Scribd
Upload
19 views18 pages

Information security

A simple and consice slides on information security

Uploaded by

malikfurqan7045
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPTX, PDF, TXT or read online on Scribd
19 views18 pages

Information security

A simple and consice slides on information security

Uploaded by

malikfurqan7045
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPTX, PDF, TXT or read online on Scribd
You are on page 1/ 18

Lecture # 6

INFORMATION SECURITY
Key Management

 Key management in information security is the process of handling


cryptographic keys throughout their lifecycle.
 This includes dealing with the generation, exchange, storage, use,
crypto-shredding (destruction) and replacement of keys. It includes
cryptographic protocol design, key servers, user procedures, and
other relevant protocols.
How Cryptographic Keys Works?

 Cryptographic keys are special codes that protect information by locking


(encrypting) and unlocking (decrypting) it. In symmetric key cryptography, a
single shared key does both jobs, so the same key must be kept secret between
users. In asymmetric key cryptography, there are two keys: a public key that
anyone can use to encrypt messages or verify signatures, and a private key that
only the owner uses to decrypt messages or create signatures. This makes it
easier to share the public key openly while keeping the private key secret. These
keys are crucial for secure communication, like when you visit a secure website
(HTTPS), where they help encrypt your data and keep it safe from
eavesdroppers and criminals. So, to manage these keys properly is vital to keep
digital information secure and dependable.
What is the function of key management system?

 The purpose of key management is to handle keys throughout their


life from creation to storage, distribution, updating, control, and
finally, destruction to keep them secure.
Why is key management important for security?

 Key management is essential for data security. Encryption keys are


used to lock and unlock data, so if a key is lost or compromised,
data security is at risk. Keys also help in securely sending data
over the Internet.
What is the goal of key management?

 The main goal of key management is to protect sensitive data by


securely handling cryptographic keys at every stage. This means
ensuring keys are strong, shared safely, stored securely, updated
regularly, and deleted properly when they are no longer needed.
Lecture # 6

Authentication
What is Authentication?

Authentication is a process that verifies the identity of a user,


device, or process before they are granted access to information
systems, networks, or digital resources. It's a crucial step in
protecting systems, data, and applications from attacks.
What is Authentication?

Authentication is used by a server when the server needs to know


exactly who is accessing their information or site. Authentication is
used by a client when the client needs to know that the server is
system it claims to be. In authentication, the user or computer has
to prove its identity to the server or client.
Methods for Authentication

There are several common methods used for Authentication


 Knowledge based Authentication
In this method user provide some secret information, such as
password, PIN or answer to a security question. The system then
verifies this information.
 Token based Authentication
Here the user has physical or virtual token that generates a
temporary code. The must enter this code for verification.
Methods for Authentication

 Biometric Authentication
This method uses the user physical characteristics, such as
fingerprints, facial features, iris scans or voice pattern
to verify the identity.
 Multi-Factor Authentication
MFA use two or more authentication factors, such as password and
OTP, or Fingerprint and PIN, to strengthen authentication.
The Authentication process generally follow
these steps

 Identity Assertion
The user or entity asserts its identity, such as a username, email address, or
digital certificates.
 Credential Submission
The user submit their authentication credentials, such as
password, biometric or token code.
The Authentication process generally follow
these steps

 Verification
The system verify the credentials, if they are correct,
authentication is successful and access is granted. If the
credentials are incorrect, access is denied.
Lecture # 6

Access Control
Access Control

 Is a critical component is Information security that prevents unauthorized access


and manage authorized access. Through access control, organization protects
their sensitive data, system and resources ensuring that only authorized user can
access them.
 Access control uses policies and tools to ensure that only authorized users have
access to the right resources at the right level.
 The primary goal is the access control is to prevent unauthorized access, data
breaches, and cyber attacks.
 It allows organizations to specify which user have access to which resources and
what permission they have.
Key Components

It has several key components


 Authentication
Authentication is a process that verifies a user's identity before
they can access a system, network, or device. It's a key part of
access control, which is based on the identity of the user who requests
access. e.g. username and password
 Authorization
Authorization is the process of determining what level of access
a user or service has to a resource or action in a computer
system. It's a security process that's often used in conjunction
with authentication to verify a user's identity before granting
them access. e.g. Hotel keycard.
Key Components

 Access Polices
• Rules and Regulation.
• Access polices specify under with conditions and to which resources
access can be granted.
 Access Control List
ACLs are lists that specify which user have access to which
resources and what type of operation are allowed or denied to them.
Key Components

 Role-Based Access Control


In RBAC access control model, permission are associated with
rules, and then user are assigned specific rules. Users receive
access permission based on their roles.
 Audit Trails
Audit trail record who accessed which resources and what time.
These logs help organization detect unauthorized access attempts
and security breaches.

You might also like