Information Security

What Is Security?
The quality or state of being secure.
To be free from danger”
To be protected from adversaries
A successful organization should have multiple
layers of security in place:
Physical security
Personal security
Operations security
Communications security
Network security
What is Information Security?
The protection of information and its critical
elements, including the systems and hardware that
use, store, and transmit that information
Tools, such as policy, awareness, training, education,
and technology are necessary
The C.I.A. triangle was the standard based on
confidentiality, integrity, and availability
The C.I.A. triangle has expanded into a list of critical
characteristics of information
C.I.A. Triangle
Critical characteristics of information
• Availability
- Assets be available to authorized parties
• Accuracy
- Information should have accuracy. Information has
accuracy when it is free from mistakes or errors and it has
the value that the end users expects. If information
contains a value different from the user’s expectations,
due to the intentional or unintentional modification of its
content, it is no longer accurate.
• Authenticity
- Requires that a computer system be able to verify the
identity of a user
continuation
• Confidentiality
- Requires information in a computer system only be accessible for
reading by authorized parties. When unauthorized individuals or
systems can access information, confidentiality is breached.
• Integrity
- Assets can be modified by authorized parties only because Integrity
is the quality or state of being whole, complete, and uncorrupted
• Utility
- Information has value when it serves a particular purpose. This
means that if information is available, but not in a format meaningful
to the end user, it is not useful. Thus, the value of information
depends on its utility.
• Possession
- The possession of Information security is the quality or state of
having ownership or control of some object or item.
Why Information Security
Why is it important to secure information?
Liability
Privacy Concerns
Copyright Violations
Identity Theft
Resource Violations
Reputation Protection
Meet Expectations
Laws & Regulations
Information security threats
Information Security threats can be many like:
- Software attacks
- theft of intellectual property
- identity theft
- theft of equipment or information
- Sabotage
- and information extortion.
Threat can be anything that can take advantage of a
vulnerability to breach security and negatively alter,
erase, harm object or objects of interest.
Categories of threats
Internal
This is when people with access to the software or technical
room intentionally or unintentionally bring in software that is
destructive to the system.
Example: bringing in an infected memory stick (flash) from
home and plugging it onto your computer which is networked.
External
This is a situation in which a hacker or person who do not have
authorised access gain entry into the system and tamper with it.
Manmade
These are threats created and propagated by humans.
Example: viruses
Computer virus