chapter 1 information security

2. Basics of information
 Computer security
 Data
 Data security
 Information
 Information security
 Network security

3. Information system
 Information
 It is a resource fundamental to the success of any
business.
 Data
 Knowledge
 Action

4. Information Security
 Need and importance of information
 Damage to information can cause disruptions in a
normal process .
 Management is crucial to making good business
decision.
 Monitor and document the operations of other systems.
 To satisfy the decision making capability.

5. Information Systems
 Reasons for Information Classification
 Protection of personal data
 Protection of confidential data
 Protecting Intellectual property
 Protecting info. That supports public security and law
enforcement
 Supporting routine disclosure and active dissemination
 Data of intergovernmental cooperation and integrated
service delivery.

6. Information Classification
 Criteria of information classification
 Value
 Age
 Useful Life
 Personal association

7. Information Classification
 Levels of information classification
 Unclassified
 Sensitive But Unclassified
 Confidential
 Secrete
 Top secret

8. security
 Security means to protect information or system from
unauthorized users.
 Layers of security
 Physical security
 Personal Security
 Operational Security
 Communications security
 Network security
 Information security

9. security
 Need of security
 Application were developed to handle financial and
personal data
 Mechanism
 Use userid and paswword
 Encode information present in database

10. Security basics
 Basics of computer security /Three pillars of IS
includes :
 Confidentiality
 Integrity
 Availability

11. Security basics
 Confidentiality
 Confidentiality means secrecy or concealment of
information and resources.
 Attempt to prevent the intentional or unintentional
unauthorized disclosure of information.
 Interception attack
 Uses identification and authentication.

12. Security basics
 Confidentiality
 Breaches of confidentiality
 Permitting someone to look over your shoulder
 If the information containing device is stolen or sold
 Giving out the confidential information over communication
media.
 Mechanism used for confidentiality
 Resource hiding,
 cryptography,
 access control mechanism.

13. Security basics
 Integrity
 It involves maintaining the consistency, accuracy, and
trustworthiness of data over its entire life cycle.
 Data integrity and origin integrity.
 Modification attack
 Breaches of Integrity
 Accidentally or with malicious intent deletes information
 Computer virus
 Mechanism used for Integrity
 file permissions
 user access control
 cryptography

14. Security basics
 Availability
 Resources should be available to authorized parties at all
times.
 Availability is an important aspect of reliability as well as
of system design
 Interruption attack
 High availability systems aim to remain available at all
times(24x7) preventing service disruptions
 DOS(denial-of-service) attack.

15. Security basics
 Non-repudiation :
 It refers to the ability to ensure that a party to a contract or a
communication cannot deny the authenticity of their signature
on a document or the sending of a message that they
originated.
 The best services for non repudiation are digital signature and
encryption.
 Authorization
 Authorization is a process of verifying that a known person has
the authority to perform a certain operation.

16. Security basics
 Authentication :
 It is the process of determining the identity of a user or
other entity.
 It requires to access secure data or enter a secure area.
 Three method of authentication.
 Something –you-know : user ID and password.
 Something – you – have: lock and key.
 Something –about –you : finger print, DNA , Samples etc.

17. Data obfuscation
 Data obfuscation (DO) is a form of data masking where
data is purposely scrambled to prevent unauthorized
access to sensitive materials.
 Used to prevent the intrusion of private and sensitive
online data.
 Sensitive info. : Employee data(salary info , review
info.),customer data, bank and vendor data

18. Data obfuscation
 Techniques for data obfuscation
 Generate RSA(Rivest Shamir Adleman) private / public
key pair
 Masking
 Character scrambling or masking out of certain fields
 Substitution
 another authentic looking value can be substituted for the
existing value
 Purge
 applying a null value to a particular field

19. Event Classification
 Viruses
 Disaster
 Crisis
 Catastrophe