SlideShare a Scribd company logo

Lecture 01 Information Security BS computer Science

M
maqib8373

Information Security

Technology
1 of 54
Download to read offline
Lecture 01 Information Security 1
2
3 What is Security? • The state of being free from danger or threat • Freedom form threat In general, security means being free from danger. To be secure is to be protected from the risk of loss, damage, unwanted modification or other hazards.
Security is every where.. 4 Plants lagan big organiztaion protect
What is privacy • A state in which one is not observed or disturbed by other. • Security is the technical methods used to protect the data and not concerned with how and when it used. • Privacy is how an organization process Personal Data to comply with laws, regulations. 5 Yani koi ap ko dahk na sky or ap khoudh dahky etc Envernoment ko protect karna personal data ko used na kary
• Security can be achieved without privacy but Privacy cannot be achieved without security. 6
7
What is Information Security? 8
9 Description of InfoSec • Information security (sometimes referred to as InfoSec) – covers the tools and processes • It includes policy settings – Prevent unauthorized people from accessing business or personal information • Protects sensitive information – including inspection, modification, recording, and any disruption or destruction
10 • The consequences of security incidents include – Theft of private information – Data tampering – Data deletion – Attacks can disrupt work processes and damage a company’s reputation, and also have a tangible cost • Organizations must allocate funds for security – Ensure that they are ready to detect, respond to, and proactively prevent, attacks such as
Terms we heard…. NETWORK SECURITY 11 INFORMATION SECURITY
12
13 Difference Between Cyber Security, Network Security, and Information Security Sr.# Cyber Security Network Security Information Security 01. Cyber security is the method of protecting systems, networks, and programs from digital attacks. Network Security is the method of protecting the usability and integrity of your network and data. Information security is the measures taken to protect the records from unauthorized entry and use. 02. Cyber Security is a subpart of Information Security. Network Security is a subpart of Cyber Security. Cyber Security & Network Security comes under Information Security. 03. It protects anything in the cyber area. It protects anything in the network area. Information security is for information irrespective of the space.
14 Sr.# Cyber Security Network Security Information Security 04. It deals with protection from cyber attacks. It deals with protection from DOS (Denial of Service) attacks. It deals with the security of data from any kind of threat. 05. Cyber security attacks against cybercrime and cyber fraud. Network Security attacks against trojans. Information Security attacks against unauthorized access, disclosure modification, and disruption. 06. Cyber security ensures the security of the entire digital data. Network security only ensures the security of transit data. Information security ensures the protection of transit and digital data.
15 Sr.# Cyber Security Network Security Information Security 07. It deals with the security of the data resting. It secures data traveling across the network by terminals. It gives integrity, confidentiality, and availability. 08. Common Cyber Security Risks:  Social engineering  Brute force  Baiting  Ransomware Common Network Security Risks:  Viruses, worms, and trojans  Denial of Service (DOS) attack  Zero-day attacks Common Information Security Risks:  Access  Destruction  Availability
https://nr3c.gov.pk/about_us.ht ml 16
17
18 Multan Address • CYBER CRIME WING – INCHARGE CYBER CRIME FIA OFFICE H.06, STREET-3 SHALIMAR TOWN BOSAN TOWN MULTAN – PHONE +92 61-9330999
19 Top Cyber security companies in Pakistan List 2022 Updated • Delta Tech, Pakistan’s Cyber Security Consulting Firm • Tier3 Cyber Security Services – Pakistan • Catalyic Security | Cyber Security Solutions | Cyber Security Company | catalyicsecurity.com • Trillium Information Security Systems (TISS) • PakCERT [Pakistan Computer Emergency Response Team] • Dunicot Pvt. Ltd., Cyber Security Services Company • Tranchulas • Cyber Security consultancy Company • Institute of Cyber Security • Pakistan Information Security Association
20
21 Information Security Policy • An Information Security Policy (ISP) is a set of rules that guide individuals when using IT assets. • Companies can create information security policies – to ensure that employees and other users follow security protocols and procedures. • Security policies are intended to ensure that – only authorized users can access sensitive systems and information.
22 • To make your policy truly effective, – update it frequently based on company changes, – new threats, conclusions drawn from previous breaches, – and changes to security systems and tools. • Make your information security strategy practical and reasonable. • To meet the needs and urgency of different departments within the organization, – it is necessary to deploy a system of exceptions, with an approval process, – enabling departments or individuals to
23 Top Information Security Threats 1. Unsecure or Poorly Secured Systems • The speed and technological development – Often leads to compromises in security measures. • In other cases, systems are developed without security in mind, – Remain in operation at an organization as legacy systems. • Organizations must identify these poorly secured systems, – and mitigate the threat by securing or patching them or isolating them.
24 2. Social Media Attacks • Many people have social media accounts, – where they often unintentionally share a lot of information about themselves. • Attackers can launch attacks directly via social media, – Eg. By spreading malware via social media messages, or indirectly, by using information obtained from these sites to analyze user and organizational vulnerabilities, and use them to design an attack.
25 3. Social Engineering • It involves attackers sending emails and messages – that trick users into performing actions that may compromise their security or divulge private information. – Attackers manipulate users using psychological triggers like curiosity, urgency or fear. • Because the source of a social engineering message appears to be trusted, – people are more likely to comply, for example by clicking a link that installs malware on their device, or by providing personal information, credentials, or financial details. • Organizations can mitigate it by making users – aware of its dangers and – training them to identify and avoid suspected social engineering messages. – In addition, technological systems can be used to block social engineering at its source.
26
27 4. Malware on Endpoints • Organizational users work with a large variety of endpoint devices, – Including desktop computers, laptops, tablets, and mobile phones, – Many of which are privately owned and not under the organization’s control, – All of which connect regularly to the Internet. • A primary threat on all these endpoints is malware, which can be transmitted by a variety of means, – can result in compromise of the endpoint itself, – can also lead to privilege escalation to other organizational systems. • Traditional antivirus software is insufficient to block all modern forms of malware, and – more advanced approaches are developing to securing endpoints, such as endpoint detection and response
28 5. Lack of Encryption • Encryption processes encode data so that it can only be decoded by users with secret keys. – It is very effective in preventing data loss – in case of equipment loss or theft – in case of organizational systems are compromised by attackers. • Unfortunately, this measure is often overlooked due to its complexity and lack of legal obligations associated with proper implementation. • Organizations are increasingly adopting encryption, – by purchasing storage devices or – using cloud services that support encryption, or – using dedicated security tools.
29 6. Security Misconfiguration • Modern organizations use a huge number of technological platforms and tools, – in particular web applications, databases, and – Software as a Service (SaaS) applications, or – Infrastructure as a Service (IaaS) • from providers like Amazon Web Services. • Enterprise grade platforms and cloud services have security features, – But these must be configured by the organization. – Security misconfiguration due to
30 • Another problem is “configuration drift”, – where correct security configuration can quickly become out of date and make a system vulnerable, to IT or security staff. • Organizations can mitigate security misconfiguration using – technological platforms that continuously monitor systems, – identify configuration gaps, and – alert or even automatically remediate configuration issues that make systems vulnerable.
31 CYBER CRIME PREVENTION TIPS HTTPS://NR3C.GOV.PK/CTIPS.HTML • SECURE YOUR SMART PHONES – Always secure your smartphone with a strong password – Ensure that your device locks itself automatically – Install security software – Only download apps from approved sources – Check your apps permissions – Dont miss operating system updates – Be wary of any links you receive via email or text message – Turn off automatic Wi-Fi connection – When browsing or shopping on your phone (or computer), always look
32 • SECURE YOUR ONLINE BANKING – Never use same PIN CODE for multiple bank accounts – Never use unprotected PCs at cybercafes for internet banking – Never keep your pin code and cards together – Never leave the PC unattended when using internet banking in a publicplace – Register for Mobile SMS, Email Transaction Alerts – Never reply to emails asking for your password or pin code – Visit banks website by typing the URL in the address bar – Log off and close your browser when you are done using internet banking – When using ATM always conceal keypad before entering pin code – Before using ATM, make sure that there is no extra
33 • SECURE YOUR FACEBOOK – Use extra security features to access account (security code, Login alert etc) – Use login notification alert – Allow specific individuals to view your contents (Videos, Photos and Friends etc.) – Control who can contact you – Block your profile from search engines
34 • SECURE YOUR WI-FI – Change Default Administrator Passwords and Usernames of the Wi-Fi Router – Use complex password and change Password after regular intervals – Position the Router or Access Point Safely – Turn off the Network / Wi-Fi routers if it is not in use
35 • SECURE YOUR BROWSING – What you put online will always remain there – Never trust any free online content – Dont provide personal information online to get something free – Don’t click on links inside e-mails or messages
36 Information Security • It can be defined as “measures adopted to prevent the unauthorized use, misuse, modification or denial of use of knowledge, facts, data or capabilities”. • Three aspects of IS are: – Security Attack – Security Mechanism – Security Service
37 • Security Attack: – Any action that comprises the security of information • Security Mechanism: – A mechanism that is designed to detect, prevent, or recover from a security. • Security Service: – It is a processing or communication service that enhances the security of the data processing systems and information transfer. The services are intended to counter security attacks by making use of one or more security mechanisms to provide the service.
What are the 3 Principles of IS? • The basic tenets of IS are called the CIA Triad 38
Confidentiali ty • Confidentiality measures are designed to prevent unauthorized disclosure of information. • The purpose of the confidentiality principle is to keep personal information private – and to ensure that it is visible and accessible only to those individuals who own it or need it to perform their organizational functions. 39 mean ap koudh data dahk sky ,ya ap ka parents, ya apko doctor etc
Integrit y • Consistency includes protection against unauthorized changes (additions, deletions, alterations, etc.) to data. • The principle of integrity ensures that data is accurate and reliable and is not modified incorrectly, whether accidentally or maliciously. 40 Koi bh ap ka data Modiy na kary
Availabili ty • Availability is the protection of a system’s ability to make software systems and data fully available when a user needs it (or at a specified time). • The purpose of availability is to make the technology infrastructure, the applications and the data available when they are needed for an organizational process or for an organization’s customers . 41 ka Ap ka data available ho na chay. it is very important principel Backup Sytsem ho na chay
Passive Vs. Active Attacks • Information security is intended to protect organizations against malicious attacks. • There are two primary types of attacks: – Passive and Active. Release of message contents Traffic analysis Passive Activ e Masquerad e Repl y Modification of message contents Denial of
43 Passive Attack • In a passive attack, an attacker monitors a system and illegally copies information without altering it. • They then use this information to disrupt networks or compromise target systems. • The attackers do not make any change to the communication or the target systems. – This makes it more difficult to detect. • However, encryption can help prevent passive attacks because it obfuscates the data, making it more difficult for attackers to make use of it.
A Passive attack attempts to learn or make use of information from the system, but does not affect system resources. 44
45 Types of passive attacks • Release of message content – It may be desirable to prevent the opponent from learning the contents of the transmission. • Traffic analysis – A more clever technique where the • Opponent could determine the location and identity of communicating hosts • Could observe the frequency & length of encrypted messages being exchanged there • by guessing the nature of communication taking place.
Active Attack • Active attacks involve some modification of the data stream or creation of a false stream. An active attack attempts to alter system resources or affect their operation. 46
Four types of Active attacks • Masquerade: Here, an entity pretends to be some other entity. It usually includes one of the other forms of active attack – Example: If the legitimate user leaves the terminal or session open and logged in, a coworker may act as a masquerade attacker. – Vulnerable authentication is one of the other factor that can trigger a masquerade attack, as it helps the attacker to gain access much easily. 47
Replay: It involves the passive capture of a data unit and its subsequent retransmission to produce an unauthorized effect. i.e. transmission is maliciously or fraudulently repeated or delayed 48 man-in-the-middle attack
• Modification of messages: It means that some portion of a legitimate message is altered, or that messages are delayed to produce an unauthorized effect. – Ex: “John’s acc no is 2346” is modified as “John’s acc no is 7892” • Denial of service: This attack prevents or inhibits the normal use or management of communication facilities. – Ex: (a) Disruption of entire network by disabling it – (b) Suppression of all messages to a particular destination by a third party. 49
Common variants of an active attacks 1. Interruption • the attacker interrupts the original communication and creates new, malicious messages, pretending to be one of the communicating parties. • An asset of the system is destroyed or becomes unavailable or unusable. It is an attack on availability. – Examples • Destruction of some hardware • Jamming wireless signals 50
2. Interception – An unauthorized party gains access to an asset. Attack on confidentiality. • Examples: – Wire tapping to capture data in a network. – Illicitly copying data or programs – Eavesdropping 51
3. Modification When an unauthorized party gains access and tampers an asset. Attack is on Integrity. • Examples: – Changing data file – Altering a program and the contents of a message 52
4. Fabrication • Creates fake, or synthetic, communications, typically with the aim of achieving denial of service (DoS). This prevents users from accessing systems or performing normal operations. • An unauthorized party inserts a bogus object into the system. Attack on Authenticity. Also called impersonation • Examples: – Hackers gaining access to a personal email and sending message – Insertion of records in data files – Insertion of spurious messages in a network 53
54 Reading Assignment Question: What do you know about HERMIT Spyware? – Read and prepare its brief summary – No need to submit its Hard / Soft copy. – Will be discussed in class. – Deadline: Before Next lecture.

Recommended

DATA SECURITY AND CONTROL.ppt
DATA SECURITY AND CONTROL.pptDATA SECURITY AND CONTROL.ppt
DATA SECURITY AND CONTROL.ppt
WilsonWanjohi5
 
Lecture 7---Security (1).pdf
Lecture 7---Security (1).pdfLecture 7---Security (1).pdf
Lecture 7---Security (1).pdf
ZeeshanMajeed15
 
InformationSecurity
InformationSecurityInformationSecurity
InformationSecurity
learnt
 
Chapter 13
Chapter 13Chapter 13
Chapter 13
bodo-con
 
Chapter1 intro network_security_sunorganised
Chapter1 intro network_security_sunorganisedChapter1 intro network_security_sunorganised
Chapter1 intro network_security_sunorganised
Bule Hora University
 
Seguridad web -articulo completo- ingles
Seguridad web -articulo completo- inglesSeguridad web -articulo completo- ingles
Seguridad web -articulo completo- ingles
isidro luna beltran
 
Unit 1.pptx
Unit 1.pptxUnit 1.pptx
Unit 1.pptx
MsVaishaliKumar
 
information security (network security methods)
information security (network security methods)information security (network security methods)
information security (network security methods)
Zara Nawaz
 

Recommended

DATA SECURITY AND CONTROL.ppt
DATA SECURITY AND CONTROL.pptDATA SECURITY AND CONTROL.ppt
DATA SECURITY AND CONTROL.ppt
WilsonWanjohi5
 
Lecture 7---Security (1).pdf
Lecture 7---Security (1).pdfLecture 7---Security (1).pdf
Lecture 7---Security (1).pdf
ZeeshanMajeed15
 
InformationSecurity
InformationSecurityInformationSecurity
InformationSecurity
learnt
 
Chapter 13
Chapter 13Chapter 13
Chapter 13
bodo-con
 
Chapter1 intro network_security_sunorganised
Chapter1 intro network_security_sunorganisedChapter1 intro network_security_sunorganised
Chapter1 intro network_security_sunorganised
Bule Hora University
 
Seguridad web -articulo completo- ingles
Seguridad web -articulo completo- inglesSeguridad web -articulo completo- ingles
Seguridad web -articulo completo- ingles
isidro luna beltran
 
Unit 1.pptx
Unit 1.pptxUnit 1.pptx
Unit 1.pptx
MsVaishaliKumar
 
information security (network security methods)
information security (network security methods)information security (network security methods)
information security (network security methods)
Zara Nawaz
 
Information security ist lecture
Information security ist lectureInformation security ist lecture
Information security ist lecture
Zara Nawaz
 
Cyber Sequrity.pptx is life of cyber security
Cyber Sequrity.pptx is life of cyber securityCyber Sequrity.pptx is life of cyber security
Cyber Sequrity.pptx is life of cyber security
perweeng31
 
Information security and other issues
Information security and other issuesInformation security and other issues
Information security and other issues
Haseeb Ahmed Awan
 
Intro to Security
Intro to SecurityIntro to Security
Intro to Security
primeteacher32
 
Cyber-Security-Unit-1.pptx
Cyber-Security-Unit-1.pptxCyber-Security-Unit-1.pptx
Cyber-Security-Unit-1.pptx
TikdiPatel
 
Ch15 power point
Ch15 power pointCh15 power point
Ch15 power point
bodo-con
 
Module -5 Security.pdf
Module -5 Security.pdfModule -5 Security.pdf
Module -5 Security.pdf
Sitamarhi Institute of Technology
 
Chapter 10, part 1
Chapter 10, part 1Chapter 10, part 1
Chapter 10, part 1
misecho
 
Mis
MisMis
Mis
misecho
 
Chapter 1 introduction(web security)
Chapter 1 introduction(web security)Chapter 1 introduction(web security)
Chapter 1 introduction(web security)
Kirti Ahirrao
 
Cysecc.pptx
Cysecc.pptxCysecc.pptx
Cysecc.pptx
jondon17
 
Introduction to cyber security.pptx
Introduction to cyber security.pptxIntroduction to cyber security.pptx
Introduction to cyber security.pptx
SharmaAnirudh2
 
Ch1 cse
Ch1 cseCh1 cse
Ch1 cse
bhaskard8
 
Information Technology Security Basics
Information Technology Security BasicsInformation Technology Security Basics
Information Technology Security Basics
Mohan Jadhav
 
INFORMATION SECURITY SYSTEM
INFORMATION SECURITY SYSTEMINFORMATION SECURITY SYSTEM
INFORMATION SECURITY SYSTEM
ANAND MURALI
 
Cyber Security: A Hands on review
Cyber Security: A Hands on reviewCyber Security: A Hands on review
Cyber Security: A Hands on review
MiltonBiswas8
 
Security & control in management information system
Security & control in management information systemSecurity & control in management information system
Security & control in management information system
Online
 
Information Systems.pptx
Information Systems.pptxInformation Systems.pptx
Information Systems.pptx
KnownId
 
IS Unit II.pptx
IS Unit II.pptxIS Unit II.pptx
IS Unit II.pptx
LAVANYAsrietacin
 
internet security and cyber lawUnit1
internet security and cyber lawUnit1internet security and cyber lawUnit1
internet security and cyber lawUnit1
Royalzig Luxury Furniture
 
HCL Notes and Domino License Cost Reduction in the World of DLAU
HCL Notes and Domino License Cost Reduction in the World of DLAUHCL Notes and Domino License Cost Reduction in the World of DLAU
HCL Notes and Domino License Cost Reduction in the World of DLAU
panagenda
 
Artificial Intelligence for XMLDevelopment
Artificial Intelligence for XMLDevelopmentArtificial Intelligence for XMLDevelopment
Artificial Intelligence for XMLDevelopment
Octavian Nadolu
 

More Related Content

Similar to Lecture 01 Information Security BS computer Science

Information security ist lecture
Information security ist lectureInformation security ist lecture
Information security ist lecture
Zara Nawaz
 
Cyber Sequrity.pptx is life of cyber security
Cyber Sequrity.pptx is life of cyber securityCyber Sequrity.pptx is life of cyber security
Cyber Sequrity.pptx is life of cyber security
perweeng31
 
Information security and other issues
Information security and other issuesInformation security and other issues
Information security and other issues
Haseeb Ahmed Awan
 
Intro to Security
Intro to SecurityIntro to Security
Intro to Security
primeteacher32
 
Cyber-Security-Unit-1.pptx
Cyber-Security-Unit-1.pptxCyber-Security-Unit-1.pptx
Cyber-Security-Unit-1.pptx
TikdiPatel
 
Ch15 power point
Ch15 power pointCh15 power point
Ch15 power point
bodo-con
 
Module -5 Security.pdf
Module -5 Security.pdfModule -5 Security.pdf
Module -5 Security.pdf
Sitamarhi Institute of Technology
 
Chapter 10, part 1
Chapter 10, part 1Chapter 10, part 1
Chapter 10, part 1
misecho
 
Mis
MisMis
Mis
misecho
 
Chapter 1 introduction(web security)
Chapter 1 introduction(web security)Chapter 1 introduction(web security)
Chapter 1 introduction(web security)
Kirti Ahirrao
 
Cysecc.pptx
Cysecc.pptxCysecc.pptx
Cysecc.pptx
jondon17
 
Introduction to cyber security.pptx
Introduction to cyber security.pptxIntroduction to cyber security.pptx
Introduction to cyber security.pptx
SharmaAnirudh2
 
Ch1 cse
Ch1 cseCh1 cse
Ch1 cse
bhaskard8
 
Information Technology Security Basics
Information Technology Security BasicsInformation Technology Security Basics
Information Technology Security Basics
Mohan Jadhav
 
INFORMATION SECURITY SYSTEM
INFORMATION SECURITY SYSTEMINFORMATION SECURITY SYSTEM
INFORMATION SECURITY SYSTEM
ANAND MURALI
 
Cyber Security: A Hands on review
Cyber Security: A Hands on reviewCyber Security: A Hands on review
Cyber Security: A Hands on review
MiltonBiswas8
 
Security & control in management information system
Security & control in management information systemSecurity & control in management information system
Security & control in management information system
Online
 
Information Systems.pptx
Information Systems.pptxInformation Systems.pptx
Information Systems.pptx
KnownId
 
IS Unit II.pptx
IS Unit II.pptxIS Unit II.pptx
IS Unit II.pptx
LAVANYAsrietacin
 
internet security and cyber lawUnit1
internet security and cyber lawUnit1internet security and cyber lawUnit1
internet security and cyber lawUnit1
Royalzig Luxury Furniture
 

Similar to Lecture 01 Information Security BS computer Science (20)

Information security ist lecture
Information security ist lectureInformation security ist lecture
Information security ist lecture
 
Cyber Sequrity.pptx is life of cyber security
Cyber Sequrity.pptx is life of cyber securityCyber Sequrity.pptx is life of cyber security
Cyber Sequrity.pptx is life of cyber security
 
Information security and other issues
Information security and other issuesInformation security and other issues
Information security and other issues
 
Intro to Security
Intro to SecurityIntro to Security
Intro to Security
 
Cyber-Security-Unit-1.pptx
Cyber-Security-Unit-1.pptxCyber-Security-Unit-1.pptx
Cyber-Security-Unit-1.pptx
 
Ch15 power point
Ch15 power pointCh15 power point
Ch15 power point
 
Module -5 Security.pdf
Module -5 Security.pdfModule -5 Security.pdf
Module -5 Security.pdf
 
Chapter 10, part 1
Chapter 10, part 1Chapter 10, part 1
Chapter 10, part 1
 
Mis
MisMis
Mis
 
Chapter 1 introduction(web security)
Chapter 1 introduction(web security)Chapter 1 introduction(web security)
Chapter 1 introduction(web security)
 
Cysecc.pptx
Cysecc.pptxCysecc.pptx
Cysecc.pptx
 
Introduction to cyber security.pptx
Introduction to cyber security.pptxIntroduction to cyber security.pptx
Introduction to cyber security.pptx
 
Ch1 cse
Ch1 cseCh1 cse
Ch1 cse
 
Information Technology Security Basics
Information Technology Security BasicsInformation Technology Security Basics
Information Technology Security Basics
 
INFORMATION SECURITY SYSTEM
INFORMATION SECURITY SYSTEMINFORMATION SECURITY SYSTEM
INFORMATION SECURITY SYSTEM
 
Cyber Security: A Hands on review
Cyber Security: A Hands on reviewCyber Security: A Hands on review
Cyber Security: A Hands on review
 
Security & control in management information system
Security & control in management information systemSecurity & control in management information system
Security & control in management information system
 
Information Systems.pptx
Information Systems.pptxInformation Systems.pptx
Information Systems.pptx
 
IS Unit II.pptx
IS Unit II.pptxIS Unit II.pptx
IS Unit II.pptx
 
internet security and cyber lawUnit1
internet security and cyber lawUnit1internet security and cyber lawUnit1
internet security and cyber lawUnit1
 

Recently uploaded

HCL Notes and Domino License Cost Reduction in the World of DLAU
HCL Notes and Domino License Cost Reduction in the World of DLAUHCL Notes and Domino License Cost Reduction in the World of DLAU
HCL Notes and Domino License Cost Reduction in the World of DLAU
panagenda
 
Artificial Intelligence for XMLDevelopment
Artificial Intelligence for XMLDevelopmentArtificial Intelligence for XMLDevelopment
Artificial Intelligence for XMLDevelopment
Octavian Nadolu
 
Climate Impact of Software Testing at Nordic Testing Days
Climate Impact of Software Testing at Nordic Testing DaysClimate Impact of Software Testing at Nordic Testing Days
Climate Impact of Software Testing at Nordic Testing Days
Kari Kakkonen
 
みなさんこんにちはこれ何文字まで入るの?40文字以下不可とか本当に意味わからないけどこれ限界文字数書いてないからマジでやばい文字数いけるんじゃないの?えこ...
みなさんこんにちはこれ何文字まで入るの?40文字以下不可とか本当に意味わからないけどこれ限界文字数書いてないからマジでやばい文字数いけるんじゃないの?えこ...みなさんこんにちはこれ何文字まで入るの?40文字以下不可とか本当に意味わからないけどこれ限界文字数書いてないからマジでやばい文字数いけるんじゃないの?えこ...
みなさんこんにちはこれ何文字まで入るの?40文字以下不可とか本当に意味わからないけどこれ限界文字数書いてないからマジでやばい文字数いけるんじゃないの?えこ...
名前 です男
 
GraphSummit Singapore | Enhancing Changi Airport Group's Passenger Experience...
GraphSummit Singapore | Enhancing Changi Airport Group's Passenger Experience...GraphSummit Singapore | Enhancing Changi Airport Group's Passenger Experience...
GraphSummit Singapore | Enhancing Changi Airport Group's Passenger Experience...
Neo4j
 
GraphSummit Singapore | The Art of the Possible with Graph - Q2 2024
GraphSummit Singapore | The Art of the Possible with Graph - Q2 2024GraphSummit Singapore | The Art of the Possible with Graph - Q2 2024
GraphSummit Singapore | The Art of the Possible with Graph - Q2 2024
Neo4j
 
Let's Integrate MuleSoft RPA, COMPOSER, APM with AWS IDP along with Slack
Let's Integrate MuleSoft RPA, COMPOSER, APM with AWS IDP along with SlackLet's Integrate MuleSoft RPA, COMPOSER, APM with AWS IDP along with Slack
Let's Integrate MuleSoft RPA, COMPOSER, APM with AWS IDP along with Slack
shyamraj55
 
UiPath Test Automation using UiPath Test Suite series, part 5
UiPath Test Automation using UiPath Test Suite series, part 5UiPath Test Automation using UiPath Test Suite series, part 5
UiPath Test Automation using UiPath Test Suite series, part 5
DianaGray10
 
Uni Systems Copilot event_05062024_C.Vlachos.pdf
Uni Systems Copilot event_05062024_C.Vlachos.pdfUni Systems Copilot event_05062024_C.Vlachos.pdf
Uni Systems Copilot event_05062024_C.Vlachos.pdf
Uni Systems S.M.S.A.
 
UiPath Test Automation using UiPath Test Suite series, part 6
UiPath Test Automation using UiPath Test Suite series, part 6UiPath Test Automation using UiPath Test Suite series, part 6
UiPath Test Automation using UiPath Test Suite series, part 6
DianaGray10
 
HCL Notes und Domino Lizenzkostenreduzierung in der Welt von DLAU
HCL Notes und Domino Lizenzkostenreduzierung in der Welt von DLAUHCL Notes und Domino Lizenzkostenreduzierung in der Welt von DLAU
HCL Notes und Domino Lizenzkostenreduzierung in der Welt von DLAU
panagenda
 
Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdf
Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdfObservability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdf
Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdf
Paige Cruz
 
Introduction to CHERI technology - Cybersecurity
Introduction to CHERI technology - CybersecurityIntroduction to CHERI technology - Cybersecurity
Introduction to CHERI technology - Cybersecurity
mikeeftimakis1
 
Communications Mining Series - Zero to Hero - Session 1
Communications Mining Series - Zero to Hero - Session 1Communications Mining Series - Zero to Hero - Session 1
Communications Mining Series - Zero to Hero - Session 1
DianaGray10
 
20240609 QFM020 Irresponsible AI Reading List May 2024
20240609 QFM020 Irresponsible AI Reading List May 202420240609 QFM020 Irresponsible AI Reading List May 2024
20240609 QFM020 Irresponsible AI Reading List May 2024
Matthew Sinclair
 
Goodbye Windows 11: Make Way for Nitrux Linux 3.5.0!
Goodbye Windows 11: Make Way for Nitrux Linux 3.5.0!Goodbye Windows 11: Make Way for Nitrux Linux 3.5.0!
Goodbye Windows 11: Make Way for Nitrux Linux 3.5.0!
SOFTTECHHUB
 
Infrastructure Challenges in Scaling RAG with Custom AI models
Infrastructure Challenges in Scaling RAG with Custom AI modelsInfrastructure Challenges in Scaling RAG with Custom AI models
Infrastructure Challenges in Scaling RAG with Custom AI models
Zilliz
 
20240607 QFM018 Elixir Reading List May 2024
20240607 QFM018 Elixir Reading List May 202420240607 QFM018 Elixir Reading List May 2024
20240607 QFM018 Elixir Reading List May 2024
Matthew Sinclair
 
How to use Firebase Data Connect For Flutter
How to use Firebase Data Connect For FlutterHow to use Firebase Data Connect For Flutter
How to use Firebase Data Connect For Flutter
Daiki Mogmet Ito
 
GraphSummit Singapore | Graphing Success: Revolutionising Organisational Stru...
GraphSummit Singapore | Graphing Success: Revolutionising Organisational Stru...GraphSummit Singapore | Graphing Success: Revolutionising Organisational Stru...
GraphSummit Singapore | Graphing Success: Revolutionising Organisational Stru...
Neo4j
 

Recently uploaded (20)

HCL Notes and Domino License Cost Reduction in the World of DLAU
HCL Notes and Domino License Cost Reduction in the World of DLAUHCL Notes and Domino License Cost Reduction in the World of DLAU
HCL Notes and Domino License Cost Reduction in the World of DLAU
 
Artificial Intelligence for XMLDevelopment
Artificial Intelligence for XMLDevelopmentArtificial Intelligence for XMLDevelopment
Artificial Intelligence for XMLDevelopment
 
Climate Impact of Software Testing at Nordic Testing Days
Climate Impact of Software Testing at Nordic Testing DaysClimate Impact of Software Testing at Nordic Testing Days
Climate Impact of Software Testing at Nordic Testing Days
 
みなさんこんにちはこれ何文字まで入るの?40文字以下不可とか本当に意味わからないけどこれ限界文字数書いてないからマジでやばい文字数いけるんじゃないの?えこ...
みなさんこんにちはこれ何文字まで入るの?40文字以下不可とか本当に意味わからないけどこれ限界文字数書いてないからマジでやばい文字数いけるんじゃないの?えこ...みなさんこんにちはこれ何文字まで入るの?40文字以下不可とか本当に意味わからないけどこれ限界文字数書いてないからマジでやばい文字数いけるんじゃないの?えこ...
みなさんこんにちはこれ何文字まで入るの?40文字以下不可とか本当に意味わからないけどこれ限界文字数書いてないからマジでやばい文字数いけるんじゃないの?えこ...
 
GraphSummit Singapore | Enhancing Changi Airport Group's Passenger Experience...
GraphSummit Singapore | Enhancing Changi Airport Group's Passenger Experience...GraphSummit Singapore | Enhancing Changi Airport Group's Passenger Experience...
GraphSummit Singapore | Enhancing Changi Airport Group's Passenger Experience...
 
GraphSummit Singapore | The Art of the Possible with Graph - Q2 2024
GraphSummit Singapore | The Art of the Possible with Graph - Q2 2024GraphSummit Singapore | The Art of the Possible with Graph - Q2 2024
GraphSummit Singapore | The Art of the Possible with Graph - Q2 2024
 
Let's Integrate MuleSoft RPA, COMPOSER, APM with AWS IDP along with Slack
Let's Integrate MuleSoft RPA, COMPOSER, APM with AWS IDP along with SlackLet's Integrate MuleSoft RPA, COMPOSER, APM with AWS IDP along with Slack
Let's Integrate MuleSoft RPA, COMPOSER, APM with AWS IDP along with Slack
 
UiPath Test Automation using UiPath Test Suite series, part 5
UiPath Test Automation using UiPath Test Suite series, part 5UiPath Test Automation using UiPath Test Suite series, part 5
UiPath Test Automation using UiPath Test Suite series, part 5
 
Uni Systems Copilot event_05062024_C.Vlachos.pdf
Uni Systems Copilot event_05062024_C.Vlachos.pdfUni Systems Copilot event_05062024_C.Vlachos.pdf
Uni Systems Copilot event_05062024_C.Vlachos.pdf
 
UiPath Test Automation using UiPath Test Suite series, part 6
UiPath Test Automation using UiPath Test Suite series, part 6UiPath Test Automation using UiPath Test Suite series, part 6
UiPath Test Automation using UiPath Test Suite series, part 6
 
HCL Notes und Domino Lizenzkostenreduzierung in der Welt von DLAU
HCL Notes und Domino Lizenzkostenreduzierung in der Welt von DLAUHCL Notes und Domino Lizenzkostenreduzierung in der Welt von DLAU
HCL Notes und Domino Lizenzkostenreduzierung in der Welt von DLAU
 
Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdf
Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdfObservability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdf
Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdf
 
Introduction to CHERI technology - Cybersecurity
Introduction to CHERI technology - CybersecurityIntroduction to CHERI technology - Cybersecurity
Introduction to CHERI technology - Cybersecurity
 
Communications Mining Series - Zero to Hero - Session 1
Communications Mining Series - Zero to Hero - Session 1Communications Mining Series - Zero to Hero - Session 1
Communications Mining Series - Zero to Hero - Session 1
 
20240609 QFM020 Irresponsible AI Reading List May 2024
20240609 QFM020 Irresponsible AI Reading List May 202420240609 QFM020 Irresponsible AI Reading List May 2024
20240609 QFM020 Irresponsible AI Reading List May 2024
 
Goodbye Windows 11: Make Way for Nitrux Linux 3.5.0!
Goodbye Windows 11: Make Way for Nitrux Linux 3.5.0!Goodbye Windows 11: Make Way for Nitrux Linux 3.5.0!
Goodbye Windows 11: Make Way for Nitrux Linux 3.5.0!
 
Infrastructure Challenges in Scaling RAG with Custom AI models
Infrastructure Challenges in Scaling RAG with Custom AI modelsInfrastructure Challenges in Scaling RAG with Custom AI models
Infrastructure Challenges in Scaling RAG with Custom AI models
 
20240607 QFM018 Elixir Reading List May 2024
20240607 QFM018 Elixir Reading List May 202420240607 QFM018 Elixir Reading List May 2024
20240607 QFM018 Elixir Reading List May 2024
 
How to use Firebase Data Connect For Flutter
How to use Firebase Data Connect For FlutterHow to use Firebase Data Connect For Flutter
How to use Firebase Data Connect For Flutter
 
GraphSummit Singapore | Graphing Success: Revolutionising Organisational Stru...
GraphSummit Singapore | Graphing Success: Revolutionising Organisational Stru...GraphSummit Singapore | Graphing Success: Revolutionising Organisational Stru...
GraphSummit Singapore | Graphing Success: Revolutionising Organisational Stru...
 

Lecture 01 Information Security BS computer Science

  • 2. 2
  • 3. 3 What is Security? • The state of being free from danger or threat • Freedom form threat In general, security means being free from danger. To be secure is to be protected from the risk of loss, damage, unwanted modification or other hazards.
  • 4. Security is every where.. 4 Plants lagan big organiztaion protect
  • 5. What is privacy • A state in which one is not observed or disturbed by other. • Security is the technical methods used to protect the data and not concerned with how and when it used. • Privacy is how an organization process Personal Data to comply with laws, regulations. 5 Yani koi ap ko dahk na sky or ap khoudh dahky etc Envernoment ko protect karna personal data ko used na kary
  • 6. • Security can be achieved without privacy but Privacy cannot be achieved without security. 6
  • 7. 7
  • 9. 9 Description of InfoSec • Information security (sometimes referred to as InfoSec) – covers the tools and processes • It includes policy settings – Prevent unauthorized people from accessing business or personal information • Protects sensitive information – including inspection, modification, recording, and any disruption or destruction
  • 10. 10 • The consequences of security incidents include – Theft of private information – Data tampering – Data deletion – Attacks can disrupt work processes and damage a company’s reputation, and also have a tangible cost • Organizations must allocate funds for security – Ensure that they are ready to detect, respond to, and proactively prevent, attacks such as
  • 12. 12
  • 13. 13 Difference Between Cyber Security, Network Security, and Information Security Sr.# Cyber Security Network Security Information Security 01. Cyber security is the method of protecting systems, networks, and programs from digital attacks. Network Security is the method of protecting the usability and integrity of your network and data. Information security is the measures taken to protect the records from unauthorized entry and use. 02. Cyber Security is a subpart of Information Security. Network Security is a subpart of Cyber Security. Cyber Security & Network Security comes under Information Security. 03. It protects anything in the cyber area. It protects anything in the network area. Information security is for information irrespective of the space.
  • 14. 14 Sr.# Cyber Security Network Security Information Security 04. It deals with protection from cyber attacks. It deals with protection from DOS (Denial of Service) attacks. It deals with the security of data from any kind of threat. 05. Cyber security attacks against cybercrime and cyber fraud. Network Security attacks against trojans. Information Security attacks against unauthorized access, disclosure modification, and disruption. 06. Cyber security ensures the security of the entire digital data. Network security only ensures the security of transit data. Information security ensures the protection of transit and digital data.
  • 15. 15 Sr.# Cyber Security Network Security Information Security 07. It deals with the security of the data resting. It secures data traveling across the network by terminals. It gives integrity, confidentiality, and availability. 08. Common Cyber Security Risks:  Social engineering  Brute force  Baiting  Ransomware Common Network Security Risks:  Viruses, worms, and trojans  Denial of Service (DOS) attack  Zero-day attacks Common Information Security Risks:  Access  Destruction  Availability
  • 17. 17
  • 18. 18 Multan Address • CYBER CRIME WING – INCHARGE CYBER CRIME FIA OFFICE H.06, STREET-3 SHALIMAR TOWN BOSAN TOWN MULTAN – PHONE +92 61-9330999
  • 19. 19 Top Cyber security companies in Pakistan List 2022 Updated • Delta Tech, Pakistan’s Cyber Security Consulting Firm • Tier3 Cyber Security Services – Pakistan • Catalyic Security | Cyber Security Solutions | Cyber Security Company | catalyicsecurity.com • Trillium Information Security Systems (TISS) • PakCERT [Pakistan Computer Emergency Response Team] • Dunicot Pvt. Ltd., Cyber Security Services Company • Tranchulas • Cyber Security consultancy Company • Institute of Cyber Security • Pakistan Information Security Association
  • 20. 20
  • 21. 21 Information Security Policy • An Information Security Policy (ISP) is a set of rules that guide individuals when using IT assets. • Companies can create information security policies – to ensure that employees and other users follow security protocols and procedures. • Security policies are intended to ensure that – only authorized users can access sensitive systems and information.
  • 22. 22 • To make your policy truly effective, – update it frequently based on company changes, – new threats, conclusions drawn from previous breaches, – and changes to security systems and tools. • Make your information security strategy practical and reasonable. • To meet the needs and urgency of different departments within the organization, – it is necessary to deploy a system of exceptions, with an approval process, – enabling departments or individuals to
  • 23. 23 Top Information Security Threats 1. Unsecure or Poorly Secured Systems • The speed and technological development – Often leads to compromises in security measures. • In other cases, systems are developed without security in mind, – Remain in operation at an organization as legacy systems. • Organizations must identify these poorly secured systems, – and mitigate the threat by securing or patching them or isolating them.
  • 24. 24 2. Social Media Attacks • Many people have social media accounts, – where they often unintentionally share a lot of information about themselves. • Attackers can launch attacks directly via social media, – Eg. By spreading malware via social media messages, or indirectly, by using information obtained from these sites to analyze user and organizational vulnerabilities, and use them to design an attack.
  • 25. 25 3. Social Engineering • It involves attackers sending emails and messages – that trick users into performing actions that may compromise their security or divulge private information. – Attackers manipulate users using psychological triggers like curiosity, urgency or fear. • Because the source of a social engineering message appears to be trusted, – people are more likely to comply, for example by clicking a link that installs malware on their device, or by providing personal information, credentials, or financial details. • Organizations can mitigate it by making users – aware of its dangers and – training them to identify and avoid suspected social engineering messages. – In addition, technological systems can be used to block social engineering at its source.
  • 26. 26
  • 27. 27 4. Malware on Endpoints • Organizational users work with a large variety of endpoint devices, – Including desktop computers, laptops, tablets, and mobile phones, – Many of which are privately owned and not under the organization’s control, – All of which connect regularly to the Internet. • A primary threat on all these endpoints is malware, which can be transmitted by a variety of means, – can result in compromise of the endpoint itself, – can also lead to privilege escalation to other organizational systems. • Traditional antivirus software is insufficient to block all modern forms of malware, and – more advanced approaches are developing to securing endpoints, such as endpoint detection and response
  • 28. 28 5. Lack of Encryption • Encryption processes encode data so that it can only be decoded by users with secret keys. – It is very effective in preventing data loss – in case of equipment loss or theft – in case of organizational systems are compromised by attackers. • Unfortunately, this measure is often overlooked due to its complexity and lack of legal obligations associated with proper implementation. • Organizations are increasingly adopting encryption, – by purchasing storage devices or – using cloud services that support encryption, or – using dedicated security tools.
  • 29. 29 6. Security Misconfiguration • Modern organizations use a huge number of technological platforms and tools, – in particular web applications, databases, and – Software as a Service (SaaS) applications, or – Infrastructure as a Service (IaaS) • from providers like Amazon Web Services. • Enterprise grade platforms and cloud services have security features, – But these must be configured by the organization. – Security misconfiguration due to
  • 30. 30 • Another problem is “configuration drift”, – where correct security configuration can quickly become out of date and make a system vulnerable, to IT or security staff. • Organizations can mitigate security misconfiguration using – technological platforms that continuously monitor systems, – identify configuration gaps, and – alert or even automatically remediate configuration issues that make systems vulnerable.
  • 31. 31 CYBER CRIME PREVENTION TIPS HTTPS://NR3C.GOV.PK/CTIPS.HTML • SECURE YOUR SMART PHONES – Always secure your smartphone with a strong password – Ensure that your device locks itself automatically – Install security software – Only download apps from approved sources – Check your apps permissions – Dont miss operating system updates – Be wary of any links you receive via email or text message – Turn off automatic Wi-Fi connection – When browsing or shopping on your phone (or computer), always look
  • 32. 32 • SECURE YOUR ONLINE BANKING – Never use same PIN CODE for multiple bank accounts – Never use unprotected PCs at cybercafes for internet banking – Never keep your pin code and cards together – Never leave the PC unattended when using internet banking in a publicplace – Register for Mobile SMS, Email Transaction Alerts – Never reply to emails asking for your password or pin code – Visit banks website by typing the URL in the address bar – Log off and close your browser when you are done using internet banking – When using ATM always conceal keypad before entering pin code – Before using ATM, make sure that there is no extra
  • 33. 33 • SECURE YOUR FACEBOOK – Use extra security features to access account (security code, Login alert etc) – Use login notification alert – Allow specific individuals to view your contents (Videos, Photos and Friends etc.) – Control who can contact you – Block your profile from search engines
  • 34. 34 • SECURE YOUR WI-FI – Change Default Administrator Passwords and Usernames of the Wi-Fi Router – Use complex password and change Password after regular intervals – Position the Router or Access Point Safely – Turn off the Network / Wi-Fi routers if it is not in use
  • 35. 35 • SECURE YOUR BROWSING – What you put online will always remain there – Never trust any free online content – Dont provide personal information online to get something free – Don’t click on links inside e-mails or messages
  • 36. 36 Information Security • It can be defined as “measures adopted to prevent the unauthorized use, misuse, modification or denial of use of knowledge, facts, data or capabilities”. • Three aspects of IS are: – Security Attack – Security Mechanism – Security Service
  • 37. 37 • Security Attack: – Any action that comprises the security of information • Security Mechanism: – A mechanism that is designed to detect, prevent, or recover from a security. • Security Service: – It is a processing or communication service that enhances the security of the data processing systems and information transfer. The services are intended to counter security attacks by making use of one or more security mechanisms to provide the service.
  • 38. What are the 3 Principles of IS? • The basic tenets of IS are called the CIA Triad 38
  • 39. Confidentiali ty • Confidentiality measures are designed to prevent unauthorized disclosure of information. • The purpose of the confidentiality principle is to keep personal information private – and to ensure that it is visible and accessible only to those individuals who own it or need it to perform their organizational functions. 39 mean ap koudh data dahk sky ,ya ap ka parents, ya apko doctor etc
  • 40. Integrit y • Consistency includes protection against unauthorized changes (additions, deletions, alterations, etc.) to data. • The principle of integrity ensures that data is accurate and reliable and is not modified incorrectly, whether accidentally or maliciously. 40 Koi bh ap ka data Modiy na kary
  • 41. Availabili ty • Availability is the protection of a system’s ability to make software systems and data fully available when a user needs it (or at a specified time). • The purpose of availability is to make the technology infrastructure, the applications and the data available when they are needed for an organizational process or for an organization’s customers . 41 ka Ap ka data available ho na chay. it is very important principel Backup Sytsem ho na chay
  • 42. Passive Vs. Active Attacks • Information security is intended to protect organizations against malicious attacks. • There are two primary types of attacks: – Passive and Active. Release of message contents Traffic analysis Passive Activ e Masquerad e Repl y Modification of message contents Denial of
  • 43. 43 Passive Attack • In a passive attack, an attacker monitors a system and illegally copies information without altering it. • They then use this information to disrupt networks or compromise target systems. • The attackers do not make any change to the communication or the target systems. – This makes it more difficult to detect. • However, encryption can help prevent passive attacks because it obfuscates the data, making it more difficult for attackers to make use of it.
  • 44. A Passive attack attempts to learn or make use of information from the system, but does not affect system resources. 44
  • 45. 45 Types of passive attacks • Release of message content – It may be desirable to prevent the opponent from learning the contents of the transmission. • Traffic analysis – A more clever technique where the • Opponent could determine the location and identity of communicating hosts • Could observe the frequency & length of encrypted messages being exchanged there • by guessing the nature of communication taking place.
  • 46. Active Attack • Active attacks involve some modification of the data stream or creation of a false stream. An active attack attempts to alter system resources or affect their operation. 46
  • 47. Four types of Active attacks • Masquerade: Here, an entity pretends to be some other entity. It usually includes one of the other forms of active attack – Example: If the legitimate user leaves the terminal or session open and logged in, a coworker may act as a masquerade attacker. – Vulnerable authentication is one of the other factor that can trigger a masquerade attack, as it helps the attacker to gain access much easily. 47
  • 48. Replay: It involves the passive capture of a data unit and its subsequent retransmission to produce an unauthorized effect. i.e. transmission is maliciously or fraudulently repeated or delayed 48 man-in-the-middle attack
  • 49. • Modification of messages: It means that some portion of a legitimate message is altered, or that messages are delayed to produce an unauthorized effect. – Ex: “John’s acc no is 2346” is modified as “John’s acc no is 7892” • Denial of service: This attack prevents or inhibits the normal use or management of communication facilities. – Ex: (a) Disruption of entire network by disabling it – (b) Suppression of all messages to a particular destination by a third party. 49
  • 50. Common variants of an active attacks 1. Interruption • the attacker interrupts the original communication and creates new, malicious messages, pretending to be one of the communicating parties. • An asset of the system is destroyed or becomes unavailable or unusable. It is an attack on availability. – Examples • Destruction of some hardware • Jamming wireless signals 50
  • 51. 2. Interception – An unauthorized party gains access to an asset. Attack on confidentiality. • Examples: – Wire tapping to capture data in a network. – Illicitly copying data or programs – Eavesdropping 51
  • 52. 3. Modification When an unauthorized party gains access and tampers an asset. Attack is on Integrity. • Examples: – Changing data file – Altering a program and the contents of a message 52
  • 53. 4. Fabrication • Creates fake, or synthetic, communications, typically with the aim of achieving denial of service (DoS). This prevents users from accessing systems or performing normal operations. • An unauthorized party inserts a bogus object into the system. Attack on Authenticity. Also called impersonation • Examples: – Hackers gaining access to a personal email and sending message – Insertion of records in data files – Insertion of spurious messages in a network 53
  • 54. 54 Reading Assignment Question: What do you know about HERMIT Spyware? – Read and prepare its brief summary – No need to submit its Hard / Soft copy. – Will be discussed in class. – Deadline: Before Next lecture.