4. Information Security
Need and importance of information
Damage to information can cause disruptions in a
normal process .
Management is crucial to making good business
decision.
Monitor and document the operations of other systems.
To satisfy the decision making capability.
5. Information Systems
Reasons for Information Classification
Protection of personal data
Protection of confidential data
Protecting Intellectual property
Protecting info. That supports public security and law
enforcement
Supporting routine disclosure and active dissemination
Data of intergovernmental cooperation and integrated
service delivery.
7. Information Classification
Levels of information classification
Unclassified
Sensitive But Unclassified
Confidential
Secrete
Top secret
8. security
Security means to protect information or system from
unauthorized users.
Layers of security
Physical security
Personal Security
Operational Security
Communications security
Network security
Information security
9. security
Need of security
Application were developed to handle financial and
personal data
Mechanism
Use userid and paswword
Encode information present in database
10. Security basics
Basics of computer security /Three pillars of IS
includes :
Confidentiality
Integrity
Availability
11. Security basics
Confidentiality
Confidentiality means secrecy or concealment of
information and resources.
Attempt to prevent the intentional or unintentional
unauthorized disclosure of information.
Interception attack
Uses identification and authentication.
12. Security basics
Confidentiality
Breaches of confidentiality
Permitting someone to look over your shoulder
If the information containing device is stolen or sold
Giving out the confidential information over communication
media.
Mechanism used for confidentiality
Resource hiding,
cryptography,
access control mechanism.
13. Security basics
Integrity
It involves maintaining the consistency, accuracy, and
trustworthiness of data over its entire life cycle.
Data integrity and origin integrity.
Modification attack
Breaches of Integrity
Accidentally or with malicious intent deletes information
Computer virus
Mechanism used for Integrity
file permissions
user access control
cryptography
14. Security basics
Availability
Resources should be available to authorized parties at all
times.
Availability is an important aspect of reliability as well as
of system design
Interruption attack
High availability systems aim to remain available at all
times(24x7) preventing service disruptions
DOS(denial-of-service) attack.
15. Security basics
Non-repudiation :
It refers to the ability to ensure that a party to a contract or a
communication cannot deny the authenticity of their signature
on a document or the sending of a message that they
originated.
The best services for non repudiation are digital signature and
encryption.
Authorization
Authorization is a process of verifying that a known person has
the authority to perform a certain operation.
16. Security basics
Authentication :
It is the process of determining the identity of a user or
other entity.
It requires to access secure data or enter a secure area.
Three method of authentication.
Something –you-know : user ID and password.
Something – you – have: lock and key.
Something –about –you : finger print, DNA , Samples etc.
17. Data obfuscation
Data obfuscation (DO) is a form of data masking where
data is purposely scrambled to prevent unauthorized
access to sensitive materials.
Used to prevent the intrusion of private and sensitive
online data.
Sensitive info. : Employee data(salary info , review
info.),customer data, bank and vendor data
18. Data obfuscation
Techniques for data obfuscation
Generate RSA(Rivest Shamir Adleman) private / public
key pair
Masking
Character scrambling or masking out of certain fields
Substitution
another authentic looking value can be substituted for the
existing value
Purge
applying a null value to a particular field