2. What Is Security?
“The quality or state of being secure--to be free
from danger”
To be protected from adversaries
A successful organization should have multiple
layers of security in place:
Physical security
Personal security
Operations security
Communications security
Network security
3. Information security
The protection of information and its elements including
systems, hardware that use, store and transmit that
information…..
4. Critical Characteristics Of
Information
The value of information comes from the
characteristics it possesses.
Availability
Accuracy
Authenticity
Confidentiality
Integrity
Utility
Possession
5. Information can be
Created
Stored
Destroyed
Processed
Transmitted
Used – (For proper & improper purposes)
Lost
Stolen
6. Printed or written on paper
Stored electronically
Transmitted by post or using electronics means
Shown on corporate videos
Displayed / published on web
Verbal – spoken in conversations
21. – Confidentiality
Ensuring that information is
accessible only to those
authorized to have access
– Integrity
Safeguarding the accuracy and
completeness of information
and processing methods
– Availability
Ensuring that authorized
users have access to
information and associated
assets when required
INFORMATION ATTRIBUTES
22. • Information Security is “Organizational Problem”
rather than “IT Problem”
• More than 70% of Threats are Internal
• More than 60% culprits are First Time fraudsters
• Biggest Risk : People
• Biggest Asset : People
• Social Engineering is major threat
23. What is Risk?
Risk: A possibility that a threat exploits a
vulnerability in an asset and causes damage or
loss to the asset.
Threat: Something that can potentially cause damage
to the organization, IT Systems or network.
Vulnerability: A weakness in the organization, IT
Systems, or network that can be exploited
by a threat.
25. High User
Knowledge of IT
Systems
Theft,
Sabotage,
Misuse
Virus Attacks
Systems &
Network
Failure
Lack Of
Documentation
Lapse in
Physical
Security
Natural
Calamities &
Fire
RiskandThreats