UNIT 1

Security fundamentals

THE BASIC COMPONENTS

The basic tenets of information security are confidentiality, integrity and availability. Every
element of the information security program must be designed to implement one or more of
these principles. Together they are called the CIA Triad.

● Confidentiality – means information is not disclosed to unauthorized individuals, entities

and processes. For example if we say I have a password for my Gmail account but
someone saw while I was doing a login into Gmail account. In that case my password
has been compromised and Confidentiality has been breached.

● Integrity – means maintaining accuracy and completeness of data. This means data
cannot be edited in an unauthorized way. For example if an employee leaves an
organization then in that case data for that employee in all departments like accounts,
should be updated to reflect status to JOB LEFT so that data is complete and accurate
and in addition to this only authorized person should be allowed to edit employee data.

● Availability – means information must be available when needed. For example if one
needs to access information of a particular employee to check whether an employee has
outstanded the number of leaves, in that case it requires collaboration from different
organizational teams like network operations, development operations, incident
response and policy/change management.

Common Information Security Threats

● Virus: They have the ability to replicate themselves by hooking them to the program on
the host computer like songs, videos etc and then they travel all over the Internet. The
Creeper Virus was first detected on ARPANET. Examples include File Virus, Macro
Virus,etc.

● Worms: worms are also self-replicating in nature but they don’t hook themselves to the
program on the host computer. Biggest difference between viruses and worms is that
worms are network-aware. They can easily travel from one computer to another if a
network is available and on the target machine they will not do much harm, they will, for
example, consume hard disk space thus slowing down the computer.

● Adware: Adware is not exactly malicious but they do breach privacy of the users. They
display ads on a computer’s desktop or inside individual programs. They come attached
with free-to-use software, thus the main source of revenue for such developers. They
monitor your interests and display relevant ads. An attacker can embed malicious code
 inside the software and adware can monitor your system activities and can even
compromise your machine.

● Ransomware: Ransomware is a type of malware that will either encrypt your files or will
lock your computer making it inaccessible either partially or wholly. Then a screen will be
displayed asking for money i.e. ransom in exchange.

POLICY and MECHANISM

A security policy (also called an information security policy or IT security policy) is a document
that spells out the rules, expectations, and overall approach that an organization uses to
maintain the confidentiality, integrity, and availability of its data.
Mechanism is a tool that ensures the system does not enter an unauthorized protection.

Four reasons a security policy is important

● Guides the implementation of technical controls.
● Helps meet regulatory and compliance requirements
● Sets clear expectations
● Improves organizational efficiency and helps meet business objectives.

ASSUMPTION and TRUST

Security rests on assumptions specific to the type of security required and the environment in
which it is to be employed.

EXAMPLE: Opening a door lock requires a key. The assumption is that the lock is secure
against lock picking.

Trust: The willingness to take actions expecting beneficial outcomes, based on assertions by
other parties.

ASSURANCE
Measure of confidence that the security features, practices, procedures, and architecture of an
information system accurately mediates and enforces the security policy.
A security assurance can be defined as the confidence that a system meets its security
requirements and is resilient against security vulnerabilities and failures.

OPERATIONAL ISSUES

Any useful policy and mechanism must balance the benefits of the protection against the cost of
designing, implementing, and using the mechanism. This balance can be determined by
analyzing the risks of a security breach and the likelihood of it occurring.

1. Cost-Benefit Analysis
If the data or resources cost less, or are of less value, than their protection, adding security
mechanisms and procedures is not cost-effective because the data or resources can be
reconstructed more cheaply than the protections themselves. Unfortunately, this is rarely the
case.

2. Risk Analysis
To determine whether an asset should be protected, and to what level, requires analysis of the
potential threats against that asset and the likelihood that they will materialize

3. Laws and Customs

Laws restrict the availability and use of technology and affect procedural controls. Hence, any
policy and any selection of mechanisms must take into account legal considerations.

HUMAN ISSUES
Implementing computer security controls is complex, and in a large organization procedural
controls often become vague or cumbersome. Regardless of the strength of the technical
controls, if nontechnical considerations affect their implementation and use, the effect on
security can be severe. Moreover, if configured or used incorrectly, even the best security
control is useless at best and dangerous at worst. Thus, the designers, implementers, and
maintainers of security controls are essential to the correct operation of those controls.

1. Organizational Problems
2. People Problems

OS SECURITY
The process of ensuring OS availability, confidentiality, integrity is known as operating system
security. OS security refers to the processes or measures taken to protect the operating system
from dangers, including viruses, worms, malware, and remote hacker intrusions. Operating
system security comprises all preventive-control procedures that protect any system assets that
could be stolen, modified, or deleted if OS security is breached.

System security may be threatened through two violations, and these are as follows:
1. Threat
A program that has the potential to harm the system seriously.

2. Attack
A breach of security that allows unauthorized access to a resource

Security may be compromised through the breaches. Some of the breaches are as follows:
1. Breach of integrity
This violation has unauthorized data modification.

2. Theft of service
It involves the unauthorized use of resources.
3. Breach of confidentiality
It involves the unauthorized reading of data.

4. Breach of availability
It involves the unauthorized destruction of data.

5. Denial of service
It includes preventing legitimate use of the system. Some attacks may be accidental.