Information Security

Introduction
In the last 20 years, technology has permeated every facet of
the business environment. The business place is no longer static
– it moves whenever employees travel from office to office,
from office to home, from city to city. Since business have
become more fluid, information security is no longer the sole
responsibility of a small dedicated group of professionals, it is
now the responsibility of every employee, especially
managers.”

1
 Information Technology :- technology involving development
and use of computer systems and networks for the purpose of
processing and distribution of data

 in many organizations, information/data is seen as the

most valuable asset

Information System:- entire set of data, software, hardware,

networks, people, procedures and policies that deal with
processing & distribution of information in an organization

 each of 7 components has its own strengths, weaknesses,

and its own security requirements

2
 Information Security
types of security ?
1- Physical security:- is the protection of personnel,
hardware, software, networks and data
from physical actions and events that could cause serious
loss or damage to an enterprise, agency or institution. This
includes protection from fire, flood, natural disasters,
burglary, theft, vandalism and terrorism.

Physical Security in cyber security ?

 Physical security describes measures designed to ensure
the physical protection of IT assets like facilities, equipment,
personnel, resources and other properties from damage and
unauthorized physical access.
Cyber-security:- is the practice of defending
computers, servers, mobile devices, electronic systems,
networks, and data from malicious attacks. It's also known
as information technology security or electronic
information security. The term applies in a variety of
contexts, from business to mobile computing, and can be
divided into a few common categories.

3
2- Digital security:- is an all-encompassing term which
includes the tools you can use to secure your identity, assets and
technology in the online and mobile world. These tools you can
use to protect your identity include anti-virus software, web
services, biometrics and secure personal devices you carry with
you everyday.

Security = state of being secure, free from danger.

4
Information Security
• C.I.A. triangle:- 3 key characteristics of info.
that must be protected by information security
1- Confidentiality:-only authorized parties can view
information.

2- Integrity:- information is correct and not altered over its

entire life-cycle.

3- Availability:- data is accessible to authorized users when-

ever needed.

5
 How to ensure data confidentiality?
1. Cryptography.

2. strong user authentication / restricting access.

3. limiting number of places where data can appear.

How to ensure data integrity?

1. Cryptography
2. strong user authentication / restricting access
3. documenting system activity

6
 How to ensure data availability?
1. anti-DDoS system (Distribute deniel of service Attack).

2. well established backup procedure.

3. effective data-recovery procedure.

The biggest challenge of information security?

How much of security?
Information security should balance protection & access - a
completely secure information system would not allow anyone
access, or would be very ‘user-unfriendly’!

7
CNSS = Committee on National Security Systems
CNSS Security Model
ink:

REFERENCES
https://www.geeksforgeeks.org/what-is-information-
security/
http://www.businessandleadership.com/fs/img/news/20
0811/378x/business-traveller.jpg
http://www.koolring.co.uk/wp-
content/uploads/2010/01/mobile-phones.jpg