MODULE – 1

PART – 1: Information Security Fundamentals

• Cyber security is the practice of defending computers, servers, mobile
devices, electronic systems, networks, and data from malicious attacks. It's
also known as information technology security.
• Cyber security is important because government, military, corporate,
financial, and medical organizations collect, process, and store
unprecedented amounts of data on computers and other devices.
• A significant portion of that data can be sensitive information, whether
that be intellectual property, financial data, personal information, or other
types of data for which unauthorized access or exposure could have
negative consequences.
• Organizations transmit sensitive data across networks and to other devices
in the course of doing businesses, and cyber security describes the
discipline dedicated to protecting that information and the systems used to
process or store it
Types of Cyber Security
• Network security is the practice of securing a computer network from
intruders, whether targeted attackers or opportunistic malware.
• Application security focuses on keeping software and devices free of threats.
• Information security protects the integrity and privacy of data, both in
storage and in transit.
• Cloud security is a software-based tool that protects and monitors your data
in the cloud, to help eliminate the risks associated with on-premises attacks.
• Data loss prevention consists of developing policies and processes for
handling and preventing the loss of data, and developing recovery policies in
the event of a cyber security breach.
• End-user education addresses the most unpredictable cyber-security factor:
people. Anyone can accidentally introduce a virus to an otherwise secure
system by failing to follow good security practices.
TYPES OF CLOUD
• Public Cloud - The cloud resources (like servers and storage) are owned and
operated by a third-party cloud service provider and delivered over the internet.
With a public cloud, all hardware, software and other supporting infrastructure
are owned and managed by the cloud provider.

• Private Cloud - A private cloud consists of cloud computing resources used

exclusively by one business or organisation. The private cloud can be physically
located at your organisation’s on-site datacenter or it can be hosted by a third-
party service provider.

• Hybrid Cloud - A hybrid cloud is a type of cloud computing that combines on-
premises infrastructure—or a private cloud—with a public cloud. Hybrid clouds
allow data and apps to move between the two environments.
CLOUD SERVICES
The three main pillars of information security are Confidentiality,
Integrity and Availability, also known as the CIA triad.
• Confidentiality refers to protecting information from being accessed by
unauthorized parties. In other words, only the people who are
authorized to do so can gain access to sensitive data.

• Integrity ensures that information are in a format that is true and

correct to its original purposes. The receiver of the information must
have the information the creator intended him to have.

• Availability ensures that information and resources are available to

those who need them.
Two additional concepts that supplement the purpose of information
security are Authenticity and Accountability.
• Authenticity is the property of being genuine and being able to be
verified and trusted; confidence in the validity of a transmission, a
message, or message originator.
• Accountability is the security goal that generates the requirement for
actions of an entity to be traced uniquely to that entity. Because truly
secure systems are not yet an achievable goal, we must be able to trace
a security breach to a responsible party.
The OSI security architecture is useful to managers as a way of organizing
the task of providing security. The OSI security architecture focuses on
security attacks, security mechanisms, and security services.
• Security attack: Any action that compromises the security of information
owned by an organization.
• Security mechanism: A process (or a device incorporating such a process)
that is designed to detect, prevent, or recover from a security attack.
• Security service: A processing or communication service that enhances
the security of the data processing systems and the information transfers
of an organization. The services are intended to counter security attacks,
and they make use of one or more security mechanisms to provide the
service.
A security attack can be basically classified into an Active Attack or a
Passive Attack.
• A Passive attack attempts to learn or make use of information from
the system but does not affect system resources. Passive Attacks are
in the nature of eavesdropping on or monitoring of transmission.
• An Active attack attempts to alter system resources or effect their
operations. Active attack involve some modification of the data
stream or creation of false statement.
Types of Passive Attacks
Types of Passive Attacks (contd.)
Types of Active Attacks
Types of Active Attacks (contd.)
Types of Active Attacks (contd.)
Types of Active Attacks (contd.)
THANK YOU