Professional Documents
Culture Documents
Lecture 01
Introduction
Information Security is not only about securing information from unauthorized access.
Information Security is basically the practice of preventing unauthorized access, use,
disclosure, disruption, modification, inspection, recording or destruction of information.
Information can be physical or electronic one. Information can be anything like one’s
details or we can say your profile on social media, your data in mobile phone, your
biometrics etc. Thus Information Security spans so many research areas like
Cryptography, Mobile Computing, Cyber Forensics, Online Social Media etc. During First
World War, Multi-tier Classification System was developed keeping in mind sensitivity of
information. With the beginning of Second World War formal alignment of Classification
System was done. Alan Turing was the one who successfully decrypted Enigma Machine
which was used by Germans to encrypt warfare data. Information Security programs are
built around 3 objectives, commonly known as CIA – Confidentiality, Integrity,
Availability.
What is Security?
Security for information technology (IT) refers to the methods, tools and personnel used
to defend an organization's digital assets. The goal of IT security is to protect these
assets, devices and services from being disrupted, stolen or exploited by unauthorized
users, otherwise known as threat actors.
Key Concepts
The basic tenets of information security are confidentiality, integrity and availability.
Every element of the information security program must be designed to implement one or
more of these principles. Together they are called the CIA Triad.
Physical Design: Physical design relates to the actual input and output processes of the system. It focuses
on how data is entered into a system, verified, processed, and displayed as output.
It produces the working system by defining the design specification that specifies exactly what the candidate
system does. It is concerned with user interface design, process design, and data design.
It consists of the following steps −
Specifying the input/output media, designing the database, and specifying backup procedures.
Planning system implementation.
Devising a test and implementation plan, and specifying any new hardware and software.
Updating costs, benefits, conversion dates, and system constraints.
Implementation: Implementation phase in SDLC is the process of configuring the software for certain
conditions of use, as well as training customers to work with the product. This stage begins after the
system has been tested and accepted by the company. At the time, a program is installed to support the
intended business functions.
Data Responsibilities
General Responsibilities:
1. Ensure compliance with TCNJ policies and all regulatory requirements as they relate to the information
asset.
4. Assign and remove access to others based upon the direction of the Data Owner.
Assigning access to the information asset dataset so others can perform their respective job functions is an
In many cases the Data Custodian is also responsible for producing, interpreting, and distributing
A log of all information that is disseminated must be kept including the dataset used, the receiving party, and
the date. Likewise, access granted to others must be logged including the access level granted and the
dataset in question.
7. Implement appropriate physical and technical safeguards to protect the confidentiality, integrity, and
8. Adhere to policies, guidelines and procedures pertaining to the protection of information assets.
9. Report actual or suspected security and/or policy violations/breaches to an appropriate authority.