Scribd
Upload
14 views10 pages

Information Security Army ICTO

The document provides a comprehensive overview of Information Security, detailing its definition, purpose, and key concepts such as CIA (Confidentiality, Integrity, Availability), threats, vulnerabilities, and types of attacks. It also covers essential terms, access control methods, authentication, firewalls, malware types, security policies, risk management, and the importance of VPNs and PKI. Additionally, it distinguishes between security and privacy, and categorizes hackers into white hat, black hat, and gray hat.

Uploaded by

Mubeen Mustafa
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
14 views10 pages

Information Security Army ICTO

The document provides a comprehensive overview of Information Security, detailing its definition, purpose, and key concepts such as CIA (Confidentiality, Integrity, Availability), threats, vulnerabilities, and types of attacks. It also covers essential terms, access control methods, authentication, firewalls, malware types, security policies, risk management, and the importance of VPNs and PKI. Additionally, it distinguishes between security and privacy, and categorizes hackers into white hat, black hat, and gray hat.

Uploaded by

Mubeen Mustafa
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 10

1. What is Information Security?

Definition:​
Protecting information and information systems from unauthorized access, use, disclosure,
disruption, modification, or destruction.

Purpose:​
To ensure CIA:

●​ Confidentiality → only authorized users can access​

●​ Integrity → data remains correct & unaltered​

●​ Availability → data/systems are accessible when needed​

Example:​
Using passwords to protect email accounts.

2. Abbreviations (must-know)
Abbreviation Full Form

CIA Confidentiality, Integrity, Availability

IDS Intrusion Detection System

IPS Intrusion Prevention System

VPN Virtual Private Network

ACL Access Control List

DoS Denial of Service

DDoS Distributed Denial of Service

PKI Public Key Infrastructure

SSL Secure Sockets Layer

TLS Transport Layer Security

AES Advanced Encryption Standard


RSA Rivest Shamir Adleman (encryption algorithm)

MAC Message Authentication Code

DAC Discretionary Access Control

MAC (Access Control) Mandatory Access Control

RBAC Role-Based Access Control

MFA Multi-Factor Authentication

3. Threats and Vulnerabilities


Threat:​
Any potential danger that could harm data/systems (e.g., hacker).

Vulnerability:​
Weakness that can be exploited (e.g., weak password).

Purpose of knowing:​
Identify and mitigate risks.

Example:​
SQL injection vulnerability in a website.

4. Attacks (Types)
Type Definition Example

Passive Eavesdropping, no data Wiretapping


change

Active Modify/destroy data DoS, malware

Insider By authorized users Employee stealing data

Outsider External attacker Hacker defacing


website

5. Cryptography
Definition:​
The science of securing data by transforming it into unreadable form.

Purpose:​
Protect confidentiality and integrity.

Types:
Type Logic Examples

Symmetric key Same key for encryption & decryption AES, DES

Asymmetric key Public & private key pair RSA, ECC

Hash functions One-way, fixed length SHA-256, MD5

Examples:

●​ Using AES to encrypt files.​

●​ Using RSA in SSL/TLS for secure web browsing.​

6. Encryption vs Hashing vs Digital Signature


Encryption Hashing Digital Signature

Purpose Confidentiality Integrity (check data Integrity + authenticity


unchanged)

Reversible Yes No Based on encryption &


? hash

Example AES, RSA SHA-256 Signed PDF

7. Access Control
Definition:​
Methods to control who can access data/resources.
Types:
Type Logic Example

DAC (Discretionary) Owner decides File permissions in Windows


permissions

MAC (Mandatory) System enforces strict Military systems


rules

RBAC (Role-Based) Based on user role Admin, user, guest roles

Purpose:​
Prevent unauthorized access.

8. Authentication & Authorization


Definition Example

Authentication Verify identity Login with password

Authorization Decide access User can read, admin can


level write

Purpose:​
Secure and manage who can do what.

9. Firewall
Definition:​
Device/software that filters network traffic based on rules.

Purpose:​
Block unauthorized access.

Types:

Type Logic Example


Packet-filtering Check headers IP tables

Stateful inspection Track active Cisco ASA


connections

Application layer Inspect data Proxy


server

10. IDS & IPS


IDS IPS

Definition Monitors and alerts Monitors and blocks

Purpose Detect attack Prevent attack

Example Snort (IDS) Cisco IPS

11. Malware (Malicious Software)


Type Logic Example

Virus Needs host file, replicates Macro virus

Worm Self-replicates, network spread SQL


Slammer

Trojan Disguised as legit Fake antivirus

Spyware Steals data Keylogger

Ransomwar Encrypts data, demands WannaCry


e ransom

Purpose of studying:​
Know how to protect systems.

12. Security Policies


Definition:​
Formal rules to protect assets.

Purpose:​
Guide employees & IT to maintain security.

Example:​
Policy: “All passwords must be 8+ characters.”

13. Backup & Recovery


Definition:​
Copying data to restore after loss.

Types:

Type Logic Example

Full Complete copy Weekly backup

Incremental Changes since last backup Daily backup

Differential Changes since last full Daily backup


backup

14. Risk Management


Definition:​
Identify, evaluate & reduce risks.

Steps:

1.​ Identify​

2.​ Assess (impact, likelihood)​

3.​ Mitigation​

4.​ Monitor​
Example:​
Install firewall to reduce hacking risk.

15. Social Engineering


Definition:​
Tricking people to get confidential info.

Types:

Type Logic Example

Phishing Fake emails “Update your bank info”

Pretexting Pretend identity “I’m from IT”

Baiting Offer something Free USB drive with malware

16. VPN (Virtual Private Network)


Definition:​
Encrypts traffic between user and network.

Purpose:​
Secure data over public internet.

Example:​
Remote worker connecting to office network.

17. Public Key Infrastructure (PKI)


Definition:​
Framework to manage public/private keys & digital certificates.

Purpose:​
Enable secure communication.

Example:​
Websites using HTTPS have certificates issued by CAs.
18. Digital Certificate
Definition:​
Electronic document proving ownership of public key.

Issued by: Certificate Authority (CA)

Example:​
SSL certificate on “https://www.amazon.com”.

19. DoS & DDoS


DoS DDoS

Definition Single source floods Multiple sources flood target


target

Purpose Disrupt service Disrupt service

Example SYN flood Botnet attack

Logic:​
Know how to protect: e.g., rate limiting, firewalls.

20. Security Standards & Compliance


Standard Purpose

ISO 27001 Information security management


system

PCI DSS Secure payment card data

HIPAA Protect patient health data

21. Security vs Privacy


| | Security | Privacy |​
|--|--|​
| Definition | Protect data from threats | Control over personal data |​
| Example | Firewall | Cookie consent |

22. White Hat, Black Hat, Gray Hat


White Hat Black Hat Gray Hat

Purpose Ethical testing Illegal hacking Mix: may break law to fix

Example Pen tester Cybercriminal Finds bug, then reports

To remember easily:

●​ Confidentiality: keep secret​

●​ Integrity: keep correct​

●​ Availability: keep accessible​

Summary Table of Must-Know Abbreviations


Abbreviation Meaning

CIA Confidentiality, Integrity, Availability

IDS / IPS Intrusion Detection/Prevention System

VPN Virtual Private Network

PKI Public Key Infrastructure

ACL Access Control List

MFA Multi-Factor Authentication

DAC / MAC / RBAC Types of access control

DoS / DDoS Denial of Service


SSL / TLS Encryption protocols

AES / RSA Algorithms

You might also like