Scribd
Upload
98 views

01 Introduction To Information Security

this is some basic data of information security

Uploaded by

anon_200163716
Copyright
© © All Rights Reserved
Available Formats
Download as PDF, TXT or read online on Scribd
98 views

01 Introduction To Information Security

this is some basic data of information security

Uploaded by

anon_200163716
Copyright
© © All Rights Reserved
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 16

Introduction to Information Security

JOE MARTIN J
0017134001
3
Scenario
An employee working for an organization,
downloads a software from a website. After
installing the software, however, his/her
machine reboots and starts to malfunction.

What happened to his/her machine?


What will you do, If you are in his/her place?

COPYRIGHT © WHITE HAT GLOBAL ACADEMY


ALL RIGHTS RESERVED. REPRODUCTION IS STRICTLY PROHIBITED.
4
Home-Computer Users at Risk Due to Use of 'Folk Model' Security

May 23, 2011


EAST LANSING, Mich. —Most home computers are vulnerable to hacker attacks because the
users either mistakenly think they have enough security in place or they don’t believe they have
enough valuable information that would be of interest to a hacker.
That’s the point of a paper published this month by Michigan State University’s Rick Wash, who
says that most home‐computer users rely on what are known as “folk models.” Those are beliefs
about what hackers or viruses are that people use to make decisions about security – to keep
their information safe.
Unfortunately, they don’t often work the way they should.
“Home security is hard because people are untrained in security,” said Wash, an assistant
professor in the Department of Telecommunication, Information Studies and Media. “But it isn’t
because people are idiots. Rather they try their best to make sense of what’s going on and
frequently make choices that leave them vulnerable.”

http://msutoday.msu.edu/

COPYRIGHT © WHITE HAT GLOBAL ACADEMY


ALL RIGHTS RESERVED. REPRODUCTION IS STRICTLY PROHIBITED.
5
Module Objective

Security Essential Computer Potential


Incidents Terminologies Security Losses

Security Security Risks


What to
Elements & to Home
Secure?
Layers Users

COPYRIGHT © WHITE HAT GLOBAL ACADEMY


ALL RIGHTS RESERVED. REPRODUCTION IS STRICTLY PROHIBITED.
6
Security Incident Occurrences Over Time
Security Incident Occurrences Over Time

Years
http://datalossdb.org/
COPYRIGHT © WHITE HAT GLOBAL ACADEMY
ALL RIGHTS RESERVED. REPRODUCTION IS STRICTLY PROHIBITED.
7
Security Incidents by Breach Type - 2015

http://datalossdb.org/
COPYRIGHT © WHITE HAT GLOBAL ACADEMY
ALL RIGHTS RESERVED. REPRODUCTION IS STRICTLY PROHIBITED.
8
Security Breaches – World wide

http://datalossdb.org/
COPYRIGHT © WHITE HAT GLOBAL ACADEMY
ALL RIGHTS RESERVED. REPRODUCTION IS STRICTLY PROHIBITED.
9
Essential Terminologies
Threat Exploit Vulnerability

• An action or event • A software tool • Vulnerability is a


that has the designed to take weakness which
potential to advantage of a flaw in allows an attacker to
compromise and/or a computer system, reduce a system's
violate security typically for malicious information
purposes such as assurance
malware

Cracker, Attacker, or Attack Data Theft


Intruder

• An individual who • Any action derived • Stealing the


breaks into from intelligent information from
computer systems threats to violate the users’ system
in order to steal, the security of the
change, or destroy system
information

COPYRIGHT © WHITE HAT GLOBAL ACADEMY


ALL RIGHTS RESERVED. REPRODUCTION IS STRICTLY PROHIBITED.
10
Computer Security

Computer security, also known as cyber security or IT


security, is security applied to computers, computer
networks, and the data stored and transmitted over
them.
Computer security covers all the processes and
mechanisms by which digital equipment, information
and services are protected from unintended or
unauthorized access, change or destruction and the
process of applying security measures to ensure
confidentiality, integrity, and availability of data both in
transit and at rest.

COPYRIGHT © WHITE HAT GLOBAL ACADEMY


ALL RIGHTS RESERVED. REPRODUCTION IS STRICTLY PROHIBITED.
11
Why Security?
Computer security is important for Computer administration and
protecting the confidentiality, management have become more
integrity, and availability of complex which produces more
computer systems and their attack avenues
resources

Evolution of technology has focused Network environments and


on the ease of use while the skill network‐based applications provide
level needed for exploits has more attack paths
decreased

COPYRIGHT © WHITE HAT GLOBAL ACADEMY


ALL RIGHTS RESERVED. REPRODUCTION IS STRICTLY PROHIBITED.
12
Potential Losses Due to Security Attacks
Identity
theft

Loss of Financial
trust loss

Misuse of
Data
computer
loss/theft
resources

COPYRIGHT © WHITE HAT GLOBAL ACADEMY


ALL RIGHTS RESERVED. REPRODUCTION IS STRICTLY PROHIBITED.
13
Security Elements
Confidentiality

“Ensuring that information is accessible only to those who have authorized to access”

Authenticity

“The identification and assurance of the origin of information”

Integrity

“Ensuring that the information is complete, accurate, reliable, and is in its original form”

Availability

“Ensuring that the information is accessible to authorized persons when required without any delay”

Non - Repudiation

“Ensuring that a party to a contract or a communication cannot deny the authenticity of their signature on a document”

COPYRIGHT © WHITE HAT GLOBAL ACADEMY


ALL RIGHTS RESERVED. REPRODUCTION IS STRICTLY PROHIBITED.
14
The Security, Functionality, and Ease of Use Triangle
Security

Functionality
Easy of use

COPYRIGHT © WHITE HAT GLOBAL ACADEMY


ALL RIGHTS RESERVED. REPRODUCTION IS STRICTLY PROHIBITED.
15
Security Layers
User Security
• Ensures that a valid
Application user is using the
Security system

System Security • Protecting the


applications from
• Protecting system &
external threats
Network Security its information from
theft, unauthorised
• Protecting networks access etc.
Physical Security & their services from
unauthorised access
• Securing the assets
from physical threats

COPYRIGHT © WHITE HAT GLOBAL ACADEMY


ALL RIGHTS RESERVED. REPRODUCTION IS STRICTLY PROHIBITED.
16
Security Risks to Home Users
Home computers are prone to various cyber attacks as they provide attackers easy targets due
to a low level of security awareness
Security risk to home users arise from various computer attacks and accidents causing physical
damage to computer systems

• Malware, virus attacks • Hard disk or other


• Denial of service and component failures
cross‐site scripting • Power failure and
attacks surges
• Identity theft and • Theft of a computing
computer frauds device
Computer Computer
Attacks Accidents
COPYRIGHT © WHITE HAT GLOBAL ACADEMY
ALL RIGHTS RESERVED. REPRODUCTION IS STRICTLY PROHIBITED.
17
What to Secure?

Information Communication

Software

Hardware

COPYRIGHT © WHITE HAT GLOBAL ACADEMY


ALL RIGHTS RESERVED. REPRODUCTION IS STRICTLY PROHIBITED.
18

You might also like