Uploaded byPrabinPathak5
PPTX, PDF19 views

INTERNETSECURITY with the different threats

The document outlines the essentials of computer security, emphasizing its role in protecting systems and data from unauthorized access and cyber threats. It details types of security mechanisms, including information and application security, along with various cyber threats like malware, phishing, and denial of service attacks. Additionally, the document covers concepts of confidentiality, integrity, authentication, and security policies critical for safeguarding digital environments.

Embed presentation

Download to read offline
INTERNET SECURITY
Computer Security 1) Computer security basically is the protection of computer systems and information from harm, theft, and unauthorized use. It is the process of preventing and detecting unauthorized use of your computer system. 2) Computer security ensures that a business’s data and computer systems are safe from breaches and unauthorized access. 3) Computer security protects individuals and organizations against cyber threats and the loss of important data.
Computer security types Information security is securing information from unauthorized access, modification & deletion Application Security is securing an application by building security features to prevent from Cyber Threats such as SQL injection, DoS attacks, data breaches and etc. Computer Security means securing a standalone machine by keeping it updated and patched Network Security is by securing both the software and hardware technologies Cybersecurity is defined as protecting computer systems, which communicate over the computer networks.
Security Threat and Security attack A threat is malicious act, that has the potential to damage the system or asset while an attack is an intentional act that causes damage to a system or asset. Security Threats  Malware: Malicious software like viruses, worms, Trojans, and ransomware.  Phishing: Attempts to trick individuals into revealing sensitive information such as passwords or credit card numbers.  A Distributed Denial of Service (DDoS) attack is a malicious attempt to disrupt the normal functioning of a targeted server, service, or network by overwhelming it with a flood of internet traffic. DDoS attack uses multiple sources, often compromised computers or devices (botnets), to launch coordinated attacks simultaneously.  Physical Threats: Theft, vandalism, or destruction of hardware, data, or facilities.
Security attack •Brute Force Attacks: Attempting to guess passwords or encryption keys through exhaustive trial and error. •Man-in-the-Middle (MitM) Attacks: Intercepting communication between two parties to eavesdrop or modify the data. •SQL Injection: Exploiting vulnerabilities in web applications to execute arbitrary SQL commands on a database. •Cross-Site Scripting (XSS): Injecting malicious scripts into web pages viewed by other users. •Data Breaches: Unauthorized access to sensitive data, often resulting in its theft, disclosure, or modification. •A Zero-Day Attack refers to a cyber attack that exploits a previously unknown vulnerability or weakness in software or hardware. In other words, the attack occurs on the same day the vulnerability is discovered or made public.
Malicious software Malicious Software refers to any malicious program that causes harm to a computer system or network. Malicious Malware Software attacks a computer or network in the form of viruses, worms, trojans, spyware, adware or rootkits. Computer Virus A computer virus is a malicious software which self-replicates and attaches itself to other files/programs. It is capable of executing secretly when the host program/file is activated. The different types of Computer virus are Memory-Resident Virus, Program File Virus, Boot Sector Virus, Stealth Virus, Macro Virus, and Email Virus.
Continue.. Worms A worm is a malicious software which similar to that of a computer virus is a self-replicating program, however, in the case of worms, it automatically executes itself. Worms spread over a network and are capable of launching a cumbersome and destructive attack within a short period. Trojan Horses Unlike a computer virus or a worm – the trojan horse is a non-replicating program that appears legitimate. After gaining the trust, it secretly performs malicious and illicit activities when executed. Hackers make use of trojan horses to steal a user’s password information, destroy data or programs on the hard disk. It is hard to detect!
Security services Confidentiality: Definition: Confidentiality ensures that sensitive information is only accessible to authorized individuals, systems, or processes. Objective: The goal is to prevent unauthorized disclosure of data to unauthorized entities. Examples: Encryption, access controls, data classification, and data masking are common techniques used to enforce confidentiality. Integrity: Definition: Integrity ensures that data remains accurate, consistent, and unaltered during storage, transmission, and processing. Objective: The goal is to prevent unauthorized modification, deletion, or corruption of data by ensuring that it remains trustworthy and reliable. Examples: Hash functions, digital signatures, checksums, and file integrity monitoring are used to detect and prevent unauthorized changes to data.
Continue.. Authentication: Definition: Authentication verifies the identity of users, systems, or entities attempting to access resources or services. Objective: The goal is to ensure that users are who they claim to be and that only authorized entities can access sensitive resources or perform specific actions. Examples: Passwords, biometrics, digital certificates, multi-factor authentication (MFA), and security tokens are used to authenticate users and devices. Non-Repudiation: Definition: Non-repudiation ensures that individuals or entities cannot deny their actions or transactions after they have occurred. Objective: The goal is to provide evidence that a particular action, such as sending a message or conducting a transaction, was performed by a specific entity and cannot be repudiated. Examples: Digital signatures, audit logs, transaction logs are used to provide evidence of authenticity and accountability.
Security mechanism concepts One of the most specific security mechanisms in use is cryptographic techniques. Encryption or encryption-like transformations of information are the most common means of providing security. Some of the mechanisms are: 1) Encipherment: 2) Digital Signature: 3) Access Control:
Encipherment Encipherment, also known as encryption  Is the process of converting plaintext data into ciphertext using cryptographic algorithms and keys. Examples: Common encryption algorithms include Advanced Encryption Standard (AES), Rivest Cipher (RC), and Data Encryption Standard (DES). The primary goal of encipherment is to protect the confidentiality of sensitive information by preventing unauthorized access or interception.
Digital signature A digital signature is a cryptographic technique used to validate the authenticity, integrity, and non-repudiation of digital messages, documents, or transactions. How do you create a digital signature? To create a digital signature, signing software -- such as an email program -- is used to provide a one-way hash of the electronic data to be signed. A hash is a fixed-length string of letters and numbers generated by an algorithm. The digital signature creator's private key is used to encrypt the hash. The encrypted hash -- along with other information, such as the hashing algorithm -- is the digital signature.
Continue.. The reason for encrypting the hash instead of the entire message or document is because a hash function can convert an arbitrary input into a fixed-length value, which is usually much shorter. This saves time, as hashing is much faster than signing. The value of a hash is unique to the hashed data. Any change in the data -- even a modification to a single character -- results in a different value. This attribute enables others to use the signer's public key to decrypt the hash to validate the integrity of the data.
Continue.. If the decrypted hash matches a second computed hash of the same data, it proves that the data hasn't changed since it was signed. But, if the two hashes don't match, the data has either been tampered with in some way and is compromised or the signature was created with a private key that doesn't correspond to the public key presented by the signer. This signals an issue with authentication.
Access control Access control is a fundamental component of data security that dictates who's allowed to access and use company information and resources. Through authentication and authorization, access control policies make sure users are who they say they are and that they have appropriate access to company data.
Cryptography Cryptography is the practice of developing and using coded algorithms to protect and obscure transmitted information so that it may only be read by those with the permission and ability to decrypt it.
Continue.. Digital signatures: Cryptography enables the creation and verification of digital signatures, providing a way to authenticate the origin and integrity of digital documents or transactions. Secure payment transactions: Cryptography secures financial transactions by encrypting sensitive payment information, protecting it from unauthorized access or fraud. Blockchain technology: Cryptography underpins blockchain technology, ensuring the immutability and integrity of distributed ledger systems, crucial for applications like cryptocurrencies and smart contracts. Password hashing: Cryptography is used to securely hash and store passwords, protecting user credentials from being compromised in the event of a data breach.
firewall A firewall is a network security device that monitors incoming and outgoing network traffic and decides whether to allow or block specific traffic based on a defined set of security rules.
User Authentication and Authorization Authentication is any procedure by which it can test that someone is who they claim they are. This generally contains a username and a password, but can involve some other method of demonstrating identity, including a smart card, retina scan, voice recognition, or fingerprints. Authentication is similar to displaying the drivers license at the ticket counter at the airport. Authorization is discovering out if the person, once recognized, is allowed to have the resource. This is generally decided by discovering out if that person is a part of a specific group, if that person has paid admission, or has a specific level of security clearance. Authorization is same to checking the guest record at an exclusive party, or checking for the ticket when it can go to the opera.
Intrusion Detection System An intrusion detection system (IDS) is a network security tool that monitors network traffic and devices for known malicious activity, suspicious activity or security policy violations. IDS Detection Types Network intrusion detection systems (NIDS): A system that analyzes incoming network traffic. Host-based intrusion detection systems (HIDS): A system that monitors important operating system files.
Security awareness and policy Security awareness involves educating individuals about potential cybersecurity threats, best practices for protecting personal and organizational data, and fostering a culture of vigilance and responsibility towards maintaining security in digital environments. A security policy is a set of rules, guidelines, and procedures established by an organization to ensure the confidentiality, integrity, and availability of its information assets, outlining the framework for managing security risks and defining responsibilities for personnel.
Formulate security policy. Define objectives Identify assets Risk assessment Legal and regulatory compliance Roles and responsibilities Access control Data protection
Continue.. Security awareness training Incident response plan Physical security measures Compliance monitoring Policy review and updates Enforcement and consequences Documentation and version control Communication and training

More Related Content

PPTX
Computer Security. The increasing need of todays era
bypoudelpranjol5
 
PPTX
Uehevdhdisbejdbeisbeidbeisbdiebdiebdid dod d
bymawais1oooooo
 
PDF
Information Security Imp +Past Paper.pdf
byag3777499
 
PPTX
Cryptography and network Security--MOD-1.pptx
byMrsPrajnaUR
 
PPT
Data+security+sp10
byismaelhaider
 
PDF
E Commerce security
byMayank Kashyap
 
PPTX
Ecommerce_Ch4.pptx
byAYNETUTEREFE1
 
PDF
Basics of Data Security and Cryptographic techniques
byJay Sahoo
 
Computer Security. The increasing need of todays era
bypoudelpranjol5
 
Uehevdhdisbejdbeisbeidbeisbdiebdiebdid dod d
bymawais1oooooo
 
Information Security Imp +Past Paper.pdf
byag3777499
 
Cryptography and network Security--MOD-1.pptx
byMrsPrajnaUR
 
Data+security+sp10
byismaelhaider
 
E Commerce security
byMayank Kashyap
 
Ecommerce_Ch4.pptx
byAYNETUTEREFE1
 
Basics of Data Security and Cryptographic techniques
byJay Sahoo
 

Similar to INTERNETSECURITY with the different threats

PPTX
ITM-UNIT 5 ppt on Information Technology
byJyStwz
 
PPTX
LOOK what my teacher made me do (defn hardwork!)
byshrishaa khatri (sapkota)
 
PPTX
Information Security Bachelor in Information technology unit 1
byssuserf35ac9
 
PPTX
Communication security
bySotheavy Nhoung
 
PPTX
Chapter 1 information assurance and security
bygaredew32
 
PPTX
Security issues in e business
byRahul Kumar
 
PPTX
CRYPTOGRAPHY AND NETWORK SECURITY ppt by me.pptx
byNune SrinivasRao
 
PDF
cryptograph and computer security lecture 1.pdf
byAWELHAJI2
 
PPTX
Lecture 6 Cybersecurity-Basics and .pptx
byakatsesena2003
 
PPTX
Computer , Internet and physical security.
byAnkur Kumar
 
PPTX
Lecture one Network Security Introduction.pptx
byAreebaSaeed18
 
PPTX
informations_security_presentations.pptx
byFAKHARZAMANPROUD
 
PPT
Computer Securityyyyyyyy - Chapter 1.ppt
bySolomonSB
 
PDF
information security introduction for campus students.pdf
byhailegebrielgeta6
 
PPT
ch1-1.ppt
byNayyabMirTahir
 
PPTX
Foundation of the information securiety
byALIZAIB KHAN
 
PPTX
Lecture 1 Introduction to Computer Security.pptx
byfarhanghafoor5
 
PPTX
Information Systems.pptx
byKnownId
 
PPTX
Mis jaiswal-chapter-11
byAmit Fogla
 
PPTX
6 security
byvalency paul
 
ITM-UNIT 5 ppt on Information Technology
byJyStwz
 
LOOK what my teacher made me do (defn hardwork!)
byshrishaa khatri (sapkota)
 
Information Security Bachelor in Information technology unit 1
byssuserf35ac9
 
Communication security
bySotheavy Nhoung
 
Chapter 1 information assurance and security
bygaredew32
 
Security issues in e business
byRahul Kumar
 
CRYPTOGRAPHY AND NETWORK SECURITY ppt by me.pptx
byNune SrinivasRao
 
cryptograph and computer security lecture 1.pdf
byAWELHAJI2
 
Lecture 6 Cybersecurity-Basics and .pptx
byakatsesena2003
 
Computer , Internet and physical security.
byAnkur Kumar
 
Lecture one Network Security Introduction.pptx
byAreebaSaeed18
 
informations_security_presentations.pptx
byFAKHARZAMANPROUD
 
Computer Securityyyyyyyy - Chapter 1.ppt
bySolomonSB
 
information security introduction for campus students.pdf
byhailegebrielgeta6
 
ch1-1.ppt
byNayyabMirTahir
 
Foundation of the information securiety
byALIZAIB KHAN
 
Lecture 1 Introduction to Computer Security.pptx
byfarhanghafoor5
 
Information Systems.pptx
byKnownId
 
Mis jaiswal-chapter-11
byAmit Fogla
 
6 security
byvalency paul
 

Recently uploaded

PDF
Master3 Realms and Yoga All students by LDMMIA
by©LDMMIA, ©Reiki Yoga
 
PDF
19 January 2026 Andreas Schleicher Digital Education Outlook 2026.pdf
byEduSkills OECD
 
PDF
3.Empires-and-Kingdoms-6th-to-10th-Centuries ppt.pdf/Social science Grade 7 p...
bySandeep Swamy
 
PPTX
Palta Utsav Open to All Quiz Final Set.pptx
bySourav Kr Podder
 
PDF
5.India-A-Home-to-Many.pdf/Social science Grade 7 part/:K SANDEEP SWAMY(M.Sc,...
bySandeep Swamy
 
PPTX
PLATELET RICH PLASMA in regenerative med
byDr SMRUTI REKHA HOTA
 
PDF
2.India-and-Her-Neighbours ppt.pdf/Social science Grade 7 part -2 By:K SANDE...
bySandeep Swamy
 
PPTX
Redox Titration - Oxidation and Reduction
byKhushbu Shah
 
PPTX
HYDROLYSIS OF EASTER (JHASKETAN).pptx
byJK NURSING VIBES ONLY JHASKETAN KUANAR
 
PDF
Exp.No.2 To study glassware used in Medicinal Chemistry.
byPradeep Swarnkar
 
PPTX
ANTI- RHEUMATICS CHAPTER NO.05 PHARMACOGNOSY
byGanu Gavade
 
PPTX
INSTAGRAM: Where Moment Turns Into Stories.pptx
byandriemark51
 
PDF
eSAT-for-Teachers-2025-2028-ver.2-Nov2025 idp.pdf
byJunmelValientes
 
PPTX
Palta Utsav Open Quiz Prelims Answer.pptx
bySourav Kr Podder
 
PPTX
DISCHARGE FROM HOSPITAL (JHASKETAN )(1).pptx
byJK NURSING VIBES ONLY JHASKETAN KUANAR
 
PPTX
GW4 BioMed Interview Support Webinar 2026
byGW4BioMedMRCDTP
 
PPTX
CHAPTER NO.6 PLANT FIBRES USED AS SURGICAL DRESSINGS.pptx
byGanu Gavade
 
PPTX
special senses-eye, ear, nose, tongue.pptx
byAshish Umale
 
PPTX
OverView of AI in Products in Odoo 19
byCeline George
 
PPTX
what are the Talent pool in Odoo 19 Recruitment
byCeline George
 
Master3 Realms and Yoga All students by LDMMIA
by©LDMMIA, ©Reiki Yoga
 
19 January 2026 Andreas Schleicher Digital Education Outlook 2026.pdf
byEduSkills OECD
 
3.Empires-and-Kingdoms-6th-to-10th-Centuries ppt.pdf/Social science Grade 7 p...
bySandeep Swamy
 
Palta Utsav Open to All Quiz Final Set.pptx
bySourav Kr Podder
 
5.India-A-Home-to-Many.pdf/Social science Grade 7 part/:K SANDEEP SWAMY(M.Sc,...
bySandeep Swamy
 
PLATELET RICH PLASMA in regenerative med
byDr SMRUTI REKHA HOTA
 
2.India-and-Her-Neighbours ppt.pdf/Social science Grade 7 part -2 By:K SANDE...
bySandeep Swamy
 
Redox Titration - Oxidation and Reduction
byKhushbu Shah
 
HYDROLYSIS OF EASTER (JHASKETAN).pptx
byJK NURSING VIBES ONLY JHASKETAN KUANAR
 
Exp.No.2 To study glassware used in Medicinal Chemistry.
byPradeep Swarnkar
 
ANTI- RHEUMATICS CHAPTER NO.05 PHARMACOGNOSY
byGanu Gavade
 
INSTAGRAM: Where Moment Turns Into Stories.pptx
byandriemark51
 
eSAT-for-Teachers-2025-2028-ver.2-Nov2025 idp.pdf
byJunmelValientes
 
Palta Utsav Open Quiz Prelims Answer.pptx
bySourav Kr Podder
 
DISCHARGE FROM HOSPITAL (JHASKETAN )(1).pptx
byJK NURSING VIBES ONLY JHASKETAN KUANAR
 
GW4 BioMed Interview Support Webinar 2026
byGW4BioMedMRCDTP
 
CHAPTER NO.6 PLANT FIBRES USED AS SURGICAL DRESSINGS.pptx
byGanu Gavade
 
special senses-eye, ear, nose, tongue.pptx
byAshish Umale
 
OverView of AI in Products in Odoo 19
byCeline George
 
what are the Talent pool in Odoo 19 Recruitment
byCeline George
 

INTERNETSECURITY with the different threats

  • 1.
  • 2.
    Computer Security 1) Computersecurity basically is the protection of computer systems and information from harm, theft, and unauthorized use. It is the process of preventing and detecting unauthorized use of your computer system. 2) Computer security ensures that a business’s data and computer systems are safe from breaches and unauthorized access. 3) Computer security protects individuals and organizations against cyber threats and the loss of important data.
  • 3.
    Computer security types Informationsecurity is securing information from unauthorized access, modification & deletion Application Security is securing an application by building security features to prevent from Cyber Threats such as SQL injection, DoS attacks, data breaches and etc. Computer Security means securing a standalone machine by keeping it updated and patched Network Security is by securing both the software and hardware technologies Cybersecurity is defined as protecting computer systems, which communicate over the computer networks.
  • 4.
    Security Threat andSecurity attack A threat is malicious act, that has the potential to damage the system or asset while an attack is an intentional act that causes damage to a system or asset. Security Threats  Malware: Malicious software like viruses, worms, Trojans, and ransomware.  Phishing: Attempts to trick individuals into revealing sensitive information such as passwords or credit card numbers.  A Distributed Denial of Service (DDoS) attack is a malicious attempt to disrupt the normal functioning of a targeted server, service, or network by overwhelming it with a flood of internet traffic. DDoS attack uses multiple sources, often compromised computers or devices (botnets), to launch coordinated attacks simultaneously.  Physical Threats: Theft, vandalism, or destruction of hardware, data, or facilities.
  • 5.
    Security attack •Brute ForceAttacks: Attempting to guess passwords or encryption keys through exhaustive trial and error. •Man-in-the-Middle (MitM) Attacks: Intercepting communication between two parties to eavesdrop or modify the data. •SQL Injection: Exploiting vulnerabilities in web applications to execute arbitrary SQL commands on a database. •Cross-Site Scripting (XSS): Injecting malicious scripts into web pages viewed by other users. •Data Breaches: Unauthorized access to sensitive data, often resulting in its theft, disclosure, or modification. •A Zero-Day Attack refers to a cyber attack that exploits a previously unknown vulnerability or weakness in software or hardware. In other words, the attack occurs on the same day the vulnerability is discovered or made public.
  • 6.
    Malicious software Malicious Softwarerefers to any malicious program that causes harm to a computer system or network. Malicious Malware Software attacks a computer or network in the form of viruses, worms, trojans, spyware, adware or rootkits. Computer Virus A computer virus is a malicious software which self-replicates and attaches itself to other files/programs. It is capable of executing secretly when the host program/file is activated. The different types of Computer virus are Memory-Resident Virus, Program File Virus, Boot Sector Virus, Stealth Virus, Macro Virus, and Email Virus.
  • 7.
    Continue.. Worms A worm isa malicious software which similar to that of a computer virus is a self-replicating program, however, in the case of worms, it automatically executes itself. Worms spread over a network and are capable of launching a cumbersome and destructive attack within a short period. Trojan Horses Unlike a computer virus or a worm – the trojan horse is a non-replicating program that appears legitimate. After gaining the trust, it secretly performs malicious and illicit activities when executed. Hackers make use of trojan horses to steal a user’s password information, destroy data or programs on the hard disk. It is hard to detect!
  • 8.
    Security services Confidentiality: Definition: Confidentialityensures that sensitive information is only accessible to authorized individuals, systems, or processes. Objective: The goal is to prevent unauthorized disclosure of data to unauthorized entities. Examples: Encryption, access controls, data classification, and data masking are common techniques used to enforce confidentiality. Integrity: Definition: Integrity ensures that data remains accurate, consistent, and unaltered during storage, transmission, and processing. Objective: The goal is to prevent unauthorized modification, deletion, or corruption of data by ensuring that it remains trustworthy and reliable. Examples: Hash functions, digital signatures, checksums, and file integrity monitoring are used to detect and prevent unauthorized changes to data.
  • 9.
    Continue.. Authentication: Definition: Authentication verifiesthe identity of users, systems, or entities attempting to access resources or services. Objective: The goal is to ensure that users are who they claim to be and that only authorized entities can access sensitive resources or perform specific actions. Examples: Passwords, biometrics, digital certificates, multi-factor authentication (MFA), and security tokens are used to authenticate users and devices. Non-Repudiation: Definition: Non-repudiation ensures that individuals or entities cannot deny their actions or transactions after they have occurred. Objective: The goal is to provide evidence that a particular action, such as sending a message or conducting a transaction, was performed by a specific entity and cannot be repudiated. Examples: Digital signatures, audit logs, transaction logs are used to provide evidence of authenticity and accountability.
  • 10.
    Security mechanism concepts Oneof the most specific security mechanisms in use is cryptographic techniques. Encryption or encryption-like transformations of information are the most common means of providing security. Some of the mechanisms are: 1) Encipherment: 2) Digital Signature: 3) Access Control:
  • 11.
    Encipherment Encipherment, also knownas encryption  Is the process of converting plaintext data into ciphertext using cryptographic algorithms and keys. Examples: Common encryption algorithms include Advanced Encryption Standard (AES), Rivest Cipher (RC), and Data Encryption Standard (DES). The primary goal of encipherment is to protect the confidentiality of sensitive information by preventing unauthorized access or interception.
  • 12.
    Digital signature A digitalsignature is a cryptographic technique used to validate the authenticity, integrity, and non-repudiation of digital messages, documents, or transactions. How do you create a digital signature? To create a digital signature, signing software -- such as an email program -- is used to provide a one-way hash of the electronic data to be signed. A hash is a fixed-length string of letters and numbers generated by an algorithm. The digital signature creator's private key is used to encrypt the hash. The encrypted hash -- along with other information, such as the hashing algorithm -- is the digital signature.
  • 13.
    Continue.. The reason forencrypting the hash instead of the entire message or document is because a hash function can convert an arbitrary input into a fixed-length value, which is usually much shorter. This saves time, as hashing is much faster than signing. The value of a hash is unique to the hashed data. Any change in the data -- even a modification to a single character -- results in a different value. This attribute enables others to use the signer's public key to decrypt the hash to validate the integrity of the data.
  • 14.
    Continue.. If the decryptedhash matches a second computed hash of the same data, it proves that the data hasn't changed since it was signed. But, if the two hashes don't match, the data has either been tampered with in some way and is compromised or the signature was created with a private key that doesn't correspond to the public key presented by the signer. This signals an issue with authentication.
  • 15.
    Access control Access controlis a fundamental component of data security that dictates who's allowed to access and use company information and resources. Through authentication and authorization, access control policies make sure users are who they say they are and that they have appropriate access to company data.
  • 16.
    Cryptography Cryptography is thepractice of developing and using coded algorithms to protect and obscure transmitted information so that it may only be read by those with the permission and ability to decrypt it.
  • 17.
    Continue.. Digital signatures: Cryptographyenables the creation and verification of digital signatures, providing a way to authenticate the origin and integrity of digital documents or transactions. Secure payment transactions: Cryptography secures financial transactions by encrypting sensitive payment information, protecting it from unauthorized access or fraud. Blockchain technology: Cryptography underpins blockchain technology, ensuring the immutability and integrity of distributed ledger systems, crucial for applications like cryptocurrencies and smart contracts. Password hashing: Cryptography is used to securely hash and store passwords, protecting user credentials from being compromised in the event of a data breach.
  • 18.
    firewall A firewall isa network security device that monitors incoming and outgoing network traffic and decides whether to allow or block specific traffic based on a defined set of security rules.
  • 19.
    User Authentication andAuthorization Authentication is any procedure by which it can test that someone is who they claim they are. This generally contains a username and a password, but can involve some other method of demonstrating identity, including a smart card, retina scan, voice recognition, or fingerprints. Authentication is similar to displaying the drivers license at the ticket counter at the airport. Authorization is discovering out if the person, once recognized, is allowed to have the resource. This is generally decided by discovering out if that person is a part of a specific group, if that person has paid admission, or has a specific level of security clearance. Authorization is same to checking the guest record at an exclusive party, or checking for the ticket when it can go to the opera.
  • 20.
    Intrusion Detection System Anintrusion detection system (IDS) is a network security tool that monitors network traffic and devices for known malicious activity, suspicious activity or security policy violations. IDS Detection Types Network intrusion detection systems (NIDS): A system that analyzes incoming network traffic. Host-based intrusion detection systems (HIDS): A system that monitors important operating system files.
  • 21.
    Security awareness andpolicy Security awareness involves educating individuals about potential cybersecurity threats, best practices for protecting personal and organizational data, and fostering a culture of vigilance and responsibility towards maintaining security in digital environments. A security policy is a set of rules, guidelines, and procedures established by an organization to ensure the confidentiality, integrity, and availability of its information assets, outlining the framework for managing security risks and defining responsibilities for personnel.
  • 22.
    Formulate security policy. Defineobjectives Identify assets Risk assessment Legal and regulatory compliance Roles and responsibilities Access control Data protection
  • 23.
    Continue.. Security awareness training Incidentresponse plan Physical security measures Compliance monitoring Policy review and updates Enforcement and consequences Documentation and version control Communication and training