January 102020

All About Information Security

Technology-driven modern society is highly dependent on information. Confidential information must be kept and cannot be changed, altered or transferred without permission. Information security is protecting that information or data from unauthorized access, disruption, modification, or destruction of information. The Scope of information security is vast, from tiny chips to massive server farms, local private networks to public networks like the entire Internet, and Hardware, Software applications, Operating Systems, Database, and Networks. Computer security is itself which is the operational structure of an organization.

To determine what to protect requires that we first identify WHAT has value and to WHOM assets are allocated:

1. HARDWARE:
  • Computer Components
  • Network and communication channels
  • Mobile Devices
2. SOFTWARE:
  • Operating Systems
  • Off the shelf programs and apps
  • Custom or customized programs and applications
3. DATA:
  • Files
  • Database
Threats and vulnerabilities of information security

In Information Security threats there are many threats like theft of intellectual property, identity theft, theft of equipment, information extortion and software attacks, and identity theft. Securing information is equivalent to ensuring that computers keep your secrets, hold valid information, are ready to work when you are, and keep records of your transactions.

A major goal of Information security as a discipline and as a profession is to protect valuable assets. To study methods of assets protection, we use vulnerability-threat-control framework:

Vulnerability:
  • A weakness in the system
  • Vulnerabilities can be exploited to cause loss or harm
  • A human who exploits a vulnerability is perpetrating an attack on the system.
Threat:
  • A set of circumstances that has the potential to cause loss or harm Control:
An action, device, procedure or technique that eliminates or reduces vulnerability. Its also called countermeasure.

Objectives of Information Security:

C-I-A
Information Security programs are built around 3 objectives, commonly known as CIA – Confidentiality, Integrity, Availability. Threats can apply to Confidentiality, Integrity or Availability which is commonly known as C-I-A of a system. To safeguard each system and to ensure that the following security objectives can be applied:

Confidentiality:It is difficult to ensure and easiest to assess in terms of success. The ability of a system to ensure that assets are viewable only by authorized parties.

Integrity: The ability of a system to ensure that assets are modifiable only by authorized parties.

Apart from C-I-A, authentication, nonrepudiation, and auditability are also desirable system properties.
  • Authentication: The ability of a system to confirm the identity of a sender.
  • Nonrepudiation: The ability of a system to confirm that a sender cannot convincingly deny having sent a message.
  • Auditability: The ability of a system to trace all actions related to a given asset.
Harmful acts are caused by various categories of attackers such as :

Hackers- They are generally non-malicious in nature.

Crackers- They are termed as malicious and breaks into someone else's computer system or often on a network, passwords or licenses in computer programs. They generally conduct this for profit or for some altruistic purpose or cause.

Career Criminals

Organized Crime Syndicates- Causing crime across the globe.

Cyber Terrorists State- Supported spies and information warriors

Several harmful acts are enlisted below:
  1. Interception
  2. Interruption
  3. Modification
  4. Fabrication
Data theft is an act of illegal access to computer-based information from an unknown victim to compromise privacy and obtain confidential information. It is an increasing issue for individual computer users, as well as big corporate firms. Each of these 4 above acts can cause harm to a system by affecting its ability.