Information Security: Understanding Confidentiality, Integrity, and Availability, High school final essays of Computer science

An introduction to Information Security, covering the concepts of IT Security, the three pillars of Confidentiality, Integrity, and Availability, and various authentication models. It explains the importance of protecting information and information systems from unauthorized access, use, disclosure, modification, or destruction.

Typology: High school final essays

2020/2021

Uploaded on 07/23/2022

fani-khan
fani-khan 🇵🇰

1 document

1 / 17

Toggle sidebar

This page cannot be seen from the preview

Don't miss anything!

bg1
Course: Information security
Lecture 1st
BS computer Science Semester 8th
pf3
pf4
pf5
pf8
pf9
pfa
pfd
pfe
pff

Partial preview of the text

Download Information Security: Understanding Confidentiality, Integrity, and Availability and more High school final essays Computer science in PDF only on Docsity!

Course: Information security

Lecture 1st

BS computer Science Semester 8th

Information Security

  • (^) What is Information Security?
  • (^) Protecting Information and information systems from unauthorized access, use, disclosure, modification or destruction.
  • (^) Information refers to data, file whereas the information system may be a data server, data center, or any type of a device which processes information.
  • (^) So information security is all about protecting the information and the systems from unintended use which will bring harm or risk to the owner of the information.

What is Information Security?

  • (^) IT Security Functions
    • (^) Network Security: Routers, switches, firewalls, etc.
    • (^) System Security: Servers, data centers, computers, laptops, Operating systems.
    • (^) Database Security: For example Oracle, SQL server security.
    • (^) Mobile Security: Security of mobile devices, handheld devices.
  • (^) Information Security Functions
  • (^) They have a slightly different angle. They will cover:
  • (^) Governance: over the management of the security program.
  • (^) Policies and procedures: Training and awareness. Making sure that the entire organization is aware of the policies that have been set for information security.
  • (^) Risk Management: a very core function of information security. Involves identification and to address those risks.
  • (^) Performance Reviews: How is the information security management system performing.

What is Information Security?

  • (^) What is Cyber Security?
  • (^) Precautions taken to the guard against unauthorized access to data (in electronic form) or information systems connected to the internet.
  • (^) Focuses on prevention of crimes related to the internet.

What is Information Security?

  • (^) Confidentiality
  • (^) Confidentiality means keeping Information secret. Because Information has value and the owner of the information wants the information secret.
  • (^) The objective of the confidentiality is to ensure that private information remains private and that it can only be viewed or accessed by individuals who need that information in order to complete their job duties.
  • (^) For example Health records in a hospital have details of illnesses of patients and that data is completely confidential and should not go into the wrong hands. The information security team has to make sure that the data is protected and confidential.

What is Information Security?

  • (^) Integrity
  • (^) Integrity means keeping information in original form.
  • (^) Information can be changed by people with malicious intent which will bring advantage but will bring disadvantage to owner of the information.
  • (^) Integrity involves protection from unauthorized modifications (e.g., add, delete, or change) of data. The principle of integrity is designed to ensure that data can be trusted to be accurate and that it has not been inappropriately modified.

Authentication

  • (^) What is Authentication?
  • (^) Authentication is the process of identifying users that request access to a system, network, or device.
  • (^) Access control often determines user identity according to credentials like username and password.
  • (^) Other authentication technologies like biometrics and authentication apps are also used to authenticate user identity.
  • (^) Authentication is the binding of an identity to a subject.
  • (^) The external entity must provide information to enable the system to confirm its identity. This information comes from one (or more) of the following.
  • (^) 1. What the entity knows (such as passwords or secret information) 2. What the entity has (such as a badge or card)
  • (^) 3. What the entity is (such as fingerprints)
    1. Where the entity is (such as particular terminal)

Authentication models

• Models of Authentication

  • (^) Passwords
  • (^) Challenge Response
  • (^) Biometrics
  • (^) Location
  • (^) Multiple methods

Authentication Models

  • (^) Challenge Response
  • (^) Passwords have the fundamental problem that they are reusable. If an attacker sees a password, he can later replay the password. The system cannot distinguish between the attacker and the user, and allows access.
  • (^) An alternative is to authenticate in such a way that the password changes each time. Then, if an attacker replays a previously used password, the system will reject it.
  • (^) Let user U desire to authenticate himself to system S. Let U and S have an agreed-on secret function f. A challenge-response authentication system is one in which S sends a random message m (the challenge) to U, and U replies with the transformation r = f(m) (the response). S validates r by computing it.

Authentication Models

  • (^) Biometric Authentication
  • (^) Biometrics authentication is a security process that relies on the unique biological characteristics of an individual.
  • (^) Biometrics is the automated measurement of biological or behavioral features that identify a person. When a user is given an account, the system administration takes a set of measurements that identify that user to an acceptable degree of error.
  • (^) Whenever the user accesses the system, the biometric authentication mechanism verifies the identity. Common characteristics are fingerprints, voice characteristics, eyes, facial features.

Authentication Models

  • (^) Biometric Authentication Characteristics
  • (^) Eyes
  • (^) Authentication by eye characteristics uses the iris and the retina.
  • (^) Patterns within the iris are unique for each person.
  • (^) Iris scanners project a bright light towards the eye and search for unique patterns in the colored ring around the pupil of the eye.
  • (^) The patterns are then compared to approved information stored in a database.

Authentication Models

  • (^) Biometric Authentication Characteristics
  • (^) Faces
  • (^) matches the different face characteristics of an individual trying to gain access to an approved face stored in a database.
  • (^) Techniques for doing this include the use of neural networks and templates.
  • (^) The resulting image is then compared with the relevant image in the database.