Information Security: Confidentiality, Integrity, and Availability, Exams of Information Security and Markup Languages

Information security and it's techniques and policies in easy language

Typology: Exams

2017/2018

Uploaded on 09/22/2018

shilpa-jaswal
shilpa-jaswal 🇮🇳

1 document

1 / 6

Toggle sidebar

This page cannot be seen from the preview

Don't miss anything!

bg1
Submitted by: shilpa jaswal
1718445
Mca-3rd sem
Assignmen
t-1
(Information
security)
Submitted to: Sourbh joshi
pf3
pf4
pf5

Partial preview of the text

Download Information Security: Confidentiality, Integrity, and Availability and more Exams Information Security and Markup Languages in PDF only on Docsity!

Submitted by: shilpa jaswal

Mca-3rd^ sem

Assignmen

t-

(Information

security)

Submitted to: Sourbh joshi

Abstract:

Computer security is important factor for each user and any organization. To secure the data from unauthorized users, attacks, threats, and viruses. So we do each working in a fixed manner and secured forms. We can also use different techniques (like encryption, decryption, backup, and networking).

Introduction:

The protection afforded to an automated information system in order to attain the applicable objectives of preserving the resources.

This definition introduces three key objectives:

  1. Confidentiality: Preserving authorized restriction on information access and disclosure, including means for protecting privacy and proprietary information. A loss of confidentiality is the unauthorized disclosure of information.
  2. Integrity: Guarding against improper information modification or destruction, including ensuring information non repudiation and authenticity. A loss of integrity is the unauthorized modification and destruction of information.
  3. Availability: Ensuring timely and reliable access to and use of information. A loss of availability is the disruption of access to or use of information or an information system.

Techniques:

  1. Data, Time and Money Obvious: deletion/modification of data

Slowly modifying data so that breach is not discovered right away

Using Service providers software provides flexibility than by standard browsers. However it is a golden opportunity for an attacker with the knowledge of how that software works.

  1. Confidentiality:

Needs: Data protected from local disk failure

Sharing of files

Centralized administration and backup

Use of diskless workstations

Adding Security:

Passwords, cryptography, access control lists, capabilities

Physical security (Key servers etc)

Secure Backup

Prevent what you cannot detect and detect what you cannot prevent

  1. Security of the backup itself
  2. Backup over a network
    • Cryptographic encryption
    • Key servers
  3. Incremental Backup
  4. Deleting Backups

Secure Communication

  1. (^) Cryptography
    • Encryption/decryption
    • Key management
    • Session key protocols
  2. Public Key Infrastructures
    • Certification
    • Digital Signatures

Policies:

  1. Permission policy: it is a medium restriction policy where we as the administrator block just some well known ports of malware regarding internet access and just some exploits are taken as consideration.
  2. Prudent policy: this is high restriction policy where everything is blocked regarding the internet access, just a small list of websites are allowed, and now the extra services are allowed in computers to be installed and logs are maintained for every user.
  3. Acceptance user policy: this policy regulates the behavior of the users towards a system or network or even a webpage, so it is explicitly said what a user can do or cannot in a system. Like are they allowed to share access codes, can the share resources, etc.
  4. User account policy: this policy defines what a user should do in order to have or maintain another user in specific system.
  5. Information protection policy: this policy is to regulate access to information, hot to process information, how to store and how it should e transferred.
  6. Remote access policy: this policy is mainly for the big companies where the user and there branches are outside there headquarters. It tells what should the user access, when they can work and on which software like SSH, VPN, RDP.
  7. Firewall management policy: this policy has explicitly to do with its management, which ports should be blocked, what updates should be taken, how to make changes in firewall, how should be the logs be kept.
  8. Special access policy: this policy is intended to keep people under control and monitor the special privileges in their system and the purpose as to why they have it. These employees can be team leaders, managers, senior managers, system administrator, and such high designation based people.

Conclusion: