SlideShare a Scribd company logo

Introduction to Information Security

Download as PPTX, PDF
R
Rubal Sagwal

-Definition of Information Security -Evolution of Information Security -Basics Principles of Information Security -Critical Concepts of Information Security -Components of the Information System -Balancing Information Security and Access -Implementing IT Security -The system Development Life cycle -Security professional in the organization

Engineering
1 of 55
Information Security Unit - 1 Introduction to Information Security Date: Presented By: Rubal Sagwal Department of Computer Engineering NIT, Kurukshetra Book Ref : 1Rubal_CN
Contents • Definition of Information Security • Evolution of Information Security • Basics Principles of Information Security • Critical Concepts of Information Security • Components of the Information System • Balancing Information Security and Access • Implementing IT Security • The system Development Life cycle • Security professional in the organization Rubal_CN 2
Introduction Rubal_CN 3
Cyber Space and Cyber Security Rubal_CN 4
Cyber Space • “Cyberspace” does not have a single agreed definition, some things can be said, • First, cyberspace is not a physical place, although many elements of cyberspace are indeed physical, • Second, cyberspace includes but is not limited to the Internet—cyberspace also includes computers (some of which are attached to the Internet and some not) and networks (some of which may be part of the Internet and some not). • Third, cyberspace includes many intangibles, such as information and software and how different elements of cyberspace are connected to each other Rubal_CN 5
Cyber Space • So a rough definition might be that : • cyberspace consists of objects based on or dependent on computing and communication technology; • The information that these objects use, store, handle, or process; and • The interconnections among these various elements. Rubal_CN 6
What is Security • “The quality or state of being secure—to be free from danger” • A successful organization should have multiple layers of security in place: 1. Physical security - to protect physical items, objects, or areas from unauthorized access and misuse 2. Personnel security - to protect the individual or group of individuals who are authorized to access the organization and its operations 3. Operations security - to protect the details of a particular operation or series of activities Rubal_CN 7
What is Security 4. Communications security - to protect communications media, technology, and content 5. Network security - to protect networking components, connections, and contents 6. Information security - to protect the confidentiality, integrity and availability of information assets, whether in storage, processing, or transmission. Rubal_CN 8
Cyber Security • Cyber security means protecting cyberspace from any attack or cybercrime, it can be any cyber or physical attack. • Maintaining : • Confidentiality • Integrity • Availability Rubal_CN 9
ADAD 10
Computer Security • Computer Security – the protection of the items you value, called the assets of the computer or computer system. Rubal_CN 11
Assets • There are many types of assets: • Hardware • Software • Data • People • Processes, • or combinations of these. To determine what to protect, we must first identify what has value and to whom. Rubal_CN 12
• A computer device (including hardware, added components, and accessories) is certainly an asset. Because most computer hardware is pretty useless without programs, the software – is also an asset. • Software includes the operating system, utilities and device handlers; applications such as word processing, media players or email handlers. • Even programs that you may have written yourself. Rubal_CN 13 Assets
• The thing that makes your computer unique and important to you is its content: • Photos • Tunes • Papers • Email messages • Projects • Calendar information • E-books • Contact information • Code you created, etc. • Thus, data items on a computer are assets, too. Rubal_CN 14 Assets
Rubal_CN 15 Values of Assets
Information Security Rubal_CN 16
• The state of being protected against the unauthorized access, use, disclosure, disruption, modification, inspection, recording or destruction of information. Rubal_CN 17 Information Security
• Began immediately after the first mainframes were developed • Groups developing code-breaking computations during World War II created the first modern computers • Physical controls to limit access to sensitive military locations to authorized personnel • Rudimentary in defending against physical theft, espionage, and sabotage Rubal_CN 18 Evolution of Information Security
• It was during the 1960s when organisations first started to become more protective of their computers. During this time, there was no internet or network to worry about, so security was largely focused on more physical measures, and preventing access to people with enough knowledge about how to work a computer. • In order to do this, passwords and multiple layers of security protection were added to devices. Fire safety measures were also implemented, to ensure that the stored data was protected. After all, there was no iCloud available back in those days, so computers had to be secured by other means. Rubal_CN 19 Evolution of Information Security - 1960
• Cybersecurity’s history began with a research project during the 1970s, on what was then known as the ARPANET (The Advanced Research Projects Agency Network). A researcher named Bob Thomas created a computer program which was able to move ARPANET’s network, leaving a small trail wherever it went. He named the program ‘CREEPER’, because of the printed message that was left when travelling across the network: ‘I’M THE CREEPER: CATCH ME IF YOU CAN’. Rubal_CN 20 Evolution of Information Security - 1970
• Ray Tomlinson – the man who invented email – later designed a program which took CREEPER to the next level, making it self-replicating and the first ever computer worm. Fortunately, he then wrote another program called Reaper which chased CREEPER and deleted it, providing the first example of antivirus software. Rubal_CN 21 Evolution of Information Security - 1970
• In 1986, employed German computer hacker Marcus Hess to steal US military secrets. He hacked into over 400 military computers, including mainframes at the Pentagon, and intended selling their secrets to the KGB. Fortunately, he was thwarted. • Two years later, in 1988, saw the birth of the Morris Worm – one of the major turning points in the history of information security. • Morris worm: self-replicating worm, first massive worm. Rubal_CN 22 Evolution of Information Security - 1980
• By the middle of the 90s, network security threats had increased exponentially and, as such, firewalls and antivirus programs had to be produced on a mass basis to protect the public. It was a NASA researcher who created the very first firewall program design. Rubal_CN 23 Evolution of Information Security - 1990
• Proper punishment. • In the early 2000s, governments began to clamp down on the criminality of hacking, giving much more serious sentences to those culpable – including extensive jail time and large fines. Rubal_CN 24 Evolution of Information Security - 2000
• Era of major breaches. • Snowden & The NSA, 2013: Edward Snowden – a former CIA employee and contractor for the US Government – copied and leaked classified information from the National Security Agency (NSA), highlighting the fact that the government was effectively ‘spying’ on the public. He is controversially thought of as a hero to some, and a traitor to others. • Yahoo, 2013 – 2014: Hackers broke into Yahoo, jeopardising the accounts and personal information of all their three billion users. They were fined $35 million for failing to disclose news of the breach in a timely manner, and Yahoo’s sale price decreased by $350 million as a result. • WannaCry, 2017: More widely known as the first ‘ransomworm’, WannaCry targeted computers running the Microsoft Windows operating system and demanded ransom payments in the Bitcoin cryptocurrency. In only one day, the worm infected over 230,000 computers across 150 countries. Rubal_CN 25 Evolution of Information Security - 2010
Principles of Security Rubal_CN 26
1. Confidentiality 2. Integrity 3. Availability Rubal_CN 27 Principles of Security - CIA
Confidentiality • The degree of confidentiality determines the secrecy of the information. The principle specifies that only the sender and receiver will be able to access the information shared between them. Confidentiality compromises if an unauthorized person is able to access a message. • For example, let us consider sender A wants to share some confidential information with receiver B and the information gets intercepted by the attacker C. Now the confidential information is in the hands of an intruder C. Rubal_CN 28 Principles of Security
• Availability: The principle of availability states that the resources will be available to authorize party at all times. Information will not be useful if it is not available to be accessed. Systems should have sufficient availability of information to satisfy the user request. Rubal_CN 29 Principles of Security
• Integrity: Integrity gives the assurance that the information received is exact and accurate. If the content of the message is changed after the sender sends it but before reaching the intended receiver, then it is said that the integrity of the message is lost. Rubal_CN 30 Principles of Security
• Authentication Authentication is the mechanism to identify the user or system or the entity. It ensures the identity of the person trying to access the information. The authentication is mostly secured by using username and password. The authorized person whose identity is preregistered can prove his/her identity and can access the sensible information. Rubal_CN 31 Principles of Security
Critical Concepts of Information Security Rubal_CN 32
• A vulnerability is a weakness in the system. • For instance, a particular system may be vulnerable to unauthorized data manipulation because the system does not verify a user’s identity before allowing data access. Rubal_CN 33 Vulnerability
• A threat to a computing system is a set of circumstances that has the potential to cause loss or harm. Rubal_CN 34 Threat
Rubal_CN 35 • we can see a small crack in the wall—a vulnerabilitythat threatens the man’s security. If the water rises to or beyond the level of the crack, it will exploit the vulnerability and harm the man.
An intentional or unintentional act that can cause damage to or otherwise compromise information and/or the systems that support it. Attacks can be active or passive, intentional or unintentional, and direct or indirect. Rubal_CN 36 Attack
• Access: A subject or object’s ability to use, manipulate, modify, or affect another subject or object. • Asset: The organizational resource that is being protected. An asset can be logical, such as a Web site, information, or data; or an asset can be physical, such as a person,computer system, or other tangible object. • Risk: The probability that something unwanted will happen. • Subjects and objects: A computer can be either the subject of an attack—an agent entity used to conduct the attack—or the object of an attack—the target entity, Rubal_CN 37
Components of the Information System ADAD 38
• Information System (IS) is entire set of: • Software, • Hardware, • Data, • People, • Procedures, and • Networks • Necessary to use information as a resource in the organization. Rubal_CN 39 Components of the Information System
Balancing Information Security and Access ADAD 40
• Impossible to obtain perfect security—it is a process, not an absolute • Security should be considered balance between protection and availability. • To achieve balance, level of security must allow reasonable access, yet protect against threats. Rubal_CN 41 Balancing Information Security and Access
Rubal_CN 42 Balancing Information Security and Access
System Development Life Cycle ADAD 43
• Systems development life cycle (SDLC) is methodology and design for implementation of information security within an organization • Methodology is formal approach to problem-solving based on structured sequence of procedures • Using a methodology • Ensures a rigorous process • Avoids missing steps • Goal is creating a comprehensive security posture/program • Traditional SDLC consists of six general phases Rubal_CN 44 System Development Life Cycle
Rubal_CN 45 System Development Life Cycle
Rubal_CN 46 Secure System Development Life Cycle • Generally speaking, a secure SDLC involves integrating security testing and other activities into an existing development process. • Examples include writing security requirements alongside functional requirements and performing an architecture risk analysis during the design phase of the SDLC.
Rubal_CN 47 Secure System Development Life Cycle • Many secure SDLC models are in use, but one of the best known is the Microsoft Security Development Lifecycle (MS SDL), which outlines 12 practices organizations can adopt to increase the security of their software. • And earlier this year, NIST published the final version of its Secure Software Development Framework, which focuses on security-related processes that organizations can integrate into their existing SDLC.
Rubal_CN 48 Secure System Development Life Cycle • Prepare the Organization (PO): Ensure that the organization’s people, processes, and technology are prepared to perform secure software development at the organization level and, in some cases, for each individual project. • Protect the Software (PS): Protect all components of the software from tampering and unauthorized access. • Produce Well-Secured Software (PW): Produce well- secured software that has minimal security vulnerabilities in its releases. • Respond to Vulnerabilities (RV): Identify vulnerabilities in software releases and respond appropriately to address those vulnerabilities and prevent similar vulnerabilities from occurring in the future.
Rubal_CN 49 Secure System Development Life Cycle • https://www.tutorialspoint.com/system_analysis_and_ design/system_analysis_and_design_development_life _cycle.htm • https://www.synopsys.com/blogs/software- security/secure- sdlc/#:~:text=Generally%20speaking%2C%20a%20secur e%20SDLC,design%20phase%20of%20the%20SDLC. • https://www.microsoft.com/en- us/securityengineering/sdl/practices • https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.042 32020.pdf
Security professional in the organization ADAD 50
• Wide range of professionals required to support a diverse information security program • Senior management is key component; also, additional administrative support and technical expertise required to implement details of IS program. Rubal_CN 51 Security professional in the organization
• Chief Information Officer (CIO) • Senior technology officer • Primarily responsible for advising senior executives on strategic planning • Chief Information Security Officer (CISO) • Primarily responsible for assessment, management, and implementation of IS in the organization • Usually reports directly to the CIO Rubal_CN 52 Security professional in the organization
• Champion: A senior executive who promotes the project and ensures its support, both financially and administratively, at the highest levels of the organization. • Team leader: A project manager, who may be a departmental line manager or staff unit manager, who understands project management, personnel management, and information security technical requirements. • Security policy developers: People who understand the organizational culture, existing policies, and requirements for developing and implementing successful policies. • Risk assessment specialists: People who understand financial risk assessment techniques, the value of organizational assets, and the security methods to be used. Rubal_CN 53 Information Security Project Team
• Security professionals: Dedicated, trained, and well- educated specialists in all aspects of information security from both a technical and nontechnical standpoint. • Systems administrators: People with the primary responsibility for administering the systems that house the information used by the organization. • End users: Those whom the new system will most directly affect. Ideally, a selection of users from various departments, levels, and degrees of technical knowledge assist the team in focusing on the application of realistic controls applied in ways that do not disrupt the essential business activities they seek to safeguard. Rubal_CN 54 Information Security Project Team
Thanks ADAD 55

Recommended

Cybersecurity Roadmap Development for Executives
Cybersecurity Roadmap Development for ExecutivesCybersecurity Roadmap Development for Executives
Cybersecurity Roadmap Development for ExecutivesKrist Davood - Principal - CIO
 
Computer hacking
Computer hackingComputer hacking
Computer hackingshreyas dani
 
Application Security | Application Security Tutorial | Cyber Security Certifi...
Application Security | Application Security Tutorial | Cyber Security Certifi...Application Security | Application Security Tutorial | Cyber Security Certifi...
Application Security | Application Security Tutorial | Cyber Security Certifi...Edureka!
 
Information security management system
Information security management systemInformation security management system
Information security management systemArani Srinivasan
 
Introduction to Cyber Security
Introduction to Cyber SecurityIntroduction to Cyber Security
Introduction to Cyber SecurityStephen Lahanas
 
cyber security and threats.pptx
cyber security and threats.pptxcyber security and threats.pptx
cyber security and threats.pptxVSAM Technologies India Private Limited
 
INFORMATION SECURITY
INFORMATION SECURITYINFORMATION SECURITY
INFORMATION SECURITYAhmed Moussa
 
Computer security overview
Computer security overviewComputer security overview
Computer security overviewCAS
 

Recommended

Cybersecurity Roadmap Development for Executives
Cybersecurity Roadmap Development for ExecutivesCybersecurity Roadmap Development for Executives
Cybersecurity Roadmap Development for ExecutivesKrist Davood - Principal - CIO
 
Computer hacking
Computer hackingComputer hacking
Computer hackingshreyas dani
 
Application Security | Application Security Tutorial | Cyber Security Certifi...
Application Security | Application Security Tutorial | Cyber Security Certifi...Application Security | Application Security Tutorial | Cyber Security Certifi...
Application Security | Application Security Tutorial | Cyber Security Certifi...Edureka!
 
Information security management system
Information security management systemInformation security management system
Information security management systemArani Srinivasan
 
Introduction to Cyber Security
Introduction to Cyber SecurityIntroduction to Cyber Security
Introduction to Cyber SecurityStephen Lahanas
 
cyber security and threats.pptx
cyber security and threats.pptxcyber security and threats.pptx
cyber security and threats.pptxVSAM Technologies India Private Limited
 
INFORMATION SECURITY
INFORMATION SECURITYINFORMATION SECURITY
INFORMATION SECURITYAhmed Moussa
 
Computer security overview
Computer security overviewComputer security overview
Computer security overviewCAS
 
Cybercrime and Security
Cybercrime and SecurityCybercrime and Security
Cybercrime and SecurityNoushad Hasan
 
Security policies
Security policiesSecurity policies
Security policiesNishant Pahad
 
Cyber crime and security
Cyber crime and securityCyber crime and security
Cyber crime and securityAkash Dhiman
 
Security Awareness Training by Fortinet
Security Awareness Training by FortinetSecurity Awareness Training by Fortinet
Security Awareness Training by FortinetAtlantic Training, LLC.
 
Meaningfull security metrics
Meaningfull security metricsMeaningfull security metrics
Meaningfull security metricsVladimir Jirasek
 
Cybersecurity 1. intro to cybersecurity
Cybersecurity 1. intro to cybersecurityCybersecurity 1. intro to cybersecurity
Cybersecurity 1. intro to cybersecuritysommerville-videos
 
cyber security
cyber securitycyber security
cyber securityabithajayavel
 
Basics of Information System Security
Basics of Information System SecurityBasics of Information System Security
Basics of Information System Securitychauhankapil
 
Cyber security for an organization
Cyber security for an organizationCyber security for an organization
Cyber security for an organizationTejas Wasule
 
Cybersecurity Attack Vectors: How to Protect Your Organization
Cybersecurity Attack Vectors: How to Protect Your OrganizationCybersecurity Attack Vectors: How to Protect Your Organization
Cybersecurity Attack Vectors: How to Protect Your OrganizationTriCorps Technologies
 
Security tools
Security toolsSecurity tools
Security toolsarfan shahzad
 
Cyber Security Vulnerabilities
Cyber Security VulnerabilitiesCyber Security Vulnerabilities
Cyber Security VulnerabilitiesSiemplify
 
IT Security Awareness-v1.7.ppt
IT Security Awareness-v1.7.pptIT Security Awareness-v1.7.ppt
IT Security Awareness-v1.7.pptOoXair
 
Cyber Security Introduction.pptx
Cyber Security Introduction.pptxCyber Security Introduction.pptx
Cyber Security Introduction.pptxANIKETKUMARSHARMA3
 
Cyber security
Cyber securityCyber security
Cyber securityHarsh verma
 
Information security
Information securityInformation security
Information securityLusungu Mkandawire CISA,CISM,CGEIT,CPF,PRINCE2
 
Introduction to Cybersecurity
Introduction to CybersecurityIntroduction to Cybersecurity
Introduction to CybersecurityKrutarth Vasavada
 
CISSP - Chapter 1 - Security Concepts
CISSP - Chapter 1 - Security ConceptsCISSP - Chapter 1 - Security Concepts
CISSP - Chapter 1 - Security ConceptsKarthikeyan Dhayalan
 
Information Security Policies and Standards
Information Security Policies and StandardsInformation Security Policies and Standards
Information Security Policies and StandardsDirectorate of Information Security | Ditjen Aptika
 
Cyber security 07
Cyber security 07Cyber security 07
Cyber security 07Habib Siddiqui
 
sc.pptx
sc.pptxsc.pptx
sc.pptxWorknehEdimealem
 
Information security fundamentals topic 2: Evolution of Information security
Information security fundamentals topic 2: Evolution of Information securityInformation security fundamentals topic 2: Evolution of Information security
Information security fundamentals topic 2: Evolution of Information securityNeha Raju k
 

More Related Content

What's hot

Cybercrime and Security
Cybercrime and SecurityCybercrime and Security
Cybercrime and SecurityNoushad Hasan
 
Cyber crime and security
Cyber crime and securityCyber crime and security
Cyber crime and securityAkash Dhiman
 
Meaningfull security metrics
Meaningfull security metricsMeaningfull security metrics
Meaningfull security metricsVladimir Jirasek
 
Cybersecurity 1. intro to cybersecurity
Cybersecurity 1. intro to cybersecurityCybersecurity 1. intro to cybersecurity
Cybersecurity 1. intro to cybersecuritysommerville-videos
 
Basics of Information System Security
Basics of Information System SecurityBasics of Information System Security
Basics of Information System Securitychauhankapil
 
Cyber security for an organization
Cyber security for an organizationCyber security for an organization
Cyber security for an organizationTejas Wasule
 
Cybersecurity Attack Vectors: How to Protect Your Organization
Cybersecurity Attack Vectors: How to Protect Your OrganizationCybersecurity Attack Vectors: How to Protect Your Organization
Cybersecurity Attack Vectors: How to Protect Your OrganizationTriCorps Technologies
 
Cyber Security Vulnerabilities
Cyber Security VulnerabilitiesCyber Security Vulnerabilities
Cyber Security VulnerabilitiesSiemplify
 
IT Security Awareness-v1.7.ppt
IT Security Awareness-v1.7.pptIT Security Awareness-v1.7.ppt
IT Security Awareness-v1.7.pptOoXair
 
Cyber Security Introduction.pptx
Cyber Security Introduction.pptxCyber Security Introduction.pptx
Cyber Security Introduction.pptxANIKETKUMARSHARMA3
 
Introduction to Cybersecurity
Introduction to CybersecurityIntroduction to Cybersecurity
Introduction to CybersecurityKrutarth Vasavada
 
CISSP - Chapter 1 - Security Concepts
CISSP - Chapter 1 - Security ConceptsCISSP - Chapter 1 - Security Concepts
CISSP - Chapter 1 - Security ConceptsKarthikeyan Dhayalan
 

What's hot (20)

Cybercrime and Security
Cybercrime and SecurityCybercrime and Security
Cybercrime and Security
 
Security policies
Security policiesSecurity policies
Security policies
 
Cyber crime and security
Cyber crime and securityCyber crime and security
Cyber crime and security
 
Security Awareness Training by Fortinet
Security Awareness Training by FortinetSecurity Awareness Training by Fortinet
Security Awareness Training by Fortinet
 
Meaningfull security metrics
Meaningfull security metricsMeaningfull security metrics
Meaningfull security metrics
 
Cybersecurity 1. intro to cybersecurity
Cybersecurity 1. intro to cybersecurityCybersecurity 1. intro to cybersecurity
Cybersecurity 1. intro to cybersecurity
 
cyber security
cyber securitycyber security
cyber security
 
Basics of Information System Security
Basics of Information System SecurityBasics of Information System Security
Basics of Information System Security
 
Cyber security for an organization
Cyber security for an organizationCyber security for an organization
Cyber security for an organization
 
Cybersecurity Attack Vectors: How to Protect Your Organization
Cybersecurity Attack Vectors: How to Protect Your OrganizationCybersecurity Attack Vectors: How to Protect Your Organization
Cybersecurity Attack Vectors: How to Protect Your Organization
 
Security tools
Security toolsSecurity tools
Security tools
 
Cyber Security Vulnerabilities
Cyber Security VulnerabilitiesCyber Security Vulnerabilities
Cyber Security Vulnerabilities
 
IT Security Awareness-v1.7.ppt
IT Security Awareness-v1.7.pptIT Security Awareness-v1.7.ppt
IT Security Awareness-v1.7.ppt
 
Cyber Security Introduction.pptx
Cyber Security Introduction.pptxCyber Security Introduction.pptx
Cyber Security Introduction.pptx
 
Cyber security
Cyber securityCyber security
Cyber security
 
Information security
Information securityInformation security
Information security
 
Introduction to Cybersecurity
Introduction to CybersecurityIntroduction to Cybersecurity
Introduction to Cybersecurity
 
CISSP - Chapter 1 - Security Concepts
CISSP - Chapter 1 - Security ConceptsCISSP - Chapter 1 - Security Concepts
CISSP - Chapter 1 - Security Concepts
 
Information Security Policies and Standards
Information Security Policies and StandardsInformation Security Policies and Standards
Information Security Policies and Standards
 
Cyber security 07
Cyber security 07Cyber security 07
Cyber security 07
 

Similar to Introduction to Information Security

Information security fundamentals topic 2: Evolution of Information security
Information security fundamentals topic 2: Evolution of Information securityInformation security fundamentals topic 2: Evolution of Information security
Information security fundamentals topic 2: Evolution of Information securityNeha Raju k
 
Network security
Network securityNetwork security
Network securityhajra azam
 
CRYPTOGRAPHY AND NETWORK SECURITY ppt by me.pptx
CRYPTOGRAPHY AND NETWORK SECURITY ppt by me.pptxCRYPTOGRAPHY AND NETWORK SECURITY ppt by me.pptx
CRYPTOGRAPHY AND NETWORK SECURITY ppt by me.pptxNune SrinivasRao
 
Cyber Security
Cyber SecurityCyber Security
Cyber SecurityBryCunal
 
Chapter 1 a
Chapter 1 aChapter 1 a
Chapter 1 akibrutry
 
MIS part 4_CH 11.ppt
MIS part 4_CH 11.pptMIS part 4_CH 11.ppt
MIS part 4_CH 11.pptEndAlk15
 
Cyber Space Operation- Offensive Cyber Space Operation
Cyber Space Operation- Offensive Cyber Space OperationCyber Space Operation- Offensive Cyber Space Operation
Cyber Space Operation- Offensive Cyber Space OperationRubal Sagwal
 
Lecture 01- What is Information Security.ppt
Lecture 01- What is Information Security.pptLecture 01- What is Information Security.ppt
Lecture 01- What is Information Security.pptshahadd2021
 
2014-09-03 Cybersecurity and Computer Crimes
2014-09-03 Cybersecurity and Computer Crimes2014-09-03 Cybersecurity and Computer Crimes
2014-09-03 Cybersecurity and Computer CrimesRaffa Learning Community
 
2014-09-03 Cybersecurity and Computer Crimes
2014-09-03 Cybersecurity and Computer Crimes2014-09-03 Cybersecurity and Computer Crimes
2014-09-03 Cybersecurity and Computer CrimesRaffa Learning Community
 
Data Network Security
Data Network SecurityData Network Security
Data Network SecurityAtif Rehmat
 
CyberSecurity.pdf
CyberSecurity.pdfCyberSecurity.pdf
CyberSecurity.pdfSuleiman55
 
1_Introduction to security.pptx
1_Introduction to security.pptx1_Introduction to security.pptx
1_Introduction to security.pptxdiaa46
 
Security & Privacy - Lecture A
Security & Privacy - Lecture ASecurity & Privacy - Lecture A
Security & Privacy - Lecture ACMDLearning
 

Similar to Introduction to Information Security (20)

sc.pptx
sc.pptxsc.pptx
sc.pptx
 
Information security fundamentals topic 2: Evolution of Information security
Information security fundamentals topic 2: Evolution of Information securityInformation security fundamentals topic 2: Evolution of Information security
Information security fundamentals topic 2: Evolution of Information security
 
Network security
Network securityNetwork security
Network security
 
CRYPTOGRAPHY AND NETWORK SECURITY ppt by me.pptx
CRYPTOGRAPHY AND NETWORK SECURITY ppt by me.pptxCRYPTOGRAPHY AND NETWORK SECURITY ppt by me.pptx
CRYPTOGRAPHY AND NETWORK SECURITY ppt by me.pptx
 
Cyber Security
Cyber SecurityCyber Security
Cyber Security
 
Hacking
Hacking Hacking
Hacking
 
Chapter 1 a
Chapter 1 aChapter 1 a
Chapter 1 a
 
Cyber Security in 2018
Cyber Security in 2018Cyber Security in 2018
Cyber Security in 2018
 
MIS part 4_CH 11.ppt
MIS part 4_CH 11.pptMIS part 4_CH 11.ppt
MIS part 4_CH 11.ppt
 
Cyber Space Operation- Offensive Cyber Space Operation
Cyber Space Operation- Offensive Cyber Space OperationCyber Space Operation- Offensive Cyber Space Operation
Cyber Space Operation- Offensive Cyber Space Operation
 
Lecture 01- What is Information Security.ppt
Lecture 01- What is Information Security.pptLecture 01- What is Information Security.ppt
Lecture 01- What is Information Security.ppt
 
2014-09-03 Cybersecurity and Computer Crimes
2014-09-03 Cybersecurity and Computer Crimes2014-09-03 Cybersecurity and Computer Crimes
2014-09-03 Cybersecurity and Computer Crimes
 
2014-09-03 Cybersecurity and Computer Crimes
2014-09-03 Cybersecurity and Computer Crimes2014-09-03 Cybersecurity and Computer Crimes
2014-09-03 Cybersecurity and Computer Crimes
 
Data Network Security
Data Network SecurityData Network Security
Data Network Security
 
CyberSecurity.pdf
CyberSecurity.pdfCyberSecurity.pdf
CyberSecurity.pdf
 
1_Introduction to security.pptx
1_Introduction to security.pptx1_Introduction to security.pptx
1_Introduction to security.pptx
 
Ethical hacking
Ethical hackingEthical hacking
Ethical hacking
 
Ethical Issues and Relevant Laws on Computing
Ethical Issues and Relevant Laws on ComputingEthical Issues and Relevant Laws on Computing
Ethical Issues and Relevant Laws on Computing
 
Security & Privacy - Lecture A
Security & Privacy - Lecture ASecurity & Privacy - Lecture A
Security & Privacy - Lecture A
 
The Cybersecurity Mess
The Cybersecurity MessThe Cybersecurity Mess
The Cybersecurity Mess
 

More from Rubal Sagwal

Cloud and Virtualization Security
Cloud and Virtualization SecurityCloud and Virtualization Security
Cloud and Virtualization SecurityRubal Sagwal
 
Cloud and Virtualization (Using Virtualization to form Clouds)
Cloud and Virtualization (Using Virtualization to form Clouds)Cloud and Virtualization (Using Virtualization to form Clouds)
Cloud and Virtualization (Using Virtualization to form Clouds)Rubal Sagwal
 
ER Modeling and Introduction to RDBMS
ER Modeling and Introduction to RDBMSER Modeling and Introduction to RDBMS
ER Modeling and Introduction to RDBMSRubal Sagwal
 
Database Models, Client-Server Architecture, Distributed Database and Classif...
Database Models, Client-Server Architecture, Distributed Database and Classif...Database Models, Client-Server Architecture, Distributed Database and Classif...
Database Models, Client-Server Architecture, Distributed Database and Classif...Rubal Sagwal
 
Overview of Data Base Systems Concepts and Architecture
Overview of Data Base Systems Concepts and ArchitectureOverview of Data Base Systems Concepts and Architecture
Overview of Data Base Systems Concepts and ArchitectureRubal Sagwal
 
Practical Implementation of Virtual Machine
Practical Implementation of Virtual MachinePractical Implementation of Virtual Machine
Practical Implementation of Virtual MachineRubal Sagwal
 
Principles of Virtualization - Introduction to Virtualization Software
Principles of Virtualization - Introduction to Virtualization Software Principles of Virtualization - Introduction to Virtualization Software
Principles of Virtualization - Introduction to Virtualization Software Rubal Sagwal
 
Accessing virtualized published applications
Accessing virtualized published applicationsAccessing virtualized published applications
Accessing virtualized published applicationsRubal Sagwal
 
Prepare and Manage Remote Applications through Virtualization
Prepare and Manage Remote Applications through Virtualization Prepare and Manage Remote Applications through Virtualization
Prepare and Manage Remote Applications through Virtualization Rubal Sagwal
 
Managing Virtual Hard Disk and Virtual Machine Resources
Managing Virtual Hard Disk and Virtual Machine ResourcesManaging Virtual Hard Disk and Virtual Machine Resources
Managing Virtual Hard Disk and Virtual Machine ResourcesRubal Sagwal
 
Configure and Manage Virtualization on different Platforms
Configure and Manage Virtualization on different Platforms Configure and Manage Virtualization on different Platforms
Configure and Manage Virtualization on different Platforms Rubal Sagwal
 
Virtualization Uses - Server Consolidation
Virtualization Uses - Server Consolidation Virtualization Uses - Server Consolidation
Virtualization Uses - Server Consolidation Rubal Sagwal
 
Principles of virtualization
Principles of virtualizationPrinciples of virtualization
Principles of virtualizationRubal Sagwal
 
Troubleshooting Network and Network Utilities
Troubleshooting Network and Network UtilitiesTroubleshooting Network and Network Utilities
Troubleshooting Network and Network UtilitiesRubal Sagwal
 
Application Layer and Protocols
Application Layer and ProtocolsApplication Layer and Protocols
Application Layer and ProtocolsRubal Sagwal
 
Basics of Network Layer and Transport Layer
Basics of Network Layer and Transport LayerBasics of Network Layer and Transport Layer
Basics of Network Layer and Transport LayerRubal Sagwal
 
Wireless Technologies and Standards
Wireless Technologies and StandardsWireless Technologies and Standards
Wireless Technologies and StandardsRubal Sagwal
 
Ethernet, Point-to-Point Protocol, ARP
Ethernet, Point-to-Point Protocol, ARP Ethernet, Point-to-Point Protocol, ARP
Ethernet, Point-to-Point Protocol, ARP Rubal Sagwal
 
Basics of Computer Network Device
Basics of Computer Network DeviceBasics of Computer Network Device
Basics of Computer Network DeviceRubal Sagwal
 
OSI model and TCP/IP model
OSI model and TCP/IP modelOSI model and TCP/IP model
OSI model and TCP/IP modelRubal Sagwal
 

More from Rubal Sagwal (20)

Cloud and Virtualization Security
Cloud and Virtualization SecurityCloud and Virtualization Security
Cloud and Virtualization Security
 
Cloud and Virtualization (Using Virtualization to form Clouds)
Cloud and Virtualization (Using Virtualization to form Clouds)Cloud and Virtualization (Using Virtualization to form Clouds)
Cloud and Virtualization (Using Virtualization to form Clouds)
 
ER Modeling and Introduction to RDBMS
ER Modeling and Introduction to RDBMSER Modeling and Introduction to RDBMS
ER Modeling and Introduction to RDBMS
 
Database Models, Client-Server Architecture, Distributed Database and Classif...
Database Models, Client-Server Architecture, Distributed Database and Classif...Database Models, Client-Server Architecture, Distributed Database and Classif...
Database Models, Client-Server Architecture, Distributed Database and Classif...
 
Overview of Data Base Systems Concepts and Architecture
Overview of Data Base Systems Concepts and ArchitectureOverview of Data Base Systems Concepts and Architecture
Overview of Data Base Systems Concepts and Architecture
 
Practical Implementation of Virtual Machine
Practical Implementation of Virtual MachinePractical Implementation of Virtual Machine
Practical Implementation of Virtual Machine
 
Principles of Virtualization - Introduction to Virtualization Software
Principles of Virtualization - Introduction to Virtualization Software Principles of Virtualization - Introduction to Virtualization Software
Principles of Virtualization - Introduction to Virtualization Software
 
Accessing virtualized published applications
Accessing virtualized published applicationsAccessing virtualized published applications
Accessing virtualized published applications
 
Prepare and Manage Remote Applications through Virtualization
Prepare and Manage Remote Applications through Virtualization Prepare and Manage Remote Applications through Virtualization
Prepare and Manage Remote Applications through Virtualization
 
Managing Virtual Hard Disk and Virtual Machine Resources
Managing Virtual Hard Disk and Virtual Machine ResourcesManaging Virtual Hard Disk and Virtual Machine Resources
Managing Virtual Hard Disk and Virtual Machine Resources
 
Configure and Manage Virtualization on different Platforms
Configure and Manage Virtualization on different Platforms Configure and Manage Virtualization on different Platforms
Configure and Manage Virtualization on different Platforms
 
Virtualization Uses - Server Consolidation
Virtualization Uses - Server Consolidation Virtualization Uses - Server Consolidation
Virtualization Uses - Server Consolidation
 
Principles of virtualization
Principles of virtualizationPrinciples of virtualization
Principles of virtualization
 
Troubleshooting Network and Network Utilities
Troubleshooting Network and Network UtilitiesTroubleshooting Network and Network Utilities
Troubleshooting Network and Network Utilities
 
Application Layer and Protocols
Application Layer and ProtocolsApplication Layer and Protocols
Application Layer and Protocols
 
Basics of Network Layer and Transport Layer
Basics of Network Layer and Transport LayerBasics of Network Layer and Transport Layer
Basics of Network Layer and Transport Layer
 
Wireless Technologies and Standards
Wireless Technologies and StandardsWireless Technologies and Standards
Wireless Technologies and Standards
 
Ethernet, Point-to-Point Protocol, ARP
Ethernet, Point-to-Point Protocol, ARP Ethernet, Point-to-Point Protocol, ARP
Ethernet, Point-to-Point Protocol, ARP
 
Basics of Computer Network Device
Basics of Computer Network DeviceBasics of Computer Network Device
Basics of Computer Network Device
 
OSI model and TCP/IP model
OSI model and TCP/IP modelOSI model and TCP/IP model
OSI model and TCP/IP model
 

Recently uploaded

Porous Ceramics seminar and technical writing
Porous Ceramics seminar and technical writingPorous Ceramics seminar and technical writing
Porous Ceramics seminar and technical writingrakeshbaidya232001
 
College Call Girls Nashik Nehal 7001305949 Independent Escort Service Nashik
College Call Girls Nashik Nehal 7001305949 Independent Escort Service NashikCollege Call Girls Nashik Nehal 7001305949 Independent Escort Service Nashik
College Call Girls Nashik Nehal 7001305949 Independent Escort Service NashikCall Girls in Nagpur High Profile
 
(RIA) Call Girls Bhosari ( 7001035870 ) HI-Fi Pune Escorts Service
(RIA) Call Girls Bhosari ( 7001035870 ) HI-Fi Pune Escorts Service(RIA) Call Girls Bhosari ( 7001035870 ) HI-Fi Pune Escorts Service
(RIA) Call Girls Bhosari ( 7001035870 ) HI-Fi Pune Escorts Serviceranjana rawat
 
(ANJALI) Dange Chowk Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...
(ANJALI) Dange Chowk Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...(ANJALI) Dange Chowk Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...
(ANJALI) Dange Chowk Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...ranjana rawat
 
(PRIYA) Rajgurunagar Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...
(PRIYA) Rajgurunagar Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...(PRIYA) Rajgurunagar Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...
(PRIYA) Rajgurunagar Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...ranjana rawat
 
Analog to Digital and Digital to Analog Converter
Analog to Digital and Digital to Analog ConverterAnalog to Digital and Digital to Analog Converter
Analog to Digital and Digital to Analog ConverterAbhinavSharma374939
 
HARMONY IN THE NATURE AND EXISTENCE - Unit-IV
HARMONY IN THE NATURE AND EXISTENCE - Unit-IVHARMONY IN THE NATURE AND EXISTENCE - Unit-IV
HARMONY IN THE NATURE AND EXISTENCE - Unit-IVRajaP95
 
Microscopic Analysis of Ceramic Materials.pptx
Microscopic Analysis of Ceramic Materials.pptxMicroscopic Analysis of Ceramic Materials.pptx
Microscopic Analysis of Ceramic Materials.pptxpurnimasatapathy1234
 
Call Girls Delhi {Jodhpur} 9711199012 high profile service
Call Girls Delhi {Jodhpur} 9711199012 high profile serviceCall Girls Delhi {Jodhpur} 9711199012 high profile service
Call Girls Delhi {Jodhpur} 9711199012 high profile servicerehmti665
 
(MEERA) Dapodi Call Girls Just Call 7001035870 [ Cash on Delivery ] Pune Escorts
(MEERA) Dapodi Call Girls Just Call 7001035870 [ Cash on Delivery ] Pune Escorts(MEERA) Dapodi Call Girls Just Call 7001035870 [ Cash on Delivery ] Pune Escorts
(MEERA) Dapodi Call Girls Just Call 7001035870 [ Cash on Delivery ] Pune Escortsranjana rawat
 
VIP Call Girls Service Kondapur Hyderabad Call +91-8250192130
VIP Call Girls Service Kondapur Hyderabad Call +91-8250192130VIP Call Girls Service Kondapur Hyderabad Call +91-8250192130
VIP Call Girls Service Kondapur Hyderabad Call +91-8250192130Suhani Kapoor
 
VIP Call Girls Service Hitech City Hyderabad Call +91-8250192130
VIP Call Girls Service Hitech City Hyderabad Call +91-8250192130VIP Call Girls Service Hitech City Hyderabad Call +91-8250192130
VIP Call Girls Service Hitech City Hyderabad Call +91-8250192130Suhani Kapoor
 
the ladakh protest in leh ladakh 2024 sonam wangchuk.pptx
the ladakh protest in leh ladakh 2024 sonam wangchuk.pptxthe ladakh protest in leh ladakh 2024 sonam wangchuk.pptx
the ladakh protest in leh ladakh 2024 sonam wangchuk.pptxhumanexperienceaaa
 
OSVC_Meta-Data based Simulation Automation to overcome Verification Challenge...
OSVC_Meta-Data based Simulation Automation to overcome Verification Challenge...OSVC_Meta-Data based Simulation Automation to overcome Verification Challenge...
OSVC_Meta-Data based Simulation Automation to overcome Verification Challenge...Soham Mondal
 
APPLICATIONS-AC/DC DRIVES-OPERATING CHARACTERISTICS
APPLICATIONS-AC/DC DRIVES-OPERATING CHARACTERISTICSAPPLICATIONS-AC/DC DRIVES-OPERATING CHARACTERISTICS
APPLICATIONS-AC/DC DRIVES-OPERATING CHARACTERISTICSKurinjimalarL3
 
MANUFACTURING PROCESS-II UNIT-5 NC MACHINE TOOLS
MANUFACTURING PROCESS-II UNIT-5 NC MACHINE TOOLSMANUFACTURING PROCESS-II UNIT-5 NC MACHINE TOOLS
MANUFACTURING PROCESS-II UNIT-5 NC MACHINE TOOLSSIVASHANKAR N
 

Recently uploaded (20)

Porous Ceramics seminar and technical writing
Porous Ceramics seminar and technical writingPorous Ceramics seminar and technical writing
Porous Ceramics seminar and technical writing
 
College Call Girls Nashik Nehal 7001305949 Independent Escort Service Nashik
College Call Girls Nashik Nehal 7001305949 Independent Escort Service NashikCollege Call Girls Nashik Nehal 7001305949 Independent Escort Service Nashik
College Call Girls Nashik Nehal 7001305949 Independent Escort Service Nashik
 
(RIA) Call Girls Bhosari ( 7001035870 ) HI-Fi Pune Escorts Service
(RIA) Call Girls Bhosari ( 7001035870 ) HI-Fi Pune Escorts Service(RIA) Call Girls Bhosari ( 7001035870 ) HI-Fi Pune Escorts Service
(RIA) Call Girls Bhosari ( 7001035870 ) HI-Fi Pune Escorts Service
 
(ANJALI) Dange Chowk Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...
(ANJALI) Dange Chowk Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...(ANJALI) Dange Chowk Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...
(ANJALI) Dange Chowk Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...
 
(PRIYA) Rajgurunagar Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...
(PRIYA) Rajgurunagar Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...(PRIYA) Rajgurunagar Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...
(PRIYA) Rajgurunagar Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...
 
DJARUM4D - SLOT GACOR ONLINE | SLOT DEMO ONLINE
DJARUM4D - SLOT GACOR ONLINE | SLOT DEMO ONLINEDJARUM4D - SLOT GACOR ONLINE | SLOT DEMO ONLINE
DJARUM4D - SLOT GACOR ONLINE | SLOT DEMO ONLINE
 
Analog to Digital and Digital to Analog Converter
Analog to Digital and Digital to Analog ConverterAnalog to Digital and Digital to Analog Converter
Analog to Digital and Digital to Analog Converter
 
HARMONY IN THE NATURE AND EXISTENCE - Unit-IV
HARMONY IN THE NATURE AND EXISTENCE - Unit-IVHARMONY IN THE NATURE AND EXISTENCE - Unit-IV
HARMONY IN THE NATURE AND EXISTENCE - Unit-IV
 
Call Us -/9953056974- Call Girls In Vikaspuri-/- Delhi NCR
Call Us -/9953056974- Call Girls In Vikaspuri-/- Delhi NCRCall Us -/9953056974- Call Girls In Vikaspuri-/- Delhi NCR
Call Us -/9953056974- Call Girls In Vikaspuri-/- Delhi NCR
 
Microscopic Analysis of Ceramic Materials.pptx
Microscopic Analysis of Ceramic Materials.pptxMicroscopic Analysis of Ceramic Materials.pptx
Microscopic Analysis of Ceramic Materials.pptx
 
Call Girls Delhi {Jodhpur} 9711199012 high profile service
Call Girls Delhi {Jodhpur} 9711199012 high profile serviceCall Girls Delhi {Jodhpur} 9711199012 high profile service
Call Girls Delhi {Jodhpur} 9711199012 high profile service
 
(MEERA) Dapodi Call Girls Just Call 7001035870 [ Cash on Delivery ] Pune Escorts
(MEERA) Dapodi Call Girls Just Call 7001035870 [ Cash on Delivery ] Pune Escorts(MEERA) Dapodi Call Girls Just Call 7001035870 [ Cash on Delivery ] Pune Escorts
(MEERA) Dapodi Call Girls Just Call 7001035870 [ Cash on Delivery ] Pune Escorts
 
VIP Call Girls Service Kondapur Hyderabad Call +91-8250192130
VIP Call Girls Service Kondapur Hyderabad Call +91-8250192130VIP Call Girls Service Kondapur Hyderabad Call +91-8250192130
VIP Call Girls Service Kondapur Hyderabad Call +91-8250192130
 
VIP Call Girls Service Hitech City Hyderabad Call +91-8250192130
VIP Call Girls Service Hitech City Hyderabad Call +91-8250192130VIP Call Girls Service Hitech City Hyderabad Call +91-8250192130
VIP Call Girls Service Hitech City Hyderabad Call +91-8250192130
 
the ladakh protest in leh ladakh 2024 sonam wangchuk.pptx
the ladakh protest in leh ladakh 2024 sonam wangchuk.pptxthe ladakh protest in leh ladakh 2024 sonam wangchuk.pptx
the ladakh protest in leh ladakh 2024 sonam wangchuk.pptx
 
OSVC_Meta-Data based Simulation Automation to overcome Verification Challenge...
OSVC_Meta-Data based Simulation Automation to overcome Verification Challenge...OSVC_Meta-Data based Simulation Automation to overcome Verification Challenge...
OSVC_Meta-Data based Simulation Automation to overcome Verification Challenge...
 
Exploring_Network_Security_with_JA3_by_Rakesh Seal.pptx
Exploring_Network_Security_with_JA3_by_Rakesh Seal.pptxExploring_Network_Security_with_JA3_by_Rakesh Seal.pptx
Exploring_Network_Security_with_JA3_by_Rakesh Seal.pptx
 
Roadmap to Membership of RICS - Pathways and Routes
Roadmap to Membership of RICS - Pathways and RoutesRoadmap to Membership of RICS - Pathways and Routes
Roadmap to Membership of RICS - Pathways and Routes
 
APPLICATIONS-AC/DC DRIVES-OPERATING CHARACTERISTICS
APPLICATIONS-AC/DC DRIVES-OPERATING CHARACTERISTICSAPPLICATIONS-AC/DC DRIVES-OPERATING CHARACTERISTICS
APPLICATIONS-AC/DC DRIVES-OPERATING CHARACTERISTICS
 
MANUFACTURING PROCESS-II UNIT-5 NC MACHINE TOOLS
MANUFACTURING PROCESS-II UNIT-5 NC MACHINE TOOLSMANUFACTURING PROCESS-II UNIT-5 NC MACHINE TOOLS
MANUFACTURING PROCESS-II UNIT-5 NC MACHINE TOOLS
 

Introduction to Information Security

  • 1. Information Security Unit - 1 Introduction to Information Security Date: Presented By: Rubal Sagwal Department of Computer Engineering NIT, Kurukshetra Book Ref : 1Rubal_CN
  • 2. Contents • Definition of Information Security • Evolution of Information Security • Basics Principles of Information Security • Critical Concepts of Information Security • Components of the Information System • Balancing Information Security and Access • Implementing IT Security • The system Development Life cycle • Security professional in the organization Rubal_CN 2
  • 4. Cyber Space and Cyber Security Rubal_CN 4
  • 5. Cyber Space • “Cyberspace” does not have a single agreed definition, some things can be said, • First, cyberspace is not a physical place, although many elements of cyberspace are indeed physical, • Second, cyberspace includes but is not limited to the Internet—cyberspace also includes computers (some of which are attached to the Internet and some not) and networks (some of which may be part of the Internet and some not). • Third, cyberspace includes many intangibles, such as information and software and how different elements of cyberspace are connected to each other Rubal_CN 5
  • 6. Cyber Space • So a rough definition might be that : • cyberspace consists of objects based on or dependent on computing and communication technology; • The information that these objects use, store, handle, or process; and • The interconnections among these various elements. Rubal_CN 6
  • 7. What is Security • “The quality or state of being secure—to be free from danger” • A successful organization should have multiple layers of security in place: 1. Physical security - to protect physical items, objects, or areas from unauthorized access and misuse 2. Personnel security - to protect the individual or group of individuals who are authorized to access the organization and its operations 3. Operations security - to protect the details of a particular operation or series of activities Rubal_CN 7
  • 8. What is Security 4. Communications security - to protect communications media, technology, and content 5. Network security - to protect networking components, connections, and contents 6. Information security - to protect the confidentiality, integrity and availability of information assets, whether in storage, processing, or transmission. Rubal_CN 8
  • 9. Cyber Security • Cyber security means protecting cyberspace from any attack or cybercrime, it can be any cyber or physical attack. • Maintaining : • Confidentiality • Integrity • Availability Rubal_CN 9
  • 11. Computer Security • Computer Security – the protection of the items you value, called the assets of the computer or computer system. Rubal_CN 11
  • 12. Assets • There are many types of assets: • Hardware • Software • Data • People • Processes, • or combinations of these. To determine what to protect, we must first identify what has value and to whom. Rubal_CN 12
  • 13. • A computer device (including hardware, added components, and accessories) is certainly an asset. Because most computer hardware is pretty useless without programs, the software – is also an asset. • Software includes the operating system, utilities and device handlers; applications such as word processing, media players or email handlers. • Even programs that you may have written yourself. Rubal_CN 13 Assets
  • 14. • The thing that makes your computer unique and important to you is its content: • Photos • Tunes • Papers • Email messages • Projects • Calendar information • E-books • Contact information • Code you created, etc. • Thus, data items on a computer are assets, too. Rubal_CN 14 Assets
  • 17. • The state of being protected against the unauthorized access, use, disclosure, disruption, modification, inspection, recording or destruction of information. Rubal_CN 17 Information Security
  • 18. • Began immediately after the first mainframes were developed • Groups developing code-breaking computations during World War II created the first modern computers • Physical controls to limit access to sensitive military locations to authorized personnel • Rudimentary in defending against physical theft, espionage, and sabotage Rubal_CN 18 Evolution of Information Security
  • 19. • It was during the 1960s when organisations first started to become more protective of their computers. During this time, there was no internet or network to worry about, so security was largely focused on more physical measures, and preventing access to people with enough knowledge about how to work a computer. • In order to do this, passwords and multiple layers of security protection were added to devices. Fire safety measures were also implemented, to ensure that the stored data was protected. After all, there was no iCloud available back in those days, so computers had to be secured by other means. Rubal_CN 19 Evolution of Information Security - 1960
  • 20. • Cybersecurity’s history began with a research project during the 1970s, on what was then known as the ARPANET (The Advanced Research Projects Agency Network). A researcher named Bob Thomas created a computer program which was able to move ARPANET’s network, leaving a small trail wherever it went. He named the program ‘CREEPER’, because of the printed message that was left when travelling across the network: ‘I’M THE CREEPER: CATCH ME IF YOU CAN’. Rubal_CN 20 Evolution of Information Security - 1970
  • 21. • Ray Tomlinson – the man who invented email – later designed a program which took CREEPER to the next level, making it self-replicating and the first ever computer worm. Fortunately, he then wrote another program called Reaper which chased CREEPER and deleted it, providing the first example of antivirus software. Rubal_CN 21 Evolution of Information Security - 1970
  • 22. • In 1986, employed German computer hacker Marcus Hess to steal US military secrets. He hacked into over 400 military computers, including mainframes at the Pentagon, and intended selling their secrets to the KGB. Fortunately, he was thwarted. • Two years later, in 1988, saw the birth of the Morris Worm – one of the major turning points in the history of information security. • Morris worm: self-replicating worm, first massive worm. Rubal_CN 22 Evolution of Information Security - 1980
  • 23. • By the middle of the 90s, network security threats had increased exponentially and, as such, firewalls and antivirus programs had to be produced on a mass basis to protect the public. It was a NASA researcher who created the very first firewall program design. Rubal_CN 23 Evolution of Information Security - 1990
  • 24. • Proper punishment. • In the early 2000s, governments began to clamp down on the criminality of hacking, giving much more serious sentences to those culpable – including extensive jail time and large fines. Rubal_CN 24 Evolution of Information Security - 2000
  • 25. • Era of major breaches. • Snowden & The NSA, 2013: Edward Snowden – a former CIA employee and contractor for the US Government – copied and leaked classified information from the National Security Agency (NSA), highlighting the fact that the government was effectively ‘spying’ on the public. He is controversially thought of as a hero to some, and a traitor to others. • Yahoo, 2013 – 2014: Hackers broke into Yahoo, jeopardising the accounts and personal information of all their three billion users. They were fined $35 million for failing to disclose news of the breach in a timely manner, and Yahoo’s sale price decreased by $350 million as a result. • WannaCry, 2017: More widely known as the first ‘ransomworm’, WannaCry targeted computers running the Microsoft Windows operating system and demanded ransom payments in the Bitcoin cryptocurrency. In only one day, the worm infected over 230,000 computers across 150 countries. Rubal_CN 25 Evolution of Information Security - 2010
  • 27. 1. Confidentiality 2. Integrity 3. Availability Rubal_CN 27 Principles of Security - CIA
  • 28. Confidentiality • The degree of confidentiality determines the secrecy of the information. The principle specifies that only the sender and receiver will be able to access the information shared between them. Confidentiality compromises if an unauthorized person is able to access a message. • For example, let us consider sender A wants to share some confidential information with receiver B and the information gets intercepted by the attacker C. Now the confidential information is in the hands of an intruder C. Rubal_CN 28 Principles of Security
  • 29. • Availability: The principle of availability states that the resources will be available to authorize party at all times. Information will not be useful if it is not available to be accessed. Systems should have sufficient availability of information to satisfy the user request. Rubal_CN 29 Principles of Security
  • 30. • Integrity: Integrity gives the assurance that the information received is exact and accurate. If the content of the message is changed after the sender sends it but before reaching the intended receiver, then it is said that the integrity of the message is lost. Rubal_CN 30 Principles of Security
  • 31. • Authentication Authentication is the mechanism to identify the user or system or the entity. It ensures the identity of the person trying to access the information. The authentication is mostly secured by using username and password. The authorized person whose identity is preregistered can prove his/her identity and can access the sensible information. Rubal_CN 31 Principles of Security
  • 32. Critical Concepts of Information Security Rubal_CN 32
  • 33. • A vulnerability is a weakness in the system. • For instance, a particular system may be vulnerable to unauthorized data manipulation because the system does not verify a user’s identity before allowing data access. Rubal_CN 33 Vulnerability
  • 34. • A threat to a computing system is a set of circumstances that has the potential to cause loss or harm. Rubal_CN 34 Threat
  • 35. Rubal_CN 35 • we can see a small crack in the wall—a vulnerabilitythat threatens the man’s security. If the water rises to or beyond the level of the crack, it will exploit the vulnerability and harm the man.
  • 36. An intentional or unintentional act that can cause damage to or otherwise compromise information and/or the systems that support it. Attacks can be active or passive, intentional or unintentional, and direct or indirect. Rubal_CN 36 Attack
  • 37. • Access: A subject or object’s ability to use, manipulate, modify, or affect another subject or object. • Asset: The organizational resource that is being protected. An asset can be logical, such as a Web site, information, or data; or an asset can be physical, such as a person,computer system, or other tangible object. • Risk: The probability that something unwanted will happen. • Subjects and objects: A computer can be either the subject of an attack—an agent entity used to conduct the attack—or the object of an attack—the target entity, Rubal_CN 37
  • 39. • Information System (IS) is entire set of: • Software, • Hardware, • Data, • People, • Procedures, and • Networks • Necessary to use information as a resource in the organization. Rubal_CN 39 Components of the Information System
  • 41. • Impossible to obtain perfect security—it is a process, not an absolute • Security should be considered balance between protection and availability. • To achieve balance, level of security must allow reasonable access, yet protect against threats. Rubal_CN 41 Balancing Information Security and Access
  • 42. Rubal_CN 42 Balancing Information Security and Access
  • 44. • Systems development life cycle (SDLC) is methodology and design for implementation of information security within an organization • Methodology is formal approach to problem-solving based on structured sequence of procedures • Using a methodology • Ensures a rigorous process • Avoids missing steps • Goal is creating a comprehensive security posture/program • Traditional SDLC consists of six general phases Rubal_CN 44 System Development Life Cycle
  • 46. Rubal_CN 46 Secure System Development Life Cycle • Generally speaking, a secure SDLC involves integrating security testing and other activities into an existing development process. • Examples include writing security requirements alongside functional requirements and performing an architecture risk analysis during the design phase of the SDLC.
  • 47. Rubal_CN 47 Secure System Development Life Cycle • Many secure SDLC models are in use, but one of the best known is the Microsoft Security Development Lifecycle (MS SDL), which outlines 12 practices organizations can adopt to increase the security of their software. • And earlier this year, NIST published the final version of its Secure Software Development Framework, which focuses on security-related processes that organizations can integrate into their existing SDLC.
  • 48. Rubal_CN 48 Secure System Development Life Cycle • Prepare the Organization (PO): Ensure that the organization’s people, processes, and technology are prepared to perform secure software development at the organization level and, in some cases, for each individual project. • Protect the Software (PS): Protect all components of the software from tampering and unauthorized access. • Produce Well-Secured Software (PW): Produce well- secured software that has minimal security vulnerabilities in its releases. • Respond to Vulnerabilities (RV): Identify vulnerabilities in software releases and respond appropriately to address those vulnerabilities and prevent similar vulnerabilities from occurring in the future.
  • 49. Rubal_CN 49 Secure System Development Life Cycle • https://www.tutorialspoint.com/system_analysis_and_ design/system_analysis_and_design_development_life _cycle.htm • https://www.synopsys.com/blogs/software- security/secure- sdlc/#:~:text=Generally%20speaking%2C%20a%20secur e%20SDLC,design%20phase%20of%20the%20SDLC. • https://www.microsoft.com/en- us/securityengineering/sdl/practices • https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.042 32020.pdf
  • 50. Security professional in the organization ADAD 50
  • 51. • Wide range of professionals required to support a diverse information security program • Senior management is key component; also, additional administrative support and technical expertise required to implement details of IS program. Rubal_CN 51 Security professional in the organization
  • 52. • Chief Information Officer (CIO) • Senior technology officer • Primarily responsible for advising senior executives on strategic planning • Chief Information Security Officer (CISO) • Primarily responsible for assessment, management, and implementation of IS in the organization • Usually reports directly to the CIO Rubal_CN 52 Security professional in the organization
  • 53. • Champion: A senior executive who promotes the project and ensures its support, both financially and administratively, at the highest levels of the organization. • Team leader: A project manager, who may be a departmental line manager or staff unit manager, who understands project management, personnel management, and information security technical requirements. • Security policy developers: People who understand the organizational culture, existing policies, and requirements for developing and implementing successful policies. • Risk assessment specialists: People who understand financial risk assessment techniques, the value of organizational assets, and the security methods to be used. Rubal_CN 53 Information Security Project Team
  • 54. • Security professionals: Dedicated, trained, and well- educated specialists in all aspects of information security from both a technical and nontechnical standpoint. • Systems administrators: People with the primary responsibility for administering the systems that house the information used by the organization. • End users: Those whom the new system will most directly affect. Ideally, a selection of users from various departments, levels, and degrees of technical knowledge assist the team in focusing on the application of realistic controls applied in ways that do not disrupt the essential business activities they seek to safeguard. Rubal_CN 54 Information Security Project Team