Introduction to Information Security PDF
Document Details
Tags
Summary
This document provides an introduction to information security, covering course content, course description and fundamental concepts. It discusses various aspects of security, including the CIA triad (Confidentiality, Integrity, Availability), and potential attacks.
Full Transcript
Introduction to Information Security INF 203 Content Course content What is Information security? CIA Security Triad Attacks Threats, vulnerabilities, and risk Course description Discover the core principles and practices of Information Security in this comprehensive course. Gain insigh...
Introduction to Information Security INF 203 Content Course content What is Information security? CIA Security Triad Attacks Threats, vulnerabilities, and risk Course description Discover the core principles and practices of Information Security in this comprehensive course. Gain insights into cybersecurity threats, learn to design secure systems, and understand network security essentials. Delve into cryptography, security policies, and incident response strategies. This course combines theory with hands-on exercises, making it ideal for IT professionals and those looking to bolster their security knowledge. Enroll now to navigate the digital landscape with confidence and safeguard valuable information What is security? “Security is freedom from, or resilience against potential harm (or other unwanted coercive change) caused by others”, Wikipedia. “The protection of information and information systems from unauthorized What is access, use, disclosure, disruption, INFORMATIO modification or distraction in order to N provide confidentiality, integrity, and availability” SECURITY? NIST (National Institute of Standards Technology, USA) A successful organization should have the following multiple layers of security in place to protect its operations: Personnel Physical security, security, to protect Operations to protect physical the individual or security, to protect items, objects, or group of individuals the details of a areas from who are authorized particular operation unauthorized access to access the or series of activities and misuse organization and its operations Information security, Communications to protect the security, to protect confidentiality, communications integrity and media, technology, availability of and content information assets, whether in storage, Network security, processing, or to protect transmission. It is networking achieved via the components, application of policy, connections, and education, training and contents awareness, and technology. Compone nts of Informatio n Security We need to understand information as an asset, which can be categorised into three main types: 1. Pure information For example, a social network dataset. A data scientist within an organisation can use this dataset to better understand relationships between their users. For example, the organization can work out who the ‘influencers in a social group are and pay them to advertise their service. Physical 2. assets For example, computer systems. Hardware is expensive! An IBM mainframe worth $1m in 2003 was still worth $75k more than a decade and a half later! Hardware provides computation resources to both store and process your asset (pure information). 3. Software This is used to process or manage information. Software is also expensive (for an example of this, look at the current price of Inventor Pro), and is also going to read and process your information! We need a guarantee of its integrity (ie no backdoors) and that it can keep the information confidential. Confidentia CIA triad lity Availability Integrity Confidentiality is a concept similar to, but not the same as, privacy. Confidentiality is a necessary component of privacy and refers to our ability to protect our data from those who are not authorized to view it. Confidentiality is a concept that may be implemented at many levels of a process. Integrity refers to the ability to prevent our data from being changed in an unauthorized or undesirable manner. This could mean the unauthorized change or deletion of our data or portions of our data, or it could mean an authorized, but undesirable, change or deletion of our data. To maintain integrity, we not only need to have the means to prevent unauthorized changes to our data but also need the ability to reverse authorized changes that need to be undone. Availability refers to the ability to access our data when we need it. Loss of availability can refer to a wide variety of breaks anywhere in the chain that allows us access to our data. Such issues can result from power loss, operating system or application problems, network attacks, compromise of a system, or other problems. When such issues are caused by an outside party, such as an attacker, they are commonly referred to as a denial of service (DoS) attack. Confidentiality Integrity Availability Accountability Accuracy the best- Authenticity known Awareness attributes of Completeness security Consistency Control Democracy Ethics Legality Defense Models Attacks Attack: An intentional or unintentional act that can cause damage to or otherwise compromise information and/or the systems that support it. Types of attack payloads Interception Interruption Modification Fabrication Interception attacks allow Interruption attacks cause our Modification attacks involve Fabrication attacks involve unauthorized users to access assets to become unusable or tampering with our asset. generating data, processes, our data, applications, or unavailable for our use, on a Such attacks might primarily communications, or other environments, and are temporary or permanent be considered an integrity similar activities with a primarily an attack against basis. Interruption attacks attack but could also system. Fabrication attacks confidentiality. Interception often affect availability but represent an availability primarily affect integrity but might take the form of can be an attack on integrity attack. If we access a file in an could be considered an unauthorized file viewing or as well. In the case of a DoS unauthorized manner and availability attack as well. If copying, eavesdropping on attack on a mail server, we alter the data it contains, we we generate spurious phone conversations, or would classify this as an have affected the integrity of information in a database, this reading e-mail, and can be availability attack. In the case the data contained in the file. would be considered to be a conducted against data at rest of an attacker manipulating However, if we consider the fabrication attack. We could or in motion. Properly the processes on which a case where the file in question also generate e-mail, which is executed, interception attacks database runs in order to is a configuration file that commonly called spoofing. can be very difficult to detect. prevent access to the data it manages how a particular This can be used as a method contains, we might consider service behaves, perhaps one for propagating malware, such this an integrity attack, due to that is acting as a Web server, as we might find being used to the possible loss or corruption we might affect the availability spread a worm. In the sense of of data, or we might consider of that service by changing an availability attack, if we it a combination of the two. the contents of the file. If we generate enough additional We might also consider such a continue with this concept and processes, network traffic, e- database attack to be a say the configuration we mail, Web traffic, or nearly modification attack rather altered in the file for our Web anything else that consumes than an interruption attack. server is one that alters how resources, we can potentially the server deals with render the service that encrypted connections, we handles such traffic could even make this a unavailable to legitimate users confidentiality attack. of the system. Threats, vulnerabilities, and risk Threats When we spoke of the types of attacks we might encounter, we discussed some of the things that have the potential to cause harm to our assets. Ultimately, this is what a threat is— something that has the potential to cause us harm. Threats tend to be specific to certain environments, particularly in the world of information security. For example, although a virus might pose a threat to a Windows operating system, the same virus will be unlikely to have any effect on a Linux operating system. Vulnerabilities Vulnerabilities are weaknesses that can be used to harm us. In essence, they are holes that can be exploited by threats in order to cause us harm. A vulnerability might be a specific operating system or application that we are running, a physical location where we have chosen to place our office building, a data center that is populated over the capacity of its air-conditioning system, a lack of backup generators, or other factors. Risk Risk is the likelihood that something bad will happen. In order for us to have a risk in a particular environment, we need to have both a threat and a vulnerability that the specific threat can exploit. For example, if we have a structure that is made from wood and we set it on fire, we have both a threat (the fire) and a vulnerability that matches it (the wood structure). In this case, we most definitely have a risk.
