Information Security - FUNDAMENTALS

Security Fundamentals and Development
By
Prof. Dr. S. Khan
COURSE INTRODUCTION
Introduction to Information Security &

Information security fundamentals
About Course
• This module is intended to afford the learner a fundamental

understanding of Information Security.
• The course focuses on many aspects associated with security of
individual systems, services, and organizations.
• Both theoretical and practical knowledge will be attained.
• The module will introduce the learner to the knowledge required to
demonstrate an appreciation for different types of cyber threats and
how to mitigate against same by implementing solutions.
Course Outcomes
Identify a range of security threats and examine technologies, regulations,
LO1. standards, and practices to protect individuals and organisations from cyber-
attacks.
Identify threats and formulate responses to mitigate risk through the
LO2.
application of appropriate tools and technologies.
Describe a range of roles, responsibilities and procedures across the
LO3.
information security management sector.
Demonstrate an in-depth knowledge of cryptographic mechanisms and the
LO4.
ability of applying these mechanisms to the achievement of security services.
Demonstrate an understanding of business continuation and disaster recovery
LO5.
response procedures.
Major Contents of the Course
1 Introduction to Information Security & Information security

fundamentals
2 Cybersecurity Common Threats
3 CIA Triad and Cybersecurity Roles
4 Security Frameworks and Policies
5 Risk management, Threat modelling & training for awareness
6 Network Security Architecture
7 Incident management & Data loss management
8 Business continuity
9 Disaster Recovery
10 Software Development Lifecycle
11 & Cryptography
12
Security Fundamentals and Development
By
Prof. Dr. S. Khan
[ LECTURE 1 ] [WEEK 1]
Introduction to Information Security &

Information security fundamentals
Objectives of the Lecture
• At the end of Lecture you will be able to know:
• The basic concepts about the Security & Information Security

• The Information Security Model
• Policy, Standards and Procedures
• Security Attacks and Types
Security
• Security is defined as “the quality or state of being secure—to be free

from danger”
• Security is often achieved by means of several strategies undertaken

simultaneously or used in combination with one another.
• Additional tools & mechanisms are also needed.

Information Security
• Means protecting information and information systems from

unauthorized access, use, disclose, disruption, modification or
destruction. Information security is the process of protecting
information. It protects its availability, privacy and integrity.
• Accessed to stored information on computer databases has increased

greatly. Companies store business and individuals information on
computers. Much of the stored information is required to be secured,
confidential and not for public viewing.
3 Major Goals
Confidentiality
Integrity
Avalaibility
Information Security Model
?
Information Security
VS
Cyber Security
Information security refers to the processes and techniques designed to
protect any kind of sensitive data and information whether in print or
electronic form from unauthorized access.
Any Kind of information in any format.
Cyber security is a common term concerned with all aspects of cyber

space. It is a subset of information security that deals with protecting the
integrity of networks, devices, and programs from attack, damage, or
unauthorized outside access.
Protecting Networks, programs and data on networked devices
Network Security is subset of Cyber Security
Cyber Security is the subset of Information Security

Policy, Standards and Procedures
• Policy is a plan or course of action that influences and determine

decisions
• Standards are a more detailed statement of what must be done to

comply with policy practices
• Procedures and guidelines explain how employees will comply with

policy
• For policies to be effective, they must be:
• Properly disseminated, read, understood, and agreed-to
?
Examples for
Policy, Standard and Procedures
Information Security Standard
• Information Security Standard represents a set of requirements that a

product or a system must achieve.
• Assuming the conformity of a product or system with a certain
standard demonstrates that it fulfils all the standard’s specifications.
• Standards ensure desirable characteristics of products and services
such as quality, safety, reliability, and efficiency
• Well known IT Security standard is ISO 27000 Series
Information Security Attacks
A security attack is an unauthorized attempt to steal,

damage, or expose data from an information system
such as a website, an office computer or a database for
Campus Management.
LETS Consider Some Cases…

Note this scenario as #1
1 2
1
Note these scenarios as #2
1
1
2
1
3
1
4
?
Which Scenario was Passive Attack and Which was
Active Attack and why?
• Passive Attacks
• A passive attack is a network attack in which a system is monitored and sometimes scanned
for open ports and vulnerabilities. The purpose is solely to gain information about the target
and no data is changed on the target
• Active Attacks
• The attacks which are carried to directly harm the information or the network. An active
attack could also be made to target information by altering it in some way. Or destroy/harm
some nodes or the entire network for some malicious purpose
ACTIVE ATTACKS PASSIVE ATTACKS

´ Denial of service (DoS) § Snooping
´ Distributed Denial of Service (DDoS) § Traffic Monitoring and Analysing
´ Session replay
´ Masquerade
´ Message modification
´ Trojans
SUMMARY
&
QA
THANKS

Information Security - FUNDAMENTALS

Uploaded by

Document Information

Original Description:

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Information Security - FUNDAMENTALS

Uploaded by

Copyright:

Available Formats

Security Fundamentals and Development

Introduction to Information Security &

• This module is intended to afford the learner a fundamental

1 Introduction to Information Security & Information security

Introduction to Information Security &

• At the end of Lecture you will be able to know:

• The basic concepts about the Security & Information Security

• Security is defined as “the quality or state of being secure—to be free

• Security is often achieved by means of several strategies undertaken

• Additional tools & mechanisms are also needed.

• Means protecting information and information systems from

• Accessed to stored information on computer databases has increased

Cyber security is a common term concerned with all aspects of cyber

Network Security is subset of Cyber Security

Cyber Security is the subset of Information Security

• Policy is a plan or course of action that influences and determine

• Standards are a more detailed statement of what must be done to

• Procedures and guidelines explain how employees will comply with

• Information Security Standard represents a set of requirements that a

A security attack is an unauthorized attempt to steal,

LETS Consider Some Cases…

Note this scenario as #1

ACTIVE ATTACKS PASSIVE ATTACKS

You might also like