CW3351 Data and Information Security- Unit 1 Introduction.pdf
PerumalrajaRengaraju
4 views
25 slides
Oct 22, 2025
Slide 1 of 25
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
About This Presentation
Topics to be covered
History,
Critical characteristics of information,
NSTISSC security model,
Components of an information system,
Securing the components,
Balancing security and access
The SDLC: The security SDLC
Slide Content
CW3351 Data and Information Security
Unit 1 : Introduction
Dr. R.Perumalraja, Professor & Head
Department of Artificial Intelligence and Data Science, SRM TRP EC.
CW3351 Data and Information Security Unit 1 : Introduction
Unit 1 : Introduction
Dr. R.Perumalraja, Professor & Head
Department of Artificial Intelligence and Data Science, SRM TRP EC.
CW3351 Data and Information Security Unit 1 : Introduction
Topics to be covered
History,
Critical characteristics of information,
NSTISSC security model,
Components of an information system,
Securing the components,
Balancing security and access
The SDLC: The security SDLC
2
CW3351 Data and Information Security Unit 1 : Introduction
History,
Critical characteristics of information,
NSTISSC security model,
Components of an information system,
Securing the components,
Balancing security and access
The SDLC: The security SDLC
2
CW3351 Data and Information Security Unit 1 : Introduction
Objectives
Understand the definition of information security
Understand the critical characteristics of information
Understand the comprehensive model for information security
Outline the approaches to information security implementation
Outline the phases of the security systems development life cycle
Understand the key terms of information security
3
CW3351 Data and Information Security Unit 1 : Introduction
Understand the definition of information security
Understand the critical characteristics of information
Understand the comprehensive model for information security
Outline the approaches to information security implementation
Outline the phases of the security systems development life cycle
Understand the key terms of information security
3
CW3351 Data and Information Security Unit 1 : Introduction
4
The History of Information Security
Beganimmediatelyafterthefirstmainframesweredeveloped
Inthe1970s,thetruebirthofcybersecuritybeganduringWorld
WarIIwithaprojectcalledTheAdvancedResearchProjects
AgencyNetwork(ARPANET).
Physicalcontrolstolimitaccesstosensitivemilitarylocationsto
authorizedpersonnel
Rudimentaryindefendingagainstphysicaltheft,espionage,and
damage
Encryptionscramblesdatatomakeitunreadabletohackers.It
canoccuratmultiplelevels,notonlyprotectingnetworks,but
individualfilebothinstorageandduringdatatransmissions.
Datasecuritydescribestheprotectionofdigitaldatafroma
cyberattackoradatabreach..
CW3351 Data and Information Security Unit 1 : Introduction
The History of Information Security
Beganimmediatelyafterthefirstmainframesweredeveloped
Inthe1970s,thetruebirthofcybersecuritybeganduringWorld
WarIIwithaprojectcalledTheAdvancedResearchProjects
AgencyNetwork(ARPANET).
Physicalcontrolstolimitaccesstosensitivemilitarylocationsto
authorizedpersonnel
Rudimentaryindefendingagainstphysicaltheft,espionage,and
damage
Encryptionscramblesdatatomakeitunreadabletohackers.It
canoccuratmultiplelevels,notonlyprotectingnetworks,but
individualfilebothinstorageandduringdatatransmissions.
Datasecuritydescribestheprotectionofdigitaldatafroma
cyberattackoradatabreach..
CW3351 Data and Information Security Unit 1 : Introduction
The History of Information Security
A data breach is the unauthorized opening of data, typically to read
or copy the information
The Target Breach 2013 70-110 million customers data did
fraudulent transactions using credit cards $162 million
The Yahoo Breach in 2013, roughly $300,000 all 3 billion of
Yahoo’s email customers became victims of cybercrime
The 2015 Voter Database Breach A database, with the information
of 191 million voters, was exposed to the open internet in late
2015.
The Adult FriendFinderBreach mid-October of 2016, more than
412 million accounts
AugusteKerckhoffs, provided a foundation on all modern
cryptography is a father of computer security
5CW3351 Data and Information Security Unit 1 : Introduction
A data breach is the unauthorized opening of data, typically to read
or copy the information
The Target Breach 2013 70-110 million customers data did
fraudulent transactions using credit cards $162 million
The Yahoo Breach in 2013, roughly $300,000 all 3 billion of
Yahoo’s email customers became victims of cybercrime
The 2015 Voter Database Breach A database, with the information
of 191 million voters, was exposed to the open internet in late
2015.
The Adult FriendFinderBreach mid-October of 2016, more than
412 million accounts
AugusteKerckhoffs, provided a foundation on all modern
cryptography is a father of computer security
5CW3351 Data and Information Security Unit 1 : Introduction
6
What is Security?
“Thequalityorstateofbeingsecure—tobefreefromdanger”
Anorganizationshouldhavemultiplelayersofsecurity:
Physicalsecurity-ProductthePhysicalitems,objectorareasfrom
unauthorizedaccessandmisuse
Personalsecurity-Protectiontopersonalwhoauthorizedtoaccess
organizationanditsoperation
Operationssecurity-Protectionofthedetailsofparticularoperationor
activities
Communicationssecurity-Protectionoforganizationscommunication
media,technologyandcontent
Networksecurity-ProtectionofNetworkingComponents,Connections
andContents
Informationsecurity-ProtectionofinformationanditsCriticalelements
CW3351 Data and Information Security Unit 1 : Introduction
What is Security?
“Thequalityorstateofbeingsecure—tobefreefromdanger”
Anorganizationshouldhavemultiplelayersofsecurity:
Physicalsecurity-ProductthePhysicalitems,objectorareasfrom
unauthorizedaccessandmisuse
Personalsecurity-Protectiontopersonalwhoauthorizedtoaccess
organizationanditsoperation
Operationssecurity-Protectionofthedetailsofparticularoperationor
activities
Communicationssecurity-Protectionoforganizationscommunication
media,technologyandcontent
Networksecurity-ProtectionofNetworkingComponents,Connections
andContents
Informationsecurity-ProtectionofinformationanditsCriticalelements
CW3351 Data and Information Security Unit 1 : Introduction
Why we use Information Security?
Information security is the practice of protecting information by
mitigating information risks. It involves the protection of
information systems and the information processed, stored and
transmitted by these systems from unauthorized access, use,
disclosure, disruption, modification or destruction.
Protecting sensitive information from being accessed, disclosed, or
modified by unauthorized individuals
Mitigating risk: associated with cyber threats and other security
incidents
Compliance with regulations
Protecting reputation: Security breaches can damage an
organization’s reputation and lead to lost business.
Ensuring business continuity includes maintaining access to key
systems and data, and minimizing the impact of any disruption
7CW3351 Data and Information Security Unit 1 : Introduction
Information security is the practice of protecting information by
mitigating information risks. It involves the protection of
information systems and the information processed, stored and
transmitted by these systems from unauthorized access, use,
disclosure, disruption, modification or destruction.
Protecting sensitive information from being accessed, disclosed, or
modified by unauthorized individuals
Mitigating risk: associated with cyber threats and other security
incidents
Compliance with regulations
Protecting reputation: Security breaches can damage an
organization’s reputation and lead to lost business.
Ensuring business continuity includes maintaining access to key
systems and data, and minimizing the impact of any disruption
7CW3351 Data and Information Security Unit 1 : Introduction
8
What is Information Security?
Thepracticeofdefendinginformationfromunauthorized
access,use,disclosure,disruption,modification,perusal,
inspection,recordingordestruction
Theprotectionofinformationanditscriticalelements,
includingsystemsandhardwarethatuse,store,andtransmit
thatinformation
Necessarytools:policy,awareness,training,education,
technology
C.I.A.trianglewasstandardbasedonconfidentiality,integrity,
andavailability
C.I.A.trianglenowexpandedintolistofcriticalcharacteristics
ofinformation
CW3351 Data and Information Security Unit 1 : Introduction
What is Information Security?
Thepracticeofdefendinginformationfromunauthorized
access,use,disclosure,disruption,modification,perusal,
inspection,recordingordestruction
Theprotectionofinformationanditscriticalelements,
includingsystemsandhardwarethatuse,store,andtransmit
thatinformation
Necessarytools:policy,awareness,training,education,
technology
C.I.A.trianglewasstandardbasedonconfidentiality,integrity,
andavailability
C.I.A.trianglenowexpandedintolistofcriticalcharacteristics
ofinformation
CW3351 Data and Information Security Unit 1 : Introduction
9CW3351 Data and Information Security Unit 1 : Introduction
C.I.A. Triangle & Components
Components of an
Information System –
Software –Hardware –
Data –People –
Procedures –Networks
C.I.A. Triangle & Components
Components of an
Information System –
Software –Hardware –
Data –People –
Procedures –Networks
10
Components of Information Security
CW3351 Data and Information Security Unit 1 : Introduction
Components of Information Security
CW3351 Data and Information Security Unit 1 : Introduction
11
Critical Characteristics of Information
ThecharacteristicsofInfo.securitydefinedbyCIATriangle:
Availability:Enablesauthorizeduserstoaccessinformation
withoutobstructionandtoreceiveitintherequiredformat
Accuracy:Whenitisfreefrommistakesorerrorsandithasthe
valuethatuserexpects[BankBalance]
Authenticity:TheQualityorStateofbeinggenuineorOriginal,
ratherthanaReproductionorFabrication[Emailspoofing]
Confidentiality:Preventedfromthedisclosureorexposureto
unauthorizedindividualsorsystems[Salamitheft]
Integrity:ItisWhole,completeanduncorrupted[filehashing]
Utility:Thequalityorstateofhavingvalueforsomepurposeorend
Possession:Thequalityorstateofhavingownershiporcontrolof
someobjectoritem
CW3351 Data and Information Security Unit 1 : Introduction
Critical Characteristics of Information
ThecharacteristicsofInfo.securitydefinedbyCIATriangle:
Availability:Enablesauthorizeduserstoaccessinformation
withoutobstructionandtoreceiveitintherequiredformat
Accuracy:Whenitisfreefrommistakesorerrorsandithasthe
valuethatuserexpects[BankBalance]
Authenticity:TheQualityorStateofbeinggenuineorOriginal,
ratherthanaReproductionorFabrication[Emailspoofing]
Confidentiality:Preventedfromthedisclosureorexposureto
unauthorizedindividualsorsystems[Salamitheft]
Integrity:ItisWhole,completeanduncorrupted[filehashing]
Utility:Thequalityorstateofhavingvalueforsomepurposeorend
Possession:Thequalityorstateofhavingownershiporcontrolof
someobjectoritem
CW3351 Data and Information Security Unit 1 : Introduction
NationalSecurityTelecommunications,andInformationSystemsSecurity
Committee
ModelforInformationSecurityandisbecomingEvaluationStandard
27Cellsrepresentingareasthatmustbeaddressednthesecurityprocess
Thecellsthatcanberepresentedare(1)Confidentiality,Integrity,
availability(2)Policy,Education,Technology(3)Storage,Processing,
Transmission
CW3351 Data and Information Security Unit 1 : Introduction
NSTISSC Security Model
Committee
ModelforInformationSecurityandisbecomingEvaluationStandard
27Cellsrepresentingareasthatmustbeaddressednthesecurityprocess
Thecellsthatcanberepresentedare(1)Confidentiality,Integrity,
availability(2)Policy,Education,Technology(3)Storage,Processing,
Transmission
CW3351 Data and Information Security Unit 1 : Introduction
NSTISSC Security Model
13
CW3351 Data and Information Security Unit 1 : Introduction
Approaches to Information Security
Implementation
CW3351 Data and Information Security Unit 1 : Introduction
Approaches to Information Security
Implementation
14
Approaches to Information Security
Implementation
Bottom-UpApproach
Grassrootseffort:systemsadministratorsattempttoimprove
securityoftheirsystems
Keyadvantage:technicalexpertiseofindividualadministrators
Seldomworks,asitlacksanumberofcriticalfeatures:
Participantsupport
Organizationalstayingpower
Top-DownApproach
Initiatedbyuppermanagement
Issuepolicy,proceduresandprocesses
Dictategoalsandexpectedoutcomesofproject
Determineaccountabilityforeachrequiredaction
Themostsuccessfulalsoinvolveformaldevelopmentstrategy
referredtoassystemsdevelopmentlifecycle
Approaches to Information Security
Implementation
Bottom-UpApproach
Grassrootseffort:systemsadministratorsattempttoimprove
securityoftheirsystems
Keyadvantage:technicalexpertiseofindividualadministrators
Seldomworks,asitlacksanumberofcriticalfeatures:
Participantsupport
Organizationalstayingpower
Top-DownApproach
Initiatedbyuppermanagement
Issuepolicy,proceduresandprocesses
Dictategoalsandexpectedoutcomesofproject
Determineaccountabilityforeachrequiredaction
Themostsuccessfulalsoinvolveformaldevelopmentstrategy
referredtoassystemsdevelopmentlifecycle
15
The Security Systems Development Life Cycle
ThesamephasesusedintraditionalSDLCmaybeadaptedtosupport
specializedimplementationofanISproject
Identificationofspecificthreatsandcreatingcontrolstocounterthem
SecSDLCisacoherentprogramratherthanaseriesofrandom,seemingly
unconnectedactions
SDLC Waterfall Method
CW3351 Data and Information Security Unit 1 : Introduction
The Security Systems Development Life Cycle
ThesamephasesusedintraditionalSDLCmaybeadaptedtosupport
specializedimplementationofanISproject
Identificationofspecificthreatsandcreatingcontrolstocounterthem
SecSDLCisacoherentprogramratherthanaseriesofrandom,seemingly
unconnectedactions
SDLC Waterfall Method
CW3351 Data and Information Security Unit 1 : Introduction
16
Phase 1:Investigation
ManagementIdentifiesprocess,outcomes,goals,
budgetandconstraintsoftheproject
Beginswithenterpriseinformationsecuritypolicy
Outlineprojectscopeandgoals
Estimatecost
Organizationalfeasibilityanalysisisperformed
CW3351 Data and Information Security Unit 1 : Introduction
Phase 1:Investigation
ManagementIdentifiesprocess,outcomes,goals,
budgetandconstraintsoftheproject
Beginswithenterpriseinformationsecuritypolicy
Outlineprojectscopeandgoals
Estimatecost
Organizationalfeasibilityanalysisisperformed
CW3351 Data and Information Security Unit 1 : Introduction
17
Phase 2:Analysis
Documentsfrominvestigationphasearestudied
Analyzesexistingsecuritypoliciesorprograms,along
withdocumentedcurrentthreatsandassociated
controls
Studyintegrationnewsystemwithexistingsystem
Includesanalysisofrelevantlegalissuesthatcould
impactdesignofthesecuritysolution
Theriskmanagementtaskbegins
CW3351 Data and Information Security Unit 1 : Introduction
Phase 2:Analysis
Documentsfrominvestigationphasearestudied
Analyzesexistingsecuritypoliciesorprograms,along
withdocumentedcurrentthreatsandassociated
controls
Studyintegrationnewsystemwithexistingsystem
Includesanalysisofrelevantlegalissuesthatcould
impactdesignofthesecuritysolution
Theriskmanagementtaskbegins
CW3351 Data and Information Security Unit 1 : Introduction
18
Phase 3:Logical Design
Createsanddevelopsblueprintsforinformation
security
Incidentresponseactionsplanned:
Continuityplanning
Incidentresponse
Disasterrecovery
Feasibilityanalysistodeterminewhetherproject
shouldcontinueorbeoutsourced
CW3351 Data and Information Security Unit 1 : Introduction
Phase 3:Logical Design
Createsanddevelopsblueprintsforinformation
security
Incidentresponseactionsplanned:
Continuityplanning
Incidentresponse
Disasterrecovery
Feasibilityanalysistodeterminewhetherproject
shouldcontinueorbeoutsourced
CW3351 Data and Information Security Unit 1 : Introduction
19
Phase 4:Physical Design
Neededsecuritytechnologyisevaluated,alternatives
generated,andfinaldesignselected
Developdefinitionofsuccessfulsolution
Atendofphase,feasibilitystudydeterminesreadiness
oftheprojectImplementation
CW3351 Data and Information Security Unit 1 : Introduction
Phase 4:Physical Design
Neededsecuritytechnologyisevaluated,alternatives
generated,andfinaldesignselected
Developdefinitionofsuccessfulsolution
Atendofphase,feasibilitystudydeterminesreadiness
oftheprojectImplementation
CW3351 Data and Information Security Unit 1 : Introduction
20
Phase 5:Implementation
Securitysolutionsareacquired,tested,implemented,
andtestedagain
Personnelissuesevaluated;specifictrainingand
educationprogramsconducted
Entiretestedpackageispresentedtomanagementfor
finalapproval
CW3351 Data and Information Security Unit 1 : Introduction
Phase 5:Implementation
Securitysolutionsareacquired,tested,implemented,
andtestedagain
Personnelissuesevaluated;specifictrainingand
educationprogramsconducted
Entiretestedpackageispresentedtomanagementfor
finalapproval
CW3351 Data and Information Security Unit 1 : Introduction
21
Phase 6:Maintenance and Change
Perhaps the most important phase, given the ever-
changing threat environment
Often, reparation and restoration of information is a
constant duel with an unseen adversary
Information security profile of an organization
requires constant adaptation as new threats emerge
and old threats evolve
CW3351 Data and Information Security Unit 1 : Introduction
Phase 6:Maintenance and Change
Perhaps the most important phase, given the ever-
changing threat environment
Often, reparation and restoration of information is a
constant duel with an unseen adversary
Information security profile of an organization
requires constant adaptation as new threats emerge
and old threats evolve
CW3351 Data and Information Security Unit 1 : Introduction
22
Key Terms [Terminology]
Access-asubjectorobject’sabilitytouse,manipulate,modify,oraffect
anothersubjectorobject
Asset-theorganizationalresourcethatisbeingprotected.
Attack-anactthatisanintentionalorunintentionalattempttocause
damageorcompromisetotheinformationand/orthesystemsthatsupport
it.
Control,SafeguardorCountermeasure-securitymechanisms,policiesor
proceduresthatcansuccessfullycounterattacks,reducerisk,resolve
vulnerabilities,andotherwiseimprovethesecuritywithinanorganization
Exploit–totakeadvantageofweaknessesorvulnerabilityinasystem
Exposure-asingleinstanceofbeingopentodamage.
Hacking-Good:tousecomputersorsystemsforenjoyment;Bad:toillegally
gainaccesstoacomputerorsystem
Object-apassiveentityintheinformationsystemthatreceivesorcontains
information
Risk-theprobabilitythatsomethingcanhappen.
CW3351 Data and Information Security Unit 1 : Introduction
Key Terms [Terminology]
Access-asubjectorobject’sabilitytouse,manipulate,modify,oraffect
anothersubjectorobject
Asset-theorganizationalresourcethatisbeingprotected.
Attack-anactthatisanintentionalorunintentionalattempttocause
damageorcompromisetotheinformationand/orthesystemsthatsupport
it.
Control,SafeguardorCountermeasure-securitymechanisms,policiesor
proceduresthatcansuccessfullycounterattacks,reducerisk,resolve
vulnerabilities,andotherwiseimprovethesecuritywithinanorganization
Exploit–totakeadvantageofweaknessesorvulnerabilityinasystem
Exposure-asingleinstanceofbeingopentodamage.
Hacking-Good:tousecomputersorsystemsforenjoyment;Bad:toillegally
gainaccesstoacomputerorsystem
Object-apassiveentityintheinformationsystemthatreceivesorcontains
information
Risk-theprobabilitythatsomethingcanhappen.
CW3351 Data and Information Security Unit 1 : Introduction
23
SecurityBlueprint-theplanfortheimplementationofnewsecurity
measuresintheorganization
SecurityModel-acollectionofspecificsecurityrulesthatrepresents
theimplementationofasecuritypolicy
SecurityPostureorSecurityProfile-agenerallabelforthe
combinationofallpolicy,procedures,technology,andprogramsthat
makeupthetotalsecurityeffortcurrentlyinplace
Subject-anactiveentitythatinteractswithaninformationsystemand
causesinformationtomovethroughthesystemforaspecificpurpose
Threats-acategoryofobjects,persons,orotherentitiesthatrepresents
apotentialdangertoanasset.
ThreatAgent-aspecificinstanceorcomponentofamoregeneralthreat
Vulnerability-weaknessesorfaultsinasystemorprotection
mechanismthatexposeinformationtoattackordamage
Key Terms [Terminology]
SecurityBlueprint-theplanfortheimplementationofnewsecurity
measuresintheorganization
SecurityModel-acollectionofspecificsecurityrulesthatrepresents
theimplementationofasecuritypolicy
SecurityPostureorSecurityProfile-agenerallabelforthe
combinationofallpolicy,procedures,technology,andprogramsthat
makeupthetotalsecurityeffortcurrentlyinplace
Subject-anactiveentitythatinteractswithaninformationsystemand
causesinformationtomovethroughthesystemforaspecificpurpose
Threats-acategoryofobjects,persons,orotherentitiesthatrepresents
apotentialdangertoanasset.
ThreatAgent-aspecificinstanceorcomponentofamoregeneralthreat
Vulnerability-weaknessesorfaultsinasystemorprotection
mechanismthatexposeinformationtoattackordamage
Key Terms [Terminology]
24
Summary
Informationsecurityisa“well-informedsenseofassurance
thattheinformationrisksandcontrolsareinbalance.”
Computersecuritybeganimmediatelyafterfirstmainframes
weredeveloped
Successfulorganizationshavemultiplelayersofsecurityin
place:physical,personal,operations,communications,
network,andinformation.
Securityshouldbeconsideredabalancebetweenprotection
andavailability
Informationsecuritymustbemanagedsimilartoanymajor
systemimplementedinanorganizationusingamethodology
likeSecSDLC
CW3351 Data and Information Security Unit 1 : Introduction
Summary
Informationsecurityisa“well-informedsenseofassurance
thattheinformationrisksandcontrolsareinbalance.”
Computersecuritybeganimmediatelyafterfirstmainframes
weredeveloped
Successfulorganizationshavemultiplelayersofsecurityin
place:physical,personal,operations,communications,
network,andinformation.
Securityshouldbeconsideredabalancebetweenprotection
andavailability
Informationsecuritymustbemanagedsimilartoanymajor
systemimplementedinanorganizationusingamethodology
likeSecSDLC
CW3351 Data and Information Security Unit 1 : Introduction
Thank you
25
CW3351 Data and Information Security Unit 1 : Introduction
25
CW3351 Data and Information Security Unit 1 : Introduction
Tags
Categories
EducationDownload
Download Slideshow Get the original presentation fileQuick Actions
Statistics
- Views 4
- Slides 25
- Age 42 days
Related Slideshows
11
TLE-9-Prepare-Salad-and-Dressing.pptxkkk
MaAngelicaCanceran
32 views
12
LESSON 1 ABOUT MEDIA AND INFORMATION.pptx
JojitGueta
27 views
60
GRADE-8-AQUACULTURE-WEEKQ1.pdfdfawgwyrsewru
MaAngelicaCanceran
42 views
26
Feelings PP Game FOR CHILDREN IN ELEMENTARY SCHOOL.pptx
KaistaGlow
42 views
![Jeopardy_Figures_of_Speech_Template.pptx [Autosaved].pptx](https://slidepub.com/thumb/5828/284015828.jpg)
54
Jeopardy_Figures_of_Speech_Template.pptx [Autosaved].pptx
acecamero20
25 views
7
Jeopardy_Figures_of_Speech.pptxvdsvdsvsdvsd
acecamero20
26 views