SOMAVILLE

UNIVERSITY

Information Security

Lecturer: Ahmed Hussein Ali

Tell:0615820604
Email:[email protected]
Information Security Overview

 Data are raw facts that constitute building

block of information. Data are the heart of
the computer system . It is to be noted that
all the data will not convey useful
information. Useful information is obtained
from processed data. In other words, data
has to interpreted in order to obtain
information. Good timely information with
relevant is the key to decision making. Good
decision making is the key to organizational
survival.
Information Security Overview
(Cont.)
 Data can take many forms, including
traditional alphanumeric data, composed of
numbers and alphabetical and other
characters that describe business
transactions and other events and entities.
Text data, consisting of sentences and
paragraphs used in written communications;
image data, such as graphic shapes and
figures; and audio data, the human voice
and other sounds, are also important forms
of data.
 Information Security
Overview
 In general, security is the quality or state
of being secure to be free from danger.
 It means to be protected from
adversaries from those who would do
harm, intentionally or otherwise.

-4
 Information Security
Overview
 A successful organization should have the
following multiple layers of security in
place for the protection of its operations
such as:
 Physical security
 Personal security
 Operations security
 Communications security
 Network security
 Information security
-5
Information Security Overview

 Information security means protecting

information and information systems from
unauthorized access, use, disclosure,
disruption, modification, perusal,
inspection, recording or destruction.
Information security is the process of
protecting information. It protects its
availability, privacy and integrity.

-6
 Information Security
Overview
 Information security, therefore, is the
protection of information and its
critical elements, including the
systems and hardware that use,
store, and transmit that information.

-7
 Information Security Overview

 Computer Security is an Integral Element

of Sound Management.
 Information and computer systems are
often critical assets that support the
mission of an organization. Protecting
them can be as critical as protecting
other organizational resources, such as
money, physical assets, or employees

-8
 What is Information Security
9

 Security can be defined as state of freedom

from a danger, risk or attack.
 Information security can be defined as the task
of guarding information which is processed by
a server, stored on a storage device, and
transmitted over a network like Local Area
Network or the public Internet.
 Information security means protecting
information and information systems from
unauthorized access, use, disclosure,
disruption, modification or destruction
Lecturer: Ahmed Hussein Ali 10/31/2024
Principles of Information Security

 First, let’s define again and again

information security. If ten different people
were asked to define information security,
we might well receive ten different
answers, but what is surprising is that
they might all be correct. Nevertheless,
the universal, classic definition of
information security is brief and simple:
 Information security is the confidentiality,
integrity, and availability of information.
 CIA Triad

Confidentiality – restrict
access to authorized
a
lity nti

I nt
individuals
de

eg
Integrity – data has not
nfi

ri

been altered in an
ty
Co

unauthorized manner
Availability – information
Availabilit can be accessed and
y modified by authorized
individuals in an
appropriate timeframe
 Confidentiality, Integrity, and Availability
(CIA)
12

 Confidentiality: The term confidentiality

means that the data which is
confidential should remain confidential.
In other words, confidentiality means
secret should stay secret.
 Integrity: The term integrity means that
the data being worked with is the correct
data, which is not tampered or altered.
 Availability: The term availability means
that the data you need should always be
available to you.
Lecturer: Ahmed Hussein Ali 10/31/2024
 Introduction to AAA
13

 AAA stands for Authentication, Authorization

and Accounting.
 AAA are a set of primary concepts that aid
in understanding computer and network
security as well as access control.
 These concepts are used daily to protect
property, data, and systems from intentional
or even unintentional damage. AAA is used
to support the Confidentiality, Integrity, and
Availability (CIA) security concept.
Lecturer: Ahmed Hussein Ali 10/31/2024
 What is authentication?
14

 Authentication is the process which allows a

sender and receiver of information to validate
each other. If the sender and receiver of
information cannot properly authenticate each
other, there is no trust in the activities or
information provided by either party.
 Authentication can involve highly complex and
secure methods or can be very simple. The
simplest form of authentication is the transmission
of a shared password between entities wishing to
authenticate each other. Today’s authentication
methods uses some of the below factors
Lecturer: Ahmed Hussein Ali 10/31/2024
 What is the Authorization?
15

Authorization
After declaring identity at the identification
stage and proving it at the authentication
stage, users are assigned a set of
authorizations (also referred to as rights,
privileges, or permissions) that define what
they can do on the system.
 These authorizations are most commonly

defined by the system’s security policy and

are set by the security or system
administrator
Lecturer: Ahmed Hussein Ali 10/31/2024
 Authentication VS
16
Authorization
 Authentication provides a way of identifying a user,
typically requiring a Userid/Password combo before
granting a session.
 Authentication process controls access by requiring valid
user credentials. After the Authentication process is
completed successfully, a user must be given
authorization (permission) for carrying out tasks within
the server.
 Authorization is the process that determines whether the
user has the authority to carry out a specific task.
Authorization controls access to the resources after the
user has been authenticated. The last one is Accounting.
Accounting keeps track of the activities the user has
performed in the server.
Lecturer: Ahmed Hussein Ali 10/31/2024
 What is the Accountability?
17

. Accountability:
Accountability is another important
principle of information security that
refers to the possibility of tracing
actions and events back in time to
the users, systems, or processes that
performed them, to establish
responsibility for actions or
omissions.
Lecturer: Ahmed Hussein Ali 10/31/2024
18

Any Question

Lecturer: Ahmed Hussein Ali 10/31/2024

19

END..