information security
DESCRIPTION
Information securityTRANSCRIPT
04/13/2304/13/23 11
Prepared by MUSTAHID ALI
04/13/2304/13/23 22
CONCEPT OF INFORMATIONCONCEPT OF INFORMATION
Instruction Data Information
Information is obtained through processing of data
Data is raw fact and figure which helps to process to produce the information
Example:-100+200=300
Instruction
Raw Data
Information
304/13/23
Information security means protecting information and information system from unauthorized access,use, disclosure ,disruption, modification or destruction.
Basic Principle of Information Security Confidentiality
Integrity
Availability
PARKERIAN HEXAD
Confidentiality Possession or control Integrity Authenticity Availability Utility
404/13/23
04/13/2304/13/23 55
Access control systemAccess control system
Physical and Environmental ProtectionPhysical and Environmental Protection
EncryptionEncryption
Personal SecurityPersonal Security
04/13/2304/13/23 66
The goal of access control is to allow access by The goal of access control is to allow access by authorized individuals and devices and to disallow authorized individuals and devices and to disallow access to all others.access to all others.
Access should be authorized and provided only to Access should be authorized and provided only to individuals whose identity is established, and their individuals whose identity is established, and their activities should be limited to the minimum required for activities should be limited to the minimum required for
business purposesbusiness purposes..
04/13/23 7
What Firewalls DoWhat Firewalls Do
They can be configured to keep unauthorized They can be configured to keep unauthorized or outside users from gaining access to or outside users from gaining access to internal or private networks and services. internal or private networks and services.
They can also be configured to prevent They can also be configured to prevent internal users from gaining access to outside internal users from gaining access to outside or unauthorized networks and services. or unauthorized networks and services.
04/13/23 8
FirewallsFirewalls A Network Firewall is a system or group of A Network Firewall is a system or group of
systems used to control access between systems used to control access between two networks -- a trusted network and an two networks -- a trusted network and an untrusted network -- using pre-configured untrusted network -- using pre-configured rules or filters.rules or filters.
04/13/23 9
1.Packet filtering1.Packet filtering
2.Circuit filtering2.Circuit filtering
3.Application gateways3.Application gateways
04/13/2304/13/23 1010
It is a cryptography technology to encrypted the data It is a cryptography technology to encrypted the data with a key so that no one can make sense of it while with a key so that no one can make sense of it while its being transmitted.its being transmitted.
Characteristic of encryption and decryption:Characteristic of encryption and decryption:
Data encrypted with public key can only be decrypted Data encrypted with public key can only be decrypted with private key.with private key.
Data encrypted with private key can only be Data encrypted with private key can only be decrypted with public key.decrypted with public key.
04/13/2304/13/23 1111
Encryption or encoding information helps prevent it by Encryption or encoding information helps prevent it by authorized user. authorized user.
Both the sender and receiver have to know what set of rules Both the sender and receiver have to know what set of rules (cipher text) he was used to transform original information in (cipher text) he was used to transform original information in to its cipher text (code).to its cipher text (code).
Example: ”Example: ” UDUPA”-is the original messageUDUPA”-is the original message
“ “IRIDA”-is cipher text (arbitrary no. chosen is”12’)IRIDA”-is cipher text (arbitrary no. chosen is”12’)
1 2 3 4 5 6 7 8 9 10 11 121 2 3 4 5 6 7 8 9 10 11 12
A B C D E F G H I J K L M N O P Q R S T A B C D E F G H I J K L M N O P Q R S T
U V W X Y SU V W X Y S
04/13/2304/13/23 1212
Three types of encryption exist:Three types of encryption exist:
1)1) Symmetric encryptionSymmetric encryption
2)2) Asymmetric encryptionAsymmetric encryption
3)3) One-Way HashingOne-Way Hashing
04/13/23 13
SYMMETRIC ENCRYPTION
04/13/23 14
Asymmetric encryption
04/13/23 15
One-Way Hashing
04/13/23 16
There are many things that you can do to protect our Personal There are many things that you can do to protect our Personal information….information….
PasswordPassword
BackupsBackups
Software updatesSoftware updates
Antivirus softwareAntivirus software
RoutersRouters
04/13/2304/13/23 1717
♠ Security is a very difficult topic. Everyone has a different idea of what Security is a very difficult topic. Everyone has a different idea of what security'' is, and what levels of risk are acceptable. Once that has security'' is, and what levels of risk are acceptable. Once that has been defined, everything that goes on with the network can be been defined, everything that goes on with the network can be evaluated with respect to that policy. evaluated with respect to that policy.
♠ Define the Security Policy for the company. This should be Define the Security Policy for the company. This should be endorsed by top management and should convey their endorsed by top management and should convey their concern and commitment. concern and commitment. ..
In other words we can say that :-In other words we can say that :-
♠ Information security is the ongoing process of exercising due care and Information security is the ongoing process of exercising due care and due diligence to protect information, and information systems, from due diligence to protect information, and information systems, from unauthorized access, use, disclosure, destruction, modification, or unauthorized access, use, disclosure, destruction, modification, or disruption or distribution. disruption or distribution.
♠ The never ending process of information security involves ongoing The never ending process of information security involves ongoing training, assessment, protection, monitoring & detection, incident training, assessment, protection, monitoring & detection, incident response & repair, documentation, and review. response & repair, documentation, and review.