UNIT 1

Security concepts in information security

Information security, often abbreviated as InfoSec, is the practice of protecting
information by mitigating information risks12. It involves the protection of
information systems and the information processed, stored, and transmitted by
these systems from unauthorized access, use, disclosure, disruption, modification,
or destruction12. This includes the protection of personal information, financial
information, and sensitive or confidential information stored in both digital and
physical forms1.

The main principles of information security are often summed up by the so-called
CIA triad234:

1. Confidentiality: Ensuring that data is accessible only to those authorized to

have access234.
2. Integrity: Safeguarding the accuracy and completeness of data during its
lifecycle234.
3. Availability: Ensuring that authorized users have reliable and timely access
to information234.

In addition to the CIA triad, some sources also mention Non-repudiation as a

fundamental principle3. Non-repudiation ensures that a party in a dispute cannot
deny the authenticity of their signature on a document or the sending of a message.

Effective information security requires a comprehensive and multi-disciplinary

approach, involving people, processes, and technology1. It spans many research
areas like Cryptography, Mobile Computing, Cyber Forensics, Online Social
Media, etc1. It also encompasses physical and environmental security, access
control, and cybersecurity5.

The importance of information security is due to the need to protect valuable

information assets from a wide range of threats, including theft, espionage, and
cybercrime1. It is necessary to ensure the confidentiality, integrity, and availability
of information, whether it is stored digitally or in other forms such as paper
documents1. It helps protect sensitive information from being accessed, disclosed,
or modified by unauthorized individuals1. By implementing information security
measures, organizations can mitigate the risks associated with cyber threats and
other security incidents1.

Computer security concepts in information security

Explore

Computer security, also known as cybersecurity, is a subset of information security

that focuses on protecting computers and their related data, networks, software, and
hardware from unauthorized access, misuse, theft, information loss, and other
security issues1. It is crucial in our increasingly digital world, where threats such as
viruses, hacking, information theft, and system damage are prevalent1.

Here are some key concepts in computer security:

1. Cyber Security: This involves securing our computers, electronic devices,

networks, programs, and systems from cyber attacks. Cyber attacks typically
occur when our system is connected to the Internet1.
2. Information Security: This involves protecting our system’s information
from theft, illegal use, and piracy from unauthorized use. The main
objectives of information security are confidentiality, integrity, and
availability of information1.
3. Application Security: This involves securing our applications and data so
that they don’t get hacked. It also ensures that the databases of the
applications remain safe and private to the owner itself, so that user’s data
remains confidential1.
4. Network Security: This involves securing a network and protecting the
user’s information about who is connected through that network. Over the
network, hackers can steal packets of data through various attacks and
misuse the data for their benefits1.

Types of cyber attacks include:

 Denial of Service (DoS) attack: In this type of attack, the attackers disrupt
the services of a particular network by sending infinite requests, temporarily
or permanently making the network or machine resources unavailable to the
intended audience1.
 Backdoor attack: In this attack, malware, a trojan horse, or a virus gets
installed in our system and starts affecting its security along with the main
file1.
 Eavesdropping: This refers to secretly listening to someone’s talk without
their permission or knowledge1.

Remember, computer security is not just about technology, but also about the
people and processes involved. It requires a comprehensive and multi-disciplinary
approach to be effective1.

Computer security Terminology

  Unauthorized access: An unauthorized access is when someone gains
access to a server, website, or other sensitive data using someone else’s
account details1.
 Hacker: A hacker is a person who tries and exploits a computer system
for a reason which can be money, a social cause, fun etc 1.
 Threat: A threat is an action or event that might compromise the
security1.
 Vulnerability: A vulnerability is a weakness, a design problem or
implementation error in a system that can lead to an unexpected and
undesirable event regarding security system 1.
 Attack: An attack is an assault on the system security that is delivered by
a person or a machine to a system. It violates security1.
 Antivirus or Antimalware: An antivirus or antimalware is a software that
operates on different OS which is used to prevent from malicious
software1.
 Social Engineering: Social engineering is a technique that a hacker uses
to steal data by manipulating people for different purposes by
psychological techniques combined with social scenes 1.
 Virus: A virus is a malicious software that installs on your computer
without your consent for a bad purpose 1.
 Firewall: A firewall is a software or hardware which is used to filter
network traffic based on rules

security terminologies

Threats in information security

Information Security threats can be many like Software attacks,
theft of intellectual property, identity theft, theft of equipment or
information, sabotage, and information extortion.
Threat can be anything that can take advantage of a vulnerability
to breach security and negatively alter, erase, harm object or
objects of interest.

types of threats:
1. Software Attacks: These include attacks by viruses, worms, trojan
horses, and bots12. They are malicious software that behaves
differently and can harm your system1.
2. Theft of Intellectual Property: This involves stealing sensitive
information, such as trade secrets or proprietary information 1.
3. Identity Theft: This involves stealing personal information to
impersonate someone else1.
4. Theft of Equipment or Information: This involves stealing
physical devices (like computers or hard drives) or digital
information1.
5. Sabotage: This involves deliberate actions aimed at harming an
organization or its resources1.
6. Information Extortion: This involves demanding money in return
for not releasing stolen information1.
 7. Social Media Attacks: In this, cyber criminals identify and infect a
cluster of websites that persons of a particular group visit 1.
8. Mobile Malware: There is a saying when there is a connectivity to
the Internet there will be danger to Security1.
9. Outdated Security Software: With new threats emerging
everyday, updation in security software is a prerequisite to have a
secure system1.
10. Corporate Data on Personal Devices: This involves the risk
of corporate data being accessed from personal devices, which may
not have the same level of security as corporate devices 1.
Remember, the best defense against these threats is a combination of
strong security policies, up-to-date technology, and user awareness

Attacks and Assets in information security

In information security, both attacks and assets play crucial roles. Let’s discuss
them in detail:

Attacks in Information Security:

Attacks in information security refer to actions that are intended to compromise the
security of an information system. They can be categorized into two types1:

1. Active Attacks: These attacks attempt to alter or affect the system’s

operation. They include:
o Masquerade: An attacker pretends to be someone else to gain
unauthorized access1.
o Modification of Messages: Some portion of a message is altered to
produce an unauthorized effect1.
o Repudiation: An attacker denies their action, such as making a
transaction or sending a message1.
o Replay: An attacker fraudulently delays or resends valid data
transmission1.
o Denial of Service (DoS): The attacker makes a machine or network
resource unavailable to its intended users1.
2. Passive Attacks: These attacks involve the unauthorized reading of
information or monitoring of computer systems1.

Assets in Information Security:

Assets in information security refer to any data, device, or other components that
support information-related activities2. They generally include342:

1. Hardware: This includes servers, computers, switches, and other physical

devices.
2. Software: This includes mission-critical applications and support systems.
 3. Information: This includes databases, files, and other data that the
organization uses.
4. People: The users who have access to the information and systems.
5. Network: The infrastructure that connects devices and allows for data
transmission.

These assets are valuable to an organization and require protection. The goal of
information security is to protect these assets from various threats and attacks342.

Security functional requirements

Security functional requirements in information security refer to the specific
security functions that a system must perform or characteristics it needs to have12.
They are derived from industry standards, applicable laws, and a history of past
vulnerabilities3.

Here are some examples:

1. Authentication: The system should be able to verify the identity of a user or

a system1.
2. Authorization: The system should control access to resources based on user
privileges1.
3. Data Integrity: The system should ensure data is not altered or destroyed in
an unauthorized manner2.
4. Confidentiality: The system should protect information from unauthorized
access and disclosure2.
5. Availability: The system should ensure that authorized users have reliable
and timely access to information2.
6. Non-repudiation: The system should provide proof of the origin or delivery
of data to protect against denial by one of the entities involved in a
communication4.
7. Backup: The system should be able to create copies of information to
protect against data loss1.
8. Server-Clustering: The system should be able to use multiple servers to
ensure high availability and load balancing1.

These requirements are typically documented in a security requirements

specification, which forms the basis for design, development, and evaluation of a
secure system53124. They provide a foundation of vetted security functionality for an
application3. Instead of creating a custom approach to security for every
application, standard security requirements allow developers to reuse the definition
of security controls and best practices3.

A security architecture for Open Systems

The Open Systems Interconnection (OSI) Security Architecture is a systematic
approach to providing security at each layer of the OSI model1. It defines security
services and security mechanisms that can be used at each of the seven layers of
the OSI model to provide security for data transmitted over a network1. These
security services and mechanisms help to ensure the confidentiality, integrity, and
availability of the data1.

The OSI Security Architecture focuses on three main concepts1:

1. Security Attack: Any action that compromises the security of information

owned by an organization1.
2. Security Mechanism: A process (or a device incorporating such a process)
that can counter security attacks1.
3. Security Service: A service that enhances the security of data processing
systems and information transfers of an organization1.

The OSI Security Architecture is categorized into three broad categories1:

1. Security Attacks: A security attack is an attempt by a person or entity to

gain unauthorized access to disrupt or compromise the security of a system,
network, or device1.
2. Security Mechanisms: A security mechanism is a means of protecting a
system, network, or device against unauthorized access, tampering, or other
security threats1.
3. Security Services: These are the services that enhance the security of the
data processing systems and information transfers1.

The OSI Security Architecture is internationally accepted as it lays the flow of

providing safety in an organization1. It outlines certain security services that need
to be in place to secure data as it moves across a network2. It is a structured
approach to information security2.

Computer security trends

Computer security trends are constantly evolving to keep up with the ever-
changing threat landscape. Here are some of the key trends in computer security
for 202312:

1. Attack Surface Expansion: With the increase in remote work and greater
use of public cloud, highly connected supply chains, and cyber-physical
systems have exposed new and challenging attack surfaces1.
2. Identity System Defense: Misuse of credentials is now a primary method
that attackers use to access systems. Tools and processes to defend identity
systems are becoming increasingly important1.
 3. Digital Supply Chain Risk: By 2025, it’s predicted that 45% of
organizations worldwide will have experienced attacks on their software
supply chains1.
4. Vendor Consolidation: Security products are converging, and vendors are
consolidating security functions into single platforms1.
5. Rise of Cybersecurity Practices: With continuous technological
development, there is a corresponding movement in cybersecurity practices3.

These trends highlight the need for organizations to stay vigilant and proactive in
their approach to information security. It’s crucial to keep up with these trends to
protect your organization from potential threats12.

Computer security strategy

A computer security strategy is a high-level plan for how an organization will
secure its assets and minimize cyber risk1. It should be adaptable to the current
threat landscape and ever-evolving business climate1. Here are some key
components of a computer security strategy:

1. Alignment with Business Objectives: The strategy should align with the
organization’s business objectives and support its overall mission2.
2. Risk Assessment: The strategy should include a comprehensive assessment
of the organization’s risk and stakeholder expectations2.
3. Current State Assessment: Understanding the current security state is
crucial for identifying gaps and areas for improvement2.
4. Prioritization of Initiatives: Based on the risk assessment and current state,
the strategy should prioritize security initiatives and build out a security
roadmap2.
5. Proactive Approach: The strategy should shift from a reactive to a
proactive mindset. Instead of focusing on reacting to incidents, the most
effective strategies stress the importance of preventing cyber-attacks1.
6. Resilience: One of the most critical goals for any cybersecurity strategy is
achieving cyber resilience. This means the organization can withstand and
recover from security incidents1.

Remember, a computer security strategy is not a one-size-fits-all solution. Each

organization is unique and requires a customized approach1. The strategy should be
a living document, updated and revisited as frequently as possible to adapt to new
threats and changes in the business environment1.