Scribd
Upload
12 views6 pages

introduction to information security

This is slides

Uploaded by

zaibakhan040
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
12 views6 pages

introduction to information security

This is slides

Uploaded by

zaibakhan040
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 6

SECURITY

Introduction to Information Security


1.Definition and Scope
What is Information Security?
• Information Security refers to the practice of
protecting information and information
systems from unauthorized access, use,
disclosure, disruption, modification, or
destruction. The goal is to ensure the
confidentiality, integrity, and availability of
data, whether it's in storage, processing, or
transit.
Importance of Information Security
• Protects Sensitive Data: Safeguards personal,
financial, and organizational data from being
compromised.
• Ensures Business Continuity: Helps prevent
disruptions caused by security incidents,
thereby maintaining the smooth operation of
business processes.
• Compliance: Helps organizations meet
regulatory and legal requirements, avoiding
fines and penalties.
• Reputation Management: Protects an
organization’s reputation by preventing data
breaches and ensuring customer trust.
Goals of Information Security: The CIA Triad
1. Confidentiality:
o Ensures that information is accessible
only to those who are authorized to
access it.
o Techniques include encryption, access
controls, and authentication measures.
2. Integrity:
o Ensures that information is accurate,
complete, and protected from
unauthorized modification.
o Techniques include hashing, checksums,
and version control.
3. Availability:
o Ensures that information and resources
are available to authorized users when
needed.
o Techniques include redundancy, failover
mechanisms, and regular maintenance.

2.Threats and Vulnerabilities


Types of Threats:
1. Malware:
o Malicious software designed to disrupt,
damage, or gain unauthorized access to
systems.
o Examples: viruses, worms, Trojans,
ransomware, spyware.
2. Phishing:
o A technique used by attackers to trick
individuals into divulging sensitive
information, such as usernames,
passwords, or credit card details, by
posing as a trustworthy entity.
o Common forms include emails, websites,
and SMS messages that appear
legitimate.
3. Social Engineering:
o Manipulating individuals into performing
actions or divulging confidential
information.
o Techniques include pretexting, baiting,
and tailgating.
Common Vulnerabilities and Exposures (CVEs):
• Vulnerabilities are weaknesses or flaws in
software, hardware, or processes that can be
exploited by threats to gain unauthorized
access or cause harm.
• Exposures refer to configurations or settings
that could potentially allow unauthorized
access or compromise systems.
• Common Vulnerabilities and Exposures
(CVE): A publicly available database of known
vulnerabilities in software and hardware that
organizations can use to identify and address
security risks.
Risk Assessment and Management:
• Risk Assessment:
o The process of identifying, analyzing, and
evaluating risks to an organization's
information systems.
o Includes identifying potential threats,
assessing the impact and likelihood of
those threats, and determining the level
of risk.
• Risk Management:
o The process of implementing measures to
reduce the risk to an acceptable level.
o Involves risk mitigation (implementing
controls to reduce risks), risk acceptance
(acknowledging and accepting the risk),
risk avoidance (eliminating the risk), and
risk transfer (shifting the risk to a third
party, such as through insurance).

You might also like