manipulation of information trusted

by a target without the target's
awareness so that the target will make
decisions against their interest but in the
interest of the one conducting
information warfare.
Accidental
Data Loss
What is?

Accidental data loss means the loss of

data or computer data due to some
accidents.Generally, data or information
from the computer system losts due to
threats caused by the malicious
intruders.
Data
Disclosure
What is?

Voluntary sharing of any and all

information that is considered relevant to
a given situation.
Data
Modification
What is?

Occurs when a saved (or stored) value in

a computer is changed to a different
value.
Data
Availability
What is?

That data continues to be available at a

required level of performance
Thank you!