Professional Documents
Culture Documents
Chapter 1 - Information Security
Chapter 1 - Information Security
Chapter 1 - Information Security
University of Djelfa
2024
Course Agenda
1 / 47
Chapter 1: Introduction to information security
Concepts
Homework
2 / 47
What is security?, History
History
Enigma machine
3 / 47
History
4 / 47
Information Systems
• Information systems are composed by four components: task, people, structure, and
technology.
5 / 47
What is Security?
6 / 47
Uses of Information Security
7 / 47
The objectives of information
security
CIA Triad
The CIA Triad is a security model that provides a framework for understanding the three
fundamental components of information security: confidentiality, integrity, and
availability.
8 / 47
Availability
The primary objective of availability is to verify that the complete data is available every
time (or at any moment) whenever an official person needs it.
9 / 47
Availability
10 / 47
Integrity
11 / 47
Integrity
12 / 47
Confidentiality
The goal of the confidentiality principle is to keep sensitive information private and to
ensure that it is manifest and available only to those who are authorized to use it to
fulfill their important or institutional projects.
13 / 47
Confidentiality
14 / 47
Objectives of information security
15 / 47
Objectives of information security
16 / 47
Types of Information Security
17 / 47
Issues of Information Security
• Cyberattacks.
• Data breaches.
• Insider threats.
• Human error.
• Technical failures.
• Complexity.
• Mobile and IoT devices.
• Data privacy.
• Globalization
• ???
18 / 47
Concepts
Information Security vs Cybersecurity
19 / 47
Information Security vs Cybersecurity
• Information Security: This term is broader and encompasses the protection of all
forms of information, whether it is in digital or physical form.
20 / 47
Basic Concepts
• Attack ?
• Threat ?
• Vulnerability ?
• Risk ?
• Intrusion ?
• Asset ?
21 / 47
Hacking
Hacking is the act of identifying and then exploiting weaknesses in a computer system or
network, usually to gain unauthorized access to personal or organizational data.
22 / 47
Hackers
23 / 47
Types of Hackers
24 / 47
Cybersecurity Jobs
Cybersecurity professionals are the rockstars of the computer world today. There are
many different positions in the field and can be found in businesses, voluntary agencies,
government agencies, and for individuals. They can work as:
• Ethical hackers
• Source code auditors
• Security architects
• Computer crime investigators
• Security consultants
• Cryptographers
• Security analysts
25 / 47
Security!
26 / 47
Threats and Attacks
Threat
A threat is a potential negative action or event that can exploit vulnerabilities in a system
to cause harm or damage.
27 / 47
Attack
An attack, on the other hand, is the actual exploitation or intentional act carried out by
an adversary to compromise the security of a system or organization. It is the execution
of a threat.
28 / 47
Types of Attacks
29 / 47
Attacks and Threats
• Malware.
• Insider Threats.
• Phishing.
• Zero-Day Exploits.
• DoS and DDoS Attacks.
• Social Engineering.
• Man-in-the-Middle
• Advanced Persistent Threats (APTs).
(MitM) Attacks.
• Cross-Site Scripting (XSS).
• SQL Injection.
30 / 47
Malware
31 / 47
Virus
32 / 47
Worm
33 / 47
Trojans (Trojan Horses)
34 / 47
Keylogger
• A keylogger is a form of malware or hardware that keeps track of and records your
keystrokes as you type.
35 / 47
Phishing
36 / 47
Denial-of-Service (DoS) and Distributed Denial-of-Service (DDoS) Attacks
A denial-of-service (DoS) attack floods a server with traffic, making a website or resource
unavailable. A distributed denial-of-service (DDoS) attack is a DoS attack that uses
multiple computers or machines to flood a targeted resource.
37 / 47
Man-in-the-Middle (MitM) Attacks
38 / 47
Social Engineering
Uses psychological manipulation to trick users into making security mistakes or giving
away sensitive information.
39 / 47
Countermeasures
40 / 47
OSI Security Architecture
OSI Architecture
41 / 47
Security Attacks
42 / 47
Security Mechanism
The mechanism that is built to identify any breach of security or attack on the
organization, is called a security mechanism. Some examples:
• Encryption
• Digital signature
• Traffic padding
• Routing control
43 / 47
Security Services
Security services refer to the different services available for maintaining the security and
safety of an organization. They help in preventing any potential risks to security. Security
services are divided into 5 types:
• Authentication
• Access control
• Data Confidentiality
• Data integrity
• Non- repudiation
44 / 47
Benifits of OSI Security Architecture
1. Providing Security.
2. Organising Task.
3. Meets International Standards.
45 / 47
Homework
Task 1
46 / 47
Task 2
• Link between the security services and their appropriate security mechanisms:
Mechanism
Service Encryption Digital Access Data Integrity Authentication Exchange Traffic Padding Routing Notarization Control
Signature Control
Authentication
Origin Authentication of Data
Access Control
Traffic Flow Confidentiality
Data Integrity
Non-repudiation
Availability
47 / 47
smail.tache@univ-constantine2.com
47 / 47