Introduction Of Information Security Slide Prepared and Presented By: Mr. Ankit S. Didwania (RC-1093) Open Education Resource (OER) by Ankit S. Didwania is licensed under a Creative Commons Attribution-ShareAlike 4.0 International License. This is a Free Culture License! You are free to use, distribute and modify it, including for commercial purposes, provided you acknowledge the source and share-alike.
Learning Outcomes Learner should be able to understand the basic concepts related to information security Learner should be able to detect the three aspects of information security
Evaluation Strategy Sr. No. Question Type Mark 1 Multiple Choice Question (MCQ) 2 Brief Subjective 3 Detailed Subjective 5
LeD 1.0: Learning Dialogues Activity
Security of Information/data Background Security of Information/data Traditionally possible through physical/mechanical means BUT, in today’s computerized world, it requires automated tools!
Definitions Secure – to be free from any unwanted access or damage Computer Security – it consists of various tools used to secure data from unintended users Network Security – it consists of various security measures required while data is in a network Internet Security - it consists of various security measures required while data is in inter-connected networks i.e. internet
Security Trends
Aspects of Security There are three aspects of information security (based on ITU-T X.800 “Security Architecture for OSI”): security attack security mechanism security service
Security Attack It is an event (attack/threat) which puts the organization’s / individual’s information at risk information security is about how to prevent, reduce or detect such attacks There are majorly two types of generic attacks Passive Active
Passive Attacks
Active Attacks
Security Service It provide service / functionality for protection of computerized information, similar to physical documents protection like: having signatures, dates need protection from disclosure, tampering, or destruction be notarized or witnessed be recorded or licensed
Security Services X.800: RFC 2828: “a service provided by a protocol layer of communicating open systems, which ensures adequate security of the systems or of data transfers” RFC 2828: “a processing or communication service provided by a system to give a specific kind of protection to system resources”
Security Services (X.800) Authentication – having confidence that only claimed entities are communicating Access Control - avoidance from the unapproved utilization of an asset Data Confidentiality –security of information from unapproved disclosure Data Integrity - confirmation that information got is as sent by the claimed entity Non-Repudiation - confirmation that information got is as sent by an approved entity
It is a way to resist, reduce or recover from a security attack Security Mechanism It is a way to resist, reduce or recover from a security attack There is no one-size-fits-all solution but “cryptographic techniques” is present in many security mechanisms
Security Mechanisms (X.800) specific security mechanisms: encipherment, digital signatures, access controls, data integrity, authentication exchange, traffic padding, routing control, notarization pervasive security mechanisms: trusted functionality, security labels, event detection, security audit trails, security recovery
Summary Learner should have understood the following: Meaning of security and computer, network, internet security Understanding of security attacks, services, mechanisms
Acknowledgement Book “Cryptography and Network Security”, 4th edition, by William Stallings, Chapter 1 “Introduction”
LbD 1.0: Learning by Doing Activity
Multiple Choice Questions (1 mark each) 1) _____ is defined as only sender and recipient should be able to class the contents of message Confidentiality b) Integrity c) Availability d) non-repudiation 2) ______ is defined as information should be available to authorized parties at all time
Subjective Questions Brief Subjective (3 marks each) : 1) Security is divided into which three parts 2) list out the various security services Detailed Subjective (5 marks each) : 1) Justify: Information security is a process 2) Give the various similarities and differences between active and passive attack.
THANK YOU