IS Merg file is technique of Information Securiety
ALIZAIBKHAN2
12 views
64 slides
Oct 07, 2024
Slide 1 of 64
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
About This Presentation
Information securiety
Slide Content
Cryptography and blockchain
https://andersbrownworth.com/blockchain/hash
https://andersbrownworth.com/blockchain/hash
Learn with example
•The building block of a blockchain : Transaction
•What is a Block in Blockchain
•Concepts behind blockchain
•Hash
•Id, nonce, data, hash
•Chaining
•How does are block chain ?
•What makes it hack proof ?
•What is proof of work ?
•The building block of a blockchain : Transaction
•What is a Block in Blockchain
•Concepts behind blockchain
•Hash
•Id, nonce, data, hash
•Chaining
•How does are block chain ?
•What makes it hack proof ?
•What is proof of work ?
Transaction
•Transaction is the building block of a blockchain.
•A transaction comprise of sender address and its asset quantity ,
receiver’s address and its asset quantity.
•Example of transaction.
•Transaction is the building block of a blockchain.
•A transaction comprise of sender address and its asset quantity ,
receiver’s address and its asset quantity.
•Example of transaction.
What comprise a block
•A Block in blockchain comprise of
(https://api.blockcypher.com/v1/btc/main/blocks/000000000000000
000004cfbf1240c29ec7d49f4f8c2fa925e0dcbfe2e1ec821)
•Block number
•Previous block’s hash
•Nonce
•Collection of transactions
•A Block in blockchain comprise of
(https://api.blockcypher.com/v1/btc/main/blocks/000000000000000
000004cfbf1240c29ec7d49f4f8c2fa925e0dcbfe2e1ec821)
•Block number
•Previous block’s hash
•Nonce
•Collection of transactions
How does are block chain ?
What makes it hack proof ?
Update all nonce to get correct hash
Update all nonce to get correct hash
What is proof of work ?
To find a nonce that produce hash of a defined structure.
This structure changes as world create more computing power
To find a nonce that produce hash of a defined structure.
This structure changes as world create more computing power
Proof of work
•Blockchain is a way of keeping information safe and secure on the internet. One way that
blockchain keeps information safe is by using something called "proof of work."
•Proof of work is like doing a really hard puzzle to prove that you are allowed to add new
information to the blockchain. Imagine you have a big puzzle with a lot of pieces. It might
take you a long time to put all the pieces together, but once you finish it, you can show
everyone that you did the work and that you did it correctly.
•In the same way, when someone wants to add new information to the blockchain, they
have to solve a puzzle that takes a lot of time and energy to complete. This puzzle helps
to make sure that only the people who are supposed to add information to the
blockchain can do it. It also helps to make sure that the information on the blockchain is
correct and can't be changed by anyone who isn't supposed to change it.
•So, proof of work is like doing a really hard puzzle to show that you're allowed to add
new information to the blockchain, and it helps to keep the information safe and secure.
•Blockchain is a way of keeping information safe and secure on the internet. One way that
blockchain keeps information safe is by using something called "proof of work."
•Proof of work is like doing a really hard puzzle to prove that you are allowed to add new
information to the blockchain. Imagine you have a big puzzle with a lot of pieces. It might
take you a long time to put all the pieces together, but once you finish it, you can show
everyone that you did the work and that you did it correctly.
•In the same way, when someone wants to add new information to the blockchain, they
have to solve a puzzle that takes a lot of time and energy to complete. This puzzle helps
to make sure that only the people who are supposed to add information to the
blockchain can do it. It also helps to make sure that the information on the blockchain is
correct and can't be changed by anyone who isn't supposed to change it.
•So, proof of work is like doing a really hard puzzle to show that you're allowed to add
new information to the blockchain, and it helps to keep the information safe and secure.
Security Design
Principals
Principals
What are security design
principals
•Security design principles are a set of fundamental concepts
and guidelines that are used to create and implement secure
systems.
•Some of the most common security design principles include
•defense in depth
•least privilege
•separation of duties
•fail-safe defaults
•economy of mechanism
•complete mediation
•open design
principals
•Security design principles are a set of fundamental concepts
and guidelines that are used to create and implement secure
systems.
•Some of the most common security design principles include
•defense in depth
•least privilege
•separation of duties
•fail-safe defaults
•economy of mechanism
•complete mediation
•open design
Defense in depth
•Defense in depth means having many layers of
protection to keep something safe.
•It's like wearing a helmet to protect your head, but
also wearing knee pads, elbow pads, and a padded
jacket to protect your whole body.
•When we use defense in depth to protect
something like a computer or a building, we put
many different protections in place, like passwords,
firewalls, and security cameras. This way, if one
protection isn't strong enough, there are other
layers that can stop bad guys from getting in and
causing trouble.
•Defense in depth means having many layers of
protection to keep something safe.
•It's like wearing a helmet to protect your head, but
also wearing knee pads, elbow pads, and a padded
jacket to protect your whole body.
•When we use defense in depth to protect
something like a computer or a building, we put
many different protections in place, like passwords,
firewalls, and security cameras. This way, if one
protection isn't strong enough, there are other
layers that can stop bad guys from getting in and
causing trouble.
Least privilege
•Least privilege means only having access to what you need
to do your job or task, and nothing more.
•It's like when you go to a friend's house to play, you
might only go to the rooms your friend says you can go
to and not touch anything that belongs to your friend's
family.
•In the same way, when we use the principle of least
privilege to protect things like computers or important
files, we only let people have access to the parts that
they need to use to do their job. This way, if someone
tries to get into a part of the computer or file that they
don't need to be in, they can't access it. This helps keep
things safe and secure.
•Least privilege means only having access to what you need
to do your job or task, and nothing more.
•It's like when you go to a friend's house to play, you
might only go to the rooms your friend says you can go
to and not touch anything that belongs to your friend's
family.
•In the same way, when we use the principle of least
privilege to protect things like computers or important
files, we only let people have access to the parts that
they need to use to do their job. This way, if someone
tries to get into a part of the computer or file that they
don't need to be in, they can't access it. This helps keep
things safe and secure.
Separation of duties
•Separation of duties in information security means that different people
have different roles and responsibilities to keep important information
safe.
•For example, let's say there's a really important file that has secret
information that should only be seen by a few people. Instead of letting
just one person have access to the whole file, we split up the tasks. One
person might have the job of putting the information into the file, while
another person has the job of reviewing the file to make sure it's
correct, and a third person might have the job of actually giving
permission to people who are allowed to see it.
•By having different people do different jobs, we make sure that no one
person can do anything bad or wrong with the information. It's like
when you and your friends play a game together - everyone has a
different job to do to make sure that everything goes smoothly and
fairly.
•Separation of duties in information security means that different people
have different roles and responsibilities to keep important information
safe.
•For example, let's say there's a really important file that has secret
information that should only be seen by a few people. Instead of letting
just one person have access to the whole file, we split up the tasks. One
person might have the job of putting the information into the file, while
another person has the job of reviewing the file to make sure it's
correct, and a third person might have the job of actually giving
permission to people who are allowed to see it.
•By having different people do different jobs, we make sure that no one
person can do anything bad or wrong with the information. It's like
when you and your friends play a game together - everyone has a
different job to do to make sure that everything goes smoothly and
fairly.
Fail-safe defaults
•In information security, "fail-safe defaults" means that when we set up a
computer or an app, we make sure that it starts off safe, even if someone does
something wrong.
•For example, let's say we're playing with a toy that can launch a rocket into the
sky. If we accidentally push the wrong button, the rocket could launch and hurt
someone. So, we make sure that the toy is set up in a way that it won't launch
unless we do everything right. This is a "fail-safe default".
•In the same way, when we use a computer or an app, we make sure that it's set
up to keep our information safe, even if we accidentally do something wrong. For
example, we might set up a password so that we're the only ones who can get
into our computer. This way, if someone else tries to get in, the computer won't
let them. This is a "fail-safe default".
•It's like a safety net that catches us if we fall - it's there to make sure we don't get
hurt, even if we make a mistake.
•In information security, "fail-safe defaults" means that when we set up a
computer or an app, we make sure that it starts off safe, even if someone does
something wrong.
•For example, let's say we're playing with a toy that can launch a rocket into the
sky. If we accidentally push the wrong button, the rocket could launch and hurt
someone. So, we make sure that the toy is set up in a way that it won't launch
unless we do everything right. This is a "fail-safe default".
•In the same way, when we use a computer or an app, we make sure that it's set
up to keep our information safe, even if we accidentally do something wrong. For
example, we might set up a password so that we're the only ones who can get
into our computer. This way, if someone else tries to get in, the computer won't
let them. This is a "fail-safe default".
•It's like a safety net that catches us if we fall - it's there to make sure we don't get
hurt, even if we make a mistake.
Economy of mechanism
•"Economy of mechanism" in information security means keeping things
simple and using as few parts as possible to get the job done.
•Imagine you have a toy with many buttons, levers, and switches that
can make it move and make noises. It can be fun to play with, but it can
also be confusing and hard to understand how it works. It could even
break if you press too many buttons at once.
•In the same way, when we use a computer or an app, we want to make
sure it's not too complicated and has only what we need to get our
work done. This way, we can use it easily and it's less likely to have
mistakes or problems that can make it stop working.
•It's like building a tower with blocks. If we stack too many blocks on top
of each other, the tower can fall and break. But if we use just enough
blocks to make it strong, it will stay standing and be safe to play with.
The same goes for using a computer or an app – we want to keep it
simple and strong, so we can use it safely and have fun!
•"Economy of mechanism" in information security means keeping things
simple and using as few parts as possible to get the job done.
•Imagine you have a toy with many buttons, levers, and switches that
can make it move and make noises. It can be fun to play with, but it can
also be confusing and hard to understand how it works. It could even
break if you press too many buttons at once.
•In the same way, when we use a computer or an app, we want to make
sure it's not too complicated and has only what we need to get our
work done. This way, we can use it easily and it's less likely to have
mistakes or problems that can make it stop working.
•It's like building a tower with blocks. If we stack too many blocks on top
of each other, the tower can fall and break. But if we use just enough
blocks to make it strong, it will stay standing and be safe to play with.
The same goes for using a computer or an app – we want to keep it
simple and strong, so we can use it safely and have fun!
Complete mediation
•In information security, "complete mediation" means that we make
sure every time someone wants to do something with important
information, we check to make sure they are allowed to do it. It's like
asking permission every time you want to borrow a toy from your
friend.
•Let's say you have a secret toy box that only you and your best friend
can open. If someone else comes along and tries to open it, they can't
because they don't have permission. The same goes for a computer or
an app. If someone tries to do something they're not supposed to, like
deleting an important file, the computer or app won't let them because
it knows they're not allowed to do it.
•It's like having a security guard who checks everyone who wants to
enter a building. They make sure that only the people who are
supposed to be there can come in. This way, we can keep important
information safe and make sure that no one does anything bad with it.
•In information security, "complete mediation" means that we make
sure every time someone wants to do something with important
information, we check to make sure they are allowed to do it. It's like
asking permission every time you want to borrow a toy from your
friend.
•Let's say you have a secret toy box that only you and your best friend
can open. If someone else comes along and tries to open it, they can't
because they don't have permission. The same goes for a computer or
an app. If someone tries to do something they're not supposed to, like
deleting an important file, the computer or app won't let them because
it knows they're not allowed to do it.
•It's like having a security guard who checks everyone who wants to
enter a building. They make sure that only the people who are
supposed to be there can come in. This way, we can keep important
information safe and make sure that no one does anything bad with it.
Open design (opensource culture)
•When we talk about "open design" in information security, it
means that we share how things work so that everyone can see
it. It's like when we share how we built our toy tower with our
friends so they can see how it's made and how it works.
•In the same way, when we use a computer or an app, we want
to make sure that we know how it works and that it's safe to
use. This means that the people who made the computer or app
should tell us how they built it and how it works, so we can see
that it's safe and that no one can do anything bad with it.
•It's like reading the instructions for a toy before we play with it.
We want to make sure we know how to use it safely so we don't
break it or hurt ourselves. When we know how things work, we
can use them better and make sure they work the way they're
supposed to.
•When we talk about "open design" in information security, it
means that we share how things work so that everyone can see
it. It's like when we share how we built our toy tower with our
friends so they can see how it's made and how it works.
•In the same way, when we use a computer or an app, we want
to make sure that we know how it works and that it's safe to
use. This means that the people who made the computer or app
should tell us how they built it and how it works, so we can see
that it's safe and that no one can do anything bad with it.
•It's like reading the instructions for a toy before we play with it.
We want to make sure we know how to use it safely so we don't
break it or hurt ourselves. When we know how things work, we
can use them better and make sure they work the way they're
supposed to.
Encryption
Topics to be covered
•Encryption
•Symmetric
•A-symmetric
•Examples
•Digital Signatures
•Digest (hash)
•Encryption
•Symmetric
•A-symmetric
•Examples
•Digital Signatures
•Digest (hash)
Encryption
•Encryption is a way of protecting information from being seen or used by
unauthorized people.
•It involves converting plain text (normal text) into an unreadable format using a
secret code or key.
•The encrypted text can only be read by someone who has the key to decrypt it.
•Encryption is a way of protecting information from being seen or used by
unauthorized people.
•It involves converting plain text (normal text) into an unreadable format using a
secret code or key.
•The encrypted text can only be read by someone who has the key to decrypt it.
Why encrypt
•Encryption is used to protect sensitive information such as passwords,
credit card numbers, and other personal data.
•Encryption can be applied to various communication channels, such as
email, text messages, and voice calls.
•Encryption can also be used to protect files stored on computers or mobile
devices.
•Governments and law enforcement agencies sometimes use encryption for
their own communications and data protection.
•However, encryption can also be used by criminals and terrorists to
communicate secretly and plan illegal activities.
•Encryption can sometimes create a barrier to law enforcement and
intelligence agencies, who may need access to encrypted data to prevent
crime and terrorism.
•Encryption is used to protect sensitive information such as passwords,
credit card numbers, and other personal data.
•Encryption can be applied to various communication channels, such as
email, text messages, and voice calls.
•Encryption can also be used to protect files stored on computers or mobile
devices.
•Governments and law enforcement agencies sometimes use encryption for
their own communications and data protection.
•However, encryption can also be used by criminals and terrorists to
communicate secretly and plan illegal activities.
•Encryption can sometimes create a barrier to law enforcement and
intelligence agencies, who may need access to encrypted data to prevent
crime and terrorism.
Types of Encryption
•There are different types of encryption algorithms used to encrypt
data, such as symmetric and asymmetric encryption.
•There are different types of encryption algorithms used to encrypt
data, such as symmetric and asymmetric encryption.
Symmetric Encryption
•Symmetric encryption uses the same key to encrypt and decrypt data.
•Symmetric encryption uses the same key to encrypt and decrypt data.
Examples of Symmetric Encryption Algorithms
1.Advanced Encryption Standard (AES)
2.Data Encryption Standard (DES)
3.Triple Data Encryption Algorithm (3DES)
4.Blowfish
5.Twofish
6.Serpent
7.RC4
8.RC5
9.RC6
10.IDEA (International Data Encryption Algorithm)
1.Advanced Encryption Standard (AES)
2.Data Encryption Standard (DES)
3.Triple Data Encryption Algorithm (3DES)
4.Blowfish
5.Twofish
6.Serpent
7.RC4
8.RC5
9.RC6
10.IDEA (International Data Encryption Algorithm)
A-Symmetric Encryption
•Asymmetric encryption uses two keys, a public key and a private key,
to encrypt and decrypt data.
•Asymmetric encryption uses two keys, a public key and a private key,
to encrypt and decrypt data.
Example of A-Symmetric Encryption
Algorithms
1.RSA (Rivest-Shamir-Adleman)
2.Diffie-Hellman
3.Elliptic Curve Cryptography (ECC)
4.Digital Signature Algorithm (DSA)
5.ElGamal
Algorithms
1.RSA (Rivest-Shamir-Adleman)
2.Diffie-Hellman
3.Elliptic Curve Cryptography (ECC)
4.Digital Signature Algorithm (DSA)
5.ElGamal
Beauty of public key
•Public keys are freely distributed while private keys are kept secret.
•Encrypted files can only be accessed/opened by those who have the
decryption key / private key.
•Public keys are freely distributed while private keys are kept secret.
•Encrypted files can only be accessed/opened by those who have the
decryption key / private key.
Proof Of Work
•Some encryption methods can be broken by hackers, while others are
more secure.
•Time required to generate correct password
•The strength of encryption depends on the length and complexity of
the key used.
•Some encryption methods can be broken by hackers, while others are
more secure.
•Time required to generate correct password
•The strength of encryption depends on the length and complexity of
the key used.
Data integrity
•Encryption can be used to ensure data integrity, which means the
data has not been modified or tampered with during transmission.
•Encryption can be used to ensure data integrity, which means the
data has not been modified or tampered with during transmission.
Digital Signature
•Encryption can also be used to ensure authenticity, which means the
data comes from a trusted source.
•Encryption can also be used to ensure authenticity, which means the
data comes from a trusted source.
Hash functions / digest functions
1.Digest functions like SHA-5 are mathematical algorithms that convert data
into a unique fixed-length string of characters.
2.The resulting string, known as a digest or hash, is essentially a "fingerprint"
of the original data.
3.Even small changes to the original data will result in a completely different
hash.
4.Digest functions are used to verify the integrity of data, as any changes to
the original data will result in a different hash value.
5.They are also used for password storage, as instead of storing the actual
password, the hash of the password is stored and used for authentication
purposes.
1.Digest functions like SHA-5 are mathematical algorithms that convert data
into a unique fixed-length string of characters.
2.The resulting string, known as a digest or hash, is essentially a "fingerprint"
of the original data.
3.Even small changes to the original data will result in a completely different
hash.
4.Digest functions are used to verify the integrity of data, as any changes to
the original data will result in a different hash value.
5.They are also used for password storage, as instead of storing the actual
password, the hash of the password is stored and used for authentication
purposes.
Information Security
Foundation
Week 1
Foundation
Week 1
Book
•Computer Security: Principles and Practice, 3 rd edition by William
Stallings
•Computer Security: Principles and Practice, 3 rd edition by William
Stallings
Information Security Foundation
•William Stallings, a renowned author in the field of computer security,
suggests that the following topics should be covered in Information
Security Foundations.
•Security concepts and principles
•Cryptography
•Network security
•Operating system security
•Physical security
•Security management
•Legal and ethical issues
•Emerging technologies and trends
•William Stallings, a renowned author in the field of computer security,
suggests that the following topics should be covered in Information
Security Foundations.
•Security concepts and principles
•Cryptography
•Network security
•Operating system security
•Physical security
•Security management
•Legal and ethical issues
•Emerging technologies and trends
Security concepts and principles
•Security concepts and principles are fundamental aspects of information
security
•Aim to protect information and information systems from harm.
•Confidentiality ensures that information is kept secret and only accessible to
authorized personnel
•Integrity ensures that information is accurate and consistent.
•Availability ensures that information is accessible to authorized users when they
need it.
•Access control, authentication, and non-repudiation are also important concepts
and principles that help to control who can access information, verify their identity,
and prevent them from denying that they sent information.
•By understanding and implementing these concepts and principles, we can
ensure that our information is kept safe and secure.
•Security concepts and principles are fundamental aspects of information
security
•Aim to protect information and information systems from harm.
•Confidentiality ensures that information is kept secret and only accessible to
authorized personnel
•Integrity ensures that information is accurate and consistent.
•Availability ensures that information is accessible to authorized users when they
need it.
•Access control, authentication, and non-repudiation are also important concepts
and principles that help to control who can access information, verify their identity,
and prevent them from denying that they sent information.
•By understanding and implementing these concepts and principles, we can
ensure that our information is kept safe and secure.
Cryptography
•Cryptography is a technique used to secure communication and protect
information from unauthorized access.
•It involves the use of mathematical algorithms to convert plain text into an
unreadable format known as cipher text, which can only be read by
authorized recipients who possess the key to decrypt it.
•Different types of cryptographic algorithms are used for different purposes
•encryption algorithms for securing data in transit.
•digital signature algorithms for verifying the authenticity of digital documents.
•Cryptography is widely used in various fields, including finance, healthcare,
and government, to protect sensitive information and maintain privacy.
•Cryptography is a technique used to secure communication and protect
information from unauthorized access.
•It involves the use of mathematical algorithms to convert plain text into an
unreadable format known as cipher text, which can only be read by
authorized recipients who possess the key to decrypt it.
•Different types of cryptographic algorithms are used for different purposes
•encryption algorithms for securing data in transit.
•digital signature algorithms for verifying the authenticity of digital documents.
•Cryptography is widely used in various fields, including finance, healthcare,
and government, to protect sensitive information and maintain privacy.
Network security
•Network security refers to the practice of protecting computer networks
from unauthorized access, misuse, modification, or disruption.
•SOFTWARE : It involves implementing various measures such as firewalls,
intrusion detection systems, and virtual private networks to secure
networks against various types of threats and attacks, such as viruses,
malware, and hackers.
•HARDWARE : Network security also includes securing network
infrastructure devices such as routers, switches, and servers from physical
and virtual threats.
•By implementing effective network security measures, organizations can
ensure that their networks are protected from unauthorized access and
misuse, while maintaining the confidentiality, integrity, and availability of
their information assets.
•Network security refers to the practice of protecting computer networks
from unauthorized access, misuse, modification, or disruption.
•SOFTWARE : It involves implementing various measures such as firewalls,
intrusion detection systems, and virtual private networks to secure
networks against various types of threats and attacks, such as viruses,
malware, and hackers.
•HARDWARE : Network security also includes securing network
infrastructure devices such as routers, switches, and servers from physical
and virtual threats.
•By implementing effective network security measures, organizations can
ensure that their networks are protected from unauthorized access and
misuse, while maintaining the confidentiality, integrity, and availability of
their information assets.
Operating system security
•Operating systems execute and organization’s business logic.
•Operating system security refers to the protection of computer systems from unauthorized
access, misuse, modification, or destruction through secure configuration and access control
mechanisms.
•SOFTWARE:
•It involves implementing security measures such as user authentication, access controls, and audit logs to
prevent unauthorized access to system resources, protect sensitive data, and detect and respond to security
breaches.
•Operating system security also includes patch management, software updates, and anti-virus protection to
protect against known vulnerabilities and malware attacks.
•HARDWARE:
•Restricting access to the servers.
•Restricting access to the network.
•By implementing effective operating system security measures, organizations can ensure that
their computer systems are protected against various types of security threats and that the
confidentiality, integrity, and availability of their information assets are maintained.
•Operating systems execute and organization’s business logic.
•Operating system security refers to the protection of computer systems from unauthorized
access, misuse, modification, or destruction through secure configuration and access control
mechanisms.
•SOFTWARE:
•It involves implementing security measures such as user authentication, access controls, and audit logs to
prevent unauthorized access to system resources, protect sensitive data, and detect and respond to security
breaches.
•Operating system security also includes patch management, software updates, and anti-virus protection to
protect against known vulnerabilities and malware attacks.
•HARDWARE:
•Restricting access to the servers.
•Restricting access to the network.
•By implementing effective operating system security measures, organizations can ensure that
their computer systems are protected against various types of security threats and that the
confidentiality, integrity, and availability of their information assets are maintained.
Physical security
•Physical security refers to the protection of people, assets, and facilities
from physical threats, such as theft, vandalism, and natural disasters.
•It involves implementing various measures such as access controls,
surveillance systems, and environmental controls to prevent unauthorized
access to physical assets and protect them from damage or destruction.
•Physical security also includes the implementation of security policies,
procedures, and training programs to ensure that employees are aware of
security risks and take appropriate measures to mitigate them.
•By implementing effective physical security measures, organizations can
ensure that their assets and facilities are protected against various types of
physical threats, and that their employees, customers, and visitors are safe
and secure.
•Physical security refers to the protection of people, assets, and facilities
from physical threats, such as theft, vandalism, and natural disasters.
•It involves implementing various measures such as access controls,
surveillance systems, and environmental controls to prevent unauthorized
access to physical assets and protect them from damage or destruction.
•Physical security also includes the implementation of security policies,
procedures, and training programs to ensure that employees are aware of
security risks and take appropriate measures to mitigate them.
•By implementing effective physical security measures, organizations can
ensure that their assets and facilities are protected against various types of
physical threats, and that their employees, customers, and visitors are safe
and secure.
Security management
•Security management refers to the process of planning, organizing, and
controlling security measures to protect information assets and ensure
business continuity.
•It involves identifying security risks, developing security policies and
procedures, implementing security controls, and monitoring and evaluating
the effectiveness of security measures.
•Security management also includes risk management, incident response
planning, and security awareness training to ensure that employees are
aware of security risks and take appropriate measures to mitigate them.
•By implementing effective security management practices, organizations
can ensure that their information assets are protected against various
types of security threats, and that they can respond quickly and effectively
to security incidents.
•Security management refers to the process of planning, organizing, and
controlling security measures to protect information assets and ensure
business continuity.
•It involves identifying security risks, developing security policies and
procedures, implementing security controls, and monitoring and evaluating
the effectiveness of security measures.
•Security management also includes risk management, incident response
planning, and security awareness training to ensure that employees are
aware of security risks and take appropriate measures to mitigate them.
•By implementing effective security management practices, organizations
can ensure that their information assets are protected against various
types of security threats, and that they can respond quickly and effectively
to security incidents.
Legal and ethical issues
•Legal and ethical issues in information security refer to the laws, regulations, and
ethical principles that govern the collection, use, disclosure, and protection of
information.
•These issues include privacy, intellectual property, cybercrime, and data
protection laws, among others.
•It is important for organizations to comply with these laws and ethical principles
to avoid legal liability and reputational damage.
•Ethical issues also include considerations around the appropriate use of
information, such as the balance between personal privacy and national security.
•By understanding and addressing legal and ethical issues in information security,
organizations can ensure that they are operating within legal and ethical
boundaries, protecting the rights of individuals, and promoting trust and
transparency in their relationships with stakeholders.
•Legal and ethical issues in information security refer to the laws, regulations, and
ethical principles that govern the collection, use, disclosure, and protection of
information.
•These issues include privacy, intellectual property, cybercrime, and data
protection laws, among others.
•It is important for organizations to comply with these laws and ethical principles
to avoid legal liability and reputational damage.
•Ethical issues also include considerations around the appropriate use of
information, such as the balance between personal privacy and national security.
•By understanding and addressing legal and ethical issues in information security,
organizations can ensure that they are operating within legal and ethical
boundaries, protecting the rights of individuals, and promoting trust and
transparency in their relationships with stakeholders.
Emerging technologies and trends
•Emerging technologies and trends in information security refer to the new and evolving
technologies and practices that are being developed to address emerging security
threats and challenges.
•These technologies and trends include cloud computing, mobile devices, social media,
the Internet of Things (IoT), and artificial intelligence (AI), among others.
•As these technologies become more pervasive, they create new security risks that
organizations must address, such as data breaches, malware attacks, and unauthorized
access.
•To stay ahead of these threats, organizations must stay up to date with the latest security
trends and technologies, implement best practices for securing their systems and data,
and be vigilant about monitoring for and responding to security incidents.
•By leveraging emerging technologies and trends in information security, organizations
can protect their assets and stay one step ahead of the evolving threat landscape.
•Emerging technologies and trends in information security refer to the new and evolving
technologies and practices that are being developed to address emerging security
threats and challenges.
•These technologies and trends include cloud computing, mobile devices, social media,
the Internet of Things (IoT), and artificial intelligence (AI), among others.
•As these technologies become more pervasive, they create new security risks that
organizations must address, such as data breaches, malware attacks, and unauthorized
access.
•To stay ahead of these threats, organizations must stay up to date with the latest security
trends and technologies, implement best practices for securing their systems and data,
and be vigilant about monitoring for and responding to security incidents.
•By leveraging emerging technologies and trends in information security, organizations
can protect their assets and stay one step ahead of the evolving threat landscape.
Security concepts and principles
•Security concepts and principles are essential for protecting our information and keeping
it safe from harm. These concepts and principles are based on three fundamental
aspects of information security: confidentiality, integrity, and availability.
1.Confidentiality: Confidentiality means keeping information secret and only allowing authorized
people to access it. This is important because not all information should be available to everyone.
For example, your bank account details should only be available to you and authorized personnel.
We can protect the confidentiality of information by using passwords, encryption, and access
controls.
2.Integrity: Integrity means maintaining the accuracy and consistency of information. This is
important because we need to ensure that the information we receive is accurate and has not
been altered in any way. For example, if someone changes the information in your medical
records, it could have serious consequences. We can protect the integrity of information by using
digital signatures, checksums, and other verification methods.
3.Availability: Availability means ensuring that information is accessible to authorized users when
they need it. This is important because if information is not available, we cannot use it to make
important decisions. For example, if a website goes down, we cannot access the information we
need. We can protect the availability of information by using redundancy, backups, and other
disaster recovery methods.
•Security concepts and principles are essential for protecting our information and keeping
it safe from harm. These concepts and principles are based on three fundamental
aspects of information security: confidentiality, integrity, and availability.
1.Confidentiality: Confidentiality means keeping information secret and only allowing authorized
people to access it. This is important because not all information should be available to everyone.
For example, your bank account details should only be available to you and authorized personnel.
We can protect the confidentiality of information by using passwords, encryption, and access
controls.
2.Integrity: Integrity means maintaining the accuracy and consistency of information. This is
important because we need to ensure that the information we receive is accurate and has not
been altered in any way. For example, if someone changes the information in your medical
records, it could have serious consequences. We can protect the integrity of information by using
digital signatures, checksums, and other verification methods.
3.Availability: Availability means ensuring that information is accessible to authorized users when
they need it. This is important because if information is not available, we cannot use it to make
important decisions. For example, if a website goes down, we cannot access the information we
need. We can protect the availability of information by using redundancy, backups, and other
disaster recovery methods.
Security concepts and principles
•In addition to these three fundamental aspects, there are other important
security concepts and principles, such as:
4.Access control: Access control means controlling who can access information and
what they can do with it. For example, we can restrict access to certain folders or
files so that only authorized people can access them.
5.Authentication: Authentication means verifying the identity of someone who wants
to access information. For example, when you log into your email account, you need
to enter a username and password to prove that you are who you say you are.
6.Non-repudiation: Non-repudiation means ensuring that the sender of information
cannot deny that they sent it. For example, if you send an email, you cannot later
deny that you sent it.
Overall, security concepts and principles are essential for protecting our
information from harm. By understanding these concepts, we can take steps
to keep our information safe and secure.
•In addition to these three fundamental aspects, there are other important
security concepts and principles, such as:
4.Access control: Access control means controlling who can access information and
what they can do with it. For example, we can restrict access to certain folders or
files so that only authorized people can access them.
5.Authentication: Authentication means verifying the identity of someone who wants
to access information. For example, when you log into your email account, you need
to enter a username and password to prove that you are who you say you are.
6.Non-repudiation: Non-repudiation means ensuring that the sender of information
cannot deny that they sent it. For example, if you send an email, you cannot later
deny that you sent it.
Overall, security concepts and principles are essential for protecting our
information from harm. By understanding these concepts, we can take steps
to keep our information safe and secure.
Confidentiality
•Confidentiality is a security principle that ensures that information is kept
secret and only accessible to authorized individuals. Two examples of
confidentiality measures are:
1.Encryption: Encryption is a technique used to convert plain text into an unreadable
format known as ciphertext. This technique ensures that the information can only be
read by individuals who have the decryption key. Encryption is used to protect
sensitive information such as financial data, healthcare records, and personal
information.
2.Access controls: Access controls are security measures that limit access to
information based on predefined rules and permissions. This includes access controls
such as password protection, two-factor authentication, and role-based access
controls. Access controls ensure that only authorized individuals have access to
sensitive information, preventing unauthorized disclosure or leakage.
•Confidentiality is a security principle that ensures that information is kept
secret and only accessible to authorized individuals. Two examples of
confidentiality measures are:
1.Encryption: Encryption is a technique used to convert plain text into an unreadable
format known as ciphertext. This technique ensures that the information can only be
read by individuals who have the decryption key. Encryption is used to protect
sensitive information such as financial data, healthcare records, and personal
information.
2.Access controls: Access controls are security measures that limit access to
information based on predefined rules and permissions. This includes access controls
such as password protection, two-factor authentication, and role-based access
controls. Access controls ensure that only authorized individuals have access to
sensitive information, preventing unauthorized disclosure or leakage.
Integrity
•Integrity is a security principle that ensures the accuracy, completeness,
and consistency of information. Two examples of integrity measures are:
1.Hashing: Hashing is a technique used to generate a unique and fixed-length
code that represents a message or piece of data. Hashing ensures data
integrity by detecting any changes to the data. If even a small change is
made to the original data, the hash value will be different, indicating that
the data has been tampered with.
2.Digital signatures: Digital signatures are used to ensure that electronic
documents and transactions are authentic and have not been modified. A
digital signature is a mathematical code that is attached to a document or
transaction to verify the identity of the sender and ensure that the content
has not been altered since it was signed. This helps to ensure the integrity
of electronic documents, transactions, and communications.
•Integrity is a security principle that ensures the accuracy, completeness,
and consistency of information. Two examples of integrity measures are:
1.Hashing: Hashing is a technique used to generate a unique and fixed-length
code that represents a message or piece of data. Hashing ensures data
integrity by detecting any changes to the data. If even a small change is
made to the original data, the hash value will be different, indicating that
the data has been tampered with.
2.Digital signatures: Digital signatures are used to ensure that electronic
documents and transactions are authentic and have not been modified. A
digital signature is a mathematical code that is attached to a document or
transaction to verify the identity of the sender and ensure that the content
has not been altered since it was signed. This helps to ensure the integrity
of electronic documents, transactions, and communications.
Availability
•Availability is a security principle that ensures that information and
resources are accessible to authorized users when they need them. Two
examples of availability measures are:
1.Redundancy: Redundancy is a technique used to ensure availability by providing
backup systems or resources in case of a failure or outage. For example, a company
might have multiple servers hosting the same data so that if one server goes down,
the data can still be accessed from the other server. Redundancy helps to ensure that
critical resources are always available.
2.Disaster recovery: Disaster recovery is a plan for restoring critical systems and
resources after a disruption, such as a natural disaster, cyberattack, or equipment
failure. Disaster recovery plans typically include backup procedures, data recovery,
and other measures to ensure that critical systems can be restored as quickly as
possible. Disaster recovery helps to ensure that critical resources are available even
in the event of a major disruption.
•Availability is a security principle that ensures that information and
resources are accessible to authorized users when they need them. Two
examples of availability measures are:
1.Redundancy: Redundancy is a technique used to ensure availability by providing
backup systems or resources in case of a failure or outage. For example, a company
might have multiple servers hosting the same data so that if one server goes down,
the data can still be accessed from the other server. Redundancy helps to ensure that
critical resources are always available.
2.Disaster recovery: Disaster recovery is a plan for restoring critical systems and
resources after a disruption, such as a natural disaster, cyberattack, or equipment
failure. Disaster recovery plans typically include backup procedures, data recovery,
and other measures to ensure that critical systems can be restored as quickly as
possible. Disaster recovery helps to ensure that critical resources are available even
in the event of a major disruption.
Access control
•Access control is a security measure that is used to restrict access to
resources and information to authorized individuals only. Two
examples of access control are:
1.Passwords: Passwords are one of the most common and widely used access
control mechanisms. They are used to authenticate the identity of users and
grant access to authorized individuals only. Users are required to enter a
username and password to gain access to a system, network, or application.
2.Biometric authentication: Biometric authentication is a more advanced form
of access control that uses unique physical or behavioral characteristics, such
as fingerprints, facial recognition, or voice recognition, to identify and
authenticate individuals. Biometric authentication is more secure than
passwords because it is difficult to forge or steal biometric data, making it a
more reliable access control mechanism.
•Access control is a security measure that is used to restrict access to
resources and information to authorized individuals only. Two
examples of access control are:
1.Passwords: Passwords are one of the most common and widely used access
control mechanisms. They are used to authenticate the identity of users and
grant access to authorized individuals only. Users are required to enter a
username and password to gain access to a system, network, or application.
2.Biometric authentication: Biometric authentication is a more advanced form
of access control that uses unique physical or behavioral characteristics, such
as fingerprints, facial recognition, or voice recognition, to identify and
authenticate individuals. Biometric authentication is more secure than
passwords because it is difficult to forge or steal biometric data, making it a
more reliable access control mechanism.
Authentication
•Authentication is a security measure that verifies the identity of an
individual before granting access to resources or information. Two
examples of authentication measures are:
1.Passwords: Passwords are a widely used authentication mechanism. Users are
required to enter a unique username and password to gain access to a system or
resource. The password is compared to a stored value to verify the user's identity.
Passwords are a simple and effective way to authenticate users.
2.Biometric authentication: Biometric authentication uses unique physical or
behavioral characteristics, such as fingerprints, facial recognition, or voice
recognition, to identify and authenticate individuals. Biometric authentication is
more secure than passwords because it is difficult to forge or steal biometric data,
making it a more reliable authentication mechanism. Biometric authentication is
becoming increasingly popular for high-security applications.
•Authentication is a security measure that verifies the identity of an
individual before granting access to resources or information. Two
examples of authentication measures are:
1.Passwords: Passwords are a widely used authentication mechanism. Users are
required to enter a unique username and password to gain access to a system or
resource. The password is compared to a stored value to verify the user's identity.
Passwords are a simple and effective way to authenticate users.
2.Biometric authentication: Biometric authentication uses unique physical or
behavioral characteristics, such as fingerprints, facial recognition, or voice
recognition, to identify and authenticate individuals. Biometric authentication is
more secure than passwords because it is difficult to forge or steal biometric data,
making it a more reliable authentication mechanism. Biometric authentication is
becoming increasingly popular for high-security applications.
Non-repudiation
•Non-repudiation is a security principle that ensures that the sender of
a message or transaction cannot deny that they sent it. Two examples
of non-repudiation measures are:
1.Digital signatures: Digital signatures use cryptographic techniques to verify
the authenticity and integrity of a document or message. They provide non-
repudiation by ensuring that the sender cannot deny that they signed the
document or message. Digital signatures are commonly used for legal and
financial documents.
2.Timestamping: Timestamping is a technique used to prove that a message or
document existed at a certain point in time. It provides non-repudiation by
ensuring that the sender cannot deny that the message or document existed
at the time it was sent. Timestamping is commonly used for legal and financial
documents to prove that they existed at a certain point in time.
•Non-repudiation is a security principle that ensures that the sender of
a message or transaction cannot deny that they sent it. Two examples
of non-repudiation measures are:
1.Digital signatures: Digital signatures use cryptographic techniques to verify
the authenticity and integrity of a document or message. They provide non-
repudiation by ensuring that the sender cannot deny that they signed the
document or message. Digital signatures are commonly used for legal and
financial documents.
2.Timestamping: Timestamping is a technique used to prove that a message or
document existed at a certain point in time. It provides non-repudiation by
ensuring that the sender cannot deny that the message or document existed
at the time it was sent. Timestamping is commonly used for legal and financial
documents to prove that they existed at a certain point in time.
Website Vulnerabilities
Website Vulnerabilities
•Websites are vulnerable to various types of attacks that can compromise the security and integrity of the website, its users,
and the data stored on it. Here are some common types of attacks that can occur on a website:
•Cross-site scripting (XSS) attack
•SQL injection (SQLi) attack
•Distributed denial-of-service (DDoS) attack
•Brute force attack
•Malware attack
•Man-in-the-middle (MitM) attack
•Clickjacking attack
•Session hijacking attack
•Cross-site request forgery (CSRF) attack
•Pharming attack
•Websites are vulnerable to various types of attacks that can compromise the security and integrity of the website, its users,
and the data stored on it. Here are some common types of attacks that can occur on a website:
•Cross-site scripting (XSS) attack
•SQL injection (SQLi) attack
•Distributed denial-of-service (DDoS) attack
•Brute force attack
•Malware attack
•Man-in-the-middle (MitM) attack
•Clickjacking attack
•Session hijacking attack
•Cross-site request forgery (CSRF) attack
•Pharming attack
Cross-site scripting
(XSS) attack
•An XSS attack occurs when an attacker
injects malicious code into a website
that can be executed by a user's web
browser. This code can steal sensitive
information such as login credentials,
credit card numbers, and other
personal data.
(XSS) attack
•An XSS attack occurs when an attacker
injects malicious code into a website
that can be executed by a user's web
browser. This code can steal sensitive
information such as login credentials,
credit card numbers, and other
personal data.
SQL injection (SQLi) attack
•An SQLi attack occurs when an attacker
injects malicious SQL code into a
website's database, allowing them to
steal or modify data stored on the
server
•An SQLi attack occurs when an attacker
injects malicious SQL code into a
website's database, allowing them to
steal or modify data stored on the
server
Distributed denial-of-service (DDoS) attack
•A DDoS attack is a type of cyberattack
where a large number of compromised
computers flood a website with traffic,
rendering it inaccessible to legitimate
users.
•A DDoS attack is a type of cyberattack
where a large number of compromised
computers flood a website with traffic,
rendering it inaccessible to legitimate
users.
Brute force attack
•A brute force attack is a trial-and-error
method used by attackers to guess
usernames and passwords. Attackers
use automated tools to generate a large
number of guesses until they find the
correct login credentials.
•A brute force attack is a trial-and-error
method used by attackers to guess
usernames and passwords. Attackers
use automated tools to generate a large
number of guesses until they find the
correct login credentials.
Malware attack
•A malware attack occurs when an
attacker injects malicious code onto a
website, which can infect users' devices
and steal sensitive information.
•A malware attack occurs when an
attacker injects malicious code onto a
website, which can infect users' devices
and steal sensitive information.
Man-in-the-middle (MitM) attack
•A MitM attack occurs when an attacker
intercepts communication between
two parties, allowing them to steal
sensitive information such as login
credentials, credit card numbers, and
other personal data.
•A MitM attack occurs when an attacker
intercepts communication between
two parties, allowing them to steal
sensitive information such as login
credentials, credit card numbers, and
other personal data.
Clickjacking attack
•A clickjacking attack occurs when an
attacker tricks a user into clicking on a
malicious link disguised as a legitimate
website or button. This can lead to the
installation of malware or the theft of
personal information.
•A clickjacking attack occurs when an
attacker tricks a user into clicking on a
malicious link disguised as a legitimate
website or button. This can lead to the
installation of malware or the theft of
personal information.
Session hijacking attack
•A session hijacking attack occurs when
an attacker gains unauthorized access
to a user's session ID, allowing them to
impersonate the user and perform
malicious actions on their behalf.
•A session hijacking attack occurs when
an attacker gains unauthorized access
to a user's session ID, allowing them to
impersonate the user and perform
malicious actions on their behalf.
Cross-site request forgery (CSRF) attack
•A CSRF attack occurs when an attacker
tricks a user into performing an action
on a website without their knowledge
or consent. This can lead to
unauthorized transactions or data
theft.
•A CSRF attack occurs when an attacker
tricks a user into performing an action
on a website without their knowledge
or consent. This can lead to
unauthorized transactions or data
theft.
Pharming attack
•A pharming attack occurs when an
attacker redirects traffic from a
legitimate website to a fake website,
allowing them to steal sensitive
information such as login credentials,
credit card numbers, and other
personal data.
•A pharming attack occurs when an
attacker redirects traffic from a
legitimate website to a fake website,
allowing them to steal sensitive
information such as login credentials,
credit card numbers, and other
personal data.
Website Protection
•Website owners can protect their
website by implementing security
measures such as SSL certificates,
firewalls, and content security policies.
They should also regularly update their
software, plugins, and themes to
prevent known vulnerabilities from
being exploited.
•Website owners can protect their
website by implementing security
measures such as SSL certificates,
firewalls, and content security policies.
They should also regularly update their
software, plugins, and themes to
prevent known vulnerabilities from
being exploited.
Categories
GeneralDownload
Download Slideshow Get the original presentation fileQuick Actions
Statistics
- Views 12
- Slides 64
- Age 420 days
Related Slideshows
22
Pray For The Peace Of Jerusalem and You Will Prosper
RodolfoMoralesMarcuc
30 views
26
Don_t_Waste_Your_Life_God.....powerpoint
chalobrido8
32 views
31
VILLASUR_FACTORS_TO_CONSIDER_IN_PLATING_SALAD_10-13.pdf
JaiJai148317
30 views
14
Fertility awareness methods for women in the society
Isaiah47
29 views
35
Chapter 5 Arithmetic Functions Computer Organisation and Architecture
RitikSharma297999
26 views
5
syakira bhasa inggris (1) (1).pptx.......
ourcommunity56
28 views