1

March 2025
Introduction To Information Security
Information Security

Information Security

S. Hassan Adelyar, Ph.D

Instructor of Computer Science Faculty
Kabul University

March 2025

9:34:25 AM
 2
Course Contents March 2025
Introduction To Information Security

◼ Information Security Overview

◼ Security Models
Information Security

◼ Cryptographic Tools
◼ Encryption Algorithms
◼ Secure Hash Function
◼ Public Key Encryption
◼ Public Key Infrastructure
◼ Digital Signature
◼ User Authentication
 3
Course Contents March 2025
Introduction To Information Security

◼ Cyber Attacks
◼ Intrusion Detection
Information Security

◼ Software Security
 4
Course Information March 2025
Introduction To Information Security

◼ Course Code: MS0201

◼ Course Name: Information Security
Information Security

◼ Number of Credits: 3 Credits

 p
5 Course Policy
March 2025
Introduction To Information Security
◼ The following policies help student to understand our
expectation from them.
◼ For each policy students are required to know both the
Information Security

parameters of the policy and the sanctions for its violation.

◼ Attendance Policy
❑ Every student is expected to attend all scheduled class

sessions, including practical work in the laboratory.

❑ There are no excused absences.

❑ Based on the regulation of higher education, missing more

than 25 % of total classes cause expel of the student from the

final exam.
 6
p March 2025
Introduction To Information Security
◼ Grading Policy
◼ The grading policy is based on the regulation of the
Ministry of Higher Education.
Information Security

❑ Mid-term Exam 20 %
❑ Attendance & Class Activities 20 %
❑ Final Exam 60 %
◼ Mid-term exam has second chance exam & the second
chance has 70 % of the total marks.
 7
p March 2025
Introduction To Information Security
◼ Cheating and Plagiarism
◼ Based on the rule and regulation of the Ministry of Higher
Education, any kind of cheating and plagiarism is
Information Security

unacceptable & will result a Fail for the course grade.

◼ Cell Phone and Lap Top Usage
❑ All cell phone calls during the lecture must be cancelled

except very urgent phones call.

❑ During the exams cell phones must be turned off and be

placed in pockets or boxes.

❑ Laptop computers and other electronic devices are only

to be in use and turned on when we indicate. Otherwise,

they must be turned off.
 8
p March 2025
Introduction To Information Security
◼ Academic Honesty and Integrity
❑ University is the place for learning, education and

knowledge.
Information Security

❑ Without honesty and integrity there is no meaning for

education and knowledge.
❑ The academic environment of university required from us to

follow all the academic and ethical codes and principles.

❑ This is the obligation of all of us to be honest in all dealings
with fellow student, staff, and instructors.
❑ Behavior inconsistent with these obligations will not be

tolerated.
❑ Cheating, plagiarism or any kind of disruptive behavior are

all examples of behavior that fall below the norms of

academic integrity.
 9
Reference March 2025
Introduction To Information Security

◼ William Stallings & Lawrie Brown (2018). Computer

Security Principles and Practice. Fourth Edition.
UNSW Canberra at the Australian Defense Force
Information Security

Academy. Pearson Education Limited.

 10 Information Security
p March 2025
Introduction To Information Security

◼ A set of security procedures and tools that

protect information from:
Information Security

❑ Unauthorized Access,
❑ Misuse,

❑ Destruction, or

❑ Disruption.

9:34:26 AM
 11
March 2025
Introduction To Information Security
◼ Preserve the:
◼ Confidentiality,
Information Security

◼ Integrity, &

◼ Availability of information system resources

(hardware, software, firmware,
information/data, & telecommunications).
◼ The definition introduces three key objectives:
◼ Confidentiality

◼ Integrity

◼ Availability
 12
March 2025
Introduction To Information Security
◼ Confidentiality: This term covers two
related concepts:
Information Security

◼ Data confidentiality

◼ Privacy

◼ Access control mechanisms support

confidentiality.
◼ User Name & Password

◼ Cryptography
 13
March 2025
Introduction To Information Security
◼ Integrity
◼ Data integrity
Information Security

◼ System integrity

◼ Availability: Assures that systems work

promptly and service is not denied to
authorized users.
◼ Two other attributes are:
◼ Authenticity

◼ Accountability
 14
The Challenges of Computer Security March 2025
Introduction To Information Security

◼ Security mechanism / Algorithm & potential

attacks
Information Security

◼ Battle between a criminals & security designer.

◼ Empirical process (requires regular &
constant monitoring)
◼ Negative quality requirements
 15
March 2025
Introduction To Information Security

◼ Information Security is defending digital

information from unauthorized:
Information Security

◼ Access

◼ Use

◼ Recording

◼ Disruption / Interference

◼ Modification

◼ Destruction / Damage
 16
March 2025
Introduction To Information Security
◼ Security Attributes or Security Goals:
❑ Confidentiality
Information Security

❑ Integrity

❑ Availability

❑ Accountability

◼ These attributes form the main objective for:

❑ Any security system

❑ Attackers

❑ Security policies, controls, mechanisms

 17
March 2025
Introduction To Information Security
◼ All risks, threats, and vulnerabilities are
measured for their potential capability to
compromise one or all of the attributes.
Information Security

◼ Threats are divided into four classes:

❑ Disclosure

❑ Deception / Fraud

❑ Disruption

❑ Repudiation
 18 Requirements of Security Attributes
March 2025
Introduction To Information Security
Information Security
 19
p Security & Dependability Attributes March 2025
Introduction To Information Security
Information Security
 p
20 Security & Dependability Tree
March 2025
Introduction To Information Security
Information Security
 21 To Achieve Dependability and Security
p March 2025
Introduction To Information Security
◼ To attain or achieve the various attributes of
dependability and security, there are four
major categories of means:
Information Security

❑ Fault Prevention

❑ Fault Tolerance

❑ Fault Removal

❑ Fault Forecasting
 22
p March 2025
Introduction To Information Security

◼ Unfortunately, technological innovation

benefits both IT defenders and
Information Security

cybercriminals.
◼ To protect business assets, companies must
routinely review, update and improve security
to stay ahead of cyberthreats and increasingly
sophisticated cybercriminals.

9:34:26 AM
 23
p March 2025
Introduction To Information Security

◼ IT security consists of two areas:

❑ Physical Security
Information Security

❑ Information Security Technology

◼ Physical security
◼ Physical security is the protection of:
❑ Hardware

❑ Software

❑ Data

9:34:26 AM
 24
p March 2025
Introduction To Information Security

◼ from physical actions, intrusions and other

events that could damage an organization and
Information Security

its assets.
◼ Safeguarding the physical security of a
business means protecting it from:
❑ Threat actors

❑ Natural disasters (fires, floods, earthquakes)

9:34:26 AM
 25
p March 2025
Introduction To Information Security

◼ There are three parts to physical security:

❑ Access control
Information Security

❑ Surveillance

❑ Testing

◼ The success of an organization's physical

security program depends on effectively
implementing, maintaining and updating each
of these components.

9:34:26 AM
 26
p March 2025
Introduction To Information Security

◼ Access control
❑ Controlling access to:
Information Security

◼ Buildings
◼ Research centers
◼ Laboratories
◼ Data centers
◼ Other locations
❑ The goal of access control is to record,
monitor and limit the number of
unauthorized users. 9:34:26 AM
 27
p March 2025
Introduction To Information Security

❑ Access control can be as simple as barriers

like walls and locked doors.
Information Security

❑ Physical identification is a great way to

authenticate the identity of users.

❑ More sophisticated access control methods
include various forms of biometric
authentication.
❑ Fingerprint and facial recognition are two
examples of common applications of this
technology. 9:34:26 AM
 28
p March 2025
Introduction To Information Security

◼ Surveillance
❑ Used to monitor digital & physical actions &
Information Security

communications (identity, movements,

culture, language knowledge of an
individual or groups).
❑ Privacy violation (online activities)

9:34:26 AM
 29
p March 2025
Introduction To Information Security

◼ Types of Surveillance:
❑ Physical Surveillance (CCTV)
Information Security

❑ Electronic Surveillance

❑ Cybersecurity Surveillance

❑ Biometric Surveillance

◼ AI in Surveillance (intelligent analysis

capabilities, Automated threat detection,
Behavioral analysis, Facial recognition
enhancements, False alarm reduction)
9:34:26 AM
 30
p March 2025
Introduction To Information Security

◼ Testing
❑ Testing is a reliable way to increase physical
Information Security

security.
❑ Companies that have strong security
protocols test their policies to see if they need
to be updated or changed.
❑ Such tests can be performed by ethical

hackers.

9:34:26 AM
 31
p March 2025
Introduction To Information Security

◼ Information Security Technologies:

❑ Firewalls
Information Security

❑ Intrusion detection

❑ Intrusion prevention

❑ Security incident and event management

❑ User analytics tools (evaluate user

behaviors)

9:34:26 AM
End of Lesson 1

Question / Discussion?