Professional Documents
Culture Documents
Fundamentals
Week 2 – Security +
Learning Objectives
• At the end of this lesson, student should be able to:
• Define Information Security in an IT spectrum.
• Explain the goals of Information Security
• Discuss the relationship between threats, vulnerabilities and risk in IS.
• Enumerate and explain the different types of attacks.
• Recommend security controls to counter attacks.
• Discuss the importance of Security Management Process in the
prevention / mitigation of damage to a network system.
Basic Concepts of Authentication and
Authorization
• Authentication is one of the primary control used to
information security.
• Strong authentication is the first line of defense of security.
• Authentication can be simple or complex; weak or strong.
• Appropriate authentication varies on work environment.
Types of
Authentication
Username and Password
• Confidentiality
• Integrity
• Availability
• The best way to achieve these elements is Cryptography.
Cryptography
• The science of hiding information, most commonly by
encoding and decoding a secret code used to send messages.
• Modern communications and computing use cryptography
• extensively to protect sensitive information and
communications from unauthorized access or accidental
disclosure while the information is in transit and while the
information is being stored.
How it works.
Encryption and Decryption
• In a simple letter-
substitution algorithm,
the key might be "replace
each letter with the letter
that is two letters
following it in the
alphabet.
Symmetric Encryption
• two-way encryption
scheme in which
encryption and decryption
are both performed by the
same key.
• The key can be configured
in software or coded in
hardware.
Asymmetric Encryption
• asymmetric encryption uses different key; public and private
• The private key is kept secret by one party during two-way
encryption. Because the private key is never shared, its security is
relatively maintained. The asymmetric key exchange process is
therefore easier and more secure than the symmetric process.
Hashing