KT
Uploaded byKamana Tripathi
PPTX, PDF78 views

Ethical hacking-Introduction to information security.

The document provides an overview of key concepts in information security, including definitions of terms such as information security, asset, access control, and the CIA triad (confidentiality, integrity, availability). It discusses the relationships between risks, threats, vulnerabilities, and types of attacks, as well as the importance of authentication and authorization. Additionally, the document highlights the trade-offs between security, functionality, and ease of use in designing secure systems.

Embed presentation

Download to read offline
ETHICAL HACKING
INFORMATION SECURITY: ATTACKS AND VULNERABILITIES Introduction to information security
TERMINOLOGIES: • Information security – The state of being protected against the unauthorized use of information, especially electronic data, or the measures taken to achieve this. • Asset – 1. An asset is any item of economic value owned by an individual or corporation. 2. Assets can be real—such as routers, servers, hard drives, and laptops—or assets can be virtual, such as formulas, databases and spreadsheets. • Access Control- 1. Access control (AC) is the selective restriction of access to a place or resource. 2. The act of accessing may mean consuming, entering, or using. 3. Permission to access a resource is called authorization.
• CIA : • Confidentiality- Confidentiality addresses the secrecy and privacy of information. • Integrity- 1. Integrity provides for the correctness of information. It allows users of information to have confidence in its correctness. 2. Integrity must be protected in two modes: storage and transit. • Availability- 1. Availability simply means that when a legitimate user needs the information, it should be available. 2. Denial of service (DoS) is an attack against availability.
• Authentication- 1. The process of identifying an individual, usually based on a username and password. 2. Authentication merely ensures that the individual is who he or she claims to be but says nothing about the access rights of the individual. • Authorization- Authorization is the function of specifying access rights/privileges to resources. • Risk- Risk is the probability or likelihood of the occurrence or realization of a threat.
• Threat- 1. A threat sets the stage for risk and is any agent, condition, or circumstance that could potentially cause harm, loss, or damage. 2. Threats can result in destruction, disclosure, modification, corruption of data, or denial of service. • Vulnerability- 1. A vulnerability is a weakness in the system design, implementation, software, or code, or the lack of a mechanism. 2. If the organization is vulnerable to any of these threats, there is an increased risk of successful attack. • Attack- An attack is an action that is done on a system to get its access and extract sensitive data.
• Attack Surface- 1. The attack surface of a software environment is the sum of the different points where an unauthorized user (the "attacker") can try to enter data to or extract data from an environment. 2. Keeping the attack surface as small as possible is a basic security measure. • Malware- Malware is any software intentionally designed to cause damage to a computer, server or Computer network. • Risk Assessment- A risk assessment is a process to identify potential security hazards and evaluate what would happen if a hazard or unwanted event were to occur.
• Security-Functionality-Ease of Use Triangle- 1. There is an inter dependency between these three attributes. 2. When security goes up, usability and functionality come down. 3. Any organization should balance between these three qualities to arrive at a balanced information system. 4. The relationship between the concepts of security, functionality and ease of use. 5. The use of a triangle is because an increase or decrease in any one of the factors will have an impact on the presence of the other two. Functionality Easy to use Security

More Related Content

PPTX
Computer Security
byAkNirojan
 
PDF
S.Karthika,II-M.sc(Computer Science),Bon Secours college for women,thanjavur
byvkarthi314
 
PPTX
Computer security concepts
byPrachi Gulihar
 
PPTX
Application of security computer
byibrahimzubairu2003
 
PPTX
Securing information system (Management Information System)
byMasudur Rahman
 
PPTX
06. security concept
byMuhammad Ahad
 
PPTX
Software Security
byAkNirojan
 
PPT
22 need-for-security
byAl Balqa Applied University
 
Computer Security
byAkNirojan
 
S.Karthika,II-M.sc(Computer Science),Bon Secours college for women,thanjavur
byvkarthi314
 
Computer security concepts
byPrachi Gulihar
 
Application of security computer
byibrahimzubairu2003
 
Securing information system (Management Information System)
byMasudur Rahman
 
06. security concept
byMuhammad Ahad
 
Software Security
byAkNirojan
 
22 need-for-security
byAl Balqa Applied University
 

What's hot

PDF
BAIT1103 Chapter 1
bylimsh
 
PPTX
Information and network security 5 security attacks mechanisms and services
byVaibhav Khanna
 
PPT
Lesson 2
byMLG College of Learning, Inc
 
PPTX
Data security
bySoumen Mondal
 
PPT
Information Assurance And Security - Chapter 2 - Lesson 2
byMLG College of Learning, Inc
 
PPTX
Information and network security 2 nist security definition
byVaibhav Khanna
 
PPTX
Date security introduction
byLeo Mark Villar
 
PPTX
Information and network security 3 security challenges
byVaibhav Khanna
 
PPT
Network Security
bySayantan Sur
 
PPTX
Security and control in Management Information System
bySatya P. Joshi
 
PPTX
Cyber crimes
byDr. B T Sampath Kumar
 
PPTX
Information and network security 4 osi architecture
byVaibhav Khanna
 
PPTX
Data Security
byAkNirojan
 
PPTX
Information and network security 1 introduction
byVaibhav Khanna
 
PPTX
Security & Privacy - Lecture A
byCMDLearning
 
PPT
Isys20261 lecture 02
byWiliam Ferraciolli
 
PPTX
Computer security
byabdulrehman1673
 
PPTX
Information and network security 6 security attacks
byVaibhav Khanna
 
PPTX
Lec1 ict
byAtta Khalil
 
PDF
BAIT1103 Course Overview
bylimsh
 
BAIT1103 Chapter 1
bylimsh
 
Information and network security 5 security attacks mechanisms and services
byVaibhav Khanna
 
Lesson 2
byMLG College of Learning, Inc
 
Data security
bySoumen Mondal
 
Information Assurance And Security - Chapter 2 - Lesson 2
byMLG College of Learning, Inc
 
Information and network security 2 nist security definition
byVaibhav Khanna
 
Date security introduction
byLeo Mark Villar
 
Information and network security 3 security challenges
byVaibhav Khanna
 
Network Security
bySayantan Sur
 
Security and control in Management Information System
bySatya P. Joshi
 
Cyber crimes
byDr. B T Sampath Kumar
 
Information and network security 4 osi architecture
byVaibhav Khanna
 
Data Security
byAkNirojan
 
Information and network security 1 introduction
byVaibhav Khanna
 
Security & Privacy - Lecture A
byCMDLearning
 
Isys20261 lecture 02
byWiliam Ferraciolli
 
Computer security
byabdulrehman1673
 
Information and network security 6 security attacks
byVaibhav Khanna
 
Lec1 ict
byAtta Khalil
 
BAIT1103 Course Overview
bylimsh
 

Similar to Ethical hacking-Introduction to information security.

PDF
Unit 1&2.pdf
byNdheh
 
PPTX
Information Security Lecture One for Basic
byhassankhan978073
 
PPT
Lecture 01- What is Information Security.ppt
byshahadd2021
 
PPTX
security system by desu star chapter 1.pptx
bydesalewminale
 
PPTX
IS Chap 1 by whitman chapter 1 pptx.pptx
bysania82678
 
PPT
Information Security
byDhilsath Fathima
 
PPT
Information security
byrazendar79
 
PPTX
Information Security introduction and management.pptx
bydaudevarist18
 
PDF
information security introduction for campus students.pdf
byhailegebrielgeta6
 
PPTX
c plus plus ssssssssssssssssssssssssssss
byASKMEDIA
 
PPTX
Chapter 1_Overview hhhhhhhhhhhhhhhhhhhhhhhhhh
byASKMEDIA
 
PPT
Introduction To Ethical Hacking
bychakrekevin
 
PPTX
Introduction to Ethical Hacking
byKevin Chakre
 
PPTX
ITT408_Unit#1_InformationSecurity_Fundamentals_STUDENTS.pptx
bysrizvi9
 
PPT
Lecture2-3-CIAin Cyber security with details.ppt
byMuhammadSaleemKhan26
 
PDF
Course Information Security Lecture 1.pdf
bySamahAdel16
 
PPTX
Information security FundameFundamentals.pptx
byatuexaminations
 
PPTX
Information Security
byAlok Katiyar
 
PDF
Describe two methods for communicating the material in an Informatio.pdf
byarchgeetsenterprises
 
PPT
InfoSecConcepts.ppt
byMobileAntitheft
 
Unit 1&2.pdf
byNdheh
 
Information Security Lecture One for Basic
byhassankhan978073
 
Lecture 01- What is Information Security.ppt
byshahadd2021
 
security system by desu star chapter 1.pptx
bydesalewminale
 
IS Chap 1 by whitman chapter 1 pptx.pptx
bysania82678
 
Information Security
byDhilsath Fathima
 
Information security
byrazendar79
 
Information Security introduction and management.pptx
bydaudevarist18
 
information security introduction for campus students.pdf
byhailegebrielgeta6
 
c plus plus ssssssssssssssssssssssssssss
byASKMEDIA
 
Chapter 1_Overview hhhhhhhhhhhhhhhhhhhhhhhhhh
byASKMEDIA
 
Introduction To Ethical Hacking
bychakrekevin
 
Introduction to Ethical Hacking
byKevin Chakre
 
ITT408_Unit#1_InformationSecurity_Fundamentals_STUDENTS.pptx
bysrizvi9
 
Lecture2-3-CIAin Cyber security with details.ppt
byMuhammadSaleemKhan26
 
Course Information Security Lecture 1.pdf
bySamahAdel16
 
Information security FundameFundamentals.pptx
byatuexaminations
 
Information Security
byAlok Katiyar
 
Describe two methods for communicating the material in an Informatio.pdf
byarchgeetsenterprises
 
InfoSecConcepts.ppt
byMobileAntitheft
 

Recently uploaded

PDF
Workshop on Sustaining & Growing Open Source Communities - GAS2025
bySammy Fung
 
PDF
Security Forum Sessions from Houston 2025 Event
byMark Simos
 
PPTX
communication-skills-with-technology tools
byJaleto Sunkemo
 
PDF
Day 5 - Red Team + Blue Team in the Cloud - 2nd Sight Lab Cloud Security Class
by2nd Sight Lab
 
PDF
Day 3 - Data and Application Security - 2nd Sight Lab Cloud Security Class
by2nd Sight Lab
 
PDF
What Is a Private LLM and Why Enterprises Need It
byAivada
 
PPTX
Coded Agents – with UiPath SDK + LangGraph [Virtual Hands-on Workshop]
byUiPathCommunity
 
PDF
Fundamentals and Frontiers of Post Quantum Cryptography
byGokul Alex
 
PDF
CompTIA Cybersecurity Analyst (CySA+) CS0-003: Unit 5
byVICTOR MAESTRE RAMIREZ
 
PDF
Data Virtualization in Action: Scaling APIs and Apps with FME
bySafe Software
 
PPTX
Building Agents in Microsoft Agent Framework.pptx
byUdaiappa Ramachandran
 
PDF
Cross-Cultural Agile Development -Challenges and Strategies for Overcoming Them-
byTakashi Makino
 
PPTX
MGw_MRS Benfits seu beficios de redes 4g
byJoaquimBarros18
 
PDF
DevFest El Jadida 2025 - Product Thinking
byElmehdi AMLOU
 
PDF
Exam Prep Plan Overview: Amazon Web Services (AWS) Certified
byVICTOR MAESTRE RAMIREZ
 
PPTX
Gemini vs ChatGPT : Comparing Top AI Models
byDigicarrom
 
PPTX
Top _HR Technology Trends _for 2026_.pptx
byAutomationEdge Technologies
 
PDF
Six Shifts For 2026 (And The Next Six Years)
byDavid Armano
 
PPTX
Software Analysis &Design ethiopia chap-2.pptx
byAbbas484771
 
PPTX
wob-report.pptxwob-report.pptxwob-report.pptx
byssuser0d171c
 
Workshop on Sustaining & Growing Open Source Communities - GAS2025
bySammy Fung
 
Security Forum Sessions from Houston 2025 Event
byMark Simos
 
communication-skills-with-technology tools
byJaleto Sunkemo
 
Day 5 - Red Team + Blue Team in the Cloud - 2nd Sight Lab Cloud Security Class
by2nd Sight Lab
 
Day 3 - Data and Application Security - 2nd Sight Lab Cloud Security Class
by2nd Sight Lab
 
What Is a Private LLM and Why Enterprises Need It
byAivada
 
Coded Agents – with UiPath SDK + LangGraph [Virtual Hands-on Workshop]
byUiPathCommunity
 
Fundamentals and Frontiers of Post Quantum Cryptography
byGokul Alex
 
CompTIA Cybersecurity Analyst (CySA+) CS0-003: Unit 5
byVICTOR MAESTRE RAMIREZ
 
Data Virtualization in Action: Scaling APIs and Apps with FME
bySafe Software
 
Building Agents in Microsoft Agent Framework.pptx
byUdaiappa Ramachandran
 
Cross-Cultural Agile Development -Challenges and Strategies for Overcoming Them-
byTakashi Makino
 
MGw_MRS Benfits seu beficios de redes 4g
byJoaquimBarros18
 
DevFest El Jadida 2025 - Product Thinking
byElmehdi AMLOU
 
Exam Prep Plan Overview: Amazon Web Services (AWS) Certified
byVICTOR MAESTRE RAMIREZ
 
Gemini vs ChatGPT : Comparing Top AI Models
byDigicarrom
 
Top _HR Technology Trends _for 2026_.pptx
byAutomationEdge Technologies
 
Six Shifts For 2026 (And The Next Six Years)
byDavid Armano
 
Software Analysis &Design ethiopia chap-2.pptx
byAbbas484771
 
wob-report.pptxwob-report.pptxwob-report.pptx
byssuser0d171c
 

Ethical hacking-Introduction to information security.

  • 1.
  • 2.
    INFORMATION SECURITY: ATTACKS ANDVULNERABILITIES Introduction to information security
  • 3.
    TERMINOLOGIES: • Information security– The state of being protected against the unauthorized use of information, especially electronic data, or the measures taken to achieve this. • Asset – 1. An asset is any item of economic value owned by an individual or corporation. 2. Assets can be real—such as routers, servers, hard drives, and laptops—or assets can be virtual, such as formulas, databases and spreadsheets. • Access Control- 1. Access control (AC) is the selective restriction of access to a place or resource. 2. The act of accessing may mean consuming, entering, or using. 3. Permission to access a resource is called authorization.
  • 4.
    • CIA : •Confidentiality- Confidentiality addresses the secrecy and privacy of information. • Integrity- 1. Integrity provides for the correctness of information. It allows users of information to have confidence in its correctness. 2. Integrity must be protected in two modes: storage and transit. • Availability- 1. Availability simply means that when a legitimate user needs the information, it should be available. 2. Denial of service (DoS) is an attack against availability.
  • 5.
    • Authentication- 1. Theprocess of identifying an individual, usually based on a username and password. 2. Authentication merely ensures that the individual is who he or she claims to be but says nothing about the access rights of the individual. • Authorization- Authorization is the function of specifying access rights/privileges to resources. • Risk- Risk is the probability or likelihood of the occurrence or realization of a threat.
  • 6.
    • Threat- 1. Athreat sets the stage for risk and is any agent, condition, or circumstance that could potentially cause harm, loss, or damage. 2. Threats can result in destruction, disclosure, modification, corruption of data, or denial of service. • Vulnerability- 1. A vulnerability is a weakness in the system design, implementation, software, or code, or the lack of a mechanism. 2. If the organization is vulnerable to any of these threats, there is an increased risk of successful attack. • Attack- An attack is an action that is done on a system to get its access and extract sensitive data.
  • 7.
    • Attack Surface- 1.The attack surface of a software environment is the sum of the different points where an unauthorized user (the "attacker") can try to enter data to or extract data from an environment. 2. Keeping the attack surface as small as possible is a basic security measure. • Malware- Malware is any software intentionally designed to cause damage to a computer, server or Computer network. • Risk Assessment- A risk assessment is a process to identify potential security hazards and evaluate what would happen if a hazard or unwanted event were to occur.
  • 8.
    • Security-Functionality-Ease ofUse Triangle- 1. There is an inter dependency between these three attributes. 2. When security goes up, usability and functionality come down. 3. Any organization should balance between these three qualities to arrive at a balanced information system. 4. The relationship between the concepts of security, functionality and ease of use. 5. The use of a triangle is because an increase or decrease in any one of the factors will have an impact on the presence of the other two. Functionality Easy to use Security