What is information security ?

Information security is the means of defending information or data stored either physically or electronically from being accessed by unauthorized personnel .

During World War 2 , No one knew that the U.S. had nuclear weapons. The then president of the USA. Franklin D. Roosevelt approved of the Manhattan Project that paved the way for the creation of a little boy and fat man. In 1939 itself six years from then after the demise of Roosevelt when Harry S. Truman took over as president in 1945 he approved the dropping of the bombs in the Japanese cities. If the Japanese or the rest of the world had known about this earlier they would have started developing their own nuclear weapons.

The information was kept secret but now over time this information is available to all . Information gets dissipated over time.

It says overall about how it is being guarded at the moment when the information is not secured enough. it becomes available to everyone. This weakness or gap in the system which may allow an intruder to gain access to the information system is known as vulnerability . When an intruder is able to use this vulnerability to arrive at sensitive data in this system , It is termed as an exploit.

It has always been a tug of war between the terms vulnerability and threat.

What is a threat and how does it differ from vulnerability ? Threats is a factor that can cause harm to a system and the system has no control over it but a vulnerability is a flaw in the system itself which can definitely be treated when explained like this.

What are the possible threats?

Source : Udemy

Types of data

Data can be classified as publicly available data , confidential data and restricted or private data.

When data is publicly available to all It is known as publicly available data. Example : A banks balance sheets and insurance policy details , Governments tend to notices and joke posts held by authorities etc .

when data is available only to the people involved in a process or an organization In other words it is restricted from unauthorized access It is called confidential data. Example : A manufacturing companies market focused data test cases and standards of banks customer data consisting of the addresses and phone numbers, were government sensitives scientific and medical research data.

When the data is supersensitive, In other words , leakage may lead to serious issues it is known as restricted or private data. Example: a company system designs, trade secrets, financial account PIN numbers and e-mail password, personal reports or medical reports of a person etc.

What is the need for information security ?

What if a credit card pin becomes available for everyone. What if the number of missiles hold by a nation is known worldwide.What if the system design and test case for a new product of a company is accessible by their competitor.And what if a tender quotation of all the applicants is accessible by all the other applicants.

Do you think it is good to go about without securing this information ? Of course not.

Let us now get into information security.

Fundamental of Computer and Network Security

Welcome to the first course of Fundamental Computer and Network Security Specialization, Design and analyse secure networked system. This course introduce basic security concepts. Vulnerability versus Threat. We will also introduce the concept of MOM which is Motive, Opportunity and Method used by hacker. The famous CIA equity names, these are the three basic security services Confidentiality, Integrity, Availability. By the end of this course you should be able to identify the root cause of cyber attacks and suggest their defenses based on these concepts. This course explains the risk of assisting us a summation of all the probability of a specific incident occurrence modified by the impact. It discusses the five method of defense Prevent, Deter, Deflect, Detect, and Recover for us to protect our systems. It introduces NIST Risk Management Framework so that by the end of this course you should be able to apply risk management framework to managing the risk in your network system. This course shows how to use GPG tool to generate public key and private key pairs their, so that we can sign our own documents and verify the integrity and authenticity of open source software packages such as party and body, and to encrypt our documents and protect it. This course show how to use a Linux PKI tool to generate certificate requests for server and client, to become certificate authority CA that design certificate of your organizations. We will learn how to verify certificates and to set up a party web server which server certificate for secure webs access and mutual authentication between server and client. And we set up mail client with client certificate for signing and encrypt our email. Let’s get started.

Source : https://coursera.org/share/9169b4b4f1047ada86992b3abd4bb0b1

Introduction to Information Security

Objective : This introduction is aimed at imparting a basic understanding of what information security is all about and covers a broad spectrum of topics in the information security arena.

Outcome: At the end of this chapter you will have a clear understanding of concepts related to information security.

What is Information ?

Introduction to information security : leaving the second word alone for now. First we need to ask what information is. Information is nothing but process data.Sounds too technical. What is data then ? Data is simply a collection of facts or values which may exist in different forms as numbers or text on pieces of paper as bits and bytes stored in electronic memory. Well just as facts in a person’s mind.

Now getting back on track : data when arranged in a convenient form for a specific purpose is known as information.

Information may be credit card numbers , debit card numbers , pin numbers , G-mail passwords , Facebook passwords , Roeser passwords and bank account PIN numbers and so on.

And more sets of data is called information.

Source : Udemy