Professional Documents
Culture Documents
Introduction Cns
Introduction Cns
SECURITY
Cryptography
• In computer science, cryptography refers to secure information and communication
techniques derived from mathematical concepts and a set of rule-based calculations
called algorithms, to transform messages in ways that are hard to decipher.
Need of Cryptography
• Individuals and organizations use cryptography on a daily basis to protect their
privacy and keep their conversations and data confidential. Cryptography ensures
confidentiality by encrypting sent messages using an algorithm with a key only
known to the sender and receiver.
• Cryptography uses encryption to hide information in a coded language that does
not let adversaries (malicious third parties) access it anyhow. Simply put,
cryptography prevents unauthorized access to information and keeps data secure
and safe.
Computer Security
• The protection afforded to an automated information system in order to
attain the applicable objectives of preserving the integrity, availability,
and confidentiality of information system resources (includes hardware,
software, firmware, information/data, and telecommunications).
• The above definition introduces three key objectives that are at the heart
of computer security.
Confidentiality: This term covers two related concepts:
1. Data confidentiality: Assures that private or confidential information is
not made available or disclosed to unauthorized individuals.
2. Privacy: Assures that individuals control or influence what information
related to them may be collected and stored and by whom and to whom
that information may be disclosed.
SECURITY
Integrity: This term covers two related concepts:
1.Data integrity: Assures that information and programs are changed only in
a specified and authorized manner.
2.System integrity: Assures that a system performs its intended function in
an unimpaired manner, free from deliberate or inadvertent unauthorized
manipulation of the system.
• Availability: Assures that systems work promptly and service is not denied
to authorized users.
• These three concepts form what is often referred to as the CIA triad.
(Confidentiality, Integrity and Availability).
Information Security
• Information Security is not only about securing information from
unauthorized access.
• Information Security is basically the practice of preventing unauthorized
access, use, disclosure, disruption, modification, inspection, recording or
destruction of information.
• Information can be physical or electronic one. Information can be anything
like our details or we can say our profile on social media, our data in mobile
phone, our biometrics etc.
• Thus Information Security spans so many research areas like Cryptography,
Mobile Computing, Cyber Forensics, Online Social Media etc.
• Information Security programs are built around 3 objectives, commonly
known as CIA – Confidentiality,Integrity,Availability.
CIA
• Confidentiality – means information is not disclosed to unauthorized individuals,
entities and process. For example if we say I have a password for my Gmail account
but someone saw while I was doing a login into Gmail account. In that case my
password has been compromised and Confidentiality has been breached.
• Integrity – means maintaining accuracy and completeness of data. This means data
cannot be edited in an unauthorized way. For example if an employee leaves an
organization then in that case data for that employee in all departments like
accounts, should be updated to reflect status to JOB LEFT so that data is complete
and accurate and in addition to this only authorized person should be allowed to edit
employee data.
• Availability – means information must be available when needed. For example if one
needs to access information of a particular employee to check whether employee has
out standed the number of leaves, in that case it requires collaboration from different
organizational teams like network operations, development operations, and incident
response and policy/change management.
NEED FOR SECURITY
• Security provides privacy for our data that is no unauthorized users can see or
modify our data.
• Security is required because the wide spread use of data processing
equipment, the security of information felt to be valuable to an organization
was provided primarily by physical and administrative means.
• Network security measures are needed to protect data while it is transmitting.
• Ex: User A sends a sensitive information file to user B. If the unauthorized user
C can monitor that data and capture the data while transmission is the
security breach.
OSI SECURITY ARCHITECTURE