+91 90691 39140 | +1 253 214 3115 | info@hub4tech.com | hub4tech

Cyber Security Tutorial



Information security, sometimes shortened to InfoSec, is the practice of defending information from unauthorized access, use, disclosure, disruption, modification, perusal, inspection, recording or destruction. It is a general term that can be used regardless of the form the data may take (e.g. electronic, physical).

Information security: a “well-informed sense of assurance that the information risks and controls are in balance.”—Jim Anderson, Emagined Security, Inc.

History

Computer security began immediately after the first mainframes were developed. Groups developing code-breaking computations during World War II created the first modern computers.Multiple levels of security were implemented. Physical controls limiting access to sensitive military locations to authorized personnel, however these measure were rudimentary in defending against physical theft, espionage, and sabotage

1970s and 80s

Information security began with Rand Report R-609 (paper that started the study of computer security and identified the role of management and policy issues in it). The scope of computer security grew from physical security to include:
  • Securing the data
  • Limiting random and unauthorized access to data
  • Involving personnel from multiple levels of the organization in information security


The 1990s

Networks of computers became more common, as did the need to connect them to each other.Internet became the first global network of network and initially network connections were based on de facto standards.In early Internet deployments, security was treated as a low priority.In 1993, DEFCON conference was established for those interested in information security.

2000 to Present

The Internet brings millions of unsecured computer networks into continuous communication with each other.The ability to secure a computer’s data was influenced by the security of every computer to which it is connected. However growing threat of cyber attacks has increased the awareness of need for improved security wherein Nation-states are engaging in information warfare.

What is Security

It is “A state of being secure and free from danger or harm; the actions taken to make someone or something secure.” A successful organization should have multiple layers of security in place to protect:
  • Operations
  • Physical infrastructure
  • People
  • Functions
  • Communications
  • Information

CIA Triangle

Is a standard based on Confidentiality, Integrity, and Availability which now viewed as inadequate. The expanded Model consists of a list of critical characteristics of information.

Key Information Security Concepts

List of key concepts in Information Security include Access, Asset, Attack, Control, safeguard, or countermeasure, Exploit, Exposure, Loss, Protection profile or security posture, Risk, Subjects and objects, Threat, Threat agent, Vulnerability



Critical Characteristics of Information

The value of information comes from the characteristics it possesses:
  • Availability
  • Accuracy
  • Authenticity
  • Confidentiality
  • Integrity
  • Utility
  • Possession


Information Security Model – The McCumber Cube



The Security Systems Development Life Cycle (SecSDLC)

The same phases used in traditional SDLC can be adapted to support implementation of an IS project.It involves identifying specific threats and creating specific controls to counter them. It is a coherent program rather than a series of random, seemingly unconnected actions. The following steps are used in the Design cycle
  • Investigation
  • Analysis
  • Logical Design
  • Physical Design
  • Implementation
  • Maitenance and Change

Is it Helpful?
Copyright ©2015 Hub4Tech.com, All Rights Reserved. Hub4Tech™ is registered trademark of Hub4tech Portal Services Pvt. Ltd.
All trademarks and logos appearing on this website are the property of their respective owners.
FOLLOW US