2. Information Security
• Information Security refers to securing the data or
information and systems from unauthorized access
or misuses.
• Data of organizations are breached by scammers,
fraudsters or hackers and to stop them we have to
deal with information security.
3. Need for Security
• Development in information technology.
• Lack of knowledge and skills in field of security.
• Impact on data breaches on the organizations and
business corporates.
4. Elements of Security
• Confidentiality – only authorized users can access or
protection of data by preventing the
unauthorized access.
• Integrity – It refers to the accuracy and consistency
of data over its lifecycle.
• Availability – it means the information will be
available when it required for authorized users.
5. Elements of Security
• Non Repudiation – is the assurance that someone
cannot deny the validity of something.
6. Attacks in Info. Security
• Operating system attacks
Attackers find vulnerabilities in a operating system to
gain access to the system. In every operating system
vulnerabilities are present and the attackers take
advantages of it.
7. Attacks in Info. Security
• Mis – Configuration attacks –
Misconfiguration
attacks exploit configuration weaknesses found in
web and application servers. Many servers come
with unnecessary default and sample files, including
applications, configuration files, scripts, and
WebPages.
8. Attacks in Info. Security
• Application level attack –
An application attack consists of cyber criminals
gaining access to unauthorized areas. Attackers most
commonly start with a look at the application layer,
hunting for application vulnerabilities written within
code.
• Example – Man-in-middle ,session hijacking,DOS
attacks.
9. Info. Security Laws
• Payment Card Industry Data Security [PCI-DSS]
The Payment Card Industry Data Security Standard
(PCI DSS) is a set of requirements intended to ensure
that all companies that process, store, or
transmit credit card information maintain
a secure environment.
10. Info. Security Laws
• ISO/IEC 27001:2013
It specifies the requirements for establishing,
implementing, maintaining and continually improving
an information security management system within
the context of the organization.
11. Info. Security Laws
• Health Insurance Portability and Accountability Act
[HIPPA]
The Health Insurance Portability and Accountability
Act of 1996 (HIPAA) is a federal law that required the
creation of national standards to protect sensitive
patient health information from being disclosed
12. Info. Security Laws
• Sarbanes Oxley Act [SOX]
The Sarbanes-Oxley Act of 2002 is a law the U.S.
Congress passed on July 30 of that year to help
protect investors from fraudulent financial reporting
by corporations.
13. Info. Security Laws
• The Digital Millennium Copyright Act [DMCA]
Digital Millennium Copyright Act (DMCA), which
amended U.S. copyright law to address important
parts of the relationship between copyright and the
internet.