Uploaded bygaredew32
PPTX, PDF37 views

Chapter 1 information assurance and security

The document outlines a course on Information Assurance and Security aimed at final year IT students, featuring key topics such as cryptography, network security, and cybersecurity strategies. It defines Information Assurance as the management and protection of data, combining information assurance and security principles, while addressing crucial security services, mechanisms, and the nature of various cyber threats. Additionally, it emphasizes enterprise security's holistic approach to safeguarding an organization's information assets through compliance and protective measures.

Download to read offline
A.M.T COLLEGE DEPARTMENT OF INFORMATION TECHNOLOGY Information Assurance and Security
COURSE OUTLINE •Course title:-Information Assurance and Security Course code:-ITec4132 Target Group: B.Sc. 4rd year IT students Year/Semester: year: IV, Semester: I Instructor: Garedew Balgo Email: garedew32@gmail.com Phone: 0910632619 Lecture: Friday 4:30-6:30 at local time
Chapter 1 Cryptography and Network Security
Introduction Computer data often travels from one computer to another, leaving the safety of its protected physical surroundings. Once the data is out of hand, people with bad intention could modify or fake your data, either for enjoyment or for their own benefit.
What is IAS? Information assurance and security (IAS) is the management and protection of information, data, and knowledge.  It combines the fields of information assurance and information security:
Information assurance Focuses on protecting information and systems by ensuring their availability, confidentiality, integrity, authentication, and nonrepudiation. It also involves managing risks related to the use, storage, processing, and transmission of information.
Information security Focuses on developing tools, technologies, and other measures to secure information from unauthorized access, use, disclosure, disruption, modification, or destruction.
Some examples of IAS topics include: •Cybersecurity •Data privacy •Information risk management •Cryptographic techniques •Security policies and compliance •Network security •Cloud security •Internet of Things security
Cryptography is the practice of encoding or hiding information so that only the intended recipient can read it. It has been used for thousands of years and is still used in computer passwords, bank cards, and ecommerce. The technology is based on the essentials of secret codes, that protects our data in powerful ways.
What is the difference among Computer, Network and Internet Security? 1. Computer Security - generic name for the collection of tools designed to protect data and to stop hackers. 2. Network Security - measures to protect data during their transmission. 3. Internet Security - measures to protect data during their transmission over a collection of interconnected networks.
Security Attacks, Services and Mechanisms To assess the security needs of an organization effectively, the manager responsible for security needs some systematic way of defining the requirements for security and characterization of approaches to satisfy those requirements.
1. Security attack – Any action that compromises the security of information owned by an organization. 2. Security mechanism – A mechanism that is designed to detect, prevent or recover from a security attack. 3. Security service – A service that enhances the security of the data processing systems and the information transfers of an organization. The services are intended to counter security attacks and they make use of one or more security mechanisms to provide the service.
Basic Concepts Cryptography :-The art or science encompassing the principles and methods of transforming an understandable message into one that is meaningless, and then retransforming that message back to its original form.
Plaintext The original intelligible message Cipher text The transformed message Cipher An algorithm for transforming an intelligible message into one that is unintelligible by transposition and/or substitution methods Key Some critical information used by the cipher, known only to the sender& receiver Encipher (encode) The process of converting plaintext to cipher text using a cipher and a key
143
Decipher (decode) : the process of converting cipher text back into plaintext using a cipher and a key. Cryptanalysis : The study of principles and methods of transforming an unintelligible message back into an intelligible message without knowledge of the key. also called code breaking Cryptology : is the science of secure communications. Code : An algorithm for transforming an intelligible message into an unintelligible one using a code-book
Cryptographic systems are generally classified along 3 independent dimensions: 1.Type of operations used for transforming plain text to cipher text: All the encryption algorithms are based on two general principles: A. Substitution, in which each element in the plaintext is mapped into another element, and B. Transposition, in which elements in the plaintext are rearranged.
•Cryptography creates messages with hidden meaning; Cryptanalysis is the science of breaking those encrypted messages to recover their meaning.
2.The number of keys used If the sender and receiver uses same key then it is said to be symmetric key (or) single key (or) conventional encryption. If the sender and receiver use different keys then it is said to be public key encryption.
3.The way in which the plain text is processed A. A block cipher processes the input and block of elements at a time, producing output block for each input block. B.A stream cipher processes the input elements continuously, producing output element one at a time, as it goes along.
Stream ciphers convert one symbol of plaintext directly into a symbol of cipher text. Block ciphers encrypt a group of plain text symbols as one block. Simple substitution is an example of stream cipher.
Cryptanalysis There are various types of cryptanalytic attacks based on the amount of information known to the cryptanalyst. A. Cipher text only – A copy of cipher text alone is known to the cryptanalyst. B. Known plaintext – The cryptanalyst has a copy of the cipher text and the corresponding plaintext
C. Chosen plaintext – The cryptanalysts gains temporary access to the encryption machine. D. Chosen cipher text – The cryptanalyst obtains temporary access to the decryption machine, uses it to decrypt several string of symbols, and tries to use the results to deduce the key.
Next: Steganography Steganography is the practice of hiding a message within another file, such as an image, video, or audio file. Steganography is the practice of concealing information within another message or physical object to avoid detection. Steganography can be used to hide virtually any type of digital content, including text, image, video, or audio content. The goal is to make the hidden message difficult to detect.
Drawbacks of steganography 1. Requires a lot of overhead to hide a relatively few bits of information. 2. Once the system is discovered, it becomes virtually worthless.
Types of steganography •Image steganography • Hides information within a digital image without changing its appearance. •Text steganography • Hides information within a text file. This can include changing the format of the text. •Video steganography • Hides information within a video file.
•Audio steganography •Hides information within an audio file. •Network steganography •Hides information within network protocols. •Steganography can be used to conceal information without making it traceable. The intended recipient is the only one who should be able to understand the message.
Security Services The classification of security services are as follows: 1. Confidentiality: Ensures that the information in a computer system and transmitted information are accessible only for reading by authorized parties. 2. Authentication: Ensures that the origin of a message or electronic document is correctly identified, with an assurance that the identity is not false. 3. Integrity: Ensures that only authorized parties are able to modify computer system assets and transmitted information.  Modification includes writing, changing status, deleting, creating and delaying or replaying of transmitted messages.
4. Non-repudiation: requires that neither the sender nor the receiver of a message be able to deny the transmission. 5. Access control: Requires that access to information resources may be controlled by or the target system. 6. Availability: Requires that computer system assets be available to authorized parties when needed.
Security Mechanisms One of the most specific security mechanisms in use is cryptographic techniques. Encryption or encryption-like transformations of information are the most common means of providing security.
Some of the mechanisms are 1. Encipherment 2. Digital Signature 3. Access Control
Security Attacks There are four general categories of attack which are listed below. 1. Interruption: -An asset of the system is destroyed or becomes unavailable or unusable. This is an attack on availability e.g., destruction of piece of hardware, cutting of a communication line or Disabling of file management system.
2. Interception: -An unauthorized party gains access to an asset. This is an attack on confidentiality. Unauthorized party could be a person, a program or a computer. e.g., wiretapping to capture data in the network, illicit copying of files
3. Modification: -An unauthorized party not only gains access to but tampers with an asset. This is an attack on integrity. e.g., changing values in data file, altering a program, modifying the contents of messages being transmitted in a network.
4. Fabrication: -An unauthorized party inserts counterfeit objects into the system. This is an attack on authenticity. e.g., insertion of spurious message in a network or addition of records to a file.
Enterprise Security What is Enterprise Security? Enterprise security consists of the strategies and procedures an organization uses to defend itself from bad actors. Security mechanism dealing with providing confidentiality, integrity, authentication, authorization and non-repudiation related to the entire organization's computing resources.
What is Enterprise An enterprise is a business organization that produces goods or services A project or undertaking that is especially difficult, complicated, or risky.
Enterprise security refers to a comprehensive set of strategies, policies, technologies, and processes used by an organization to protect its information assets, employees, and operations from unauthorized access, ensuring the confidentiality, integrity, and availability of critical data, often including measures to prevent cyber threats and comply with relevant regulations; essentially, it's the practice of safeguarding an organization's digital assets across all levels of the company through various security measures.
Key points about enterprise security: •Holistic approach:/ሁለንተናዊ አቀራረብ It encompasses both physical and digital security measures, including network security, endpoint security, access control, data encryption, and user education. • Protecting the CIA /Confidentiality, Integrity, and Availability/triad: The primary goal is to maintain the confidentiality, integrity, and availability (CIA triad) of sensitive information.
•Internal and external threats: Enterprise security aims to defend against threats from both external hackers and potentially malicious internal employees. •Compliance considerations:/ተገዢነት ግምት Organizations must often implement security measures to comply with industry regulations and data privacy laws. 
Example elements of enterprise security: Firewalls: To control network traffic and prevent unauthorized access Anti-malware software: To detect and block malicious programs
Identity and access management (IAM): To control user access to systems based on their roles and permissions Data encryption: To protect sensitive data in transit and at rest Security awareness training: To educate employees about cyber threats and best practices Incident response plan: To effectively handle security breaches and minimize damage
Cybersecurity is the use of technologies, processes, and controls to protect systems, networks, and data from cyber attacks.  It aims to reduce the risk of unauthorized access to systems and data.
Why is Cyber security Important? Cyber security is important because it encompasses everything that pertains to protecting our sensitive data, personally identifiable information (PII), protected health information (PHI), personal information, intellectual property, data, and governmental and industry information systems from theft and damage attempted by criminals and adversaries.
Cyber security risk is increasing, driven by global connectivity and usage of cloud services, like Amazon Web Services, to store sensitive data and personal information.

More Related Content

PPTX
Information Assurance and Security all in One Handout.pptx
byfernandezpineda1016
 
PPT
Cryptography introduction
byVasuki Ramasamy
 
PPTX
Cryptography and Network Security-ch1-4.pptx
bySamiDan3
 
PDF
information technology cryptography Msc chapter 1-4.pdf
bywondimagegndesta
 
PDF
chapter 1-4.pdf
byzerihunnana
 
PPTX
cryptography introduction.pptx
byBisharSuleiman
 
PDF
Cryptography-PART-1.pdf,taught in nitw 2025
bykc22csb0a13
 
PPTX
Seminar Information Protection & Computer Security (Cryptography).pptx
byumardanjumamaiwada
 
Information Assurance and Security all in One Handout.pptx
byfernandezpineda1016
 
Cryptography introduction
byVasuki Ramasamy
 
Cryptography and Network Security-ch1-4.pptx
bySamiDan3
 
information technology cryptography Msc chapter 1-4.pdf
bywondimagegndesta
 
chapter 1-4.pdf
byzerihunnana
 
cryptography introduction.pptx
byBisharSuleiman
 
Cryptography-PART-1.pdf,taught in nitw 2025
bykc22csb0a13
 
Seminar Information Protection & Computer Security (Cryptography).pptx
byumardanjumamaiwada
 

Similar to Chapter 1 information assurance and security

PPTX
Cryptography Introduction Classical Encryption
byRajarajanS15
 
PPTX
Information Security and Privacy-Unit-2.pptx
byNiharikaDubey17
 
PPT
Module-1.ppt cryptography and network security
byAparnaSunil24
 
PPTX
cns unit 1.pptx
bySaranya Natarajan
 
PPT
CNS Unit-I_final.ppt
bySwapnaPavan2
 
PDF
Chapter 1 Introduction of Cryptography and Network security
byDr. Kapil Gupta
 
PPTX
CRYPTOGRAPHY crytopgraphy wh is sd wkd ,w d .pptx
byabduganiyevbekzod011
 
PPTX
CRYPTOGRAPHY AND NETWORK SECURITY ppt by me.pptx
byNune SrinivasRao
 
PDF
UNIT- I & II_ 3R-Cryptography-Lectures_2021-22_VSM.pdf
byVishwanathMahalle
 
PPTX
Introduction to Network Security
byShitiz Upreti
 
PDF
CS6701 CRYPTOGRAPHY AND NETWORK SECURITY
byKathirvel Ayyaswamy
 
PPTX
Introduction to cryptography part1-final
byTaymoor Nazmy
 
PPTX
Cryptography and Encryptions,Network Security,Caesar Cipher
byGopal Sakarkar
 
PDF
Cryptography networkcns subject notes
bymrudulareddy226
 
PPT
Data security & cryptography
byMuhammad Danish
 
PPT
Info security & crypto
byShehrevar Davierwala
 
PPT
Infomation System Security
byKiran Munir
 
PPTX
Cyber security
byJahirUddinKomol
 
PPTX
Introduction of network security
bysneha padhiar
 
PPTX
cryptography_and_Network_Security_fuck_scribd_scribd_will_go_to_hell.pptx
bydarkchocolate5556
 
Cryptography Introduction Classical Encryption
byRajarajanS15
 
Information Security and Privacy-Unit-2.pptx
byNiharikaDubey17
 
Module-1.ppt cryptography and network security
byAparnaSunil24
 
cns unit 1.pptx
bySaranya Natarajan
 
CNS Unit-I_final.ppt
bySwapnaPavan2
 
Chapter 1 Introduction of Cryptography and Network security
byDr. Kapil Gupta
 
CRYPTOGRAPHY crytopgraphy wh is sd wkd ,w d .pptx
byabduganiyevbekzod011
 
CRYPTOGRAPHY AND NETWORK SECURITY ppt by me.pptx
byNune SrinivasRao
 
UNIT- I & II_ 3R-Cryptography-Lectures_2021-22_VSM.pdf
byVishwanathMahalle
 
Introduction to Network Security
byShitiz Upreti
 
CS6701 CRYPTOGRAPHY AND NETWORK SECURITY
byKathirvel Ayyaswamy
 
Introduction to cryptography part1-final
byTaymoor Nazmy
 
Cryptography and Encryptions,Network Security,Caesar Cipher
byGopal Sakarkar
 
Cryptography networkcns subject notes
bymrudulareddy226
 
Data security & cryptography
byMuhammad Danish
 
Info security & crypto
byShehrevar Davierwala
 
Infomation System Security
byKiran Munir
 
Cyber security
byJahirUddinKomol
 
Introduction of network security
bysneha padhiar
 
cryptography_and_Network_Security_fuck_scribd_scribd_will_go_to_hell.pptx
bydarkchocolate5556
 

More from garedew32

PPTX
Basic computer application in basic computer skills
bygaredew32
 
PPTX
Information storage and retrieval system and
bygaredew32
 
PPTX
UNIT TWO PART TWO THE EMERGING TECHNOLOGY
bygaredew32
 
PPTX
Computer application in management for third year
bygaredew32
 
PPTX
UNIT TWO PART TWO THE EMERGING TECHNOLOGY
bygaredew32
 
PPTX
Information storage and retrieval system unit two
bygaredew32
 
PPTX
INFORMATION TECHNOLOGY UNIT 2 THE EMERGING TECHNOLOGY
bygaredew32
 
PPTX
Research method power point of reaserch.pptx
bygaredew32
 
PPTX
Grade eleven Information Technology unit 5
bygaredew32
 
PPTX
Computer-Basics - computer_basics2 to ppt.pptx
bygaredew32
 
PPT
quantitative and qualitative research presentation.ppt
bygaredew32
 
PPTX
chapter 1 Introduction To Artificial I.pptx
bygaredew32
 
PPTX
chapter 2. AI Agents and introduction.pptx
bygaredew32
 
PPT
concepts-of-computer and computer application
bygaredew32
 
PPTX
research of English language and lppt.pptx
bygaredew32
 
PPTX
PhD Slide research for professional degree.pptx
bygaredew32
 
PPTX
ADDIS SLIDE for research article review .pptx
bygaredew32
 
PPTX
99Language_Acquisition for english language.pptx
bygaredew32
 
PPTX
chapter 5 Robotics good best in artificial intelli.pptx
bygaredew32
 
PPTX
Computer application in management for thrid year degree student
bygaredew32
 
Basic computer application in basic computer skills
bygaredew32
 
Information storage and retrieval system and
bygaredew32
 
UNIT TWO PART TWO THE EMERGING TECHNOLOGY
bygaredew32
 
Computer application in management for third year
bygaredew32
 
UNIT TWO PART TWO THE EMERGING TECHNOLOGY
bygaredew32
 
Information storage and retrieval system unit two
bygaredew32
 
INFORMATION TECHNOLOGY UNIT 2 THE EMERGING TECHNOLOGY
bygaredew32
 
Research method power point of reaserch.pptx
bygaredew32
 
Grade eleven Information Technology unit 5
bygaredew32
 
Computer-Basics - computer_basics2 to ppt.pptx
bygaredew32
 
quantitative and qualitative research presentation.ppt
bygaredew32
 
chapter 1 Introduction To Artificial I.pptx
bygaredew32
 
chapter 2. AI Agents and introduction.pptx
bygaredew32
 
concepts-of-computer and computer application
bygaredew32
 
research of English language and lppt.pptx
bygaredew32
 
PhD Slide research for professional degree.pptx
bygaredew32
 
ADDIS SLIDE for research article review .pptx
bygaredew32
 
99Language_Acquisition for english language.pptx
bygaredew32
 
chapter 5 Robotics good best in artificial intelli.pptx
bygaredew32
 
Computer application in management for thrid year degree student
bygaredew32
 

Recently uploaded

PDF
Spec Driven Development with Kiro: Ensuring Quality and Traceability in the A...
byHaim Michael
 
PPTX
2025 - AI terms & Meanings for Marketers
byashishav29
 
PDF
MicroPython presentation - PyConFr Lyon 2025 - Amine Bendahmane
byAmine Bendahmane
 
PDF
The Smol Training Playbook: The Secrets to Building World-Class LLMs
byRazin Mustafiz
 
PDF
PDF Security Intelligence Platform | Cybersecurity Project by Ashish Patil
byAshishPatil495087
 
PDF
2025 AI Adoption Report: Gen AI Fast-Tracks Into the Enterprise
byRazin Mustafiz
 
PDF
GDG Boise - Innovating with Google Cloud Artificial Intelligence
byJoey Brown
 
PDF
Data Center Exit to Cloud _ Managed Datacenter Migration.pdf
byAstuteBusiness
 
PDF
The Future-Ready PMO: Unlocking Project Success with Copilot and AI Innovatio...
byWellingtone
 
PDF
Supercharge Your JVM with Project Leyden
byAna-Maria Mihalceanu
 
PDF
Upskill to Agentic Automation - Working Smarter with AI: Real-World Tools for...
byDianaGray10
 
PDF
Session 4 - Agentic Testing with UiPath Agents
byDianaGray10
 
PDF
MathML Core in WebKit
byIgalia
 
PDF
Unleash AI power with the Dell Pro 14 Plus - Interactive PDF
byPrincipled Technologies
 
PDF
WebXR in Android and Linux with OpenXR
byIgalia
 
PDF
Preserving Meaning in the Age of Drift — The Semantic Fidelity Glossary (SFL-...
bySemantic Fidelity Lab
 
PDF
Exclusive Hands-On Workshop: Agentic Automation with UiPath (First Edition)
byanabulhac
 
PDF
Transform Your Online Store with AltiusNxt AI Enriched data
byAltiusNxt Technologies
 
PDF
The new commer in Oracle memory architecture _Database Box).pdf
byAlireza Kamrani
 
PDF
Q3'25 Financial Results and Earnings Presentation
byDropbox
 
Spec Driven Development with Kiro: Ensuring Quality and Traceability in the A...
byHaim Michael
 
2025 - AI terms & Meanings for Marketers
byashishav29
 
MicroPython presentation - PyConFr Lyon 2025 - Amine Bendahmane
byAmine Bendahmane
 
The Smol Training Playbook: The Secrets to Building World-Class LLMs
byRazin Mustafiz
 
PDF Security Intelligence Platform | Cybersecurity Project by Ashish Patil
byAshishPatil495087
 
2025 AI Adoption Report: Gen AI Fast-Tracks Into the Enterprise
byRazin Mustafiz
 
GDG Boise - Innovating with Google Cloud Artificial Intelligence
byJoey Brown
 
Data Center Exit to Cloud _ Managed Datacenter Migration.pdf
byAstuteBusiness
 
The Future-Ready PMO: Unlocking Project Success with Copilot and AI Innovatio...
byWellingtone
 
Supercharge Your JVM with Project Leyden
byAna-Maria Mihalceanu
 
Upskill to Agentic Automation - Working Smarter with AI: Real-World Tools for...
byDianaGray10
 
Session 4 - Agentic Testing with UiPath Agents
byDianaGray10
 
MathML Core in WebKit
byIgalia
 
Unleash AI power with the Dell Pro 14 Plus - Interactive PDF
byPrincipled Technologies
 
WebXR in Android and Linux with OpenXR
byIgalia
 
Preserving Meaning in the Age of Drift — The Semantic Fidelity Glossary (SFL-...
bySemantic Fidelity Lab
 
Exclusive Hands-On Workshop: Agentic Automation with UiPath (First Edition)
byanabulhac
 
Transform Your Online Store with AltiusNxt AI Enriched data
byAltiusNxt Technologies
 
The new commer in Oracle memory architecture _Database Box).pdf
byAlireza Kamrani
 
Q3'25 Financial Results and Earnings Presentation
byDropbox
 

Chapter 1 information assurance and security

  • 1.
    A.M.T COLLEGE DEPARTMENT OFINFORMATION TECHNOLOGY Information Assurance and Security
  • 2.
    COURSE OUTLINE •Course title:-InformationAssurance and Security Course code:-ITec4132 Target Group: B.Sc. 4rd year IT students Year/Semester: year: IV, Semester: I Instructor: Garedew Balgo Email: [email protected] Phone: 0910632619 Lecture: Friday 4:30-6:30 at local time
  • 3.
  • 4.
    Introduction Computer data oftentravels from one computer to another, leaving the safety of its protected physical surroundings. Once the data is out of hand, people with bad intention could modify or fake your data, either for enjoyment or for their own benefit.
  • 5.
    What is IAS? Informationassurance and security (IAS) is the management and protection of information, data, and knowledge.  It combines the fields of information assurance and information security:
  • 6.
    Information assurance Focuses onprotecting information and systems by ensuring their availability, confidentiality, integrity, authentication, and nonrepudiation. It also involves managing risks related to the use, storage, processing, and transmission of information.
  • 7.
    Information security Focuses ondeveloping tools, technologies, and other measures to secure information from unauthorized access, use, disclosure, disruption, modification, or destruction.
  • 8.
    Some examples ofIAS topics include: •Cybersecurity •Data privacy •Information risk management •Cryptographic techniques •Security policies and compliance •Network security •Cloud security •Internet of Things security
  • 9.
    Cryptography is thepractice of encoding or hiding information so that only the intended recipient can read it. It has been used for thousands of years and is still used in computer passwords, bank cards, and ecommerce. The technology is based on the essentials of secret codes, that protects our data in powerful ways.
  • 10.
    What is thedifference among Computer, Network and Internet Security? 1. Computer Security - generic name for the collection of tools designed to protect data and to stop hackers. 2. Network Security - measures to protect data during their transmission. 3. Internet Security - measures to protect data during their transmission over a collection of interconnected networks.
  • 11.
    Security Attacks, Servicesand Mechanisms To assess the security needs of an organization effectively, the manager responsible for security needs some systematic way of defining the requirements for security and characterization of approaches to satisfy those requirements.
  • 12.
    1. Security attack– Any action that compromises the security of information owned by an organization. 2. Security mechanism – A mechanism that is designed to detect, prevent or recover from a security attack. 3. Security service – A service that enhances the security of the data processing systems and the information transfers of an organization. The services are intended to counter security attacks and they make use of one or more security mechanisms to provide the service.
  • 13.
    Basic Concepts Cryptography :-Theart or science encompassing the principles and methods of transforming an understandable message into one that is meaningless, and then retransforming that message back to its original form.
  • 14.
    Plaintext The originalintelligible message Cipher text The transformed message Cipher An algorithm for transforming an intelligible message into one that is unintelligible by transposition and/or substitution methods Key Some critical information used by the cipher, known only to the sender& receiver Encipher (encode) The process of converting plaintext to cipher text using a cipher and a key
  • 15.
  • 16.
    Decipher (decode) :the process of converting cipher text back into plaintext using a cipher and a key. Cryptanalysis : The study of principles and methods of transforming an unintelligible message back into an intelligible message without knowledge of the key. also called code breaking Cryptology : is the science of secure communications. Code : An algorithm for transforming an intelligible message into an unintelligible one using a code-book
  • 17.
    Cryptographic systems aregenerally classified along 3 independent dimensions: 1.Type of operations used for transforming plain text to cipher text: All the encryption algorithms are based on two general principles: A. Substitution, in which each element in the plaintext is mapped into another element, and B. Transposition, in which elements in the plaintext are rearranged.
  • 18.
    •Cryptography creates messages withhidden meaning; Cryptanalysis is the science of breaking those encrypted messages to recover their meaning.
  • 19.
    2.The number ofkeys used If the sender and receiver uses same key then it is said to be symmetric key (or) single key (or) conventional encryption. If the sender and receiver use different keys then it is said to be public key encryption.
  • 20.
    3.The way inwhich the plain text is processed A. A block cipher processes the input and block of elements at a time, producing output block for each input block. B.A stream cipher processes the input elements continuously, producing output element one at a time, as it goes along.
  • 21.
    Stream ciphers convertone symbol of plaintext directly into a symbol of cipher text. Block ciphers encrypt a group of plain text symbols as one block. Simple substitution is an example of stream cipher.
  • 24.
    Cryptanalysis There are varioustypes of cryptanalytic attacks based on the amount of information known to the cryptanalyst. A. Cipher text only – A copy of cipher text alone is known to the cryptanalyst. B. Known plaintext – The cryptanalyst has a copy of the cipher text and the corresponding plaintext
  • 25.
    C. Chosen plaintext– The cryptanalysts gains temporary access to the encryption machine. D. Chosen cipher text – The cryptanalyst obtains temporary access to the decryption machine, uses it to decrypt several string of symbols, and tries to use the results to deduce the key.
  • 26.
    Next: Steganography Steganography isthe practice of hiding a message within another file, such as an image, video, or audio file. Steganography is the practice of concealing information within another message or physical object to avoid detection. Steganography can be used to hide virtually any type of digital content, including text, image, video, or audio content. The goal is to make the hidden message difficult to detect.
  • 27.
    Drawbacks of steganography 1.Requires a lot of overhead to hide a relatively few bits of information. 2. Once the system is discovered, it becomes virtually worthless.
  • 28.
    Types of steganography •Imagesteganography • Hides information within a digital image without changing its appearance. •Text steganography • Hides information within a text file. This can include changing the format of the text. •Video steganography • Hides information within a video file.
  • 29.
    •Audio steganography •Hides informationwithin an audio file. •Network steganography •Hides information within network protocols. •Steganography can be used to conceal information without making it traceable. The intended recipient is the only one who should be able to understand the message.
  • 30.
    Security Services The classificationof security services are as follows: 1. Confidentiality: Ensures that the information in a computer system and transmitted information are accessible only for reading by authorized parties. 2. Authentication: Ensures that the origin of a message or electronic document is correctly identified, with an assurance that the identity is not false. 3. Integrity: Ensures that only authorized parties are able to modify computer system assets and transmitted information.  Modification includes writing, changing status, deleting, creating and delaying or replaying of transmitted messages.
  • 31.
    4. Non-repudiation: requiresthat neither the sender nor the receiver of a message be able to deny the transmission. 5. Access control: Requires that access to information resources may be controlled by or the target system. 6. Availability: Requires that computer system assets be available to authorized parties when needed.
  • 32.
    Security Mechanisms One ofthe most specific security mechanisms in use is cryptographic techniques. Encryption or encryption-like transformations of information are the most common means of providing security.
  • 33.
    Some of themechanisms are 1. Encipherment 2. Digital Signature 3. Access Control
  • 34.
    Security Attacks There arefour general categories of attack which are listed below. 1. Interruption: -An asset of the system is destroyed or becomes unavailable or unusable. This is an attack on availability e.g., destruction of piece of hardware, cutting of a communication line or Disabling of file management system.
  • 35.
    2. Interception: -Anunauthorized party gains access to an asset. This is an attack on confidentiality. Unauthorized party could be a person, a program or a computer. e.g., wiretapping to capture data in the network, illicit copying of files
  • 36.
    3. Modification: -Anunauthorized party not only gains access to but tampers with an asset. This is an attack on integrity. e.g., changing values in data file, altering a program, modifying the contents of messages being transmitted in a network.
  • 37.
    4. Fabrication: -Anunauthorized party inserts counterfeit objects into the system. This is an attack on authenticity. e.g., insertion of spurious message in a network or addition of records to a file.
  • 38.
    Enterprise Security What isEnterprise Security? Enterprise security consists of the strategies and procedures an organization uses to defend itself from bad actors. Security mechanism dealing with providing confidentiality, integrity, authentication, authorization and non-repudiation related to the entire organization's computing resources.
  • 39.
    What is Enterprise Anenterprise is a business organization that produces goods or services A project or undertaking that is especially difficult, complicated, or risky.
  • 40.
    Enterprise security refersto a comprehensive set of strategies, policies, technologies, and processes used by an organization to protect its information assets, employees, and operations from unauthorized access, ensuring the confidentiality, integrity, and availability of critical data, often including measures to prevent cyber threats and comply with relevant regulations; essentially, it's the practice of safeguarding an organization's digital assets across all levels of the company through various security measures.
  • 41.
    Key points aboutenterprise security: •Holistic approach:/ሁለንተናዊ አቀራረብ It encompasses both physical and digital security measures, including network security, endpoint security, access control, data encryption, and user education. • Protecting the CIA /Confidentiality, Integrity, and Availability/triad: The primary goal is to maintain the confidentiality, integrity, and availability (CIA triad) of sensitive information.
  • 42.
    •Internal and externalthreats: Enterprise security aims to defend against threats from both external hackers and potentially malicious internal employees. •Compliance considerations:/ተገዢነት ግምት Organizations must often implement security measures to comply with industry regulations and data privacy laws. 
  • 43.
    Example elements ofenterprise security: Firewalls: To control network traffic and prevent unauthorized access Anti-malware software: To detect and block malicious programs
  • 44.
    Identity and accessmanagement (IAM): To control user access to systems based on their roles and permissions Data encryption: To protect sensitive data in transit and at rest Security awareness training: To educate employees about cyber threats and best practices Incident response plan: To effectively handle security breaches and minimize damage
  • 45.
    Cybersecurity is theuse of technologies, processes, and controls to protect systems, networks, and data from cyber attacks.  It aims to reduce the risk of unauthorized access to systems and data.
  • 46.
    Why is Cybersecurity Important? Cyber security is important because it encompasses everything that pertains to protecting our sensitive data, personally identifiable information (PII), protected health information (PHI), personal information, intellectual property, data, and governmental and industry information systems from theft and damage attempted by criminals and adversaries.
  • 47.
    Cyber security riskis increasing, driven by global connectivity and usage of cloud services, like Amazon Web Services, to store sensitive data and personal information.