glance of information technology
TRANSCRIPT
![Page 2: Glance of Information Technology](https://reader031.vdocuments.mx/reader031/viewer/2022030309/58f20a691a28aba9168b45af/html5/thumbnails/2.jpg)
WHAT IS INFORMATION SECURITY ?
Information security is defined as protecting information and informationsystems from unauthorised access, use, disclosure, disruption,modification, or destruction.
![Page 3: Glance of Information Technology](https://reader031.vdocuments.mx/reader031/viewer/2022030309/58f20a691a28aba9168b45af/html5/thumbnails/3.jpg)
THE CORNERSTONE CONCEPT OF INFORMATIONSECURITY
* CONFIDENTIALITY,* INTEGRITY* AVAILABILITY KNOWN AS THE CIA
Confidentiality, integrity, and availability work togetherto provide assurance that data and systems remainsecure. Do not assume that one part of the triad is moreimportant than another.
CIA TRIAD
![Page 4: Glance of Information Technology](https://reader031.vdocuments.mx/reader031/viewer/2022030309/58f20a691a28aba9168b45af/html5/thumbnails/4.jpg)
THE CORNERSTONE CONCEPT OF INFORMATIONSECURITY
CONFIDENTIALITY
Confidentiality prevents the unauthorised disclosure of information, it keepsdata secret. In other words, confidentiality prevents unauthorised readaccess to data.
Confidentiality can be compromised by - Tthe loss of a laptop containing data. - A person looking over our shoulder while we type a password. - An E-mail attachment being sent to the wrong person.
Example:
![Page 5: Glance of Information Technology](https://reader031.vdocuments.mx/reader031/viewer/2022030309/58f20a691a28aba9168b45af/html5/thumbnails/5.jpg)
INTEGRITY
It prevents unauthorised modification of information. In other words, integrity it preventsunauthorised write access to data.
THERE ARE TWO TYPES OF INTEGRITY
* Data Integrity :It protects information against unauthorisedmodification
* System Integrity: It protects a system, such as a Windows 2008 serveroperating system, from unauthorised modification
![Page 6: Glance of Information Technology](https://reader031.vdocuments.mx/reader031/viewer/2022030309/58f20a691a28aba9168b45af/html5/thumbnails/6.jpg)
If an unethical student compromises a college grade database to raisehis failing grades, he has violated the data integrity. If he installsmalicious software on the system to allow future backdoor access, hehas violated the system integrity.
Example
![Page 7: Glance of Information Technology](https://reader031.vdocuments.mx/reader031/viewer/2022030309/58f20a691a28aba9168b45af/html5/thumbnails/7.jpg)
AVAILABILITY
ensures that information is available when needed. Systems need to beusable (available) for normal business use.
Example
attack on availability would be a denial of service (DoS) attack, whichseeks to deny service (or availability) of a system
![Page 8: Glance of Information Technology](https://reader031.vdocuments.mx/reader031/viewer/2022030309/58f20a691a28aba9168b45af/html5/thumbnails/8.jpg)
BALANCED SECURITY
confidentiality
integrityavailability
![Page 9: Glance of Information Technology](https://reader031.vdocuments.mx/reader031/viewer/2022030309/58f20a691a28aba9168b45af/html5/thumbnails/9.jpg)
BALANCED SECURITY
It is commonly onlythrough the lens of
keeping secrets secret
The integrity and availability threatscan be overlooked and only dealt withafter they are properly compromised.
![Page 10: Glance of Information Technology](https://reader031.vdocuments.mx/reader031/viewer/2022030309/58f20a691a28aba9168b45af/html5/thumbnails/10.jpg)
BALANCED SECURITY
Some assets have a critical confidentiality requirement (company tradesecrets), some have critical integrity requirements (financial transactionvalues), and some have critical availability requirements (E-commerce webservers).
Many people understand the concepts of the CIA triad, but may not fullyappreciate the complexity of implementing the necessary controls to provideall the protection with these concepts cover.
![Page 11: Glance of Information Technology](https://reader031.vdocuments.mx/reader031/viewer/2022030309/58f20a691a28aba9168b45af/html5/thumbnails/11.jpg)
THE CORNERSTONE CONCEPT OF INFORMATIONSECURITY
1- CONFIDENTIALITY
2- INTEGRITY
3- AVAILABILITY
The following provides a short list of some of these controls and how theymap to the components of the CIA triad:
![Page 12: Glance of Information Technology](https://reader031.vdocuments.mx/reader031/viewer/2022030309/58f20a691a28aba9168b45af/html5/thumbnails/12.jpg)
CONFIDENTIALITY
• Encryption for data at rest (whole disk, database encryption)
• Encryption for data in transit (IPSec, SSL, PPTP, SSH)
• Access control (physical and technical)
![Page 13: Glance of Information Technology](https://reader031.vdocuments.mx/reader031/viewer/2022030309/58f20a691a28aba9168b45af/html5/thumbnails/13.jpg)
INTEGRITY
Hashing (data integrity)Configuration management (system integrity) Change control (process integrity) Access control (physical and technical) Software digital signing
![Page 14: Glance of Information Technology](https://reader031.vdocuments.mx/reader031/viewer/2022030309/58f20a691a28aba9168b45af/html5/thumbnails/14.jpg)
AVAILABILITY
• Redundant array of inexpensive disks (RAID)• Clustering• Load balancing• Redundant data and power lines• Software and data backups• Disk shadowing• Co-location and off-site facilitie