Professional Documents
Culture Documents
Module 6
Information Security
• Information security is the practice of protecting information by
mitigating information risks. It involves the protection of information
systems and the information processed, stored and transmitted by
these systems from unauthorized access, use, disclosure, disruption,
modification or destruction. This includes the protection of personal
information, financial information, and sensitive or confidential
information stored in both digital and physical forms. Effective
information security requires a comprehensive and multi-disciplinary
approach, involving people, processes, and technology.
• Information Security is not only about securing information from
unauthorized access.
• Information Security is basically the practice of preventing unauthorized
access, use, disclosure, disruption, modification, inspection, recording or
destruction of information.
• Information can be a physical or electronic one. Information can be
anything like Your details or we can say your profile on social media, your
data on mobile phone, your biometrics etc.
• Thus Information Security spans so many research areas like
Cryptography, Mobile Computing, Cyber Forensics, Online Social Media,
etc.
Types of Information Security
• Network security
This type of security encompasses the protection of computer networks against unauthorized access or misuse. Network security involves a
range of technologies, such as firewalls, intrusion detection/prevention systems, virtual private networks (VPNs), and secure protocols, to
ensure data confidentiality, integrity, and availability.
• Application security
Application security involves securing software applications from cyber threats, such as malware, SQL injection attacks, and cross-site
scripting (XSS). Application security solutions include secure coding practices, penetration testing, and vulnerability assessments.
• Data security
Data security is the practice of protecting sensitive data from unauthorized access, use, disclosure, or destruction. Data security involves a
range of technologies, such as encryption, access control, and backup and restore procedures, to ensure data confidentiality, integrity, and
availability.
• Endpoint security
Endpoint security focuses on protecting endpoints, such as laptops, desktops, servers, and mobile devices, from cyber threats. Traditional
endpoint security technologies include antivirus and anti-malware software and firewalls. Modern endpoint security includes advanced
solutions like endpoint detection and response (EDR) that can protect against zero-day threats.
• Mobile security
Mobile security refers to the protection of mobile devices, applications, and data from unauthorized access or exploitation. Mobile security
solutions include mobile device management (MDM) software, secure mobile application development, and secure communication protocols.
• Cloud security
Cloud security involves the protection of cloud-based data, applications, and infrastructure. It covers a variety of security concerns, including
data privacy, access control, threat management, and compliance.
• IoT security
IoT security involves securing the networks, devices, and data associated with the Internet of Things (IoT). IoT security covers a range of
security issues, including data privacy, access control, device authentication, and network security.
System Vulnerability & Abuse
System Vulnerabilities
• The weaknesses or defects in a system or network that can be used by
malevolent actors to obtain unauthorized access to the system or
network are known as system vulnerabilities. Vulnerabilities can be
present in a system’s hardware, software, or configuration and can be
brought on by a number of things, including out-of-date software,
weak passwords, a lack of security precautions, or unprotected
network connections. In order to stop hostile actors from taking
advantage of vulnerabilities in a system, it is crucial to routinely find
and fix these issues.
• Outdated Software: New vulnerabilities that are present might not have been discovered
during the development of software or operating systems. Thus, software needs to be
updated regularly with security patches to avoid malicious activities.
• Weak Passwords: Using weak passwords and the same password on multiple occasions
can reduce the likelihood of malicious actors gaining access to our system and private
information.
• Insufficient Security Measures: These involve setting up firewalls, antivirus software, and
VPNs to transfer data over the internet securely. Without taking proper security
measures, nobody is safe on the internet.
• Human Error: Sometimes small human mistakes, such as opening a spam URL or
downloading over an insecure network, can cause severe impact on the system and
network.
• System Complexity: A large system or network has lots of components involved, and
configuring each component can be a hassle for an administrator. So, during
configuration, certain aspects could be left unattended, which may cause a potential
opening for abuse of the system or network.
• Unsecure Network Connection: The network used inside must be encrypted and secured
with firewalls so that attackers cannot intercept the data transferred over the network.
• System Abuse
The use of computer systems, networks, and other electronic devices
without authorization or with the intention of doing harm to people or
organizations is referred to as system abuse. This can involve practices
like virus distribution, spamming, phishing, and hacking. Abuse of the
system has the potential to harm the impacted systems, compromise
critical data, or interfere with daily operations. People and
organizations should be aware of the possible dangers of system misuse
and take precautions to defend themselves and their systems against
such attacks.
• Unauthorized Access: This is the process of exploiting a system without authorization. This
is mostly done by exploiting system vulnerabilities and by using stolen credentials.
• Denial of Service: This involves flooding the computer resource network with high traffic
or requests so that the intended user may not gain access to the network. This causes the
intended system or network to slow down or crash.
• Malware: Software that is intended to harm a computer system or network is referred to
as “malware,” which is short for “malicious software.” Malware can appear as viruses,
worms, Trojan horses, ransomware, and spyware.
• Malware: Malicious software designed to infiltrate, damage, or disrupt systems. Malware includes viruses, worms, Trojans,
ransomware, and spyware. It can steal sensitive information, cause system downtime, or provide unauthorized access to attackers.
• Phishing: A social engineering attack where attackers deceive users into revealing sensitive information or executing malicious actions,
typically through fraudulent emails or messages that impersonate legitimate entities.
• Advanced persistent threats (APTs): Sophisticated, long-term cyberattacks, often state-sponsored, that target specific organizations or
governments to steal sensitive information or cause disruption.
• Zero-day exploits: Attacks that exploit previously unknown vulnerabilities in software or hardware, giving developers no time to create
patches or fixes.
• Insider threats: These involve employees, contractors, or partners with legitimate access to an organization's systems and data who
misuse their privileges, either intentionally or unintentionally, to cause harm or compromise security.
• Password attacks: Attackers attempt to gain unauthorized access by cracking user passwords through methods such as brute force,
dictionary attacks, or keylogging.
• Man-in-the-Middle (MitM) attacks: Attackers intercept communication between two parties, eavesdropping on, manipulating, or
injecting malicious data into the conversation without the parties' knowledge.
• Distributed Denial of Service (DDoS): A coordinated attack on a target system or network by overwhelming it with a flood of traffic,
rendering it inaccessible to legitimate users.
• Physical attacks: Unauthorized access, theft, or damage to physical assets, such as computer systems, servers, or storage devices, which
can lead to data loss or disruption of operations.
• Natural disasters: Events like floods, earthquakes, or fires that can cause physical damage to infrastructure, leading to data loss or
system downtime.
• Counter Measures for Security Threats
Use strong passwords
Strong passwords are vital to good online security. Make your password
difficult to guess by:
• using a combination of capital and lower-case letters, numbers and
symbols
• making it between eight and 12 characters long
• avoiding the use of personal data
• changing it regularly
• never using it for multiple accounts
• using two-factor authentication
Create a password policy for your business to help staff follow security
best practices. Look into different technology solutions to enforce your
password policy, eg scheduled password reset.
Control access to data and systems
Make sure that individuals can only access data and services for which they are authorised. For
example, you can:
Put up a firewall
Firewalls are effectively gatekeepers between your computer and the internet. They act as a
barrier to prevent the spread of cyber threats such as viruses and malware. It's important to set
up firewall devices properly and check them regularly to ensure their software/firmware is up to
date, or they may not be fully effective.
• Use security software
You should use security software, such as anti-spyware, anti-malware and anti-virus programs,
to help detect and remove malicious code if it slips into your network. See our detailed
guidance to help you detect spam, malware and virus attacks.
• Update programs and systems regularly
Updates contain vital security upgrades that help protect against known bugs and
vulnerabilities. Make sure that you keep your software and devices up-to-date to avoid falling
prey to criminals.
• Monitor for intrusion
You can use intrusion detectors to monitor systems and unusual network activity. If a detection
system suspects a potential security breach, it can generate an alarm, such as an email alert,
based on the type of activity it has identified. See more on cyber security breach detection.
• Raise awareness
Your employees have a responsibility to help keep your business secure. Make sure that they
understand their role and any relevant policies and procedures and provide them with regular
cyber security awareness and training. Read about insider threats in cyber security.
• You should also follow best practices defined in the government's Cyber Essentials scheme.
Cybercrime