Documente Academic
Documente Profesional
Documente Cultură
V.aijazahmed@maju.edu.pk
1
27-Sep-19
Course Objective
2
27-Sep-19
3
27-Sep-19
Information Security
4
27-Sep-19
Security Goals
• The CIA triad has become the de facto standard model for keeping
your organization secure.
Integrity
Assurance that data received is as sent by an authorized entity. A
loss of integrity is the unauthorized modification or destruction of information
Availability
• The information created and stored by an organization needs to
be available to authorized entities. A loss of availability is the disruption of
access to or use of information or an information system.
5
27-Sep-19
6
27-Sep-19
Network Security
• Network security, a subset of Information security, aims to protect
any data (asset) that is being sent through devices in your network
to ensure that the information is not changed (integrity) or
intercepted (confidentiality) and reaches (availability) the
destination .
• The role of network security is to protect the organization’s IT
infrastructure from all types of cyber threats.
Conclusion: Information security doesn’t have a final goal, it’s a continuing process
7
27-Sep-19
Classifying Assets
• Reason to classify an asset is so that you can take specific action,
based on policy, with regard to assets in a given class.
8
27-Sep-19
Asset Classification
Not all assets have the same value. An organization must classify its assets
9
27-Sep-19
• Alice and Bob also want to make sure that the contents of Alice's message
have not been altered in transit.
10
27-Sep-19
Security Attacks
• Security attack: Any action that compromises the security of
information owned by an organization
• Passive Attacks
A Passive attack attempts to learn or make use of information from
the system but does not affect system resources. The goal of the
opponent is to obtain information is being transmitted.
11
27-Sep-19
12
27-Sep-19
13
27-Sep-19
14
27-Sep-19
15
27-Sep-19
16