Scribd Logo
Upload

Welcome to Scribd!

  • Lecture #01

    Uploaded by

    Zahid Abbas
    0 views4 pages

    Copyright

    © © All Rights Reserved

    Available Formats

    DOCX, PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document

    Copyright:

    © All Rights Reserved
    Download as DOCX, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    Download as docx, pdf, or txt
    0 views4 pages

    Lecture #01

    Uploaded by

    Zahid Abbas

    Copyright:

    © All Rights Reserved
    Download as DOCX, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    Download as docx, pdf, or txt
    of 4

    Information Security

    What is Information Security?

    Information security is a set of practices designed to carry private data secure from unauthorized
    access and alteration for the duration of storing or transmitting from one location to another.
    Information security is designed and carried out to protect the print, digital, and other private,
    sensitive, and private data from unauthorized persons. It can be used to secure data from being
    misused, acknowledgment, destruction, alteration, and disruption.
    Computer networks are connected in daily transactions and communication inside the
    government, private, or corporates that needs security. The most common and easy method of
    protecting network support is assigning it with a unique name and a corresponding password.
    The network security includes −
     Protection −The user needs to be capable of configuring their devices and networks
    accurately.
     Detection −The user should detect whether the configuration has been modified or get a
    notification if there are some issues in the network traffic.
     Reaction −After detecting the issues, the user should acknowledge them and should
    return to a protected position as rapidly as available.
    Network security works with more than one layer of protection at the edge and in among the
    network. All the security layers implement some techniques and follow specified policies. Only
    the authorized users will get access to the network resources, and the unauthorized users will be
    blocked from guiding exploits and malicious activities.
    There are various services of information security which are as follows −
    Message Confidentiality − Message confidentiality or privacy defines that the sender and the
    receiver expect confidentiality. The transmitted message should make sense to only the
    predetermined receiver. When a user connects with the bank, they predict that the
    communication is completely confidential.
    Message Integrity − Message integrity defines that the data should appear at the receiver
    accurately as they were sent. There should be no changes for the duration of the transmission,
    neither by chance nor maliciously. As increasingly monetary exchanges appear over the web,
    integrity is crucial.
    Message Authentication − Message authentication is a service that furthers message integrity.
    In message authentication the receiver is required to be certain of the sender's identity and that
    an imposter has not sent the message. (Know about the sender)
    Message Nonrepudiation − Message nonrepudiation defines that a sender should not be able to
    deny sending a message that they send. The burden of data falls on the receiver.
    Entity Authentication −In entity authentication, the entity or user is documented previous to
    access to the system resources. For instance, a student who is required to access the university
    resources is required to be authenticated during the logging phase. This is to assure the interests
    of the university and the student.

    The CIA Triad — Confidentiality, Integrity, and Availability Explained

    Confidentiality, Integrity, and Availability or the CIA triad is the most fundamental concept in
    cyber security. It serves as guiding principles or goals for information security for organizations
    and individuals to keep information safe from prying eyes.

    Confidentiality:

    Confidentiality is about ensuring access to data is restricted to only the intended audience and
    not others. As you may expect, the more sensitive the information is, the more stringent the
    security measures should be. Many privacy laws rely on confidentiality security controls to
    enforce legal requirements.

    Some measures to keep information confidential are:

     Encryption

     Password

     Two-factor authentication

     Biometric

     Security tokens

    Integrity:

    Integrity refers to maintaining the accuracy, and completeness of data. In other words, it is about
    protecting data from being modified by unauthorized parties, accidentally by authorized parties,
    or by non-human-caused events such as electromagnetic pulse or server crash. For example, a
    hacker may intercept data and modify it before sending it on to the intended recipient.

    Measures to maintain the integrity of information include:

     Encryption

     Hashing
     User Access Controls

     Checksums

     Version Control

     Backups

    Availability:

    Lastly, information must be available when it is needed. To ensure high data availability, you
    must maintain a correctly functioning hardware and software and provide adequate bandwidth.
    But these measures alone are not enough because there are external forces at play; data
    availability can further be compromised by:

     Denial of Service (DoS)

     Power outages

     Natural disasters
    DoS, for example, might be employed by a rival company to break your website so that its own
    website becomes more popular.

    Measures to mitigate threats to availability include:

     Off-site backups

     Disaster recovery

     Redundancy

     Failover

     RAID (RAID (redundant array of independent disks) is a way of storing the same data in
    different places on multiple hard disks or solid-state drives (SSDs) to protect data in the
    case of a drive failure).

     High-availability clusters
    Challenges for the CIA Triad:

    Big data is especially challenging to the CIA paradigm because of the ever increasing amount of
    data that needs to be safeguarded. As technology advances, more devices are adding to the
    increasing stream of data in a variety of different formats. Also, because the main goal of
    handling big data is often to collect and make interpretations with all of the information,
    responsible oversight can be a secondary concern.
    Internet of Things privacy and security is particularly challenging. Every year there are more
    internet-enabled devices on the market, which can remain unpatched or use weak passwords.
    While many devices don't transmit particularly sensitive information, it's possible for an attacker
    gather enough information from each endpoint, analyze it, and potentially reveal information you
    would rather keep private.
    Other than the CIA triad, there are also other frequently recurring themes in information security:

     non-repudiation: assurance that someone/ something cannot deny something (e.g. one cannot
    deny the authenticity of a digital signature)

     authentication: proving that a person is who they claim to be

     reliability: confidence that one can depend on a system or process

     privacy: a generalized counterpart of confidentiality which also address the social consequence
    of failing to meet the requirement

    You might also like