Call Girls Pimpri Chinchwad Call Me 7737669865 Budget Friendly No Advance Boo...
Basics of Information System Security
1. Basics of Information Security
Prof. Neeraj Bhargava
Kapil Chauhan
Department of Computer Science
School of Engineering & Systems Sciences
MDS University, Ajmer
2. Information Security
All measures taken to prevent unauthorized use of
electronic data
unauthorized use includes disclosure, alteration, substitution
of the data concerned
Following three services are their :
Confidentiality
Secrete of data.
Integrity
assurance of data that is authentic.
Availability
Data is available
No single measure can ensure complete security
3. Information security
Governments, commercial businesses, and
individuals are all storing information electronically.
Ability to use information more efficiently has
resulted in a rapid increase in the value of
information.
Information stored electronically faces new and
potentially more damaging security threats.
4. Building blocks of a secure system
Confidentiality: hacking from unauthorized parties
Identification: unique identifiers for all users
Authentication: assurance of message source
Authorization: allowing users who have been identified and
authenticated.
Integrity: assurance the data is has not been modified by
unauthorized parties
non-repudiation.
5. The Security Process
Confidentiality + integrity → system security
System must also be available
must allow guaranteed, efficient and continuous use of
information
security measures should not make it difficult to use.
Cryptographic systems
high level of security and flexibility
Can provide: confidentiality, integrity, and availability
6. Certification Authority
A third party trusted by all users that creates,
distributes & manages certificates.
Certificates bind users to their public keys.
Integrity is provided by the Certification
Authority(CA).
7. Attacks
Compromise systems in ways that affect services of
information security
attack on confidentiality:
unauthorized disclosure of information
attack on integrity:
destruction of information
attack on availability:
denial of services
Prevention, detection, response
proper planning reduces risk of attack and increases
capabilities of detection and response.
8. Prevention
Implementation of hardware, software, and services
users cannot override, unaltered
examples of preventative mechanisms
passwords - prevent unauthorized system access
firewalls - prevent unauthorized network access
encryption - prevents breaches of confidentiality
9. Assignment Question
Q1. Explain symmetric key and asymmetric key
cryptography with suitable example.
Q2. Explain security principles of information
system security.
10. Assignment Question
Q1. Explain symmetric key and asymmetric key
cryptography with suitable example.
Q2. Explain security principles of information
system security.