1. Introduction Of Information Security
Slide Prepared and Presented By:
Mr. Ankit S. Didwania
(RC-1093)
Open Education Resource (OER) by Ankit S. Didwania is licensed under a Creative Commons Attribution-ShareAlike 4.0 International License.
This is a Free Culture License! You are free to use, distribute and modify it, including for commercial purposes, provided you acknowledge the source and share-alike.

2. Learning Outcomes
Learner should be able to understand the basic concepts related to information security
Learner should be able to detect the three aspects of information security

3. Evaluation Strategy Sr. No. Question Type Mark 1
Multiple Choice Question (MCQ) 2
Brief Subjective 3
Detailed Subjective 5

4. LeD 1.0: Learning Dialogues Activity

5. Security of Information/data
Background
Security of Information/data
Traditionally possible through physical/mechanical means
BUT, in today’s computerized world, it requires automated tools!

6. Definitions Secure – to be free from any unwanted access or damage
Computer Security – it consists of various tools used to secure data from unintended users
Network Security – it consists of various security measures required while data is in a network
Internet Security - it consists of various security measures required while data is in inter-connected networks i.e. internet

7. Security Trends

8. Aspects of Security
There are three aspects of information security (based on ITU-T X.800 “Security Architecture for OSI”):
security attack
security mechanism
security service

9. Security Attack
It is an event (attack/threat) which puts the organization’s / individual’s information at risk
information security is about how to prevent, reduce or detect such attacks
There are majorly two types of generic attacks
Passive
Active

10. Passive Attacks

11. Active Attacks

12. Security Service
It provide service / functionality for protection of computerized information, similar to physical documents protection like:
having signatures, dates
need protection from disclosure, tampering, or destruction
be notarized or witnessed
be recorded or licensed

13. Security Services X.800: RFC 2828:
“a service provided by a protocol layer of communicating open systems, which ensures adequate security of the systems or of data transfers”
RFC 2828:
“a processing or communication service provided by a system to give a specific kind of protection to system resources”

14. Security Services (X.800)
Authentication – having confidence that only claimed entities are communicating
Access Control - avoidance from the unapproved utilization of an asset
Data Confidentiality –security of information from unapproved disclosure
Data Integrity - confirmation that information got is as sent by the claimed entity
Non-Repudiation - confirmation that information got is as sent by an approved entity

15. It is a way to resist, reduce or recover from a security attack
Security Mechanism
It is a way to resist, reduce or recover from a security attack
There is no one-size-fits-all solution but “cryptographic techniques” is present in many security mechanisms

16. Security Mechanisms (X.800)
specific security mechanisms:
encipherment, digital signatures, access controls, data integrity, authentication exchange, traffic padding, routing control, notarization
pervasive security mechanisms:
trusted functionality, security labels, event detection, security audit trails, security recovery

17. Summary Learner should have understood the following:
Meaning of security and computer, network, internet security
Understanding of security attacks, services, mechanisms

18. Acknowledgement
Book
“Cryptography and Network Security”, 4th edition, by William Stallings, Chapter 1 “Introduction”

19. LbD 1.0: Learning by Doing Activity

20. Multiple Choice Questions (1 mark each)
1) _____ is defined as only sender and recipient should be able to class the contents of message
Confidentiality b) Integrity
c) Availability d) non-repudiation
2) ______ is defined as information should be available to authorized parties at all time

21. Subjective Questions Brief Subjective (3 marks each) :
1) Security is divided into which three parts
2) list out the various security services
Detailed Subjective (5 marks each) :
1) Justify: Information security is a process
2) Give the various similarities and differences between active and passive attack.

22. THANK YOU 