Uploaded byZaheer720515
PPT, PDF1,730 views

Basic Concepts of information security.ppt

The document discusses key concepts in network and information security. It defines information security as measures taken to protect information and information systems from unauthorized access, use, disclosure, disruption, modification, inspection, recording or destruction. It identifies the critical characteristics of information security as confidentiality, integrity and availability. It also discusses network security as a continuous process of securing the network, monitoring for threats, testing security measures, and making improvements. Key related terms like assets, threats, vulnerabilities, risks, and countermeasures are also explained.

Internet
Related topics:
Information Security

Embed presentation

Downloaded 14 times
Network Security
Grading  Mid Term=  Assignments =  Quizzes =  Term Project/viva/presentation =  Final Term = PU Gujranwala
The art of war teaches us to rely not on the likelihood of the enemy's not coming, but on our own readiness to receive him; not on the chance of his not attacking, but rather on the fact that we have made our position unassailable. PU Gujranwala —The Art of War, Sun Tzu
Information Security What is Information Security…? PU Gujranwala
Information Security  Information Security is the name given to the preventive steps we take to guard our Information and Information System.  Measures adopted to prevent the unauthorized access, misuse, modification, disclosure or destruction. PU Gujranwala
Critical Characteristics of Information Security  Confidentiality  Integrity  Availability PU Gujranwala
Confidentiality  Confidentiality is the property of preventing disclosure of information to unauthorized individuals or systems.  Information is available only to people with rightful access.  Ensuring that only those with the rights and privileges to access a particular set of information are able to do so. Methods: Data Encryption User IDs and Passwords PU Gujranwala
Integrity  Information can only be changed by authorized personnel.  The quality or state of being whole, complete and uncorrupted is the integrity of information.  Integrity can be violated by a virus or a user.  Integrity check can be done through:  File size  Checksums for verification of data integrity  File hashing PU Gujranwala
Availability  Enables users who need to access information to do so without interference or obstruction and receive it in required format.  The information is available only to the authorized users all the time.  Backups and Recovery  RAID  Alternate Links PU Gujranwala
Authenticity  Authenticity of information is the quality or state of being genuine or original, rather than a reproduction or fabrication. PU Gujranwala
Privacy  Privacy-means different things to different people, is the right to be left alone and right to be free of unreasonable personal instructions.  Information privacy – The right to determine when and up to what extent information about oneself can be shared with others  Organizational privacy – Governments agencies, corporations, and other organizations may desire to keep their activities or secrets from being revealed to other organizations or individuals. PU Gujranwala
Components of an Information System  Software  Hardware  Data  People  Procedures PU Gujranwala
Software  Bugs, Weaknesses and Holes.  An error or defect in software or hardware that causes a program to malfunction  Security Hole (something you need to fix now)  Security Warning ( something you need to fix soon)  Security Note (something you need to fix when you get around to it, or just some information that you should consider)  Patches and Service Packs.  A patch is a piece of software designed to fix problems or update a computer program and its supporting data. This includes fixing security vulnerabilities and other bugs.  A service pack (in short SP) is a collection of updates, fixes and/or enhancements to a software program delivered in the form of a single installable package. PU Gujranwala
Hardware  It Houses and Executes a software.  Stores and carries the data.  Provides Interfaces for the entry and removal of information from the system.  Physical security policies deal with the H/W. PU Gujranwala
Data  The most important and valuable thing for any organization.  Main object of intentional attacks.  Must be protected from unauthorized access. PU Gujranwala
People  All that interact with the System.  Main threat to information security. PU Gujranwala
Procedures  Procedures are written instructions for accomplishing a specific task.  Mechanism adopted to achieve an objective. PU Gujranwala
What is Network Security?  Network Security is the protection of networking components, connections and contents.  Effort to create a secure computing platform, so users or programs cannot perform actions that they are not allowed to do. PU Gujranwala
Network Security as a Continuous Process  Network security is a continuous process built around a security policy.  Step 1: Secure  Step 2: Monitor  Step 3: Test  Step 4: Improve PU Gujranwala
Step 1: Secure the Network  Implement security solutions to prevent unauthorized access and to protect information.  Authentication  Encryption  Firewalls  Vulnerability Patching PU Gujranwala
Step 2: Monitor Security  Detects violations to the security policy  Involves system auditing and real-time intrusion detection  Validates the security implementation in Step 1 PU Gujranwala
Step 3: Test Security  Validates effectiveness of the security policy through system auditing and network scanning  Whether the system fulfills the security requirements or not. PU Gujranwala
Step 4: Improve Security  Use information from the monitor and test phases to make improvements to the security implementation.  Adjust the security policy as security holes and risks are identified. PU Gujranwala
Terms related to Security  Assets  Threats  Attack  Vulnerability  Risk Analysis  Countermeasures  Hacking PU Gujranwala
Asset  An asset is the organizational resource that is being protected.  It can be logical like website, information, data.  It can be physical like computer system or other tangible object. PU Gujranwala
 Threat  A person, thing, event or idea which poses some danger to an asset (in terms of confidentiality, integrity, availability or legitimate use).  A possible means by which a security policy may be breached.  An attack  An assault against a computer system or network as a result of deliberate, intelligent action; for example, denial of service attacks, penetration and sabotage.  It is a realization of a threat. Threats and Attack PU Gujranwala
 Vulnerability  A weakness in the system that can be exploited to cause loss or harm  In computer security, the word vulnerability refers to a weakness in a system allowing an attacker to violate the confidentiality, integrity, availability ,access control, consistency or audit mechanisms of the system or the data and applications it hosts  Control, Countermeasure, safeguard  An action, device, procedure or technique that removes or reduces a vulnerability. PU Gujranwala Vulnerability and Countermeasure
Risk = Threat + Vulnerability  Threats without vulnerabilities pose no risk.  Likewise, vulnerabilities without threats pose no risk.  Risk is the probability that something can happen.  Risk analysis can be quantitative or qualitative. PU Gujranwala
Cont…  Risk can be qualitatively defined in three levels:  Low- Action to remove the vulnerability should be taken if possible  Medium- Action to remove the vulnerability is advisable  High- Action should be taken immediately to remove this vulnerability PU Gujranwala
Hacking  Can be defined positively and negatively:  To write computer programs for enjoyment.  To gain access to a computer illegally.  A person who writes programs in assembly language or in system- level languages, such as C. The term often refers to any programmer, but its true meaning is someone with a strong technical background who is "hacking away" at the bits and bytes.  During the 1990s, the term "hacker" became synonymous with "cracker," which is a person who performs some form of computer sabotage. The association is understandable. In order to be an effective cracker, you had to be a good hacker, thus the terms got intertwined, and hacker won out in the popular press. PU Gujranwala
Summary What we have studied:  What is Information Security?  What is Network Security?  Assets, Threats and Countermeasures. PU Gujranwala

More Related Content

PPT
Design for security in operating system
byBhagyashree Barde
 
PPTX
Basic concepts in computer security
byArzath Areeff
 
PPTX
Law and Ethics in Information Security.pptx
byEdFeranil
 
PPT
Computer security
byUniv of Salamanca
 
PPTX
Introduction to information security
byjayashri kolekar
 
PPT
Information security in todays world
bySibghatullah Khattak
 
PPT
Basic Security Chapter 1
byAfiqEfendy Zaen
 
PPT
Information Security Principles - Access Control
byidingolay
 
Design for security in operating system
byBhagyashree Barde
 
Basic concepts in computer security
byArzath Areeff
 
Law and Ethics in Information Security.pptx
byEdFeranil
 
Computer security
byUniv of Salamanca
 
Introduction to information security
byjayashri kolekar
 
Information security in todays world
bySibghatullah Khattak
 
Basic Security Chapter 1
byAfiqEfendy Zaen
 
Information Security Principles - Access Control
byidingolay
 

What's hot

PPTX
System Security-Chapter 1
byVamsee Krishna Kiran
 
PPTX
Information security
byLusungu Mkandawire CISA,CISM,CGEIT,CPF,PRINCE2
 
PPT
Information security and Attacks
bySachin Darekar
 
PPTX
Types of cyber attacks
bykrishh sivakrishna
 
PPTX
System security
byinvertis university
 
PPTX
Security & protection in operating system
byAbou Bakr Ashraf
 
PPTX
CYBER SECURITY
byVaishak Chandran
 
PPT
Information System Security(lecture 1)
byAli Habeeb
 
PPT
Malicious software
bymsdeepika
 
PPT
Information Assurance And Security - Chapter 2 - Lesson 2
byMLG College of Learning, Inc
 
PDF
What is Cyber Security? | Introduction to Cyber Security | Cyber Security Tra...
byEdureka!
 
PDF
Network Security Fundamentals
byRahmat Suhatman
 
PPTX
Network security
bySimranpreet Singh
 
PDF
Threat Modelling
byn|u - The Open Security Community
 
PPTX
Introduction to Cybersecurity Fundamentals
byToño Herrera
 
PPT
Basics of Information System Security
bychauhankapil
 
PPTX
Network attacks
byManjushree Mashal
 
PPTX
Data Security Explained
byHappiest Minds Technologies
 
PPT
ch02_2.ppt
byIbrahimAl22
 
PPTX
Network security (vulnerabilities, threats, and attacks)
byFabiha Shahzad
 
System Security-Chapter 1
byVamsee Krishna Kiran
 
Information security
byLusungu Mkandawire CISA,CISM,CGEIT,CPF,PRINCE2
 
Information security and Attacks
bySachin Darekar
 
Types of cyber attacks
bykrishh sivakrishna
 
System security
byinvertis university
 
Security & protection in operating system
byAbou Bakr Ashraf
 
CYBER SECURITY
byVaishak Chandran
 
Information System Security(lecture 1)
byAli Habeeb
 
Malicious software
bymsdeepika
 
Information Assurance And Security - Chapter 2 - Lesson 2
byMLG College of Learning, Inc
 
What is Cyber Security? | Introduction to Cyber Security | Cyber Security Tra...
byEdureka!
 
Network Security Fundamentals
byRahmat Suhatman
 
Network security
bySimranpreet Singh
 
Threat Modelling
byn|u - The Open Security Community
 
Introduction to Cybersecurity Fundamentals
byToño Herrera
 
Basics of Information System Security
bychauhankapil
 
Network attacks
byManjushree Mashal
 
Data Security Explained
byHappiest Minds Technologies
 
ch02_2.ppt
byIbrahimAl22
 
Network security (vulnerabilities, threats, and attacks)
byFabiha Shahzad
 

Similar to Basic Concepts of information security.ppt

PPTX
02 fundamental aspects of security
byGemy Chan
 
PDF
S.Karthika,II-M.sc(Computer Science),Bon Secours college for women,thanjavur
byvkarthi314
 
PPT
Chapter 1 overview
byali raza
 
PPT
CCNA_Security_01.ppt
byveracru1
 
PPTX
Introduction to Computer Security
byKamal Acharya
 
PPTX
Information Security introduction and management.pptx
bydaudevarist18
 
PPT
Ch01 Introduction to Security
byInformation Technology
 
PPTX
Unit-I-Elements.pptx ELEMENTS FOR CRYPTOGRAPHY
byNirmalapriyadharshin
 
PPT
Introduction Network security
byIGZ Software house
 
PDF
Network security-S.Karthika II-M.Sc computer science,Bon Securous college for...
bykarthikasivakumar3
 
PPT
Network security presentation
byhamzakareem2
 
PPTX
Information security
byRohit Gir
 
PPT
chapter 1. Introduction to Information Security
byelmuhammadmuhammad
 
PPTX
HCSCA101 Basic Concepts of Information Security.pptx
byJordanKinobe1
 
PDF
Ch1-Modern Network Security Threats - CCNA SEC.pdf
byOhmRon
 
PPTX
101 Basic concepts of information security
bySsendiSamuel
 
PPTX
Security in network computing
byManoj VNV
 
PPTX
Cloud Security.pptx
byBinod Rimal
 
PDF
Introduction to security
byMukesh Chinta
 
PPTX
101- HCSCA101 Basic Concepts of Information Security based on issue 1.00.pptx
byRandyDookheran2
 
02 fundamental aspects of security
byGemy Chan
 
S.Karthika,II-M.sc(Computer Science),Bon Secours college for women,thanjavur
byvkarthi314
 
Chapter 1 overview
byali raza
 
CCNA_Security_01.ppt
byveracru1
 
Introduction to Computer Security
byKamal Acharya
 
Information Security introduction and management.pptx
bydaudevarist18
 
Ch01 Introduction to Security
byInformation Technology
 
Unit-I-Elements.pptx ELEMENTS FOR CRYPTOGRAPHY
byNirmalapriyadharshin
 
Introduction Network security
byIGZ Software house
 
Network security-S.Karthika II-M.Sc computer science,Bon Securous college for...
bykarthikasivakumar3
 
Network security presentation
byhamzakareem2
 
Information security
byRohit Gir
 
chapter 1. Introduction to Information Security
byelmuhammadmuhammad
 
HCSCA101 Basic Concepts of Information Security.pptx
byJordanKinobe1
 
Ch1-Modern Network Security Threats - CCNA SEC.pdf
byOhmRon
 
101 Basic concepts of information security
bySsendiSamuel
 
Security in network computing
byManoj VNV
 
Cloud Security.pptx
byBinod Rimal
 
Introduction to security
byMukesh Chinta
 
101- HCSCA101 Basic Concepts of Information Security based on issue 1.00.pptx
byRandyDookheran2
 

Recently uploaded

PPTX
Living in IT Era Module 5 - (DIGITAL TECHNOLOGY AND SOCIAL CHANGES).pptx
bycjregua03
 
PDF
Top 3 Snapchat Monitoring Apps of 2026 for Activity Tracking
byMichael Carter
 
PDF
Beacon Kit paper date: 11 February 2026 pdf
bySteven McGee
 
PPTX
AWS Architecture Design Icons Template.pptx
bybiqtor1
 
PPTX
Your Complete Brand Protection Guide with Fieldwatch.ai!
byFieldwatch ai
 
PDF
Weaponizing the Neutral Web: Analyzing Adversary Botnets for Offensive Cyber ...
byJoe Slowik
 
PDF
The Girl Who Left a Mark - Deep Impact of Kindness to a person
byAnoop Singh Nagi
 
Living in IT Era Module 5 - (DIGITAL TECHNOLOGY AND SOCIAL CHANGES).pptx
bycjregua03
 
Top 3 Snapchat Monitoring Apps of 2026 for Activity Tracking
byMichael Carter
 
Beacon Kit paper date: 11 February 2026 pdf
bySteven McGee
 
AWS Architecture Design Icons Template.pptx
bybiqtor1
 
Your Complete Brand Protection Guide with Fieldwatch.ai!
byFieldwatch ai
 
Weaponizing the Neutral Web: Analyzing Adversary Botnets for Offensive Cyber ...
byJoe Slowik
 
The Girl Who Left a Mark - Deep Impact of Kindness to a person
byAnoop Singh Nagi
 

Basic Concepts of information security.ppt

  • 1.
  • 2.
    Grading  Mid Term= Assignments =  Quizzes =  Term Project/viva/presentation =  Final Term = PU Gujranwala
  • 3.
    The art ofwar teaches us to rely not on the likelihood of the enemy's not coming, but on our own readiness to receive him; not on the chance of his not attacking, but rather on the fact that we have made our position unassailable. PU Gujranwala —The Art of War, Sun Tzu
  • 4.
    Information Security What isInformation Security…? PU Gujranwala
  • 5.
    Information Security  InformationSecurity is the name given to the preventive steps we take to guard our Information and Information System.  Measures adopted to prevent the unauthorized access, misuse, modification, disclosure or destruction. PU Gujranwala
  • 6.
    Critical Characteristics of InformationSecurity  Confidentiality  Integrity  Availability PU Gujranwala
  • 7.
    Confidentiality  Confidentiality isthe property of preventing disclosure of information to unauthorized individuals or systems.  Information is available only to people with rightful access.  Ensuring that only those with the rights and privileges to access a particular set of information are able to do so. Methods: Data Encryption User IDs and Passwords PU Gujranwala
  • 8.
    Integrity  Information canonly be changed by authorized personnel.  The quality or state of being whole, complete and uncorrupted is the integrity of information.  Integrity can be violated by a virus or a user.  Integrity check can be done through:  File size  Checksums for verification of data integrity  File hashing PU Gujranwala
  • 9.
    Availability  Enables userswho need to access information to do so without interference or obstruction and receive it in required format.  The information is available only to the authorized users all the time.  Backups and Recovery  RAID  Alternate Links PU Gujranwala
  • 10.
    Authenticity  Authenticity ofinformation is the quality or state of being genuine or original, rather than a reproduction or fabrication. PU Gujranwala
  • 11.
    Privacy  Privacy-means differentthings to different people, is the right to be left alone and right to be free of unreasonable personal instructions.  Information privacy – The right to determine when and up to what extent information about oneself can be shared with others  Organizational privacy – Governments agencies, corporations, and other organizations may desire to keep their activities or secrets from being revealed to other organizations or individuals. PU Gujranwala
  • 12.
    Components of anInformation System  Software  Hardware  Data  People  Procedures PU Gujranwala
  • 13.
    Software  Bugs, Weaknessesand Holes.  An error or defect in software or hardware that causes a program to malfunction  Security Hole (something you need to fix now)  Security Warning ( something you need to fix soon)  Security Note (something you need to fix when you get around to it, or just some information that you should consider)  Patches and Service Packs.  A patch is a piece of software designed to fix problems or update a computer program and its supporting data. This includes fixing security vulnerabilities and other bugs.  A service pack (in short SP) is a collection of updates, fixes and/or enhancements to a software program delivered in the form of a single installable package. PU Gujranwala
  • 14.
    Hardware  It Housesand Executes a software.  Stores and carries the data.  Provides Interfaces for the entry and removal of information from the system.  Physical security policies deal with the H/W. PU Gujranwala
  • 15.
    Data  The mostimportant and valuable thing for any organization.  Main object of intentional attacks.  Must be protected from unauthorized access. PU Gujranwala
  • 16.
    People  All thatinteract with the System.  Main threat to information security. PU Gujranwala
  • 17.
    Procedures  Procedures arewritten instructions for accomplishing a specific task.  Mechanism adopted to achieve an objective. PU Gujranwala
  • 18.
    What is NetworkSecurity?  Network Security is the protection of networking components, connections and contents.  Effort to create a secure computing platform, so users or programs cannot perform actions that they are not allowed to do. PU Gujranwala
  • 19.
    Network Security asa Continuous Process  Network security is a continuous process built around a security policy.  Step 1: Secure  Step 2: Monitor  Step 3: Test  Step 4: Improve PU Gujranwala
  • 20.
    Step 1: Securethe Network  Implement security solutions to prevent unauthorized access and to protect information.  Authentication  Encryption  Firewalls  Vulnerability Patching PU Gujranwala
  • 21.
    Step 2: MonitorSecurity  Detects violations to the security policy  Involves system auditing and real-time intrusion detection  Validates the security implementation in Step 1 PU Gujranwala
  • 22.
    Step 3: TestSecurity  Validates effectiveness of the security policy through system auditing and network scanning  Whether the system fulfills the security requirements or not. PU Gujranwala
  • 23.
    Step 4: ImproveSecurity  Use information from the monitor and test phases to make improvements to the security implementation.  Adjust the security policy as security holes and risks are identified. PU Gujranwala
  • 24.
    Terms related toSecurity  Assets  Threats  Attack  Vulnerability  Risk Analysis  Countermeasures  Hacking PU Gujranwala
  • 25.
    Asset  An assetis the organizational resource that is being protected.  It can be logical like website, information, data.  It can be physical like computer system or other tangible object. PU Gujranwala
  • 26.
     Threat  Aperson, thing, event or idea which poses some danger to an asset (in terms of confidentiality, integrity, availability or legitimate use).  A possible means by which a security policy may be breached.  An attack  An assault against a computer system or network as a result of deliberate, intelligent action; for example, denial of service attacks, penetration and sabotage.  It is a realization of a threat. Threats and Attack PU Gujranwala
  • 27.
     Vulnerability  Aweakness in the system that can be exploited to cause loss or harm  In computer security, the word vulnerability refers to a weakness in a system allowing an attacker to violate the confidentiality, integrity, availability ,access control, consistency or audit mechanisms of the system or the data and applications it hosts  Control, Countermeasure, safeguard  An action, device, procedure or technique that removes or reduces a vulnerability. PU Gujranwala Vulnerability and Countermeasure
  • 28.
    Risk = Threat+ Vulnerability  Threats without vulnerabilities pose no risk.  Likewise, vulnerabilities without threats pose no risk.  Risk is the probability that something can happen.  Risk analysis can be quantitative or qualitative. PU Gujranwala
  • 29.
    Cont…  Risk canbe qualitatively defined in three levels:  Low- Action to remove the vulnerability should be taken if possible  Medium- Action to remove the vulnerability is advisable  High- Action should be taken immediately to remove this vulnerability PU Gujranwala
  • 30.
    Hacking  Can bedefined positively and negatively:  To write computer programs for enjoyment.  To gain access to a computer illegally.  A person who writes programs in assembly language or in system- level languages, such as C. The term often refers to any programmer, but its true meaning is someone with a strong technical background who is "hacking away" at the bits and bytes.  During the 1990s, the term "hacker" became synonymous with "cracker," which is a person who performs some form of computer sabotage. The association is understandable. In order to be an effective cracker, you had to be a good hacker, thus the terms got intertwined, and hacker won out in the popular press. PU Gujranwala
  • 31.
    Summary What we havestudied:  What is Information Security?  What is Network Security?  Assets, Threats and Countermeasures. PU Gujranwala

Editor's Notes

  • #4 Twenty-Five Hundred years ago, Sun Tzu wrote this classic book of military strategy based on Chinese warfare and military thought. Since that time, all levels of military have used the teaching on Sun Tzu to warfare and civilization have adapted these teachings for use in politics, business and everyday life. The Art of War is a book which should be used to gain advantage of opponents in the boardroom and battlefield alike.