Professional

Practices
Lecture 25
ajwakhawar08@gmail.com

Free Powerpoint Templates

Page 1
 Information
Security Practices
 Introduction
 The CIA: Information
Security Principles
 Information Security
Organizational Structure
 Information Classification

Free Powerpoint Templates

Page 2
 Introduction
• Information security, sometimes shortened to InfoSec,
is the practice of defending information from
unauthorized access, use, disclosure, disruption,
modification, inspection, recording or destruction. It is
a general term that can be used regardless of the form
the data may take (e.g. electronic, physical)

Free Powerpoint Templates

Page 3
 The CIA: Information Security
Principles
• The CIA principle
A simple but widely-applicable security model is the CIA
triad; standing for Confidentiality, Integrity and Availability;
three key principles which should be guaranteed in any kind
of secure system. This principle is applicable across the
whole subject of Security Analysis, from access to a user's
internet history to security of encrypted data across the
internet. If any one of the three can be breached it can
have serious consequences for the parties concerned
Confidentiality
Integrity
Availability

Free Powerpoint Templates

Page 4
 The CIA: Information Security
Principles
• Confidentiality
Confidentiality is the ability to hide information from those
people unauthorized to view it. It is perhaps the most obvious
aspect of the CIA triad when it comes to security; but
correspondingly, it is also the one which is attacked most
often. Cryptography and Encryption methods are an example
of an attempt to ensure confidentiality of data transferred
from one computer to another.
• Integrity
The ability to ensure that data is an accurate and unchanged
representation of the original secure information. One type of
security attack is to intercept some important data and make
changes to it before sending it on to the intended receiver.
Free Powerpoint Templates
Page 5
 The CIA: Information Security
Principles
• Availability
It is important to ensure that the information concerned is
readily accessible to the authorized viewer at all times. Some
types of security attack attempt to deny access to the
appropriate user, either for the sake of inconveniencing
them, or because there is some secondary effect. For
example, by breaking the web site for a particular search
engine, a rival may become more popular

Free Powerpoint Templates

Page 6
Information Security Organizational
Structure

Free Powerpoint Templates

Page 7
 Information Classification
• Information Classification
• Government classifications
• Private Sector classifications
Criteria

Free Powerpoint Templates

Page 8
 Information Classification
• Information Classification
Information classification is a process in which organizations
assess the data that they hold and the level of protection it
should be given.
Organizations usually classify information in terms of
confidentiality – i.e. who is granted access to see it. A
typical system will include four levels of confidentiality:
Confidential (only senior management have access)
Restricted (most employees have access)
Internal (all employees have access)
Public information (everyone has access)

Free Powerpoint Templates

Page 9
Thank you!

Free Powerpoint Templates

Page 10