Introduction to

Information
Security
INF 203
Content

• Course content
• What is Information security?
• CIA Security Triad
• Attacks
• Threats, vulnerabilities, and risk
Course description
Discover the core principles and practices of Information
Security in this comprehensive course. Gain insights into
cybersecurity threats, learn to design secure systems, and
understand network security essentials. Delve into
cryptography, security policies, and incident response
strategies. This course combines theory with hands-on
exercises, making it ideal for IT professionals and those looking
to bolster their security knowledge. Enroll now to navigate the
digital landscape with confidence and safeguard valuable
information
Instructors:

1. Gulsim Rysbayeva Doctor PhD [email protected]

Lecture
2. Alfarabi Serik MSc [email protected]
Practice
3. Azamat Amangeldiyev MSc [email protected]
Lecture
3. Shakhnazar-Sultan BSc [email protected]
Manbay Practice
4. Farikha Nauruzbayeva BSc [email protected]
Practice
 Grading policy

3 - 15 1 - 40
Quiz Final exam

Assignments Midterm Bonus

4 - 25 1 - 20 1-5
Semester plan
• Introduction to Information Security
• Ethical Hacking Fundamental
• Information Security Threats and
Vulnerabilities
• Cryptography and Steganography
• Cyber Reconnaissance
• Authentication, authorization, and accounting
(AAA)
• Incident Response and Management
• Social Engineering Techniques and
Countermeasures
• Ethical Hacking and Penetration Testing
• Web Application Vulnerabilities
• Network Attacks and Security
• Network Traffic Monitoring
• Information Security Risk Management
What is security?
“Security is freedom from, or resilience against
potential harm (or other unwanted coercive change)
caused by others”, Wikipedia.
 “The protection of information and
information systems from unauthorized
What is access, use, disclosure, disruption,
modification or distraction in order to
INFORMATION provide confidentiality, integrity, and
SECURITY? availability”
NIST (National Institute of Standards
Technology, USA)
A successful organization should have the following multiple layers of security in
place to protect its operations:

Personnel security, to
Physical security, to
protect the individual or Operations security, to
protect physical items,
group of individuals who protect the details of a
objects, or areas from
are authorized to access particular operation or
unauthorized access and
the organization and its series of activities
misuse
operations

Communications Information security, to

security, to protect protect the confidentiality,
communications media, integrity and availability of
technology, and content information assets, whether
Network security, to in storage, processing, or
protect networking transmission. It is achieved
components, via the application of policy,
education, training and
connections, and awareness, and technology.
contents
Components
of
Information
Security
We need to understand information
as an asset, which can be
categorised into three main types:

1. Pure information

For example, a social network dataset. A

data scientist within an organisation can
use this dataset to better understand
relationships between their users. For
example, the organization can work out
who the ‘influencers in a social group are
and pay them to advertise their service.
2. Physical assets

For example, computer

systems. Hardware is
expensive! An IBM
mainframe worth $1m in
2003 was still worth $75k
more than a decade and a
half later! Hardware
provides computation
resources to both store
and process your asset
(pure information).
 3. Software

This is used to process or

manage information. Software is
also expensive (for an example of
this, look at the current price of
Inventor Pro), and is also going
to read and process your
information!
We need a guarantee of its
integrity (ie no backdoors) and
that it can keep the information
confidential.
 Confidentiality

CIA triad
Availability

Integrity
Confidentiality is a concept
similar to, but not the same as,
privacy. Confidentiality is a
necessary component of privacy
and refers to our ability to protect
our data from those who are not
authorized to view it.
Confidentiality is a concept that
may be implemented at many
levels of a process.
Integrity refers to the ability to prevent our data from
being changed in an unauthorized or undesirable
manner. This could mean the unauthorized change
or deletion of our data or portions of our data, or it
could mean an authorized, but undesirable, change
or deletion of our data. To maintain integrity, we not
only need to have the means to prevent
unauthorized changes to our data but also need the
ability to reverse authorized changes that need to be
undone.
• Availability refers to the ability
to access our data when we
need it. Loss of availability can
refer to a wide variety of breaks
anywhere in the chain that
allows us access to our data.
Such issues can result from
power loss, operating system or
application problems, network
attacks, compromise of a
system, or other problems.
When such issues are caused
by an outside party, such as an
attacker, they are commonly
referred to as a denial of
service (DoS) attack.
 Confidentiality
Integrity
Availability
Accountability
Accuracy
the Authenticity
best-known Awareness
attributes of Completeness
security Consistency
Control
Democracy
Ethics
Legality
Defense Models
Attacks
•Attack: An intentional or
unintentional act that can
cause damage to or
otherwise compromise
information and/or the
systems that support it.
Types of attack payloads
Interception
• Interception attacks allow
unauthorized users to access our data,
applications, or environments, and are
primarily an attack against
confidentiality. Interception might
take the form of unauthorized file
viewing or copying, eavesdropping on
phone conversations, or reading
e-mail, and can be conducted against
data at rest or in motion. Properly
executed, interception attacks can be
very difficult to detect.
Interruption
•Interruption attacks cause our assets
to become unusable or unavailable for
our use, on a temporary or permanent
basis. Interruption attacks often affect
availability but can be an attack on
integrity as well. In the case of a DoS
attack on a mail server, we would
classify this as an availability attack. In
the case of an attacker manipulating
the processes on which a database
runs in order to prevent access to the
data it contains, we might consider
this an integrity attack, due to the
possible loss or corruption of data, or
we might consider it a combination of
the two. We might also consider such
a database attack to be a modification
attack rather than an interruption
attack.
Modification
•Modification attacks involve
tampering with our asset. Such
attacks might primarily be considered
an integrity attack but could also
represent an availability attack. If we
access a file in an unauthorized
manner and alter the data it contains,
we have affected the integrity of the
data contained in the file. However, if
we consider the case where the file in
question is a configuration file that
manages how a particular service
behaves, perhaps one that is acting as
a Web server, we might affect the
availability of that service by changing
the contents of the file. If we continue
with this concept and say the
configuration we altered in the file for
our Web server is one that alters how
the server deals with encrypted
connections, we could even make this
a confidentiality attack.
Fabrication
•Fabrication attacks involve generating
data, processes, communications, or
other similar activities with a system.
Fabrication attacks primarily affect
integrity but could be considered an
availability attack as well. If we
generate spurious information in a
database, this would be considered to
be a fabrication attack. We could also
generate e-mail, which is commonly
called spoofing. This can be used as a
method for propagating malware,
such as we might find being used to
spread a worm. In the sense of an
availability attack, if we generate
enough additional processes, network
traffic, e-mail, Web traffic, or nearly
anything else that consumes
resources, we can potentially render
the service that handles such traffic
unavailable to legitimate users of the
system.
Threats, vulnerabilities, and risk
Threats When we spoke of the types of attacks we might encounter, we discussed some of the things that have the
potential to cause harm to our assets. Ultimately, this is what a threat is—something that has the potential to cause us
harm. Threats tend to be specific to certain environments, particularly in the world of information security. For
example, although a virus might pose a threat to a Windows operating system, the same virus will be unlikely to have
any effect on a Linux operating system.

Vulnerabilities Vulnerabilities are weaknesses that can be used to harm us. In essence, they are holes that can be
exploited by threats in order to cause us harm. A vulnerability might be a specific operating system or application that
we are running, a physical location where we have chosen to place our office building, a data center that is populated
over the capacity of its air-conditioning system, a lack of backup generators, or other factors.

Risk Risk is the likelihood that something bad will happen. In order for us to have a risk in a particular environment, we
need to have both a threat and a vulnerability that the specific threat can exploit. For example, if we have a structure
that is made from wood and we set it on fire, we have both a threat (the fire) and a vulnerability that matches it (the
wood structure). In this case, we most definitely have a risk.