Scribd
Upload
17 views14 pages

CS Lecture06

The document outlines key principles of information security, focusing on the CIA Triad: confidentiality, integrity, and availability. It discusses various threats to these principles, including social engineering, malware, and natural disasters, as well as the importance of risk management and access control. Additionally, it emphasizes data protection measures such as encryption and backup strategies to safeguard information assets.

Uploaded by

Rabeel Malik
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPTX, PDF, TXT or read online on Scribd
17 views14 pages

CS Lecture06

The document outlines key principles of information security, focusing on the CIA Triad: confidentiality, integrity, and availability. It discusses various threats to these principles, including social engineering, malware, and natural disasters, as well as the importance of risk management and access control. Additionally, it emphasizes data protection measures such as encryption and backup strategies to safeguard information assets.

Uploaded by

Rabeel Malik
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPTX, PDF, TXT or read online on Scribd
You are on page 1/ 14

Cyber Security(CS)

by
Dr. Munir Ahmad
Lecture 6:Information Security Principles
(CIA)

• Covering the fundamental principles of


confidentiality, integrity, and availability.
The CIA Triad

The CIA Triad is a framework used to guide and


evaluate security policies and practices. It serves as
a foundational concept for designing and
implementing security measures to protect data
and systems. In modern information security,
additional principles and concepts, such as
authenticity, non-repudiation, and privacy, are
often considered alongside the CIA Triad to provide
a more comprehensive approach to safeguarding
information.
Confidentiality

Confidentiality is the principle of protecting


sensitive information from unauthorized access
or disclosure. This includes personal information,
financial data, trade secrets, and other
proprietary information.
Integrity

Integrity refers to the accuracy, consistency, and


trustworthiness of data and information. It involves
maintaining the completeness and validity of data
throughout its lifecycle, from creation to
destruction.
Availability

Availability refers to the ability of authorized users to


access information and resources when needed. It is a
critical aspect of information security as it ensures
that systems and data are available for use at all
times.
• Downtime can result in significant financial losses
for organizations, particularly those that rely heavily
on technology to conduct business operations.
• Threats to availability include natural disasters,
power outages, hardware and software failures, and
cyber attacks such as denial-of-service (DoS)
attacks.
Threats to Confidentiality

• Social Engineering: Tricking or manipulating


individuals into divulging sensitive information,
such as passwords or account numbers.
• Phishing: Sending fraudulent emails or
messages that appear to be from a trusted source
in order to obtain sensitive information.
• Insider Threats: Employees, contractors, or
other insiders who intentionally or accidentally
disclose or misuse sensitive information.
Threats to Integrity

• Malware: Malicious software such as viruses,


worms, and trojans can infect systems and
compromise data integrity.
• Unauthorized Access: Hackers or insiders with
unauthorized access to systems can modify or
delete data, compromising its integrity.
• Human Error: Accidental deletion, overwriting,
or modification of data by authorized personnel
can also compromise integrity.
Threats to Availability

• Natural Disasters: such as hurricanes,


earthquakes, and floods can cause power
outages and damage to infrastructure,
impacting availability.
• Malware and Viruses: can infect systems
and impact availability by causing crashes
or slowing down performance.
• Hardware and Software Failures: can
occur unexpectedly and impact availability.
Risk Management

Risk management is the process of


identifying, assessing, and controlling risks
to an organization's information assets. It
involves identifying potential threats,
evaluating the likelihood and impact of
those threats, and implementing measures
to mitigate or avoid them.
Access Control

Access control is the process of restricting access to


resources only to authorized users.
• Identification and Authentication: Users must prove
their identity before being granted access to a
resource. This can be done through passwords,
biometrics, or other means.
• Authorization: Once a user is authenticated, they
are granted access to specific resources based on
their role or permissions.
• Accountability: Access control systems should keep
track of who accessed what resources and when.
Data Protection

Encryption:
• Encrypt sensitive data at rest and in transit.
• Use strong encryption algorithms and keys.
Backup and Recovery:
• Regularly backup critical data and test the
backups for integrity and accessibility.
• Implement a disaster recovery plan to ensure
business continuity in case of data loss.
Case Study

• 57 million individuals' data stolen and


technology company held to ransom
(UBER)
Thanks

• Assignment_06

• Deadline –
• Email: [email protected]
• Mobile: 03007300232

You might also like