Glance of Information Technology
14
-
Upload
safe-decision -
Category
Technology
-
view
46 -
download
1
Transcript of Glance of Information Technology
WHAT IS INFORMATION SECURITY ?
Information security is defined as protecting information and informationsystems from unauthorised access, use, disclosure, disruption,modification, or destruction.
THE CORNERSTONE CONCEPT OF INFORMATIONSECURITY
* CONFIDENTIALITY,* INTEGRITY* AVAILABILITY KNOWN AS THE CIA
Confidentiality, integrity, and availability work togetherto provide assurance that data and systems remainsecure. Do not assume that one part of the triad is moreimportant than another.
CIA TRIAD
THE CORNERSTONE CONCEPT OF INFORMATIONSECURITY
CONFIDENTIALITY
Confidentiality prevents the unauthorised disclosure of information, it keepsdata secret. In other words, confidentiality prevents unauthorised readaccess to data.
Confidentiality can be compromised by - Tthe loss of a laptop containing data. - A person looking over our shoulder while we type a password. - An E-mail attachment being sent to the wrong person.
Example:
INTEGRITY
It prevents unauthorised modification of information. In other words, integrity it preventsunauthorised write access to data.
THERE ARE TWO TYPES OF INTEGRITY
* Data Integrity :It protects information against unauthorisedmodification
* System Integrity: It protects a system, such as a Windows 2008 serveroperating system, from unauthorised modification
If an unethical student compromises a college grade database to raisehis failing grades, he has violated the data integrity. If he installsmalicious software on the system to allow future backdoor access, hehas violated the system integrity.
Example
AVAILABILITY
ensures that information is available when needed. Systems need to beusable (available) for normal business use.
Example
attack on availability would be a denial of service (DoS) attack, whichseeks to deny service (or availability) of a system
BALANCED SECURITY
confidentiality
integrityavailability
BALANCED SECURITY
It is commonly onlythrough the lens of
keeping secrets secret
The integrity and availability threatscan be overlooked and only dealt withafter they are properly compromised.
BALANCED SECURITY
Some assets have a critical confidentiality requirement (company tradesecrets), some have critical integrity requirements (financial transactionvalues), and some have critical availability requirements (E-commerce webservers).
Many people understand the concepts of the CIA triad, but may not fullyappreciate the complexity of implementing the necessary controls to provideall the protection with these concepts cover.
THE CORNERSTONE CONCEPT OF INFORMATIONSECURITY
1- CONFIDENTIALITY
2- INTEGRITY
3- AVAILABILITY
The following provides a short list of some of these controls and how theymap to the components of the CIA triad:
CONFIDENTIALITY
• Encryption for data at rest (whole disk, database encryption)
• Encryption for data in transit (IPSec, SSL, PPTP, SSH)
• Access control (physical and technical)
INTEGRITY
Hashing (data integrity)Configuration management (system integrity) Change control (process integrity) Access control (physical and technical) Software digital signing
AVAILABILITY
• Redundant array of inexpensive disks (RAID)• Clustering• Load balancing• Redundant data and power lines• Software and data backups• Disk shadowing• Co-location and off-site facilitie
