Scribd
Upload
31 views13 pages

Introduction to Information Security Concepts

The document provides an overview of information security, defining it as the processes and methodologies to protect sensitive information from unauthorized access and misuse. It emphasizes a holistic approach that includes data, software, network, and cybersecurity, while introducing various security models such as the C.I.A. triad and defense-in-depth. Additionally, it discusses the importance of protecting physical infrastructure, networks, and people to ensure the integrity and availability of information.

Uploaded by

jpjansa
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
31 views13 pages

Introduction to Information Security Concepts

The document provides an overview of information security, defining it as the processes and methodologies to protect sensitive information from unauthorized access and misuse. It emphasizes a holistic approach that includes data, software, network, and cybersecurity, while introducing various security models such as the C.I.A. triad and defense-in-depth. Additionally, it discusses the importance of protecting physical infrastructure, networks, and people to ensure the integrity and availability of information.

Uploaded by

jpjansa
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd

Introduction To Information

Security
LAV GUPTA
ASSISTANT PROFESSOR/CS

0
Introduction to information security

What is information security?

• Processes and methodologies designed and implemented to protect print, electronic,


or any other form of confidential, private and sensitive information or data from
unauthorized access, misuse, disclosure, destruction, modification, or disruption (SANS
institute)
The scope is much broader – how about medical device capture? Incapacitating systems?

• The protection of information and its critical elements, including systems and
hardware that process, use, store, and transmit that information (Committee on National
Security Systems)
• How? Of course, you have legal, accepted methods to do your job.

Information Systems Security

1
Information System

• Information system (IS) is the entire set of people, procedures, and technology that
enable business to use information.

People

Data Processes

Information
System

Hardware Networks

Software

Why is protecting this information a big deal?


2
A holistic approach to information security

• Such an approach to information security will include:

• Data security Protect data from unauthorized access or alteration – cloud


data security, browser data, email
• Information security Protect information and information systems

• Software security Robust against attack


Protect network infrastructure so that hardware, software and users
• Network security perform their functions in a secure environment

• Cybersecurity Protect data and systems in networks connected to the Internet


IT Registrar Awards Committee
• Management of information security All Student Department Top 5
Records wise grades students

Data Information Information


Data
Is it an art or a science?
3
What are we protecting?

A successful organization should have multiple layers of security in place to protect:


• Physical Infrastructure – processors, storage
• Networks and communications – routers, switches, gateways, firewalls and IDPS
• People – from accidentally damaging or losing information – social engineering
• Software – holes, bugs, weaknesses. Should be integrated into SDLC
• Data – stored, processed, transmitted
• Information: intelligence for business decisions?
• Procedures – educate to use safely
• Virtual Resources

4
Information Security Models

The C.I.A. triad


• Is a model based on confidentiality, integrity, and availability, now viewed as
inadequate.

• Confidentiality: access of data by authorized


users and processes
• Integrity: assurance in the accuracy of the data
• Availability: When needed by authorized users

• Expanded model consists of a list of critical characteristics of information


5
Characteristics of information

The value of information comes from the characteristics it possesses:


• Confidentiality
• Integrity
• Availability Expanded CIA Model
• Authentication
• Authorization
• Non-Repudiation
• Possession
• Utility

6
McCumber Cube

Security Measures
Source: Pearson

7
Defense-in-Depth Security Model

Source: Infocyte
Defense in depth is a concept used in Information security in which multiple layers
of security controls (defense) are placed throughout an information system.

8
The Bell-LaPadula Model

• Used for access control and confidentiality. Based on state machine. System move
from state to state, Avoid falling into an insecure state. Used in DoD

Source: Skillset

9
The Biba Model

• For data integrity, defines integrity levels, authentication for users


• No read down. No write up (can’t even request data from higher level)

10
Brewer and Nash Model

• Rule based model


• Mathematical theory used for dynamic rules
• Avoids conflicts of interests

11
Next… The value of information

12

You might also like