The document discusses the evolution of information security, highlighting the shift from physical and administrative measures to automated tools with the advent of computers. It emphasizes the importance of the CIA triad—confidentiality, integrity, and availability—as fundamental objectives in computer security, along with additional concepts like authenticity and accountability. A comprehensive understanding of these security principles is vital for protecting data in today’s interconnected systems.

1. Information and Network Security: 2
NIST Computer Security Definition
Prof Neeraj Bhargava
Vaibhav Khanna
Department of Computer Science
School of Engineering and Systems Sciences
Maharshi Dayanand Saraswati University Ajmer

2. Key Security concepts
• We must understand the strength of the
algorithms we use in order to have a suitable
level of security.
• The combination of space, time, and strength that
must be considered as the basic elements of theory of
defense.
• This makes it a fairly complicated matter.
• Consequently, it is not easy to find a fixed point of
departure..
— On War, Carl Von Clausewitz

3. Information Security
• The requirements of information security within an organization have
undergone two major changes in the last several decades.
• Before the widespread use of data processing equipment, the security of
information felt to be valuable to an organization was provided primarily by
physical and administrative means.
• An example of the former is the use of rugged filing cabinets with a combination
lock for storing sensitive documents.
• An example of the latter is personnel screening procedures used during the hiring
process.

4. Computer security.
• With the introduction of the computer, the need for automated tools for protecting
files and other information stored on the computer became evident.
• This is especially the case for a shared system, such as a time-sharing system,
and the need is even more acute for systems that can be accessed over a public
telephone network, data network, or the Internet.
• The generic name for the collection of tools designed to protect data and to
thwart hackers is computer security.

5. Network security / Internet security
• The second major change that affected security is the introduction of distributed systems
and the use of networks and communications facilities for carrying data between terminal
user and computer and between computer and computer.
• Network security measures are needed to protect data during their transmission.
• In fact, the term network security is somewhat misleading, because virtually all
business, government, and academic organizations interconnect their data processing
equipment with a collection of interconnected networks.
• Such a collection is often referred to as an internet, and the term internet security is
used.

6. NIST Computer Security Definition
• The protection afforded to an automated information
system in order to attain the applicable objectives of
preserving the integrity, availability and
confidentiality of information system resources
(includes hardware, software, firmware, information /
data, and tele communications)
• This definition introduces three key objectives
that are at the heart of computer security as we
see on the next slide.

7. Key Security Concepts

8. CIA triad
• These three concepts form what is often referred to as the CIA
triad
• The three concepts embody the fundamental security objectives
for both data and for information and computing services.
• • Confidentiality (covers both data confidentiality and privacy):
preserving authorized restrictions on information access and
disclosure, including means for protecting personal privacy and
proprietary information. A loss of confidentiality is the
unauthorized disclosure of information.

9. CIA triad
• • Integrity (covers both data and system integrity): Guarding
against improper information modification or destruction, and
includes ensuring information non-repudiation and authenticity.
A loss of integrity is the unauthorized modification or destruction
of information.
• • Availability: Ensuring timely and reliable access to and use of
information. A loss of availability is the disruption of access to or
use of information or an information system.

10. Beyond CIA triad
• Although the use of the CIA triad to define security objectives is
well established, some in the security field feel that additional
concepts are needed to present a complete picture. Two of the
most commonly mentioned are:
• • Authenticity: The property of being genuine and being able to
be verified and trusted; confidence in the validity of a
transmission, a message, or message originator.
• • Accountability: The security goal that generates the
requirement for actions of an entity to be traced uniquely to that
entity.

11. Assignment
• Discuss the NIST Computer Security Definition and Elaborate CIA
triad