On National Teacher Day, meet the 2024-25 Kenan Fellows
Digital information security
1. Digital Information Security
Sayed Ahmad Sahim
Kandahar University
sayedahmad.sahim@gmail.com
May 20, 2015
Sayed Ahmad Sahim (Kandahar University) Digital Information Security May 20, 2015 1 / 21
2. Table of Contents
1 Introduction
2 Information vs Data
3 Three objectives of information security
4 Security Policy
5 90/10 Rule
ITIC/KnowBe4 2013-14 Survey
6 Security Violation
7 Security Objectives
Good Computing Practices
8 Conclusion
Sayed Ahmad Sahim (Kandahar University) Digital Information Security May 20, 2015 2 / 21
3. introduction
Security
Security is a continuous process of protecting an object from attack (Rizza,
2005).
Figure : Security Definition
Sayed Ahmad Sahim (Kandahar University) Digital Information Security May 20, 2015 3 / 21
4. Information Security
Information Security refers to the protection of information from unautho-
rized access, use, misuse, disclosure, destruction, modification, or disrup-
tion. (Afshin Rezakhani, 2011)
Figure : Information Security
Sayed Ahmad Sahim (Kandahar University) Digital Information Security May 20, 2015 4 / 21
5. Information vs Data
Data is unprocessed facts and figures without any added interpretation
or analysis (Dutcher, 2015).
Information is data that has been interpreted so that it has meaning
for the user (Dutcher, 2015).
Knowledge is a combination of information, experience and insight
that may benefit the individual or the organisation (Dutcher, 2015).
Figure : Information vs Data
Sayed Ahmad Sahim (Kandahar University) Digital Information Security May 20, 2015 5 / 21
6. Three objectives of information security
Confidentiality
Integrity
Availability
Sayed Ahmad Sahim (Kandahar University) Digital Information Security May 20, 2015 6 / 21
7. Confidentiality
Confidentiality: Confidentiality is the term used to prevent the disclosure of
information to unauthorized individuals or systems (Y. and hoon Kim, 2007).
Figure : Confidentiality
Sayed Ahmad Sahim (Kandahar University) Digital Information Security May 20, 2015 7 / 21
8. Integrity
Integrity refers to the protection of information from unauthorized modifi-
cation or destruction. Ensuring integrity is ensuring that information and
information systems are accurate, complete and uncorrupted (Y. and hoon
Kim, 2007).
Figure : Integrity
Sayed Ahmad Sahim (Kandahar University) Digital Information Security May 20, 2015 8 / 21
9. Availability
Availability refers to the protection of information and information systems
from unauthorized disruption. Ensuring availability is ensuring timely and
reliable access to and use of information and information systems(Y. and
hoon Kim, 2007).
Figure : Availability
Sayed Ahmad Sahim (Kandahar University) Digital Information Security May 20, 2015 9 / 21
10. CIA
Figure : cia
Sayed Ahmad Sahim (Kandahar University) Digital Information Security May 20, 2015 10 / 21
11. Security Policy
Security policies are the foundation and the bottom line of information se-
curity in an organization.
A well written and implemented policy contains sufficient information
on what must be done to protect information and people in the
organization (SAAN, 2015).
Security policies also establish computer usage guidelines for staff in
the course of their job duties (SAAN, 2015).
Information Security policy defines framework for how to use
information and information systems.
Sayed Ahmad Sahim (Kandahar University) Digital Information Security May 20, 2015 11 / 21
12. Question
You may ask.
Why do I need to learn about Security?
”Isn’t this just an IT Problem?”
Sayed Ahmad Sahim (Kandahar University) Digital Information Security May 20, 2015 12 / 21
13. Question
You may ask.
Why do I need to learn about Security?
”Isn’t this just an IT Problem?”
Good Security Standards follow the 90 / 10 Rule (University of
California):
10% of security safeguards are technical.
90% of security safeguards rely on the computer user YOU to
adhere to good computing practices.
Sayed Ahmad Sahim (Kandahar University) Digital Information Security May 20, 2015 12 / 21
14. ITIC/KnowBe4 2013-14 Survey
ITIC/KnowBe4 2013 - 2014 Security Deployment Trends Survey, 80
percent of companies identified ”end user carelessness” as the
greatest security threat to their network and data. Link
Sayed Ahmad Sahim (Kandahar University) Digital Information Security May 20, 2015 13 / 21
15. What are the consequences for Security violation?
Risk to integrity of confidential information
Risk to security of personal information
Loss of valuable business information
Loss of Reputation
Loss of client interest
Internal disciplinary action
Penalties
Sayed Ahmad Sahim (Kandahar University) Digital Information Security May 20, 2015 14 / 21
16. Security Objectives
Learn and practice good computer security practices.
Top 12 practices
Report anything unusual
If it sets off a warning in your mind, it just may be a problem!
Sayed Ahmad Sahim (Kandahar University) Digital Information Security May 20, 2015 15 / 21
17. Good Computing Practices
1 Unique User ID or Log-In Name
2 Password Protection
3 Workstation Security Physical Security
4 Security for Workstations, Portable Devices & Laptops
5 Data Management ”backup, archive, restore, disposal”
6 Prevent the spread of viruses, Worm, Trojan and time bomb.
Sayed Ahmad Sahim (Kandahar University) Digital Information Security May 20, 2015 16 / 21
18. Good Computing Practices
7 Secure Remote Access
8 E-Mail Security
9 Safe Internet Use
10 Reporting Security Incidents / Breaches
11 Your Responsibility to Adhere to Information Security Policies.
12 Do not use Cracked or unlicensed softwares.
Sayed Ahmad Sahim (Kandahar University) Digital Information Security May 20, 2015 17 / 21
19. Conclusion
To achieve better security:
IT personnels are responsible for creating necessary security policy
which include rules for end users
Educating End Users
End Users are required to adopt and not violate security rules
Sayed Ahmad Sahim (Kandahar University) Digital Information Security May 20, 2015 18 / 21
20. Sayed Ahmad Sahim (Kandahar University) Digital Information Security May 20, 2015 19 / 21
21. Refrences
N. M. Afshin Rezakhani, AbdolMajid Hajebi. Standardization of all
information security management systems. March 2011.
J. Dutcher. How to define data, information and knowledge. May 2015.
URL http://searchdatamanagement.techtarget.com/feature/
Defining-data-information-and-knowledge.
J. M. Rizza. Computer network security. In University of
Tennessee-Chattanooga Chattanooga, TN, U. S.A., April 2005.
S. I. I. R. R. SAAN. Security Policy Roadmap - Process for Creating
Security Policies. http:
//www.sans.org/reading-room/whitepapers/policyissues/
security-policy-roadmapprocess-creating-security-policies-49
2015. Accessed: 20-May-2015.
S. F. Y. and P. hoon Kim. It security review: Privacy, protection, access
control, assurance and system security. April 2007.
Sayed Ahmad Sahim (Kandahar University) Digital Information Security May 20, 2015 20 / 21
22. The End
Sayed Ahmad Sahim (Kandahar University) Digital Information Security May 20, 2015 21 / 21