Information Security — Complete BSCS Notes
Basic Security Concepts (CIA Triad)
Confidentiality: Data should be accessible only to authorized users.
Example: Student passwords stored securely.
Example: Student passwords stored securely.
Integrity: Data must remain accurate and unaltered.
Example: Exam marks cannot be modified by students.
Example: Exam marks cannot be modified by students.
Availability: Systems and data should be available when needed.
Example: LMS server accessible during exams.
Example: LMS server accessible during exams.
Authentication Models
Authentication: Verifying identity of a user.
Example: Username + password login.
Example: Username + password login.
Identification: Claiming an identity.
Example: Entering student ID.
Example: Entering student ID.
Distributed Systems: Authentication across multiple systems using tokens, SSO, or certificates.
Trust Model: Defines how systems trust users and devices.
Encryption, Hashing & Digital Signatures
Encryption: Converting plaintext into ciphertext.
Example: AES, RSA.
Example: AES, RSA.
Hashing: One-way conversion for integrity verification.
Example: SHA-256 password hash.
Example: SHA-256 password hash.
Digital Signature: Confirms authenticity and integrity of sender.
Example: Signed PDF document.
Example: Signed PDF document.
Security Kernel: Core trusted part of OS that enforces security policies.
Audit, Intrusion Detection & Response
Audit: Recording system events and activities.
Example: Login logs.
Example: Login logs.
IDS: Intrusion Detection System identifies attacks.
Example: Detecting brute-force login attempts.
Example: Detecting brute-force login attempts.
Response: Actions taken after detection such as blocking IP or alerting admin.
Database, Host & Network Security
Database Security: Protecting DB from unauthorized access.
Host-Based Security: Antivirus, firewall, OS patches.
Network-Based Security: Firewalls, IDS/IPS, VPN, secure routing.
Physical Security: CCTV, biometric locks, server room access.
Personnel Security: Employee background checks and awareness training.
Policy Formation & Enforcement
Security Policy: Rules and guidelines for system usage.
Enforcement: Ensuring policies are followed through technical and administrative controls.
Operational Security: Day-to-day secure processes and procedures.
Access Control & Information Flow
Access Control: Defines who can access what resources.
Example: Admin vs Student permissions.
Example: Admin vs Student permissions.
Models: DAC, MAC, RBAC.
Information Flow: Controls movement of data between security levels.
Protection Models: Bell-LaPadula, Biba model.
Legal & Social Issues
Legal Issues: Cybercrime laws, privacy laws, data protection acts.
Social Issues: Ethics, privacy concerns, social engineering.
Classification: Public, Confidential, Secret, Top Secret.
Risk Assessment
Risk: Probability of threat exploiting a vulnerability.
Threat: Potential cause of harm.
Example: Malware.
Example: Malware.
Vulnerability: Weakness in system.
Example: Weak password.
Example: Weak password.
Risk Assessment: Identifying, analyzing, and prioritizing risks.
0 Comments