Information Security

CCS 1306

Kasunika Guruge
Lecturer (P)
School of IT & Computing
SLTC Research University
 Information Security
CCS 1306

Information & Information Systems

Characteristics of Information
● Availability
● Accuracy
● Reliability “Information is processed data”
● Relevance/Appropriateness
Data Process Information
● Completeness
● Presentation
● Timing
● Value of Information
● Cost of Information

3
Stages of Information
1. Information processing state
Example - Digital information is manipulated by a microprocessor

2. Information at rest
Stored information on a hard drive, USB flash drive… etc.

3. Information at transit
Information that transmitted over a network

“Information security should be able to protect the information which are in all of the above stages”

4
Information Systems
● Information system, an integrated set of components for
collecting, storing, and processing data and for providing
information, knowledge, and digital products.
● Main components of an information system :
Hardware
Software
Data
Communication
Human resources
Policies and procedures - Plans and policies established by an organization(e.g.
Password policy)
● In order to maintain the security of an information system we must make sure all
5
the components of the are secured.
Key Security Concepts
● Information security is intended to
protect information that provides value
to people and organizations.
● There are three protections that must
be extended over information:
Confidentiality, Integrity, Availability
also know as “CIA Triad”

6
Key Security Concepts
● Confidentiality - Preserving authorized restrictions on information access and
disclosure, including means for protecting personal privacy and proprietary
information. A loss of confidentiality is the unauthorized disclosure of
information.
● Integrity - Guarding against improper information modification or destruction.
A loss of integrity is the unauthorized modification or destruction of
information.
● Availability - Ensuring timely and reliable access to and use of information. A
loss of availability is the disruption of access to or use of information of an
information system.

7
Activity -02

● Identify how the CIA triad or the key security concepts are used in the
real-world applications.

8
Additional Security Concepts
● Authentication - Ensures that the individual is who she/he claims to be (the
authentic or genuine person) and not an imposter. One way in which
authentication can be performed is by the person providing a password that
only she/he knows.
● Authorization - A security mechanism to determine access levels or user/client
privileges related to system resources
● Non-Repudiation - The assurance that someone cannot deny something

9
A Comprehensive Definition to Information Security
“Information security is protecting the integrity, confidentiality, and
availability of information on the devices that store, manipulate, and
transmit the information”

10
Difficulties in Securing the Information
● Why it is so difficult to secure your Information??
▪ Universally connected devices
▪ Increased speed of attacks
▪ Greater sophistication of attacks
▪ Availability and simplicity of attack tools
▪ Delays in security updating
▪ Distributed attacks
▪ Introduction of BYOD (Bring Your Own Device)
▪ Lack of knowledge on information security

11
Information Security Terminologies and Definitions
● Denial of Service (DoS) - A cyber-attack in which the attackers seeks to make
a machine or network resource unavailable to its intended users by temporarily
or indefinitely disrupting services of a host or computer system.

● Distributed Denial of Service (DDoS) – A DoS attack originated from different

sources.

● Zero Day Attack - Attack that exploits previously unknown vulnerabilities, so

victims have no time (zero days) to prepare for or defend against the attack.

12
QUESTIONS? Post in Forums.

Thank You!

13