Scribd
Upload
77 views35 pages

Information Security: Dr. Pranita Upadhyaya

This document outlines an information security course. The course objectives are to provide students with knowledge of information security concepts, components, and applications. It is a 3-credit course that meets for 3 hours per week over 15 weeks. The course covers topics like introduction to information security, malicious code and attacks, cryptography, authentication and access control, network security, auditing, legal and ethical issues, and disaster recovery. References for additional reading are also provided.

Uploaded by

MANOJ
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPT, PDF, TXT or read online on Scribd
77 views35 pages

Information Security: Dr. Pranita Upadhyaya

This document outlines an information security course. The course objectives are to provide students with knowledge of information security concepts, components, and applications. It is a 3-credit course that meets for 3 hours per week over 15 weeks. The course covers topics like introduction to information security, malicious code and attacks, cryptography, authentication and access control, network security, auditing, legal and ethical issues, and disaster recovery. References for additional reading are also provided.

Uploaded by

MANOJ
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPT, PDF, TXT or read online on Scribd
You are on page 1/ 35

Information Security

Dr. Pranita Upadhyaya


[email protected]
Course Detail
 Objectives:
Upon completion of this course, students will have gained knowledge
of information security concepts, basic components and
applications.
 Class hour:
 3 Hours per week
 Total Credit Hours: 45
 Course Credit
 Total Credit : 3
 Internal Assessment: 30 Marks
 Final : 45 Marks
Course Outline- Units

1. Introduction to Information Security- 4 Hrs


2. Malicious code and application attacks - 8 Hrs
3. Cryptography and Key Management - 8 Hrs
4. Authentication and Access Control – 5 Hrs
5. Network Security- 5 Hrs
6. Auditing and Monitoring – 4 Hrs
7. Legal, Ethical and Professional issues in InfoSec – 6 Hrs
8. Disaster Recovery and Business Continuity – 5 hrs
References
 Lecture notes and Papers provided in the class.
 Additional references
 International Information Systems Security Certification
Consortium (ISC)2 CISSP Certification Books
 Information Systems Audit and Control Association (ISACA)
CISA Certification Books.
 EC Council Certified Ethical Hacker (CEH) Resources
Detail Course Outline-1
 Unit 1 Introduction to Information Security 4
 The History of Information Security
 What Is Information Security?
 Critical Characteristics of Information
 Information security concepts and practices ( CIA and other practices)
 Balancing Security and Access
 Unit 2 Malicious code and application attacks 8
 Malicious code
 Password attacks
 DOS Attack
 Application attacks
 Web application security
 Reconnaissance attack
 Masquerading attack
Detail Course Outline-2
 Unit 3 Cryptography and Key Management 8
 Basics of cryptography
 Symmetric Cryptography (DES, Triple DES, AES, Key distribution)
 Asymmetric cryptography
• Public and private keys
• RSA
• Elliptic curve
• Hash function
• Digital signatures
• PKI
 Applied cryptography
 Unit 4 Authentication and Access Control 5
 Overview of access control
 Authentication and Authorization
 Identification and authentication techniques
 Access control techniques
 Access control methodologies, implementations and administration
Detail Course Outline-3
 Unit 5 Network Security 5
 LAN security
 Wireless security threats and mitigation
 Internet threats and security
 Remote access security management
 Network attack and countermeasures

 Unit 6 Auditing and Monitoring 4


 Auditing
 Monitoring
 Penetration-testing techniques
 Inappropriate activities
 Indistinct threats and countermeasures
Detail Course Outline-4
 Unit 7 Legal, Ethical and Professional issues in Information Security 6
 Types of Law
 Relevant Laws ( Computer Crime, IP, Licensing, Privacy)
 International Laws and Legal Bodies
 Ethical Concepts in Information Security
 Codes of Ethics, Certifications, and Professional Organizations

 Unit 8 Disaster Recovery and Business Continuity 5


 Business continuity planning
 Business impact assessment
 BCP documentation
 Nature of disaster
 Disaster recovery planning
Unit 1

Introduction to Information Security


Data, Information and Knowledge
 Data
 recording of “something” measured
 Raw material, just measured
 Information
 Information is the result of processing, manipulating and organizing data
in a way that adds to the knowledge of the receiver.
 Processed data
 Knowledge
 Knowledge is normally processed by means of structuring, grouping,
filtering, organizing or pattern recognition.
 Highly structured information
 Information Systems is the collection of hardware, software, data,
people and procedures that are designed to generate information
that supports the day-to-day, operations.
What is Information Security?
 Information security is the process of protecting information from
unauthorized access, use, disclosure, destruction, modification, or
disruption
 The protection of computer systems and information from harm, theft,
and unauthorized use.
 Protecting the confidentiality, integrity and availability of information
 Information security is an essential infrastructure technology to achieve
successful information-based society
 Highly information-based company without information security will
lose competitiveness

 What kind of protection?


 Protecting important document / computer
 Protecting communication networks
 Protecting Internet
 Protection in ubiquitous world
Cryptology =
Cryptography + Cryptanalysis
 Cryptography : designing secure cryptosystems
 Cryptography (from the Greek kryptós and gráphein, “to write”) was
originally the study of the principles and techniques by which
information could be concealed in ciphers and later revealed by
legitimate users employing the secret key.

 Cryptanalysis : analyzing the security of cryptosystems


 Cryptanalysis (from the Greek kryptós and analýein, “to loosen” or
“to untie”) is the science (and art) of recovering or forging
cryptographically secured information without knowledge of the key.

 Cryptology : science dealing with information security


 Science concerned with data communication and storage in secure
and usually secret form. It encompasses both cryptography and
cryptanalysis.
Historical Aspects of InfoSec -1
 Earliest InfoSec was physical security
 In early 1960, a systems administrator worked on Message of the Day
(MOTD) and another person with administrative privileges edited the
password file. The password file got appended to the MOTD.
 In the 1960s, Advanced Research Projects Agency Network
( ARPANET )was developed to network computers in distant locations
 Multiplexed Information and Computing Service (MULTICS) operating
systems was developed in mid-1960s by MIT, GE, and Bell Labs with
security as a primary goal
 In the 1970s, Federal Information Processing Standards (FIPS)
examines DES (Data Encryption Standard) for information protection
 DARPA creates a report on vulnerabilities on military information
systems in 1978

13
Historical Aspects of InfoSec -2
 In the 1980s the security focus was concentrated on
operating systems as they provided remote
connectivity
 In the 1990s, the growth of the Internet and the growth
of the LANs contributed to new threats to
information stored in remote systems
 IEEE, ISO, ITU-T, NIST, ISACA, (ISC)2 and other
organizations started developing many standards for
secure systems
 Information security is the protection of information and
the systems and hardware that use, store, and transmit
information

14
Information Security Today

 Modern information security is influenced by many external and internal factors. It is a balance between
meeting the expectations and regulations of customers and government, and protecting the assets of the
shareholders in a cost effective manner.
CIA Traid
 Confidentiality - Is the concept
of protecting the secrecy and
privacy of information
 Integrity - Is the concept of
protecting the “accuracy” of
information processing and data
from improper modification.
 Availability - Is the concept of
ensuring that the systems and
data can be accessed when
required.
Data Confidentiality
Data Confidentiality
Data Integrity
Data Integrity
Data Availability
Data Availability
Extended CIA Triangle
CIA of different components
But…….the question may arise…
CNSS Security Model

Technology

Education

Policy

Confidentiality

Integrity

Availability

Storage Processing Transmission

CNSS: (United States) Committee on National Security Systems 26


CNSS Security Model
Information States
CNSS Security Model Contd..
CNSS Security Model Contd..
CNSS Security Model Contd..
Security Threats

 Interruption/Denial of service
 Interception: eavesdropping(secretly listening),
wiretapping ( practice of connecting a listening device),
theft …
 Modification
 Fabrication(making)/Forgery
 Unauthorized access
 Denial of facts
Security Services

 Security services
 A service that enhances information security using one or
more security mechanisms
 Confidentiality/Secrecy  Interception
 Authentication  Forgery
 Integrity  Modification
 Non-repudiation  Denial of facts
 Access control  Unauthorized access
 Availability  Interruption
Security Needs for Communications
Confidentiality Authentication Availability

Interception Forgery Denial of Service

Is Private? Who am I dealing with? Wish to access!!

Integrity Non-Repudiation Access Control

Not
SENT !

Modification Claim Unauthorized access

Has been altered? Who sent/received it? Have you privilege?

You might also like