INTRODUCTION TO INFORMATION SECURITY

Basics of informationComputer securityDataData securityInformationInformation securityNetwork security

Information systemInformation

It is a resource fundamental to the success of any business.

DataKnowledgeAction

Information SecurityNeed and importance of information

Damage to information can cause disruptions in a normal process .

Management is crucial to making good business decision.

Monitor and document the operations of other systems.

To satisfy the decision making capability.

Information SystemsReasons for Information Classification

Protection of personal dataProtection of confidential dataProtecting Intellectual propertyProtecting info. That supports public security

and law enforcementSupporting routine disclosure and active

disseminationData of intergovernmental cooperation and

integrated service delivery.

Information ClassificationCriteria of information classification

Value

Age

Useful Life

Personal association

Information ClassificationLevels of information classification

Unclassified

Sensitive But Unclassified

Confidential

Secrete

Top secret

securitySecurity means to protect information or

system from unauthorized users.Layers of security

Physical securityPersonal SecurityOperational SecurityCommunications securityNetwork securityInformation security

securityNeed of security

Application were developed to handle financial and personal data

Mechanism Use userid and paswword Encode information present in database

Security basicsBasics of computer security /Three pillars of

IS includes :ConfidentialityIntegrityAvailability

Security basicsConfidentiality

Confidentiality means secrecy or concealment of information and resources.

Attempt to prevent the intentional or unintentional unauthorized disclosure of information.

Interception attackUses identification and authentication.

Security basicsConfidentiality

Breaches of confidentiality Permitting someone to look over your shoulder If the information containing device is stolen or sold Giving out the confidential information over

communication media.

Mechanism used for confidentiality Resource hiding, cryptography, access control mechanism.

Security basicsIntegrity

It involves maintaining the consistency, accuracy, and trustworthiness of data over its entire life cycle.

Data integrity and origin integrity.Modification attackBreaches of Integrity

Accidentally or with malicious intent deletes information Computer virus

Mechanism used for Integrity file permissions user access control cryptography

Security basicsAvailability

Resources should be available to authorized parties at all times.

Availability is an important aspect of reliability as well as of system design

Interruption attackHigh availability systems aim to remain available

at all times(24x7) preventing service disruptionsDOS(denial-of-service) attack.

Security basicsNon-repudiation :

It refers to the ability to ensure that a party to a contract or a communication cannot deny the authenticity of their signature on a document or the sending of a message that they originated.

The best services for non repudiation are digital signature and encryption.

Authorization

Authorization is a process of verifying that a known person has the authority to perform a certain operation.

Security basicsAuthentication :

It is the process of determining the identity of a user or other entity.

It requires to access secure data or enter a secure area.

Three method of authentication. Something –you-know : user ID and password.

Something – you – have: lock and key.

Something –about –you : finger print, DNA , Samples etc.

Data obfuscationData obfuscation (DO) is a form of data

masking where data is purposely scrambled to prevent unauthorized access to sensitive materials. 

Used to prevent the intrusion of private and sensitive online data.

Sensitive info. : Employee data(salary info , review info.),customer data, bank and vendor data

Data obfuscationTechniques for data obfuscation

Generate RSA(Rivest Shamir Adleman) private / public key pair

Masking Character scrambling or masking out of certain fields

Substitution another authentic looking value can be substituted

for the existing valuePurge

applying a null value to a particular field

Event ClassificationViruses

Disaster

Crisis

Catastrophe