Information
-> meaningful form of data
-> processed data
Information Security
-> Protecting information from unauthorized access
-> Employing tools and policies
-> BASIC NEED OF EVERYONE
-
Enigma Machine: used by Germans to encrypt warfare data
-> Security is the quality of information
-> Security is freedom
-> Security is an asset -
Information in digital system makes Cyber Security
Information Security Threats
Threat:
-> a constant danger to an asset
-> can be person, object or event
-> can be categorized and ranked
Types
- Inadvertent threats: human failure
- Physical disasters: natural disasters
- Technical failures: hardware or software
- Deliberate acts: hacking, espionage
Information Security doesn't deal with
- Cyber warfare
- Information warfare
- Negative impacts of people on internet
- IoT security
Solution-> Cyber Security
Cyber Security
-> Protection of cyber space against cyber threats and cyberspace vulnerabilities
-> Deals with deliberate acts
-> Doesn't deal with physical and personal security
-> Threats via Cyberspace, not threats for Cyberspace
Objectives
- Confidentiality: No telling to unauthorized parties
- Integrity: Completeness and accuracy of data
- Availability: When needed, data is available
- Non-repudiation: I should accept i sent you the message and you should accept you received it
- Authenticity: You should actually be who you tell you are
CIA Triad
Confidentiality
-> Roughly but wider than privacy
-> Sensitive data should not reach wrong people
-> Sensitive data should reach right people
Measures
- Data Encryption
- Authentication
- More Sensitive, more physical*
Integrity
-> Data should be consistent, trustworthy and accurate
-> Data must not change in transit
-> Most complex to implement
Measures
- Backups
- Cryptographic Measures
- Access control
Availability
-> Data should be available as and when needed
-> Updated Software and Hardware
-> Adequate system capacity and bandwidth
Measures
- Firewall rules
- Patch management
- Disaster recovery
- Load balancers
