DH-INT1472-CLC-Chapter 1 - Introduction To Information Security
DH-INT1472-CLC-Chapter 1 - Introduction To Information Security
INSTITUTE OF TECHNOLOGY
CHAPTER 1 – INTRODUCTION TO
INFORMATION SECURITY
REFERENCES
1. Hoàng Xuân Dậu, Bài giảng An toàn và bảo mật hệ thống thông
tin, Học viện Công nghệ BC-VT, 2021.
2. David Kim, Michael G. Solomon, Fundamentals of Information
Systems Security, Jones & Bartlettlearning, 2012.
3. Michael E. Whitman, Herbert J. Mattord, Principles of information
security, 4th edition, Course Technology, Cengage Learning,
2012.
4. Matt Bishop, Introduction to Computer Security, Prentice Hall,
2004.
5. William Stallings, Cryptography and Network Security: Principles
and Practice, Pearson, 2016.
6. Alfred J. Menezes, Paul C. van Oorschot and Scott A. Vanstone,
Handbook of Applied Cryptography, CRC Press, October 1996.
Page 2
COURSE LECTURE NOTES FUNDAMENTALS OF INFORMATION SECURITY
CHAPTER 1 – INTRODUCTION TO INFORMATION SECURITY
COURSE ASSESSMENT
❖ Mark components:
▪ Class attendant: 10%
▪ Midterm exam: 10%
▪ Minor project: 20%
▪ Final exam: 60%
Page 3
COURSE LECTURE NOTES FUNDAMENTALS OF INFORMATION SECURITY
CHAPTER 1 – INTRODUCTION TO INFORMATION SECURITY
COURSE TOPICS
Page 4
COURSE LECTURE NOTES FUNDAMENTALS OF INFORMATION SECURITY
CHAPTER 1 – INTRODUCTION TO INFORMATION SECURITY
Content of Chapter 1
Page 5
COURSE LECTURE NOTES FUNDAMENTALS OF INFORMATION SECURITY
CHAPTER 1 – INTRODUCTION TO INFORMATION SECURITY
Page 6
COURSE LECTURE NOTES FUNDAMENTALS OF INFORMATION SECURITY
CHAPTER 1 – INTRODUCTION TO INFORMATION SECURITY
Page 7
COURSE LECTURE NOTES FUNDAMENTALS OF INFORMATION SECURITY
CHAPTER 1 – INTRODUCTION TO INFORMATION SECURITY
Page 8
COURSE LECTURE NOTES FUNDAMENTALS OF INFORMATION SECURITY
CHAPTER 1 – INTRODUCTION TO INFORMATION SECURITY
Page 9
COURSE LECTURE NOTES FUNDAMENTALS OF INFORMATION SECURITY
CHAPTER 1 – INTRODUCTION TO INFORMATION SECURITY
Page 10
COURSE LECTURE NOTES FUNDAMENTALS OF INFORMATION SECURITY
CHAPTER 1 – INTRODUCTION TO INFORMATION SECURITY
❖ Smart
home
Page 11
COURSE LECTURE NOTES FUNDAMENTALS OF INFORMATION SECURITY
CHAPTER 1 – INTRODUCTION TO INFORMATION SECURITY
Page 12
COURSE LECTURE NOTES FUNDAMENTALS OF INFORMATION SECURITY
CHAPTER 1 – INTRODUCTION TO INFORMATION SECURITY
Page 13
COURSE LECTURE NOTES FUNDAMENTALS OF INFORMATION SECURITY
CHAPTER 1 – INTRODUCTION TO INFORMATION SECURITY
Page 14
COURSE LECTURE NOTES FUNDAMENTALS OF INFORMATION SECURITY
CHAPTER 1 – INTRODUCTION TO INFORMATION SECURITY
Page 15
COURSE LECTURE NOTES FUNDAMENTALS OF INFORMATION SECURITY
CHAPTER 1 – INTRODUCTION TO INFORMATION SECURITY
Connected
world with
many risks
and threats
Page 16
COURSE LECTURE NOTES FUNDAMENTALS OF INFORMATION SECURITY
CHAPTER 1 – INTRODUCTION TO INFORMATION SECURITY
Common
risks and
threats to the
security of
information
and systems
Page 17
COURSE LECTURE NOTES FUNDAMENTALS OF INFORMATION SECURITY
CHAPTER 1 – INTRODUCTION TO INFORMATION SECURITY
Page 18
COURSE LECTURE NOTES FUNDAMENTALS OF INFORMATION SECURITY
CHAPTER 1 – INTRODUCTION TO INFORMATION SECURITY
A model
of an
information
system
Page 19
COURSE LECTURE NOTES FUNDAMENTALS OF INFORMATION SECURITY
CHAPTER 1 – INTRODUCTION TO INFORMATION SECURITY
Page 20
COURSE LECTURE NOTES FUNDAMENTALS OF INFORMATION SECURITY
CHAPTER 1 – INTRODUCTION TO INFORMATION SECURITY
Tower
model of
information
systems:
Page 21
COURSE LECTURE NOTES FUNDAMENTALS OF INFORMATION SECURITY
CHAPTER 1 – INTRODUCTION TO INFORMATION SECURITY
Page 22
COURSE LECTURE NOTES FUNDAMENTALS OF INFORMATION SECURITY
CHAPTER 1 – INTRODUCTION TO INFORMATION SECURITY
Page 23
COURSE LECTURE NOTES FUNDAMENTALS OF INFORMATION SECURITY
CHAPTER 1 – INTRODUCTION TO INFORMATION SECURITY
Page 24
COURSE LECTURE NOTES FUNDAMENTALS OF INFORMATION SECURITY
CHAPTER 1 – INTRODUCTION TO INFORMATION SECURITY
Page 25
COURSE LECTURE NOTES FUNDAMENTALS OF INFORMATION SECURITY
CHAPTER 1 – INTRODUCTION TO INFORMATION SECURITY
Page 26
COURSE LECTURE NOTES FUNDAMENTALS OF INFORMATION SECURITY
CHAPTER 1 – INTRODUCTION TO INFORMATION SECURITY
4 components
of
information
security
Page 27
COURSE LECTURE NOTES FUNDAMENTALS OF INFORMATION SECURITY
CHAPTER 1 – INTRODUCTION TO INFORMATION SECURITY
Page 28
COURSE LECTURE NOTES FUNDAMENTALS OF INFORMATION SECURITY
CHAPTER 1 – INTRODUCTION TO INFORMATION SECURITY
❖ Network security:
▪ Firewalls, proxies for packet filtering
and access control;
▪ Virtual private network and information
transmission security techniques such
as SSL/TLS, PGP;
▪ Techniques and systems to detect and
prevent attacks and intrusions;
▪ Network monitoring.
Page 29
COURSE LECTURE NOTES FUNDAMENTALS OF INFORMATION SECURITY
CHAPTER 1 – INTRODUCTION TO INFORMATION SECURITY
❖ Management of information
security:
▪ Risk management
• Identification
• Evaluate
▪ Implement information security
management
• Plannning
• Execute the plan
• Monitor implementation results
• Implement controls.
Page 30
COURSE LECTURE NOTES FUNDAMENTALS OF INFORMATION SECURITY
CHAPTER 1 – INTRODUCTION TO INFORMATION SECURITY
Page 31
COURSE LECTURE NOTES FUNDAMENTALS OF INFORMATION SECURITY
CHAPTER 1 – INTRODUCTION TO INFORMATION SECURITY
❖ Information Systems
Security (ISS) is the
insurance of the security
requirements of information
systems, including:
▪ Confidentiality
▪ Integrity
▪ Availability
Page 32
COURSE LECTURE NOTES FUNDAMENTALS OF INFORMATION SECURITY
CHAPTER 1 – INTRODUCTION TO INFORMATION SECURITY
ISS model
Page 33
COURSE LECTURE NOTES FUNDAMENTALS OF INFORMATION SECURITY
CHAPTER 1 – INTRODUCTION TO INFORMATION SECURITY
Page 34
COURSE LECTURE NOTES FUNDAMENTALS OF INFORMATION SECURITY
CHAPTER 1 – INTRODUCTION TO INFORMATION SECURITY
Page 35
COURSE LECTURE NOTES FUNDAMENTALS OF INFORMATION SECURITY
CHAPTER 1 – INTRODUCTION TO INFORMATION SECURITY
Page 36
COURSE LECTURE NOTES FUNDAMENTALS OF INFORMATION SECURITY
CHAPTER 1 – INTRODUCTION TO INFORMATION SECURITY
Integrity
ensures that
information
can only be
modified by
authorized
users
Page 37
COURSE LECTURE NOTES FUNDAMENTALS OF INFORMATION SECURITY
CHAPTER 1 – INTRODUCTION TO INFORMATION SECURITY
Page 38
COURSE LECTURE NOTES FUNDAMENTALS OF INFORMATION SECURITY
CHAPTER 1 – INTRODUCTION TO INFORMATION SECURITY
Availability examples
Page 39
COURSE LECTURE NOTES FUNDAMENTALS OF INFORMATION SECURITY
CHAPTER 1 – INTRODUCTION TO INFORMATION SECURITY
Page 40
COURSE LECTURE NOTES FUNDAMENTALS OF INFORMATION SECURITY
CHAPTER 1 – INTRODUCTION TO INFORMATION SECURITY
Page 41
COURSE LECTURE NOTES FUNDAMENTALS OF INFORMATION SECURITY
CHAPTER 1 – INTRODUCTION TO INFORMATION SECURITY
Threats of IT infrastructure
Page 42
COURSE LECTURE NOTES FUNDAMENTALS OF INFORMATION SECURITY
CHAPTER 1 – INTRODUCTION TO INFORMATION SECURITY
Threats of IT infrastructure
Page 43
COURSE LECTURE NOTES FUNDAMENTALS OF INFORMATION SECURITY
CHAPTER 1 – INTRODUCTION TO INFORMATION SECURITY
Threats of IT infrastructure
Page 44
COURSE LECTURE NOTES FUNDAMENTALS OF INFORMATION SECURITY
CHAPTER 1 – INTRODUCTION TO INFORMATION SECURITY
Threats of IT infrastructure
Page 45
COURSE LECTURE NOTES FUNDAMENTALS OF INFORMATION SECURITY
CHAPTER 1 – INTRODUCTION TO INFORMATION SECURITY
Threats of IT infrastructure
Page 46
COURSE LECTURE NOTES FUNDAMENTALS OF INFORMATION SECURITY
CHAPTER 1 – INTRODUCTION TO INFORMATION SECURITY
Threats of IT infrastructure
Page 47
COURSE LECTURE NOTES FUNDAMENTALS OF INFORMATION SECURITY
CHAPTER 1 – INTRODUCTION TO INFORMATION SECURITY
Threats of IT infrastructure
❖ Threats to System/Application
domain:
▪ Unauthorized access to the data center,
computer room, or cable cabinets
▪ Difficulties in managing servers required
high availability
▪ Vulnerabilities in managing software
application of the operating system
▪ Security issues in the virtual environment
of cloud computing
▪ Damage or loss of data.
Page 48
COURSE LECTURE NOTES FUNDAMENTALS OF INFORMATION SECURITY
CHAPTER 1 – INTRODUCTION TO INFORMATION SECURITY
Page 49
COURSE LECTURE NOTES FUNDAMENTALS OF INFORMATION SECURITY
CHAPTER 1 – INTRODUCTION TO INFORMATION SECURITY
Page 50
COURSE LECTURE NOTES FUNDAMENTALS OF INFORMATION SECURITY
CHAPTER 1 – INTRODUCTION TO INFORMATION SECURITY
Page 51
COURSE LECTURE NOTES FUNDAMENTALS OF INFORMATION SECURITY
CHAPTER 1 – INTRODUCTION TO INFORMATION SECURITY
❖ Layered
Security
Model
or
Defence
in Depth
Page 52
COURSE LECTURE NOTES FUNDAMENTALS OF INFORMATION SECURITY
CHAPTER 1 – INTRODUCTION TO INFORMATION SECURITY
Page 53
COURSE LECTURE NOTES FUNDAMENTALS OF INFORMATION SECURITY
CHAPTER 1 – INTRODUCTION TO INFORMATION SECURITY
Page 54
COURSE LECTURE NOTES FUNDAMENTALS OF INFORMATION SECURITY
CHAPTER 1 – INTRODUCTION TO INFORMATION SECURITY
Page 55