The document discusses key principles of information security. It introduces the CIA triad of confidentiality, integrity, and availability, which are fundamental to any secure system. Confidentiality involves hiding information from unauthorized users. Integrity means ensuring data remains accurate and unchanged. Availability means information is accessible to authorized users at all times. The document also discusses information classification, where organizations assess data sensitivity and access levels. A typical system classifies data as confidential, restricted, internal or public.
Original Description:
Original Title
Lecture 25 Information Security Practices 15062021 123418pm
The document discusses key principles of information security. It introduces the CIA triad of confidentiality, integrity, and availability, which are fundamental to any secure system. Confidentiality involves hiding information from unauthorized users. Integrity means ensuring data remains accurate and unchanged. Availability means information is accessible to authorized users at all times. The document also discusses information classification, where organizations assess data sensitivity and access levels. A typical system classifies data as confidential, restricted, internal or public.
The document discusses key principles of information security. It introduces the CIA triad of confidentiality, integrity, and availability, which are fundamental to any secure system. Confidentiality involves hiding information from unauthorized users. Integrity means ensuring data remains accurate and unchanged. Availability means information is accessible to authorized users at all times. The document also discusses information classification, where organizations assess data sensitivity and access levels. A typical system classifies data as confidential, restricted, internal or public.
Page 1 Information Security Practices Introduction The CIA: Information Security Principles Information Security Organizational Structure Information Classification
Free Powerpoint Templates
Page 2 Introduction • Information security, sometimes shortened to InfoSec, is the practice of defending information from unauthorized access, use, disclosure, disruption, modification, inspection, recording or destruction. It is a general term that can be used regardless of the form the data may take (e.g. electronic, physical)
Free Powerpoint Templates
Page 3 The CIA: Information Security Principles • The CIA principle A simple but widely-applicable security model is the CIA triad; standing for Confidentiality, Integrity and Availability; three key principles which should be guaranteed in any kind of secure system. This principle is applicable across the whole subject of Security Analysis, from access to a user's internet history to security of encrypted data across the internet. If any one of the three can be breached it can have serious consequences for the parties concerned Confidentiality Integrity Availability
Free Powerpoint Templates
Page 4 The CIA: Information Security Principles • Confidentiality Confidentiality is the ability to hide information from those people unauthorized to view it. It is perhaps the most obvious aspect of the CIA triad when it comes to security; but correspondingly, it is also the one which is attacked most often. Cryptography and Encryption methods are an example of an attempt to ensure confidentiality of data transferred from one computer to another. • Integrity The ability to ensure that data is an accurate and unchanged representation of the original secure information. One type of security attack is to intercept some important data and make changes to it before sending it on to the intended receiver. Free Powerpoint Templates Page 5 The CIA: Information Security Principles • Availability It is important to ensure that the information concerned is readily accessible to the authorized viewer at all times. Some types of security attack attempt to deny access to the appropriate user, either for the sake of inconveniencing them, or because there is some secondary effect. For example, by breaking the web site for a particular search engine, a rival may become more popular
Free Powerpoint Templates
Page 6 Information Security Organizational Structure
Free Powerpoint Templates
Page 7 Information Classification • Information Classification • Government classifications • Private Sector classifications Criteria
Free Powerpoint Templates
Page 8 Information Classification • Information Classification Information classification is a process in which organizations assess the data that they hold and the level of protection it should be given. Organizations usually classify information in terms of confidentiality – i.e. who is granted access to see it. A typical system will include four levels of confidentiality: Confidential (only senior management have access) Restricted (most employees have access) Internal (all employees have access) Public information (everyone has access)