Scribd Logo
Upload

Welcome to Scribd!

  • chp1 - Information Security Overview

    Uploaded by

    Norazlina Abdullah
    20 views23 pages

    Original Title

    chp1- Information Security Overview

    Copyright

    © © All Rights Reserved

    Available Formats

    PPTX, PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document

    Copyright:

    © All Rights Reserved
    Download as PPTX, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    20 views23 pages

    chp1 - Information Security Overview

    Uploaded by

    Norazlina Abdullah

    Copyright:

    © All Rights Reserved
    Download as PPTX, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 23

    DFP6033 Secure Mobile Computing

    Topic 1
    Information Security
    Overview
    1.1 THE NEED FOR INFORMATION SECURITY

    What Is Information Security?


    The protection of information and
    its critical elements, including the
    systems and hardware that use,
    store and transmit that information.
    the entire set of
    software, hardware,
    database, people, and
    procedures necessary
    to use information as
    a resource in the
    organization
    WHY NEED INFORMATION SECURITY?

    – Prevent unauthorized access to the


    network that is potential threat to the
    network and its resources.
    – Ensure that the authentic users can
    effectively access the network and its
    services.
    – Applications that can protect the
    network from unauthorized access are
    in place. (eg: Antivirus)
    Characteristics of Information Security
    CIA TRIAD

    Making sure Making sure Making sure


    that those that the that the
    who should information information
    not see has not been is available
    information changed from for use when
    its original you need it
    The C.I.A. triangle was the standard based on confidentiality, integrity, and availability
    1.1.2 Characteristics of IS – CIA TRIAD
    i. Confidentiality (C)
    • Confidentiality is the protection of personal
    information.
    • It maintain the privacy of data.
    • It means keeping a client’s information
    between you and the client, and not telling
    others including co-workers, friends, family,
    etc.
    • Eg: ATM (Auto Teller Machine) pin number
    stolen by someone else.
    ii. Integrity (I)
    • protecting information from being modified by
    unauthorized parties.
    – trustworthiness of information resources.
    – assurance that data is genuine
    – Information needs to be changed constantly.
    – Integrity means that changes need to be done
    only by authorized entities and through
    authorized mechanisms.
    iii. Availability (A)
    • the information must be available when it is
    needed.
    – system still functions efficiently after
    security provisions are in place
    – The information created and stored by an
    organization needs to be available to
    authorized entities 24x7.
    – Information needs to be constantly changed,
    which means it must be accessible to
    authorized entities.
    1.1.3 APPLY THE CHARACTERISTICS OF CIA IN
    REAL ENVIRONMENT

    • only authorized student have


    C access to view the grade records.

    • The assurance that the information being

    I accessed has not been altered and truly


    represents what is intended. Eg: Ethical
    Hackers

    • A stock trader need information to


    A be available immediately.
    1.1.4 DESCRIBE TYPES SECURITY MODELS

    • Open Security Models - terbuka


    • Restrictive Security Models -
    terhad
    • Closed Security Models -
    tertutup
    a. OPEN SECURITY MODELS
    • The easiest to implement.
    • Simple password and server security
    becomes the foundation of this model.
    • This model assumes that the protected
    assets are minimal, user are trusted, and
    threats are minimal.
    • LAN are NOT connected to the Internet.
    • If security breaches occurs, the result will
    be in great damage or loss.
    CON’T…
    a. OPEN SECURITY MODELS
    b. RESTRICTIVE SECURITY MODELS

    • More difficult to implement.


    • Firewalls and identity servers become the
    foundation of this model.
    • This model assumes that the protected assets
    are substantial(utama), some users are NOT
    trustworthy, and that threats are likely.
    • Suitable for LANs/public WANs that connect to
    the Internet.
    • Ease of use for users diminishes(berkurangan)
    as security tightens.
    CON’T…
    b. RESTRICTIVE SECURITY MODELS
    c. CLOSED SECURITY MODELS
    • Most difficult to implement.
    • All available security measures are
    implement in this design.
    • This model assumes that the protected
    assets are premium, all users are NOT
    trustworthy, and that threats are frequent.
    • User access is difficult and cumbersome
    (rumit).
    • Need many train network administrator to
    maintain the tight security applied.
    CON’T…
    c. CLOSED SECURITY MODELS
    Categories of Risks 1.2 Potential risk to Information Security

    • Physical damage - Fire, water, vandalism, power loss, and


    natural disasters.
    • Human interaction - Accidental or intentional action or
    inaction that can disrupt productivity.
    • Equipment malfunction - Failure of systems and peripheral
    devices.
    • Inside and outside attacks - Hacking, cracking, and attacking
    • Misuse of data- Sharing trade secrets, fraud, espionage, and
    theft.
    • Loss of data - Intentional or unintentional loss of information
    through destructive means.
    • Application error - Computation errors, input errors, and buffer
    overflows.
    • Social Status - Loss of Customer base and reputation.
    1.2.1 THREATS TERMINOLOGY

    a. Information Theft
    b. Unauthorized Disclosure
    c. Information Warfare
    d. Accidental Data Loss
    e. Data Disclosure
    f. Data Modification
    g. Data Availability
    a. Information Theft (Kecurian maklumat)
    – Get the private information (ID number/pin
    number/password) without any permission
    – It is a form of stealing someone’s identity in which
    someone pretends to be someone else by assuming that
    person’s identity.
    b. Unauthorized Disclosure
    – An event involving the exposure of information to
    entities not authorized access to the information
    – That an organization suspects some of its employees
    leaking out the confidential information to its competitor.
    – It is also usually believed that its competitor actually
    planted spies within the organization in order to target and
    steal new product plan.
    c. Information Warfare
    – May involve collection of tactical
    information to demoralize the enemy and
    the public
    d. Accidental Data Loss
    – An error condition in information systems
    in which information is destroyed by
    failures or neglect in storage, transmission,
    or processing.
    – Delete files unfortunately
    e. Data Disclosure:- Pendedahan Data
    o Voluntary sharing of any and all
    information that is considered relevant to a
    given situation.
    o Eg: Data or information is opened to
    unauthorized persons, processes, or
    devices. Make data available without
    permission or authority. Data is stolen but
    owner still has it.
    f. Data modification – Pengubahan Data
    • Modify information that an attacker is not
    authorized to modify.
    • Data is altered without authorization.
    • Data can be modified in store or in
    transmission.
    Information Information
    source destination

    Middle
    man MODIFICATION
    g. Data Availability - Ketersediaan Data
    • Products and services that ensure that data
    continue to be available at a required level
    of performance in situations ranging from
    normal through “disastrous”.
    • 24x7 available.

    Information Information
    source destination

    INTERRUPTION
    Thank You

    You might also like