MY INTRODUCTION

• Jawad Ahmed Bhutta

• MS CS & IT NED
• BE EE(CE) UIT Hamdard University
• Senior Lecturer
• Bahria University Karachi Campus
SUMMARY (RECAP)
• What is Information Technology?
• What is Information Security?
• What is CIA triad?
INFORMATION SECURTIY
• What do you understand by the term vulnerability?
• a flaw in a system that can leave it open to attack
• any type of weakness in a computer system itself, in a set of
procedures, or in anything that leaves information security exposed to
a threat
• Infosec professionals seek to reduce these.
• Lesser vulnerabilities means that fewer options for malicious users.
• One way to protect from vulnerabilities is to update software’s
regularly because updates normally contain security patches
INFORMATION SECURTIY
• What do you understand by the term Threat?
• Refers to anything that has the potential to cause serious harm to a
computer system.
• Something that may or may not happen but has the potential to
cause serious damage.
• Threats are potentials for vulnerabilities to turn into attacks on
computer systems, networks, and more. They can put individuals’
computer systems and business computers at risk, so vulnerabilities
have to be fixed so that attackers cannot infiltrate the system and
cause damage.
INFORMATION SECURTIY
• What do you understand by the term Asset?
• Something useful or valuable.
• An IT asset is a piece of software or hardware within an information
technology environment.
• IT assets are integral components of the organization’s systems and
network infrastructure.
• An asset has mostly a limited lifecycle. Hardware wears down.
Software becomes obsolete.
INFORMATION SECURTIY
• What do you understand by the term Risk?
• Risk is generally defined as the product of the likelihood of
obscure/malicious occurrence and the impact an event could have.
• Risk = likelihood of an event to occur x impact of that event
• However, in IT, risk is defined as the product of the asset value, the
system's vulnerability to that risk and the threat it poses for the
organization.
• Risk = vulnerability x threat (for a particular asset)
ASSET,
THREAT,
VULNERABILI
TY & RISK
INFORMATION SECURTIY
• IT risks are managed according to the following steps:
• Assessment: Each risk is discovered and assessed for severity
• Mitigation: Countermeasures are put in place to reduce the impact of
particular risks
• Evaluation and Assessment: At the end of a project, the effectiveness
of any countermeasures (along with their cost-effectiveness) is
evaluated. Based on the results, actions will be taken to improve,
change or keep up with the current plans.
INFORMATION SECURTIY
• Countermeasures
• In computer security a countermeasure is an action, device,
procedure, or technique that reduces a threat, a vulnerability, or an
attack by eliminating or preventing it, by minimizing the harm it can
cause, or by discovering and reporting it so that corrective action can
be taken.
INFORMATION SECURTIY
• Controls
• are safeguards or countermeasures to avoid, detect, counteract, or
minimize security risks to physical property, information, computer
systems, or other assets.
• 3 types
• Detective
• Preventive
• Responsive
INFORMATION SECURTIY
• Example
• Access to a bank’s safe or vault requires passing through layers of protection
that might include human guards and locked doors with special access controls
(prevention).
• In the room where the safe resides, closed-circuit televisions, motion sensors,
and alarm systems quickly detect any unusual activity (detection).
• The sound of an alarm could trigger the doors to automatically lock, the police
to be notified, or the room to be filled with tear gas (response).
• These controls are the basic toolkit for the security practitioner who mixes and
matches them to carry out the objectives of confidentiality, integrity, and/or
availability by using people, processes, or technology
INFORMATION SECURTIY
• To determine which security feature (Confidentiality vs Integrity) is
more important, we have to look at the aspect of system that we are
considering. For example, consider a website in which a user can
request information about routes between two places(maps) or news
regarding a particular topic or region. In this case, the integrity of the
data is much more important than confidentiality of data. These
resources need to be available for anyone who needs to access it. But,
if the data is tempered in anyway, in our case, road maps between
two places or news on any topic are tempered before it is delivered to
the user, it is much more dangerous than any compromise on
confidentiality.
INFORMATION SECURTIY
• On the other hand, consider that this system requires the user to
make a profile and saves access logs for each user and his/her request
for a particular session. If these logs are compromised, then an
attacker will know about the preferences of a user. That is, frequent
routes that are requested or information on any topic or the contact
information of the user. In this case, confidentiality becomes
important.
• Thus, both these security features are equally important for any IT
service providing organization – along with the last but not the least
feature – Availability.
INFORMATION SECURTIY
• Vulnerability Management ?
• Vulnerability management is a security practice specifically designed
to proactively mitigate or prevent the exploitation of IT vulnerabilities
which exist in a system or organization. It involves:
• identification, classification, remedy, and mitigation of various
vulnerabilities within a system.
• Integral part of computer Security and is practiced together with risk
management and other security practices
INFORMATION SECURTIY
• Why is Vulnerability Management important ?
• Process of identifying vulnerabilities in IT assets and their subsequent
risks evaluated so solutions could be formed.
• Precursor to removing vulnerabilities or risks.
• Still some risks are not entirely removed so for that, risk acceptance is
acknowledged by management and then solutions for
mitigation(lessen the impact of), remediation and recovery are placed
for them.
• Even still some risks remain, and these are referred to as residual risks
INFORMATION SECURTIY
INFORMATION SECURTIY
• Vulnerability Scanning?
• Process of utilizing computer software (specialized in nature) for the
detection or analysis of an IT asset for finding possible vulnerabilities.
• Example insecure configurations or out of date firewalls
INFORMATION SECURTIY
• Disaster Recovery Plan
• Business plan that describes how work can be resumed quickly and
effectively after a disaster.
• It is part of business continuity planning and applied to aspects of an
organization that rely on an IT infrastructure to function.
• The overall idea is to develop a plan that will allow the IT department
to recover enough data and system functionality to allow a business
or organization to operate - even possibly at a minimal level. n an IT
infrastructure to function.
INFORMATION SECURTIY
• Disaster Recovery Plan
• The creation of a DRP begins with a DRP proposal to achieve upper
level management support.
• Then a business impact analysis (BIA) is needed to determine which
business functions are most critical and the requirements to get the IT
components of those functions operational again after a disaster,
either on-site or off-site.
INFORMATION SECURTIY
• Business Continuity Plan
• A plan to help ensure that business processes can continue during a
time of emergency or disaster.
• Might include emergencies or natural disasters or cases where
businesses aren’t able to run in normal conditions.
• For this Businesses tend to look into all such viable/potential threats
and formulate their own BCP’s.
INFORMATION SECURTIY
• Business Continuity Plan
• A business continuity plan involves the following:
• Analysis of organizational threats
• A list of the primary tasks required to keep the organization operations
flowing
• Easily located management contact information
• Explanation of where personnel should go if there is a disastrous event
• Information on data backups and organization site backup
• Collaboration among all facets of the organization
INFORMATION SECURTIY
• Business Impact Analysis
• A component of BCP that helps to identify critical and non-critical
systems.
• It assigns consequences and estimated dollar(monetary) figures to
specific disaster conditions.
• It also includes estimated recovery times and their recovery
requirements.
• Often used to measure risks of failure against the cost of upgrading a
particular system/component/asset.
INFORMATION SECURTIY
• Business Impact Analysis
• Organization-level BIA is very important in identifying large or major
risks and their consequent impacts e.g. Losing all the data on
company servers.
• Department-level BIA will highlight the particular systems that are
critical to those users and what would happen if they were unable to
access them.
• BIA is very important in identifying obvious weaknesses before they
become serious issues/threats.
INFORMATION SECURTIY (PAPER)
• Real world security boils down to
• Specification/Policy
• Implementation/Mechanism
THANKYOU
REFERENCES
• https://www.techopedia.com/definition/13757/business-impact-anal
ysis-bia
• https://www.techopedia.com/definition/3/business-continuity-plan-b
cp
• https://www.techopedia.com/definition/1074/disaster-recovery-plan-
drp
• https://www.techopedia.com/definition/16522/risk-analysis
• https://www.techopedia.com/definition/25836/it-risk-management
• https://www.techopedia.com/definition/24373/vulnerability-discover
y-and-remediation
• https://www.tutorialspoint.com/fundamentals_of_science_and_tech
nology/cyber_crime_and_cyber_security.htm