Presentation is loading. Please wait.

Presentation is loading. Please wait.

Introduction Of Information Security

Similar presentations


Presentation on theme: "Introduction Of Information Security"— Presentation transcript:

1 Introduction Of Information Security
Slide Prepared and Presented By: Mr. Ankit S. Didwania (RC-1093) Open Education Resource (OER) by Ankit S. Didwania is licensed under a Creative Commons Attribution-ShareAlike 4.0 International License. This is a Free Culture License! You are free to use, distribute and modify it, including for commercial purposes, provided you acknowledge the source and share-alike.

2 Learning Outcomes Learner should be able to understand the basic concepts related to information security Learner should be able to detect the three aspects of information security

3 Evaluation Strategy Sr. No. Question Type Mark 1
Multiple Choice Question (MCQ) 2 Brief Subjective 3 Detailed Subjective 5

4 LeD 1.0: Learning Dialogues Activity

5 Security of Information/data
Background Security of Information/data Traditionally possible through physical/mechanical means BUT, in today’s computerized world, it requires automated tools!

6 Definitions Secure – to be free from any unwanted access or damage
Computer Security – it consists of various tools used to secure data from unintended users Network Security – it consists of various security measures required while data is in a network Internet Security - it consists of various security measures required while data is in inter-connected networks i.e. internet

7 Security Trends

8 Aspects of Security There are three aspects of information security (based on ITU-T X.800 “Security Architecture for OSI”): security attack security mechanism security service

9 Security Attack It is an event (attack/threat) which puts the organization’s / individual’s information at risk information security is about how to prevent, reduce or detect such attacks There are majorly two types of generic attacks Passive Active

10 Passive Attacks

11 Active Attacks

12 Security Service It provide service / functionality for protection of computerized information, similar to physical documents protection like: having signatures, dates need protection from disclosure, tampering, or destruction be notarized or witnessed be recorded or licensed

13 Security Services X.800: RFC 2828:
“a service provided by a protocol layer of communicating open systems, which ensures adequate security of the systems or of data transfers” RFC 2828: “a processing or communication service provided by a system to give a specific kind of protection to system resources”

14 Security Services (X.800) Authentication – having confidence that only claimed entities are communicating Access Control - avoidance from the unapproved utilization of an asset Data Confidentiality –security of information from unapproved disclosure Data Integrity - confirmation that information got is as sent by the claimed entity Non-Repudiation - confirmation that information got is as sent by an approved entity

15 It is a way to resist, reduce or recover from a security attack
Security Mechanism It is a way to resist, reduce or recover from a security attack There is no one-size-fits-all solution but “cryptographic techniques” is present in many security mechanisms

16 Security Mechanisms (X.800)
specific security mechanisms: encipherment, digital signatures, access controls, data integrity, authentication exchange, traffic padding, routing control, notarization pervasive security mechanisms: trusted functionality, security labels, event detection, security audit trails, security recovery

17 Summary Learner should have understood the following:
Meaning of security and computer, network, internet security Understanding of security attacks, services, mechanisms

18 Acknowledgement Book “Cryptography and Network Security”, 4th edition, by William Stallings, Chapter 1 “Introduction”

19 LbD 1.0: Learning by Doing Activity

20 Multiple Choice Questions (1 mark each)
1) _____ is defined as only sender and recipient should be able to class the contents of message Confidentiality b) Integrity c) Availability d) non-repudiation 2) ______ is defined as information should be available to authorized parties at all time

21 Subjective Questions Brief Subjective (3 marks each) :
1) Security is divided into which three parts 2) list out the various security services Detailed Subjective (5 marks each) : 1) Justify: Information security is a process 2) Give the various similarities and differences between active and passive attack.

22 THANK YOU 


Download ppt "Introduction Of Information Security"

Similar presentations


Ads by Google