Call Girls in Dwarka Mor Delhi Contact Us 9654467111
Unit 1 Information Security.docx
1. UNIT I -Information Security Overview
The rapid increase in the growth of information technology is also
increasing the risk of information breaches; urging for a strategy to
protect information in a systematic way. Organizations must develop
and implement a complete strategy to ensure protection from security
risks and safeguard confidential data.
Information Security is a strategic implementation of tools and strategies
to secure personal information from unauthorized access involving
unlawful activities, disruption, diminishing, or inspection.
History : Information security as a science in and of itself is relatively new. However, the
practice of securing information has been around as long as people have been needing to keep
secrets. Some notable attempts in the ancient world to hide information were simply clever means
of concealment. For instance, the ancient Greeks are thought to have tattooed messages on the
scalps of slaves who subsequently grew out their hair to cover the message. The slaves were then
sent to the intended recipient and would have their heads shaved to reveal the secret. Leonardo
da Vinci is famous for writing backward in his notebooks using a mirror to make it difficult for others
to know what he was writing.
Information Security – An Overview
2. Information Security (sometimes known as InfoSec) covers companies’
methods and techniques to safeguard information. This often consists
of various tools that organizations use to protect data by setting policies
that stop unofficial people from gaining access to business or
confidential information. Information Security is a vast and developing
technology that includes a broad range of fields, from network and
system security to checking and inspection.
Therefore, information security can be considered as a foundation
whose goal is to build security tools, policies and ensure the safety of
confidential data (like cognitive data(Cognitive data capture uses
artificial intelligence (AI) to mimic the way the human mind reads
structured documents.), financial details, etc.).
Data classification is a major constituent of setting up an InfoSec
strategy. What is data classification in information security? It’s the
categorization of data based on its level of vulnerability(Sensitive), and
the effect on the organization should that data be disclosed, changed,
or diminished without authorization. Data classification aids in choosing
the suitable baseline security procedures to secure that data.
Principles of Information Security
InfoSec is primarily based on 3 building blocks: confidentiality, integrity
and availability (often termed as CIA triad). Let's take a closer look on
what is CIA triad and how the CIA triad protects data.
3. 1. Confidentiality
Confidentiality evaluates the protection from unofficial information
broadcasting. The goal of the confidentiality principle is to keep sensitive
information private and to ensure that it is manifest and available only to
those who are authorized to use it to fulfill their important or institutional
projects.
2. Integrity
The main purpose of the integrity principle is to protect data from being
modified in any uncertified way. It provides stability and guarantees that
data is correct, authentic, and not modified (addition, deletion, etc.). It
continuously protects data from modification, whether coincidentally or
unfaithfully.
3. Availability
The primary objective of availability is to verify that the complete data is
available every time (or at any moment) whenever an official person
needs it. This means availability is the safeguard to a system's capacity
to build technology more effectively, software tools, applications, and
data accessible when required for any institutional tasks or any
institutional worker.
Types of Information Security
While Information Security can be of numerous types, the most
commonly used in the IT sector include:
Application Security
Infrastructure Security
Cloud Security
Cryptography
4. Application Security
Application security is a technique to protect applications and
programming interfaces (APIs) to stop, identify the bugs and other
intrusions in your applications. Application security characteristics
contain documentation, authorization, encoding, and application
security checking. Organizations can use secure coding practices to
minimize vulnerabilities, scanner to continuously detect the new
vulnerabilities and Web Application Firewall to secure public application
from OWASP Top 10 and other attack vectors.
Infrastructure Security
Infrastructure security refers to machinery assets involving computers,
communications systems, and cloud materials. The purpose of
infrastructure security covers safety from common cybercrimes and
protection from natural calamities and other accidents. Infrastructure
security also plays a vital role in reducing the risk of damage due to
malfunction.
Cryptography
Cryptography refers to encryption of data to secure information. It is an
information security technique that uses codes to safeguard reliable
information against cyber risk. To encrypt data, the InfoSec teams apply
numerical hypotheses, and a series of rule-based calculations called
algorithms to alter messages in ways that are difficult to decode or
decrypt.
Cloud Security
Cloud security is close to the application and infrastructure security, but
it is mainly focused on cloud-computing or cloud-connected parts and
data. Cloud computing security is another name, cloud security is a
group of safety measures developed to secure data, apps, and cloud-
based configurations.
5. Check out our CEH v12 training to learn more about the types of
information security and how to protect data from malicious hackers and
stop misuse of data. Moving further, we'll look at what Information
Security Policies are and why they are important in InfoSec.
Information Security Policy
Organizations enforcing compliance requires them to have defined
policies. Policies provide guidance, consistency, and clarity around an
organization’s operations. Similarly, information security policies exist to
set a standard around the use of the organization's information
technology. They usually consist of:
Data or sets of data that the policy applies to.
A well-defined list of people or programs having access to the said
data.
Guidelines for setting passwords or passcodes.
Roles of employees in safeguarding of data.
A data support and operations plan to ensure data availability.
An effective security policy prevents security threats and the risk of
information disclosure. This makes the system more practical and
worthy to use. You might come across several different terms when
examining or designing an Information Security Policy. We’ve tried
explaining some of them below:
What is ISMS?
An ISMS (information security management system) represent the
collection of rules and methods that IT and commercial organizations
use to safeguard their information assets against threats and
weaknesses.
What is HTTPS protocol?
Hypertext transfer protocol secure (HTTPS) is the most commonly used
protocol to receive and send data on the internet. HTTPS is encrypted
in order to secure the data being transferred.
6. What is a network security key?
Network Security Key is a network password or passcode that is used
to access the local area network (LAN). The key provides a means to
protect the data and establish a secure connection between the client
and the host. You may wonder what is network security key for Wi-Fi?
It’s usually similar to network security key but used for a wireless area
network. It’s used to establish a protected connection between the
seeking client and the contributing wireless device, such as routers.
What is ISO27001?
ISO27001 is the international standard for information security. An ISMS
uses ISO27001, which provides help to any group or industry of any size
to secure their information in an organized and cheapest way.
What is an encrypted email?
An encrypted email is simply an email encrypted with an encryption
protocol, usually S/MIME and PGP/MIME. The public key infrastructure
(PKI) is used to encrypt and decrypt emails.
What makes a good password?
Strong passwords are key in securing data from malicious hackers. An
important aspect of a strong password is length (longer is better). Mix of
letters (uppercase and lowercase), numbers, and symbols with no links
to personal data or words from dictionaries.
Information Security Measures
Information security requires a broad approach of measures to be taken
which includes technical, organizational, human, and physical
processes.
1. Technical measures include precautions to protect an organization's
hardware and software. These usually include encryption, firewalls,
and other measures.
7. 2. Organizational measures include establishing an internal
information security department and integrating InfoSec into each
department of the organization.
3. Human measures include training all employees and members of
the company on appropriate information security practices and
practicing it properly.
4. Physical measures consist of controlling physical access of
personnel to offices, control rooms, and data centers.
Looking to boost your career? Join our ITIL Foundation Certification
Training and gain expertise in IT Service Management. Enroll now!
Conclusion
Summing up, information security is the vast growing technology that
provides full protection to sensitive private information and makes
internet networks reliable. The basic key factors of information security
are availability, integrity, accountability, confidentiality, and non-
repudiation.
The primary goal of information security industry is to protect personal
information from unofficial activities which leads information security
industry to certain excellent execution in the fields like firewalls, legal
liability and multi-factor authentication. There are many growing
organizations and firm consultants educating and training about
information security such as KnowledgeHut IT Security training that
supports and offers intelligent information security techniques and
methods that teach and polish skills for future and any failure or threat.
Shortly, the primary goal of information security is to stop the loss of
private information, recover loss of authentic details, and protect