Professional Documents
Culture Documents
Security
FOUNDATIONS OF SECURITY
understanding what we are trying to protect
WHAT ARE WE TRYING TO
PROTECT?
• data ?
• information ?
• our identity ?
DATA
• data is a collection of facts and events as the occur
• contacts in our mobile phone
• tests conducted for ailment diagnosis
• number of times a internet was down
• number of calls received
• call durations
• amount of memory in a computing device
• number of times we filled refilled our vehicle, Paytm used at a shop
INFORMATION
• filtering data and presenting it in a
meaningful format
• analysing data for decision making
• doctor prescribing treatment after
analysing the diagnostic test reports
• increase in profit for a quarter
• analysing demand of a product in
the market to make a decision
IDENTITY
• name , family name
• friends
• home address
• phone number
• bank accounts
• PAN , Aadhar
• organisation working for
• vehicle number
WHAT IS CYBER
SECURITY ?
• cyber security is implemented to
protect
• data
• information
• identity
DATA FORMS
• data in a single device – storage
• this can be protected using encryption
• disk encryption, file encryption
• data moving from one place to another
• this can also be protected using encryption
• VPN , HTTPS
GOALS OF INFORMATION
TECHNOLOGY
• C I A - Security Triad
• CONFIDENTIALITY
• INTEGRITY
• AVAILABILITY
CONFIDENTIALITY
• information must be available only
to authorized users
• unique usernames and passwords
• google accounts
• employees accessing CRM
application
• employees using RFID / Biometrics
at sensitive areas
• protecting data with use of
encryption
INTEGRITY
• maintaining the accuracy of the data
• recording all the changes to the data
in such a away
• as to identify any unauthorized
changes
• file manipulation, file corruption
• session integrity
AVAILABILITY
• data should be available to the
authentic users whenever they
need it
• data backups
• data centre
• failover devices
• multiple internet connections
TYPES OF ATTACKS
• Malware
• Phishing
• Man in the middle attack
• Denial of service attack
• SQL Injection
• Zero day exploit
MALWARE
Exposure factor = 1
QUANTITATIVE RISK CALCULATION
- SLE
Asset Value X Exposure Factor= Single Loss Expectancy single incident
SLE = 32000 X 1
QUANTITATIVE RISK
CALCULATIONS - ARO
• Annualized Rate of Occurrence – ARO – number of times an incident is likely
to occur in a year.