Information Security

Imtiaz Hussain
PhD Computer Science (Scholar)
Lecturer
Dept. of Computer Science
Key Information Security Concepts
Key Information Security Concepts

 Confidentiality
 Integrity
 Availability
 Authenticity
 Accountability
 Non Repudiation
 Disruption
 Misappropriation
Confidentiality

 Preserving authorized restrictions on information access and

disclosure.
 Protecting personal privacy and proprietary information.
 A loss of confidentiality is the unauthorized disclosure of
information.
 Ensuring that information is accessible only to those authorized to
have access.
Integrity

 Guarding against improper information modification or destruction.

 Ensuring information non-repudiation and authenticity.
 Safeguarding the accuracy and completeness of information and
processing methods
 A loss of integrity is the unauthorized modification or destruction of
information.
Availability

 Ensuring timely and reliable access to and use of information.

 Ensuring that authorized users have access to information and
associated assets when required.
 Availability does not mean that information is accessible to any user,
only authorized person can access.
 A loss of availability is the disruption of access to or use of
information or an information system.
Authenticity

 The property of being genuine and being able to be verified and

trusted.
 Authentication is the act of verifying a claim of identity.
 Confidence in the validity of a transmission, a message, or message
originator.
 Authentication (ID & password) is performed each time when
access the system
Accountability

 The principle that a entity safeguarding and controlling equipment,

keying material, and information and is answerable to proper
authority for the loss or misuse of that equipment or information.
 The security goal that generates the requirement for actions of an
entity to be traced uniquely to that entity.
Non Repudiation

 The inability to deny responsibility for performing a specific act

 Way to guarantee that the sender of a message cant of deny having
message send.
 Way to guarantee that the recipient cant not deny having message
received.
 Non-repudiation is a legal concept that is widely used in
information security, which provides proof of the origin of data and
the integrity of the data.
Disruption

 Disruption is a hazardous threat arising from intentional or

unintentional incidents that cause a breach in security, damage to
digital devices and networks, or a network outage.
 Prevent system operation by disabling a system component
 Modifying system function or data
 Interrupts delivery of system services by delaying system operations
Misappropriation

 Misappropriation is the unauthorized or illegal use of system or use

of identity of other person without permission, resulting damage of
harm to that system.
 Unauthorized logical or physical control of system resources
 Causes a system to perform a function or service by damaging
security.
Security Breach Incident response planes

 Early preparation
 Identification
 Containment
 Eradication
 Recovery
 Future Preparation
Early preparation

 Good preparation demands the development of an Incident

Response Team (IRT).
 Skills need to be used by this team would be, penetration testing,
computer forensics, network security, etc.
 This team should also keep track of trends in cybersecurity and
modern attack strategies.
 A training program for end users is important.
Identification

 A strong identification mechanism is established to identify security

breach.
 When an end user reports information or an admin notices
irregularities, an investigation is launched.
 An incident log is a crucial part of this step.
 All of the members of the team should be updating this log to ensure
that information flows as fast as possible.
 If it has been identified that a security breach has occurred the next
step should be activated.
Containment

 The IRT works to isolate the areas that the breach took place to limit
the scope of the security event.
 During this phase it is important to preserve information
forensically.
 Containment could be as simple as physically containing a server
room or as complex as segmenting a network to not allow the spread
of a virus
Eradication

 The threat that was identified is removed from the affected systems.
 This could include using deleting malicious files, terminating
compromised accounts, or deleting other components.
 This will help to ensure that the threat is completely removed
Recovery

 Whether the systems are restored back to original operation.

 This stage could include the recovery of data, changing user access
information.
 Updating firewall rules or policies to prevent a breach in the future.
 Without executing this step, the system could still be vulnerable to
future security threats
Future Preparation

 Information that has been gathered during this process is used to

make future decisions on security.
 This step is crucial to the ensure that future events are prevented.
 Using this information to further train admins is critical to the
process.
 This step can also be used to process information that is distributed
from other entities who have experienced a security event