Security and Privacy?
[Link] sayed
�What is information security?
• Information security protects all types of data (not just personal)
from unauthorized access, breaches, or loss.
• Examples:
Encryption of Bank Transactions (Data remains unreadable if
intercepted)
Firewalls & Antivirus (Prevent cyberattacks)
Access Control in Companies (Employees can only access relevant
files)
�What is information security?
�Confidentiality?
• Data being stored is safe from unauthorized access & use
• This ensures confidentiality, meaning that only the intended recipient
can access the message, protecting it from eavesdropping, hackers, or
even the service provider itself.
• A real-world example of confidentiality in information security is the
way end-to-end encryption (E2EE) works in messaging apps like
WhatsApp, Signal, or Telegram (secret chats).
�Integrity
• Data is reliable and accurate. i.e., you get the “right” data
• Example : Healthcare: Integrity in Electronic Health Records (EHRs) ,
windows updates
�Availability?
• The system or data is available for use when it is needed
�What is privacy?
• Privacy in information security refers to protecting personal data
from unauthorized access, collection, or misuse while ensuring users
have control over their information.
• Example:
• GDPR Cookie Consent (Websites must ask before tracking users)
Private Mode in Browsers (No history or tracking)
Medical Records Access (Only authorized doctors can view patient
data)
�Key Differences
Aspect Privacy Information Security
Focus Protecting personal data Securing all types of data
Organization prevents
Control User decides who accesses data
unauthorized access
Example Hiding social media profile Using encryption for emails
�• Three Key Assets to Protect:
Hardware (Physical devices like servers, computers, mobile
phones)
Software (Applications, operating systems, security tools)
Data (User information, business records, encrypted files)
�Hardware Security
• What is Hardware Security?
• Protecting physical devices from theft, damage, or tampering.
• Key Threats:
Device Theft (Laptops, USB drives, smartphones)
Unauthorized Access (Unprotected servers, unencrypted drives)
Hardware Failure (Data loss due to malfunction)
• Security Measures:
Encryption (Encrypt hard drives to prevent unauthorized access)
Access Controls (Use biometric authentication, smart cards)
Physical Security (Lock servers, use CCTV & access logs)
�Software Security
• What is Software Security?
• Ensuring applications and systems are free from vulnerabilities.
• Key Threats:
Malware & Viruses (Compromising software integrity)
Unpatched Software (Hackers exploit outdated systems)
Unauthorized Software Access (Hackers manipulating apps)
• Security Measures:
Regular Software Updates (Patch vulnerabilities)
Firewalls & Antivirus (Prevent malware infections)
Application Security Testing (Find and fix bugs)
�What is Data Security?
• What is Data Security?
• Protecting digital information from unauthorized access and
corruption.
• Key Threats:
Data Breaches (Hackers stealing sensitive data)
Ransomware Attacks (Encrypting data for ransom)
Unauthorized Data Sharing (Leaking private information)
• Security Measures:
Data Encryption (Protect files at rest and in transit)
Access Control (Only authorized users can view/edit data)
Regular Backups (Ensure data recovery in case of attacks)
�• Key Threats to Data Security & Privacy:
Loss or Harm
Interception
Interruption
Modification
Fabrication
�Loss or Harm
• Definition:
• Data is lost, deleted, or damaged, making it unusable or
irrecoverable.
• Causes:
Accidental deletion or hardware failure
Cyberattacks (ransomware, malware)
Physical damage (fire, flood, theft)
�Interception
• Definition:
• Data is intercepted during transmission by an unauthorized party.
• Examples:
Man-in-the-Middle (MITM) attacks
Packet sniffing on public Wi-Fi
�Interruption
• Definition:
Disrupts data availability or system operations.
• Examples:
Distributed Denial-of-Service (DDoS) attacks
Server crashes or power outages
Ransomware locking critical systems
�Modification
• Definition:
• Unauthorized alteration of data, affecting its integrity.
• Examples:
Database tampering
Malware modifying financial transactions
Unauthorized edits in Electronic Health Records (EHRs)
�Fabrication
• Definition:
• Fake or unauthorized data is created, misleading systems or users.
• Examples:
Fake accounts in banking apps
Phishing emails with malicious links
Spoofed transactions in financial systems
