Title

INFORMATION SECURITY

PREPARED BY:

What is Information
Electronic Data on computers, disks and tapes
Paper based records, notes, exam papers and memos E-mails, passwords, bank details, exam details Types: Confidential and Non-Confidential

What is Security?
The quality or state of being secureto be free from danger A successful organization should have multiple layers of security in place:
Physical security Personal security Operations security Communications security Network security Information security

What Is Information Security?

Process by which digital information assets are protected The protection of information and its critical elements, including systems and hardware that use, store, and transmit that information Necessary tools: policy, awareness, training, education, technology.

Definition
Information security is,

a well-informed sense of assurance that the information risks and controls are in balance.
Jim Anderson, Inovant (2002)

Information Security

1. 2. 3. 4.

Protects information from a range of threats Ensures business continuity Minimizes financial loss Increases business opportunities

DID YOU KNOW?

In 1980 a computer cracked a 3-character password within one minute.

In 1999 a team of computers cracked a 56character password within one day.

In 2004 a computer virus infected 1 million computers within one hour.

Information Security Goals

Confidentiality

Integrity

Availability

Authentication

NonRepudiation

Information Security Goals

Confidentiality
Ensuring that information is accessible only to those authorized to have access

Integrity

Safeguarding the accuracy and completeness of information and processing methods

Availability

Ensuring that authorized users have access to information and associated assets when required

Information Security Goals

Authenticity
to ensure that the data, transactions, or documents are genuine

Non- repudiation

It implies that one party of a transaction cannot deny having received a transaction

Cryptography
Information security uses cryptography to transform usable information into a form that renders it unusable by anyone other than an authorized user; this process is called encryption. Information that has been encrypted (rendered unusable) can be transformed back into its original usable form by an authorized user, who possesses the cryptographic key, through the process of decryption.

Balancing Information Security and Access

Impossible to obtain perfect securityit is a process, not an absolute Security should be considered balance between protection and availability
To achieve balance, level of security must allow reasonable access, yet protect against threats

POPULAR FALLACIES
If

I never log off then my computer can never get a virus

If

I lock my office door then my computer can never get a virus

create viruses so they can sell anti-virus software will protect me

Companies

Microsoft

AND A FEW MORE.

I

got this disc from my (mother, boss, friend) so it must be okay

You

cannot get a virus by opening an attachment from someone you know

But I

I only downloaded one file

am too smart to fall for a scam

You
My

can catch a cold from a computer virus

friend who knows a lot about computers showed me this really cool site

Information Security: Measures

Use a strong password. Protect confidential information. Make sure your operating system and virus protection are up-to-date. Back up your data and make sure you can restore it. Use secure and supported applications.