Dfp50123 Chapter 1

Download as pdf or txt
Download as pdf or txt
You are on page 1of 25

CHAPTER 1

INFORMATION
SECURITY
OVERVIEW
INFORMATION SECURITY

Information security ensures good data management.


It involves the use of technologies, protocols, systems
and administrative measures to protect the
confidentiality, integrity and availability of information.
Information is the most valuable asset of an
organization, and any breach can destroy its reputation
and continuity.
Need for
Information Security
To check for compromised/stolen
To prevent data breaches credentials and broken authentication

A data breach is the intentional or Broken authentication refers to the vulnerabilities or


unintentional release of secure or weaknesses inherent in an online platform or
private/confidential information to an application that allows hackers to bypass the login
untrusted environment. security and gain access to all the privileges owned
by the hacked user.
Need for
Information Security
To mitigate cyber threats from
To avoid account hijacking malicious insiders

Phishing, fraud, and software An existing or former employee, a cunning business


exploitations are still very partner, a system administrator or an intruder can
common.Companies relying on cloud destroy the whole information infrastructure or
services are especially at risk because manipulate data for their own purpose. Therefore, it
they are an easy target for is the responsibility of an organization to take
cybercriminals, who can eavesdrop on effective measures to control the encryption process
activities, modify data and manipulate and keys. Effective monitoring, logging, and auditing
transactions. These third-party activities are extremely important to keep everything
applications can be used by attackers to under control.
launch other attacks as well.
Characteristics of
Information
Security
(CIA Triad)
Confidentiality
Ensuring that only those who are
authorized have access to specific
assets and that those who are
unauthorized are actively
prevented from obtaining access.
Integrity
Ensuring that data has not been
tampered with and, therefore, can
be trusted.
It is correct, authentic, and reliable
Availabilty
Networks, systems, and applications
are up and running.
It ensures that authorized users have
timely, reliable access to resources
when they are needed.
Security Models
IS A FRAMEWORK FOR SPECIFYING AND
ENFORCING SECURITY POLICIES.

It describes the entities governed by the policy

It states the rules that constitute the policy.


Types of Security
Models
Open Security Models

Closed Security Models

Restrictive Security Models


Open Security Models
Open Security Models
Closed Security Models
Closed Security Models
Restricted Security Models
Potential Risks
to Information
Security
The damage that a breach of, or attack on, an
information technology (IT) system could
cause.
Information
Theft
What is?

Crime of obtaining the personal or


financial information of another person to
use their identity to commit fraud, such
as making unauthorized transactions or
purchases.
Unauthorized
Disclosure
What is?

To reveal information to an individual


who is not authorized to receive it.
Information
Warfare
What is?

The manipulation of information trusted


by a target without the target's
awareness so that the target will make
decisions against their interest but in the
interest of the one conducting
information warfare.
Accidental
Data Loss
What is?

Accidental data loss means the loss of


data or computer data due to some
accidents.Generally, data or information
from the computer system losts due to
threats caused by the malicious
intruders.
Data
Disclosure
What is?

Voluntary sharing of any and all


information that is considered relevant to
a given situation.
Data
Modification
What is?

Occurs when a saved (or stored) value in


a computer is changed to a different
value.
Data
Availability
What is?

That data continues to be available at a


required level of performance
Thank you!

You might also like