Introduction to

Information Security
Lecture-1
Engr. Asim Javaid
 1 2 3
Objectives Define information
security and its
significance in
Trace the historical
evolution of
information security.
Introduce
fundamental
concepts:
modern contexts. Confidentiality,
Integrity, Availability
(CIA)
 Definition and
Importance of Explanation of information security as a discipline.
Information Significance in protecting assets, data, and systems.
Security

Historical Overview of the historical development of

Outline Context and

Evolution
information security.
Milestones, key events, and paradigm shifts.

Basic Concepts: In-depth exploration of the CIA triad.

Confidentiality,
Integrity, Understanding how confidentiality, integrity, and
Availability availability form the foundation of information
(CIA) security.
 Information Security

“Information security is the preservation of

confidentiality, integrity, and availability of
information. This involves maintaining
appropriate confidentiality, integrity, and
availability of information by implementing a set
of controls.“

International Organization for Standardization

(ISO) in its ISO/IEC 27001:2013 standard
Importance of Information Security
• Protection of Assets:
• Information security safeguards valuable assets, including sensitive data,
intellectual property, financial records, and more, from unauthorized
access or theft.
• Trust and Reputation:
• Maintaining strong information security practices helps build trust among
customers, clients, and stakeholders, preserving an organization's
reputation and credibility.
• Compliance and Legal Requirements:
• Many industries have regulations and legal requirements regarding the
protection of sensitive information. Information security ensures
compliance with these standards.
• Business Continuity:
• Information security measures contribute to ensuring the uninterrupted
flow of operations by preventing disruptions caused by cyberattacks,
malware, or system failures.
Recent Security Breaches
SolarWinds Supply
Chain Attack (2020)

In late 2020, it was discovered that

malicious actors compromised SolarWinds'
Orion software updates. This led to the
infiltration of numerous government
agencies and companies, including federal
agencies in the United States. Attackers
gained unauthorized access to networks by
exploiting the compromised software
updates.
Colonial Pipeline
Ransomware Attack (2021)

In May 2021, Colonial Pipeline, a major fuel pipeline

operator in the U.S., suffered a ransomware attack.
The attackers encrypted the company's systems,
disrupting fuel supply to the East Coast. Colonial
Pipeline paid a ransom of around $4.4 million to
regain access to its systems.
Facebook/Cambridge
Analytica Data Scandal
(2018)

Although not a typical cyber breach, it

involved the unauthorized harvesting of
millions of Facebook users' personal
data by Cambridge Analytica. The data
was used for targeted political
advertising during the U.S. presidential
election in 2016.
Equifax Data Breach (2017)

Equifax, one of the largest credit reporting agencies,

experienced a massive data breach that exposed
sensitive personal information of approximately 147
million individuals. The breach included names, Social
Security numbers, birth dates, and other sensitive data.
Case Study: Target Data Breach (2013)
• In late 2013, Target, a major retail corporation in the
United States, experienced one of the most significant
data breaches in history. Hackers gained access to
Target's network through a third-party HVAC vendor's
credentials, compromising the company's payment
card data and personal information of approximately
40 million customers.
Historical Context and Evolution
of Information Security
 Pre-Computer Era
Ancient Methods
• Information protection traces
back to ancient times when
encryption techniques such as
the Caesar cipher (substitution
cipher) were used to encode
sensitive messages.
Military and Diplomatic Use
• Encryption played a crucial role
in military and diplomatic
communications throughout
history, including during wars
and political negotiations.
 The Computer Age

1970s
Birth of Modern Computing
•With the emergence of computers, the need for securing data increased.
IBM's creation of the Data Encryption Standard (DES) in the 1970s was a
significant milestone in cryptography, though it was later replaced due to
its vulnerabilities

Rise of Hackers
•The 1980s saw the rise of computer hackers exploring system
vulnerabilities and weaknesses. This era gave birth to both ethical
hacking (white hat hackers) and malicious hacking activities

1980s
 1990s - Internet Expansion and Security Challenges

• The widespread adoption of the internet introduced

new security challenges. The 1990s witnessed rapid
Internet Boom growth in internet usage, leading to an increased focus
on securing online transactions and communications.

• Cryptographic protocols like SSL (Secure Sockets Layer)

Development of and later TLS (Transport Layer Security) were introduced
to secure online communications, particularly in e-
Security Protocols commerce and online banking.
 Early 2000s - Paradigm Shifts
Focus on Compliance
• Regulatory compliance became a
major driver for information security
practices. Regulations like HIPAA,
Sarbanes-Oxley (SOX), and GDPR
(General Data Protection
Regulation) compelled organizations
to prioritize data protection and
privacy.
Rise of Cyber Threats
• The early 2000s witnessed a surge in
cyber threats, including viruses,
worms, and distributed denial-of-
service (DDoS) attacks, necessitating
more sophisticated security
measures.
 Recent Trends
Cloud Computing and Mobile Security
• The advent of cloud computing and
the proliferation of mobile devices
introduced new security challenges,
prompting the development of
specialized security solutions for
these platforms.
AI and Machine Learning in Security
• Leveraging artificial intelligence (AI)
and machine learning for threat
detection and mitigation has
become a prominent trend to
combat evolving cyber threats.
Confidentiality,
Integrity, and
Availability
(CIA) Triad
One of the most important models
which is designed to guide policies for
information security within an
organization.
Confidentiality
• Definition
• Confidentiality refers to the assurance that information is
accessible only to those authorized to access it and is protected
against unauthorized access or disclosure.

• Methods
• Encryption, access controls, authentication mechanisms, and data
classification are among the methods used to enforce
confidentiality.

• Importance
• Protecting sensitive information such as personal data, trade
secrets, and financial records from unauthorized access or
disclosure is crucial for maintaining confidentiality.
Confidentiality
• Challenges
• Balancing confidentiality measures with usability is
critical. Strong encryption might hinder data
accessibility or system performance.

• Examples:
• Personal identifiable information (PII), financial
records, trade secrets, and classified government
information require strict confidentiality measures
to prevent unauthorized access or leaks
Integrity
• Definition
• Integrity ensures that information remains accurate, unaltered,
and reliable throughout its lifecycle.

• Methods
• Hash functions, digital signatures, checksums, and access controls
contribute to maintaining data integrity.

• Importance
• Guaranteeing that data is trustworthy and has not been tampered
with or modified in an unauthorized manner is essential for
making informed decisions and maintaining credibility.

This Photo by Unknown Author is licensed under CC BY

Integrity
• Challenges
• Ensuring integrity across data transfer and storage
without affecting performance is a challenge.
Verifying data authenticity without slowing down
processes is crucial.
• Examples
• Medical records, financial transactions, legal
documents, and critical system files require high
integrity to ensure accuracy and reliability.

This Photo by Unknown Author is licensed under CC BY

Availability
• Definition
• Availability refers to ensuring that information and systems are
accessible and usable when needed by authorized users.

• Methods
• Redundancy, disaster recovery plans, fault-tolerant systems, and
proper maintenance contribute to maintaining availability.

• Importance
• Uninterrupted access to information and systems is critical for
business continuity, productivity, and preventing disruptions
caused by cyber incidents or technical failures.
Availability
• Challenges
• Achieving high availability while defending against
various threats like DDoS attacks or system failures
requires a well-planned strategy.

• Examples
• E-commerce websites, critical infrastructure
systems, and online services rely on high
availability to serve users without interruptions.
Interrelationship and Trade-offs within the CIA
Triad
• Balancing Act
• Organizations must strike a balance between
confidentiality, integrity, and availability.
• Enhancing one aspect might sometimes affect the others.
• For instance, implementing robust encryption
(confidentiality) might slightly impact system performance
(availability).

• Overlap and Dependencies

• The principles of the CIA triad are interdependent.
• Maintaining data integrity often relies on secure storage
(confidentiality) and reliable access controls (availability).
Real-world Application
• E-banking Services

• Confidentiality: Encryption protects users' login

credentials and financial transactions.

• Integrity: Ensuring that transferred funds remain

accurate and unaltered throughout the process.

• Availability: Providing continuous access to banking

services without disruptions.
Homework
• Readings on current information security trends.
• Prepare a brief reflection on the importance of
confidentiality, integrity, and availability in a specific
industry.
Thanks
The End