Professional Documents
Culture Documents
Information Security
Information Security
Information Security
What Is Security?
The quality or state of being secure.
To be free from danger”
To be protected from adversaries
A successful organization should have multiple
layers of security in place:
Physical security
Personal security
Operations security
Communications security
Network security
What is Information Security?
The protection of information and its critical
elements, including the systems and hardware that
use, store, and transmit that information
Tools, such as policy, awareness, training, education,
and technology are necessary
The C.I.A. triangle was the standard based on
confidentiality, integrity, and availability
The C.I.A. triangle has expanded into a list of critical
characteristics of information
C.I.A. Triangle
Critical characteristics of information
• Availability
- Assets be available to authorized parties
• Accuracy
- Information should have accuracy. Information has
accuracy when it is free from mistakes or errors and it has
the value that the end users expects. If information
contains a value different from the user’s expectations,
due to the intentional or unintentional modification of its
content, it is no longer accurate.
• Authenticity
- Requires that a computer system be able to verify the
identity of a user
continuation
• Confidentiality
- Requires information in a computer system only be accessible for
reading by authorized parties. When unauthorized individuals or
systems can access information, confidentiality is breached.
• Integrity
- Assets can be modified by authorized parties only because Integrity
is the quality or state of being whole, complete, and uncorrupted
• Utility
- Information has value when it serves a particular purpose. This
means that if information is available, but not in a format meaningful
to the end user, it is not useful. Thus, the value of information
depends on its utility.
• Possession
- The possession of Information security is the quality or state of
having ownership or control of some object or item.
Why Information Security
Why is it important to secure information?
Liability
Privacy Concerns
Copyright Violations
Identity Theft
Resource Violations
Reputation Protection
Meet Expectations
Laws & Regulations
Information security threats
Information Security threats can be many like:
- Software attacks
- theft of intellectual property
- identity theft
- theft of equipment or information
- Sabotage
- and information extortion.
Threat can be anything that can take advantage of a
vulnerability to breach security and negatively alter,
erase, harm object or objects of interest.
Categories of threats
Internal
This is when people with access to the software or technical
room intentionally or unintentionally bring in software that is
destructive to the system.
Example: bringing in an infected memory stick (flash) from
home and plugging it onto your computer which is networked.
External
This is a situation in which a hacker or person who do not have
authorised access gain entry into the system and tamper with it.
Manmade
These are threats created and propagated by humans.
Example: viruses
Computer virus