SlideShare a Scribd company logo

20210629_104540Information Security L1.pdf

S
Shyma Jugesh

1. The document defines computer security as protecting computer systems and information from harm, theft, and unauthorized use through preventing and detecting unauthorized computer system access. 2. It discusses various types of computer security including information, application, computer, network, and cyber security and outlines common computer security threats like viruses, worms, phishing, rootkits, and key loggers. 3. The document also covers fundamental computer security objectives of confidentiality, integrity, and availability and related terminology like adversaries, attacks, vulnerabilities, and security policies.

Software
1 of 15
Download to read offline
SUBJECT NAME: INFORMATION SECURITY CHAPTER NO.: 1 CHAPTER NAME: COMPUTER SECURITY FUNDAMENTALS LECTURE NO: 1 COMPUTER SCIENCE
Computer Security Concepts
Definition The Protection of computer system and information from harm, theft, and unauthorized use. The process of preventing and detecting unauthorized use of computer system. Computer Security
NIST Definition The protection afforded to an automated information system in order to attain the applicable objectives of preserving the • Integrity • Availability • Confidentiality of information system resources (includes hardware, software, firmware, information/data, and telecommunications). Computer Security
Types • Information Security – Securing information from access, modification, and deletion • Application Security – Securing application from SQL injection, DDOS, and data breach • Computer Security – Securing physical computer machine • Network Security – Securing both software and hardware technologies of the network • Cyber Security – Protecting computer system which communicate over the network Computer Security
• Virus – a malicious program which is loaded into computer system without user’s knowledge. It replicates itself and infects files and program on computer. • Worms – a software program that can copy itself from one to another computer with out human interaction. Potential risk is using p computer hard disk space. • Phishing – attempts to steal sensitive financial or personal information through fraudulent emails or instant messages. • Rootkit – is a computer program designed to provide continuous privileged access to a computer. After tacking control of privileged user, hacker executes files remotely and change system configurations. • Key Logger – tracks real time activities of a user. Computer Security Threats
• Eavesdropping – observes traffic on your system and the work you are doing. Examples: email, website, and file monitoring. • Password Attack – finds password of your accounts. • Dictionary attack • Brute force • Key logger • Shoulder surfing • Rainbow table • SQL Injection – injects malicious i/p into SQL statement to get access to database files. • Social Engineering – Social situation that encourages you to share your password. Computer Security Threats
1. Confidentiality: means data, objects, and resources are protected from unauthorized access. • Data confidentiality – assures that private or confidential information is not made available or disclosed to unauthorized person. • Privacy – assures that individual control what information is related to them may be collected, stored, by whom, and to whom information is disclosed. 2. Integrity: data protected from unauthorized modification or changes. Ensures data is reliable and correct • Data integrity – assures that data is changed only in a specified manner and authorized way. • System integrity – assures that the system performs intended function in an unimpaired way, free from deliberate / inadvertent unauthorized manipulation of the system. 3. Availability: assures that system work properly and service is not denied to the authorized users. Three key objectives of Computer Security
Additional two of the most commonly mentioned objectives are 1. Authenticity – is a property of being genuine , variable, and trusted. 2. Accountability – is a process of mapping action to an identity. CIA Triad
Three levels of impact on organizations or individuals 1. Low 2. Moderate 3. High Impact of breach of security
Computer Security Terminology Adversary (threat agent) – an entity that attacks or is a threat to a system may be a individuals, systems, or programs. Example: Hacker, organized crime, nation state Attack – an assault on a system security that drives from an intelligent threat. Countermeasure – an action, device, procedure or technique that reduces a threat, a vulnerability, an attack by eliminating or preventing it. Risk – an expectation of loss expressed as the probability that a particular threat will exploit a particular vulnerability with a particular harmful result. Security Policy – a set of rules and practices that specifies / regulate how a system / organization provides security services to protect system resources. A Model for Computer Security
Computer Security Terminology System Resource (Asset) – data contained in a information systems. Threat – a potential for violation of security or is a possible danger that might exploit a vulnerability. Vulnerability – a flaw / weakness in a system design, implementation, operation and maintenance that could be violated system security. A Model for Computer Security
System Resource or Asset 1. Hardware 2. Software 3. Data 4. Communication facilities and networks A Model for Computer Security
Categories of vulnerabilities 1. Corrupted – does wrong thing or gives wrong answers. 2. Leaky – information may be disclosed. 3. Unavailable – system or network becomes impossible or impractical. A Model for Computer Security
Types of Attacks 1. Active attack – an attempt to alter system resources or affect their resources. 2. Passive attack – an attempt to learn or make use of information from the system. Attacks based on the origin of the attack 1. Inside attack – initiated by an entity inside security perimeter. Insider is authorized to access system resources but use them in a way not approved. 2. Outside attack - initiated by an entity from outside security perimeter. Example: Hacker, Terrorist, etc. A Model for Computer Security

Recommended

System Security-Chapter 1
System Security-Chapter 1System Security-Chapter 1
System Security-Chapter 1
Vamsee Krishna Kiran
 
IS Unit II.pptx
IS Unit II.pptxIS Unit II.pptx
IS Unit II.pptx
LAVANYAsrietacin
 
Network Security Topic 1 intro
Network Security Topic 1 introNetwork Security Topic 1 intro
Network Security Topic 1 intro
Khawar Nehal khawar.nehal@atrc.net.pk
 
computer security .ppt
computer security .pptcomputer security .ppt
computer security .ppt
MohamedNowfeek1
 
Computer Security Chapter 1
Computer Security Chapter 1Computer Security Chapter 1
Computer Security Chapter 1
Temesgen Berhanu
 
UNIT- I & II_ 3R-Cryptography-Lectures_2021-22_VSM.pdf
UNIT- I & II_ 3R-Cryptography-Lectures_2021-22_VSM.pdfUNIT- I & II_ 3R-Cryptography-Lectures_2021-22_VSM.pdf
UNIT- I & II_ 3R-Cryptography-Lectures_2021-22_VSM.pdf
VishwanathMahalle
 
Ethical hacking-Introduction to information security.
Ethical hacking-Introduction to information security.Ethical hacking-Introduction to information security.
Ethical hacking-Introduction to information security.
Kamana Tripathi
 
Computer Security
Computer SecurityComputer Security
Computer Security
AkNirojan
 

Recommended

System Security-Chapter 1
System Security-Chapter 1System Security-Chapter 1
System Security-Chapter 1
Vamsee Krishna Kiran
 
IS Unit II.pptx
IS Unit II.pptxIS Unit II.pptx
IS Unit II.pptx
LAVANYAsrietacin
 
Network Security Topic 1 intro
Network Security Topic 1 introNetwork Security Topic 1 intro
Network Security Topic 1 intro
Khawar Nehal khawar.nehal@atrc.net.pk
 
computer security .ppt
computer security .pptcomputer security .ppt
computer security .ppt
MohamedNowfeek1
 
Computer Security Chapter 1
Computer Security Chapter 1Computer Security Chapter 1
Computer Security Chapter 1
Temesgen Berhanu
 
UNIT- I & II_ 3R-Cryptography-Lectures_2021-22_VSM.pdf
UNIT- I & II_ 3R-Cryptography-Lectures_2021-22_VSM.pdfUNIT- I & II_ 3R-Cryptography-Lectures_2021-22_VSM.pdf
UNIT- I & II_ 3R-Cryptography-Lectures_2021-22_VSM.pdf
VishwanathMahalle
 
Ethical hacking-Introduction to information security.
Ethical hacking-Introduction to information security.Ethical hacking-Introduction to information security.
Ethical hacking-Introduction to information security.
Kamana Tripathi
 
Computer Security
Computer SecurityComputer Security
Computer Security
AkNirojan
 
PPT0-Computer Security Concepts.pptx
PPT0-Computer Security Concepts.pptxPPT0-Computer Security Concepts.pptx
PPT0-Computer Security Concepts.pptx
PiBits
 
InformationSecurity
InformationSecurityInformationSecurity
InformationSecurity
learnt
 
CH01-CompSec4e.pptx
CH01-CompSec4e.pptxCH01-CompSec4e.pptx
CH01-CompSec4e.pptx
ams1ams11
 
Ch1 cse
Ch1 cseCh1 cse
Ch1 cse
bhaskard8
 
Chapter1 intro network_security_sunorganised
Chapter1 intro network_security_sunorganisedChapter1 intro network_security_sunorganised
Chapter1 intro network_security_sunorganised
Bule Hora University
 
Protection and security
Protection and securityProtection and security
Protection and security
mbadhi
 
Data information and security unit 1.pdf
Data information and security unit 1.pdfData information and security unit 1.pdf
Data information and security unit 1.pdf
deepakbharathi16
 
security system by desu star chapter 1.pptx
security system by desu star chapter 1.pptxsecurity system by desu star chapter 1.pptx
security system by desu star chapter 1.pptx
desalewminale
 
Information security and other issues
Information security and other issuesInformation security and other issues
Information security and other issues
Haseeb Ahmed Awan
 
S.Karthika,II-M.sc(Computer Science),Bon Secours college for women,thanjavur
S.Karthika,II-M.sc(Computer Science),Bon Secours college for women,thanjavurS.Karthika,II-M.sc(Computer Science),Bon Secours college for women,thanjavur
S.Karthika,II-M.sc(Computer Science),Bon Secours college for women,thanjavur
vkarthi314
 
information security (network security methods)
information security (network security methods)information security (network security methods)
information security (network security methods)
Zara Nawaz
 
Information security ist lecture
Information security ist lectureInformation security ist lecture
Information security ist lecture
Zara Nawaz
 
Unit 1&2.pdf
Unit 1&2.pdfUnit 1&2.pdf
Unit 1&2.pdf
Ndheh
 
Lecture 01 Information Security BS computer Science
Lecture 01 Information Security BS computer ScienceLecture 01 Information Security BS computer Science
Lecture 01 Information Security BS computer Science
maqib8373
 
Lec 01.pdf
Lec 01.pdfLec 01.pdf
Lec 01.pdf
MohammedElkayesh
 
Unit v
Unit vUnit v
Unit v
bharatnaruka90
 
dokumen.tips_1-cryptography-and-network-security-third-edition-by-william-sta...
dokumen.tips_1-cryptography-and-network-security-third-edition-by-william-sta...dokumen.tips_1-cryptography-and-network-security-third-edition-by-william-sta...
dokumen.tips_1-cryptography-and-network-security-third-edition-by-william-sta...
NISHASOMSCS113
 
Information Security Bachelor in Information technology unit 1
Information Security Bachelor in Information technology unit 1Information Security Bachelor in Information technology unit 1
Information Security Bachelor in Information technology unit 1
ssuserf35ac9
 
Module -5 Security.pdf
Module -5 Security.pdfModule -5 Security.pdf
Module -5 Security.pdf
Sitamarhi Institute of Technology
 
Chapter 1: Overview of Network Security
Chapter 1: Overview of Network SecurityChapter 1: Overview of Network Security
Chapter 1: Overview of Network Security
Shafaan Khaliq Bhatti
 
LORRAINE ANDREI_LEQUIGAN_HOW TO USE WHATSAPP.pptx
LORRAINE ANDREI_LEQUIGAN_HOW TO USE WHATSAPP.pptxLORRAINE ANDREI_LEQUIGAN_HOW TO USE WHATSAPP.pptx
LORRAINE ANDREI_LEQUIGAN_HOW TO USE WHATSAPP.pptx
lorraineandreiamcidl
 
DDS-Security 1.2 - What's New? Stronger security for long-running systems
DDS-Security 1.2 - What's New? Stronger security for long-running systemsDDS-Security 1.2 - What's New? Stronger security for long-running systems
DDS-Security 1.2 - What's New? Stronger security for long-running systems
Gerardo Pardo-Castellote
 

More Related Content

Similar to 20210629_104540Information Security L1.pdf

PPT0-Computer Security Concepts.pptx
PPT0-Computer Security Concepts.pptxPPT0-Computer Security Concepts.pptx
PPT0-Computer Security Concepts.pptx
PiBits
 
InformationSecurity
InformationSecurityInformationSecurity
InformationSecurity
learnt
 
CH01-CompSec4e.pptx
CH01-CompSec4e.pptxCH01-CompSec4e.pptx
CH01-CompSec4e.pptx
ams1ams11
 
Ch1 cse
Ch1 cseCh1 cse
Ch1 cse
bhaskard8
 
Chapter1 intro network_security_sunorganised
Chapter1 intro network_security_sunorganisedChapter1 intro network_security_sunorganised
Chapter1 intro network_security_sunorganised
Bule Hora University
 
Protection and security
Protection and securityProtection and security
Protection and security
mbadhi
 
Data information and security unit 1.pdf
Data information and security unit 1.pdfData information and security unit 1.pdf
Data information and security unit 1.pdf
deepakbharathi16
 
security system by desu star chapter 1.pptx
security system by desu star chapter 1.pptxsecurity system by desu star chapter 1.pptx
security system by desu star chapter 1.pptx
desalewminale
 
Information security and other issues
Information security and other issuesInformation security and other issues
Information security and other issues
Haseeb Ahmed Awan
 
S.Karthika,II-M.sc(Computer Science),Bon Secours college for women,thanjavur
S.Karthika,II-M.sc(Computer Science),Bon Secours college for women,thanjavurS.Karthika,II-M.sc(Computer Science),Bon Secours college for women,thanjavur
S.Karthika,II-M.sc(Computer Science),Bon Secours college for women,thanjavur
vkarthi314
 
information security (network security methods)
information security (network security methods)information security (network security methods)
information security (network security methods)
Zara Nawaz
 
Information security ist lecture
Information security ist lectureInformation security ist lecture
Information security ist lecture
Zara Nawaz
 
Unit 1&2.pdf
Unit 1&2.pdfUnit 1&2.pdf
Unit 1&2.pdf
Ndheh
 
Lecture 01 Information Security BS computer Science
Lecture 01 Information Security BS computer ScienceLecture 01 Information Security BS computer Science
Lecture 01 Information Security BS computer Science
maqib8373
 
Lec 01.pdf
Lec 01.pdfLec 01.pdf
Lec 01.pdf
MohammedElkayesh
 
Unit v
Unit vUnit v
Unit v
bharatnaruka90
 
dokumen.tips_1-cryptography-and-network-security-third-edition-by-william-sta...
dokumen.tips_1-cryptography-and-network-security-third-edition-by-william-sta...dokumen.tips_1-cryptography-and-network-security-third-edition-by-william-sta...
dokumen.tips_1-cryptography-and-network-security-third-edition-by-william-sta...
NISHASOMSCS113
 
Information Security Bachelor in Information technology unit 1
Information Security Bachelor in Information technology unit 1Information Security Bachelor in Information technology unit 1
Information Security Bachelor in Information technology unit 1
ssuserf35ac9
 
Module -5 Security.pdf
Module -5 Security.pdfModule -5 Security.pdf
Module -5 Security.pdf
Sitamarhi Institute of Technology
 
Chapter 1: Overview of Network Security
Chapter 1: Overview of Network SecurityChapter 1: Overview of Network Security
Chapter 1: Overview of Network Security
Shafaan Khaliq Bhatti
 

Similar to 20210629_104540Information Security L1.pdf (20)

PPT0-Computer Security Concepts.pptx
PPT0-Computer Security Concepts.pptxPPT0-Computer Security Concepts.pptx
PPT0-Computer Security Concepts.pptx
 
InformationSecurity
InformationSecurityInformationSecurity
InformationSecurity
 
CH01-CompSec4e.pptx
CH01-CompSec4e.pptxCH01-CompSec4e.pptx
CH01-CompSec4e.pptx
 
Ch1 cse
Ch1 cseCh1 cse
Ch1 cse
 
Chapter1 intro network_security_sunorganised
Chapter1 intro network_security_sunorganisedChapter1 intro network_security_sunorganised
Chapter1 intro network_security_sunorganised
 
Protection and security
Protection and securityProtection and security
Protection and security
 
Data information and security unit 1.pdf
Data information and security unit 1.pdfData information and security unit 1.pdf
Data information and security unit 1.pdf
 
security system by desu star chapter 1.pptx
security system by desu star chapter 1.pptxsecurity system by desu star chapter 1.pptx
security system by desu star chapter 1.pptx
 
Information security and other issues
Information security and other issuesInformation security and other issues
Information security and other issues
 
S.Karthika,II-M.sc(Computer Science),Bon Secours college for women,thanjavur
S.Karthika,II-M.sc(Computer Science),Bon Secours college for women,thanjavurS.Karthika,II-M.sc(Computer Science),Bon Secours college for women,thanjavur
S.Karthika,II-M.sc(Computer Science),Bon Secours college for women,thanjavur
 
information security (network security methods)
information security (network security methods)information security (network security methods)
information security (network security methods)
 
Information security ist lecture
Information security ist lectureInformation security ist lecture
Information security ist lecture
 
Unit 1&2.pdf
Unit 1&2.pdfUnit 1&2.pdf
Unit 1&2.pdf
 
Lecture 01 Information Security BS computer Science
Lecture 01 Information Security BS computer ScienceLecture 01 Information Security BS computer Science
Lecture 01 Information Security BS computer Science
 
Lec 01.pdf
Lec 01.pdfLec 01.pdf
Lec 01.pdf
 
Unit v
Unit vUnit v
Unit v
 
dokumen.tips_1-cryptography-and-network-security-third-edition-by-william-sta...
dokumen.tips_1-cryptography-and-network-security-third-edition-by-william-sta...dokumen.tips_1-cryptography-and-network-security-third-edition-by-william-sta...
dokumen.tips_1-cryptography-and-network-security-third-edition-by-william-sta...
 
Information Security Bachelor in Information technology unit 1
Information Security Bachelor in Information technology unit 1Information Security Bachelor in Information technology unit 1
Information Security Bachelor in Information technology unit 1
 
Module -5 Security.pdf
Module -5 Security.pdfModule -5 Security.pdf
Module -5 Security.pdf
 
Chapter 1: Overview of Network Security
Chapter 1: Overview of Network SecurityChapter 1: Overview of Network Security
Chapter 1: Overview of Network Security
 

Recently uploaded

LORRAINE ANDREI_LEQUIGAN_HOW TO USE WHATSAPP.pptx
LORRAINE ANDREI_LEQUIGAN_HOW TO USE WHATSAPP.pptxLORRAINE ANDREI_LEQUIGAN_HOW TO USE WHATSAPP.pptx
LORRAINE ANDREI_LEQUIGAN_HOW TO USE WHATSAPP.pptx
lorraineandreiamcidl
 
DDS-Security 1.2 - What's New? Stronger security for long-running systems
DDS-Security 1.2 - What's New? Stronger security for long-running systemsDDS-Security 1.2 - What's New? Stronger security for long-running systems
DDS-Security 1.2 - What's New? Stronger security for long-running systems
Gerardo Pardo-Castellote
 
Oracle 23c New Features For DBAs and Developers.pptx
Oracle 23c New Features For DBAs and Developers.pptxOracle 23c New Features For DBAs and Developers.pptx
Oracle 23c New Features For DBAs and Developers.pptx
Remote DBA Services
 
A Study of Variable-Role-based Feature Enrichment in Neural Models of Code
A Study of Variable-Role-based Feature Enrichment in Neural Models of CodeA Study of Variable-Role-based Feature Enrichment in Neural Models of Code
A Study of Variable-Role-based Feature Enrichment in Neural Models of Code
Aftab Hussain
 
Webinar On-Demand: Using Flutter for Embedded
Webinar On-Demand: Using Flutter for EmbeddedWebinar On-Demand: Using Flutter for Embedded
Webinar On-Demand: Using Flutter for Embedded
ICS
 
KuberTENes Birthday Bash Guadalajara - Introducción a Argo CD
KuberTENes Birthday Bash Guadalajara - Introducción a Argo CDKuberTENes Birthday Bash Guadalajara - Introducción a Argo CD
KuberTENes Birthday Bash Guadalajara - Introducción a Argo CD
rodomar2
 
UI5con 2024 - Boost Your Development Experience with UI5 Tooling Extensions
UI5con 2024 - Boost Your Development Experience with UI5 Tooling ExtensionsUI5con 2024 - Boost Your Development Experience with UI5 Tooling Extensions
UI5con 2024 - Boost Your Development Experience with UI5 Tooling Extensions
Peter Muessig
 
SMS API Integration in Saudi Arabia| Best SMS API Service
SMS API Integration in Saudi Arabia| Best SMS API ServiceSMS API Integration in Saudi Arabia| Best SMS API Service
SMS API Integration in Saudi Arabia| Best SMS API Service
Yara Milbes
 
Automated software refactoring with OpenRewrite and Generative AI.pptx.pdf
Automated software refactoring with OpenRewrite and Generative AI.pptx.pdfAutomated software refactoring with OpenRewrite and Generative AI.pptx.pdf
Automated software refactoring with OpenRewrite and Generative AI.pptx.pdf
timtebeek1
 
E-commerce Development Services- Hornet Dynamics
E-commerce Development Services- Hornet DynamicsE-commerce Development Services- Hornet Dynamics
E-commerce Development Services- Hornet Dynamics
Hornet Dynamics
 
Atelier - Innover avec l’IA Générative et les graphes de connaissances
Atelier - Innover avec l’IA Générative et les graphes de connaissancesAtelier - Innover avec l’IA Générative et les graphes de connaissances
Atelier - Innover avec l’IA Générative et les graphes de connaissances
Neo4j
 
原版定制美国纽约州立大学奥尔巴尼分校毕业证学位证书原版一模一样
原版定制美国纽约州立大学奥尔巴尼分校毕业证学位证书原版一模一样原版定制美国纽约州立大学奥尔巴尼分校毕业证学位证书原版一模一样
原版定制美国纽约州立大学奥尔巴尼分校毕业证学位证书原版一模一样
mz5nrf0n
 
Transform Your Communication with Cloud-Based IVR Solutions
Transform Your Communication with Cloud-Based IVR SolutionsTransform Your Communication with Cloud-Based IVR Solutions
Transform Your Communication with Cloud-Based IVR Solutions
TheSMSPoint
 
AI Fusion Buddy Review: Brand New, Groundbreaking Gemini-Powered AI App
AI Fusion Buddy Review: Brand New, Groundbreaking Gemini-Powered AI AppAI Fusion Buddy Review: Brand New, Groundbreaking Gemini-Powered AI App
AI Fusion Buddy Review: Brand New, Groundbreaking Gemini-Powered AI App
Google
 
Introducing Crescat - Event Management Software for Venues, Festivals and Eve...
Introducing Crescat - Event Management Software for Venues, Festivals and Eve...Introducing Crescat - Event Management Software for Venues, Festivals and Eve...
Introducing Crescat - Event Management Software for Venues, Festivals and Eve...
Crescat
 
GreenCode-A-VSCode-Plugin--Dario-Jurisic
GreenCode-A-VSCode-Plugin--Dario-JurisicGreenCode-A-VSCode-Plugin--Dario-Jurisic
GreenCode-A-VSCode-Plugin--Dario-Jurisic
Green Software Development
 
ALGIT - Assembly Line for Green IT - Numbers, Data, Facts
ALGIT - Assembly Line for Green IT - Numbers, Data, FactsALGIT - Assembly Line for Green IT - Numbers, Data, Facts
ALGIT - Assembly Line for Green IT - Numbers, Data, Facts
Green Software Development
 
UI5con 2024 - Keynote: Latest News about UI5 and it’s Ecosystem
UI5con 2024 - Keynote: Latest News about UI5 and it’s EcosystemUI5con 2024 - Keynote: Latest News about UI5 and it’s Ecosystem
UI5con 2024 - Keynote: Latest News about UI5 and it’s Ecosystem
Peter Muessig
 
Empowering Growth with Best Software Development Company in Noida - Deuglo
Empowering Growth with Best Software Development Company in Noida - DeugloEmpowering Growth with Best Software Development Company in Noida - Deuglo
Empowering Growth with Best Software Development Company in Noida - Deuglo
Deuglo Infosystem Pvt Ltd
 
2024 eCommerceDays Toulouse - Sylius 2.0.pdf
2024 eCommerceDays Toulouse - Sylius 2.0.pdf2024 eCommerceDays Toulouse - Sylius 2.0.pdf
2024 eCommerceDays Toulouse - Sylius 2.0.pdf
Łukasz Chruściel
 

Recently uploaded (20)

LORRAINE ANDREI_LEQUIGAN_HOW TO USE WHATSAPP.pptx
LORRAINE ANDREI_LEQUIGAN_HOW TO USE WHATSAPP.pptxLORRAINE ANDREI_LEQUIGAN_HOW TO USE WHATSAPP.pptx
LORRAINE ANDREI_LEQUIGAN_HOW TO USE WHATSAPP.pptx
 
DDS-Security 1.2 - What's New? Stronger security for long-running systems
DDS-Security 1.2 - What's New? Stronger security for long-running systemsDDS-Security 1.2 - What's New? Stronger security for long-running systems
DDS-Security 1.2 - What's New? Stronger security for long-running systems
 
Oracle 23c New Features For DBAs and Developers.pptx
Oracle 23c New Features For DBAs and Developers.pptxOracle 23c New Features For DBAs and Developers.pptx
Oracle 23c New Features For DBAs and Developers.pptx
 
A Study of Variable-Role-based Feature Enrichment in Neural Models of Code
A Study of Variable-Role-based Feature Enrichment in Neural Models of CodeA Study of Variable-Role-based Feature Enrichment in Neural Models of Code
A Study of Variable-Role-based Feature Enrichment in Neural Models of Code
 
Webinar On-Demand: Using Flutter for Embedded
Webinar On-Demand: Using Flutter for EmbeddedWebinar On-Demand: Using Flutter for Embedded
Webinar On-Demand: Using Flutter for Embedded
 
KuberTENes Birthday Bash Guadalajara - Introducción a Argo CD
KuberTENes Birthday Bash Guadalajara - Introducción a Argo CDKuberTENes Birthday Bash Guadalajara - Introducción a Argo CD
KuberTENes Birthday Bash Guadalajara - Introducción a Argo CD
 
UI5con 2024 - Boost Your Development Experience with UI5 Tooling Extensions
UI5con 2024 - Boost Your Development Experience with UI5 Tooling ExtensionsUI5con 2024 - Boost Your Development Experience with UI5 Tooling Extensions
UI5con 2024 - Boost Your Development Experience with UI5 Tooling Extensions
 
SMS API Integration in Saudi Arabia| Best SMS API Service
SMS API Integration in Saudi Arabia| Best SMS API ServiceSMS API Integration in Saudi Arabia| Best SMS API Service
SMS API Integration in Saudi Arabia| Best SMS API Service
 
Automated software refactoring with OpenRewrite and Generative AI.pptx.pdf
Automated software refactoring with OpenRewrite and Generative AI.pptx.pdfAutomated software refactoring with OpenRewrite and Generative AI.pptx.pdf
Automated software refactoring with OpenRewrite and Generative AI.pptx.pdf
 
E-commerce Development Services- Hornet Dynamics
E-commerce Development Services- Hornet DynamicsE-commerce Development Services- Hornet Dynamics
E-commerce Development Services- Hornet Dynamics
 
Atelier - Innover avec l’IA Générative et les graphes de connaissances
Atelier - Innover avec l’IA Générative et les graphes de connaissancesAtelier - Innover avec l’IA Générative et les graphes de connaissances
Atelier - Innover avec l’IA Générative et les graphes de connaissances
 
原版定制美国纽约州立大学奥尔巴尼分校毕业证学位证书原版一模一样
原版定制美国纽约州立大学奥尔巴尼分校毕业证学位证书原版一模一样原版定制美国纽约州立大学奥尔巴尼分校毕业证学位证书原版一模一样
原版定制美国纽约州立大学奥尔巴尼分校毕业证学位证书原版一模一样
 
Transform Your Communication with Cloud-Based IVR Solutions
Transform Your Communication with Cloud-Based IVR SolutionsTransform Your Communication with Cloud-Based IVR Solutions
Transform Your Communication with Cloud-Based IVR Solutions
 
AI Fusion Buddy Review: Brand New, Groundbreaking Gemini-Powered AI App
AI Fusion Buddy Review: Brand New, Groundbreaking Gemini-Powered AI AppAI Fusion Buddy Review: Brand New, Groundbreaking Gemini-Powered AI App
AI Fusion Buddy Review: Brand New, Groundbreaking Gemini-Powered AI App
 
Introducing Crescat - Event Management Software for Venues, Festivals and Eve...
Introducing Crescat - Event Management Software for Venues, Festivals and Eve...Introducing Crescat - Event Management Software for Venues, Festivals and Eve...
Introducing Crescat - Event Management Software for Venues, Festivals and Eve...
 
GreenCode-A-VSCode-Plugin--Dario-Jurisic
GreenCode-A-VSCode-Plugin--Dario-JurisicGreenCode-A-VSCode-Plugin--Dario-Jurisic
GreenCode-A-VSCode-Plugin--Dario-Jurisic
 
ALGIT - Assembly Line for Green IT - Numbers, Data, Facts
ALGIT - Assembly Line for Green IT - Numbers, Data, FactsALGIT - Assembly Line for Green IT - Numbers, Data, Facts
ALGIT - Assembly Line for Green IT - Numbers, Data, Facts
 
UI5con 2024 - Keynote: Latest News about UI5 and it’s Ecosystem
UI5con 2024 - Keynote: Latest News about UI5 and it’s EcosystemUI5con 2024 - Keynote: Latest News about UI5 and it’s Ecosystem
UI5con 2024 - Keynote: Latest News about UI5 and it’s Ecosystem
 
Empowering Growth with Best Software Development Company in Noida - Deuglo
Empowering Growth with Best Software Development Company in Noida - DeugloEmpowering Growth with Best Software Development Company in Noida - Deuglo
Empowering Growth with Best Software Development Company in Noida - Deuglo
 
2024 eCommerceDays Toulouse - Sylius 2.0.pdf
2024 eCommerceDays Toulouse - Sylius 2.0.pdf2024 eCommerceDays Toulouse - Sylius 2.0.pdf
2024 eCommerceDays Toulouse - Sylius 2.0.pdf
 

20210629_104540Information Security L1.pdf

  • 1. SUBJECT NAME: INFORMATION SECURITY CHAPTER NO.: 1 CHAPTER NAME: COMPUTER SECURITY FUNDAMENTALS LECTURE NO: 1 COMPUTER SCIENCE
  • 3. Definition The Protection of computer system and information from harm, theft, and unauthorized use. The process of preventing and detecting unauthorized use of computer system. Computer Security
  • 4. NIST Definition The protection afforded to an automated information system in order to attain the applicable objectives of preserving the • Integrity • Availability • Confidentiality of information system resources (includes hardware, software, firmware, information/data, and telecommunications). Computer Security
  • 5. Types • Information Security – Securing information from access, modification, and deletion • Application Security – Securing application from SQL injection, DDOS, and data breach • Computer Security – Securing physical computer machine • Network Security – Securing both software and hardware technologies of the network • Cyber Security – Protecting computer system which communicate over the network Computer Security
  • 6. • Virus – a malicious program which is loaded into computer system without user’s knowledge. It replicates itself and infects files and program on computer. • Worms – a software program that can copy itself from one to another computer with out human interaction. Potential risk is using p computer hard disk space. • Phishing – attempts to steal sensitive financial or personal information through fraudulent emails or instant messages. • Rootkit – is a computer program designed to provide continuous privileged access to a computer. After tacking control of privileged user, hacker executes files remotely and change system configurations. • Key Logger – tracks real time activities of a user. Computer Security Threats
  • 7. • Eavesdropping – observes traffic on your system and the work you are doing. Examples: email, website, and file monitoring. • Password Attack – finds password of your accounts. • Dictionary attack • Brute force • Key logger • Shoulder surfing • Rainbow table • SQL Injection – injects malicious i/p into SQL statement to get access to database files. • Social Engineering – Social situation that encourages you to share your password. Computer Security Threats
  • 8. 1. Confidentiality: means data, objects, and resources are protected from unauthorized access. • Data confidentiality – assures that private or confidential information is not made available or disclosed to unauthorized person. • Privacy – assures that individual control what information is related to them may be collected, stored, by whom, and to whom information is disclosed. 2. Integrity: data protected from unauthorized modification or changes. Ensures data is reliable and correct • Data integrity – assures that data is changed only in a specified manner and authorized way. • System integrity – assures that the system performs intended function in an unimpaired way, free from deliberate / inadvertent unauthorized manipulation of the system. 3. Availability: assures that system work properly and service is not denied to the authorized users. Three key objectives of Computer Security
  • 9. Additional two of the most commonly mentioned objectives are 1. Authenticity – is a property of being genuine , variable, and trusted. 2. Accountability – is a process of mapping action to an identity. CIA Triad
  • 10. Three levels of impact on organizations or individuals 1. Low 2. Moderate 3. High Impact of breach of security
  • 11. Computer Security Terminology Adversary (threat agent) – an entity that attacks or is a threat to a system may be a individuals, systems, or programs. Example: Hacker, organized crime, nation state Attack – an assault on a system security that drives from an intelligent threat. Countermeasure – an action, device, procedure or technique that reduces a threat, a vulnerability, an attack by eliminating or preventing it. Risk – an expectation of loss expressed as the probability that a particular threat will exploit a particular vulnerability with a particular harmful result. Security Policy – a set of rules and practices that specifies / regulate how a system / organization provides security services to protect system resources. A Model for Computer Security
  • 12. Computer Security Terminology System Resource (Asset) – data contained in a information systems. Threat – a potential for violation of security or is a possible danger that might exploit a vulnerability. Vulnerability – a flaw / weakness in a system design, implementation, operation and maintenance that could be violated system security. A Model for Computer Security
  • 13. System Resource or Asset 1. Hardware 2. Software 3. Data 4. Communication facilities and networks A Model for Computer Security
  • 14. Categories of vulnerabilities 1. Corrupted – does wrong thing or gives wrong answers. 2. Leaky – information may be disclosed. 3. Unavailable – system or network becomes impossible or impractical. A Model for Computer Security
  • 15. Types of Attacks 1. Active attack – an attempt to alter system resources or affect their resources. 2. Passive attack – an attempt to learn or make use of information from the system. Attacks based on the origin of the attack 1. Inside attack – initiated by an entity inside security perimeter. Insider is authorized to access system resources but use them in a way not approved. 2. Outside attack - initiated by an entity from outside security perimeter. Example: Hacker, Terrorist, etc. A Model for Computer Security