Page 2 :
Unit-I, •, •, •, •, •, •, •, •, , Introduction to Computer Security, Threats to Security, Government Requirements, Information Protection and Access Controls, Computer Security Efforts and Standards, Computer Security mandates and legidlation, Privacy Considerations, International security activity.
Page 3 :
Introduction, • The Internet has transformed our lives in many, good ways., • Unfortunately, this vast network and its, associated technologies the increasing number of, security threats., • The most effective way to protect yourself from, these threats and attacks is to be aware of, standard cyber security practices., • “What is Computer Security?” presents an, introduction to computer security and its key, concepts.
Page 4 :
Introduction, • What Does This Mean for Me?, • This means that everyone who uses a, computer or mobile device needs to, understand how to keep their computer,, device and data secure., Information Technology Security, is everyone's responsibility!
Page 5 :
What is computer security?, • Computer security basically is the protection, of computer systems and information from, harm, theft, and unauthorized use. It is the, process of preventing and detecting, unauthorized use of your computer system., • There are various types of computer security, which is widely used to protect the valuable, information of an organization.
Page 6 :
Computer Security and its types?, •, •, •, •, •, , Information security, Application Security, Computer Security, Network Security, Cybersecurity
Page 7 :
Computer Security and its types?, • Information security, is securing information from, unauthorized access, modification & deletion
Page 8 :
Computer Security and its types?, • Application Security, is securing an application by building, security features to prevent from Cyber, Threats such as SQL injection, DoS attacks,, data breaches and etc.
Page 9 :
Computer Security and its types?, • Computer Security means securing a, standalone machine by keeping it updated, and patched
Page 10 :
Computer Security and its types?, • Network Security is by securing both the, software and hardware technologies, • Cybersecurity is defined as protecting, computer systems, which communicate over, the computer networks
Page 11 :
Unit-1, • Introduction to Computer Security:, • Computer security, also called cyber security., • The protection of computer systems and, information from harm, theft, and, unauthorized use., • Computer hardware is typically protected by, the same means used to protect other, valuable or sensitive equipment—namely,, serial numbers, doors and locks, and alarms.
Page 12 :
Introduction to Computer Security:, • So, Computer security can be defined as, controls that are put in place to provide, confidentiality, integrity, and availability for all, components of computer systems.
Page 13 :
Introduction to Computer Security:, • Components of computer system, • The components of a computer system that, needs to be protected are:, • Hardware, the physical part of the computer,, like the system memory and disk drive
Page 14 :
Introduction to Computer Security:, • Components of computer system, • Firmware, permanent software that is etched, into a hardware device’s nonvolatile memory, and is mostly invisible to the user, • Software, the programming that offers, services, like operating system, word, processor, internet browser to the user
Page 15 :
Introduction to Computer Security:, Computer security is mainly concerned, with three main areas:
Page 16 :
Introduction to Computer Security:, • Confidentiality is ensuring that information is, available only to the intended audience, • Integrity means that data is protected from, unauthorized changes to ensure that it is, reliable and correct., • Availability means that authorized users have, access to the systems and the resources they, need.
Page 17 :
Introduction to Computer Security:, • In simple language, computer security is, making sure information and computer, components are usable but still protected, from people or software that shouldn’t access, it or modify it.
Page 18 :
Threats to Security, • Computer security threats are possible, dangers that can possibly hamper the normal, functioning of your computer., • In the present age, cyber threats are, constantly increasing as the world is going, digital. The most harmful types of computer, security are:
Page 19 :
Threats to Security, • Viruses, • A computer virus is a malicious program which, is loaded into the user’s computer without, user’s knowledge., • It replicates itself and infects the files and, programs on the user’s PC. The ultimate goal, of a virus is to ensure that the victim’s, computer will never be able to operate, properly or even at all.
Page 20 :
Threats to Security, • Computer Worm, • A computer worm is a software program that, can copy itself from one computer to another,, without human interaction., • The potential risk here is that it will use up, your computer hard disk space because a, worm can replicate in great volume and with, great speed.
Page 21 :
Threats to Security, • Phishing, • Phishing attacks use fake communication,, such as an email,, • to trick the receiver into opening it and, carrying out the instructions inside, such as, providing a credit card number., • The goal is to steal sensitive data like credit, card and login information or to install, malware on the victim’s machine.
Page 22 :
Threats to Security, • Botnet, • A botnet is a group of computers connected to, the internet, that have been used by a hacker, using a computer virus. An individual, computer is called ‘zombie computer’.
Page 23 :
Threats to Security, • Rootkit, • A rootkit is a computer program designed to, provide continued privileged access to a, computer while actively hiding its presence.
Page 24 :
Threats to Security, • Keylogger, • Also known as a keystroke logger, keyloggers, can track the real-time activity of a user on his, computer. It keeps a record of all the, keystrokes made by user keyboard., • Keylogger is also a very powerful threat to, steal people’s login credential such as, username and password.
Page 25 :
Threats to Security, • These are perhaps the most common security, threats that you’ll come across., • Apart from these, there are others, like, spyware,, wabbits,, scareware,, bluesnarfing and many more. Fortunately,, there are ways to protect yourself against, these attacks.
Page 26 :
Why is Computer Security Important?, • In this digital world, we all want to keep our, computers and our personal information, secure and hence computer security is, important to keep our personal information, protected., • It is also important to maintain our computer, security and its overall health by preventing, viruses and malware which would impact on, the system performance.
Page 27 :
Computer Security Practices, • Secure your computer physically by:, – Installing reliable, reputable security and anti-virus, software, – Activating your firewall, because a firewall acts as a, security guard between the internet and your local, area network, , • Stay up-to-date on the latest software and news, surrounding your devices and perform software, updates as soon as they become available, • Avoid clicking on email attachments unless you, know the source
Page 28 :
Computer Security Practices, • Change passwords regularly, using a unique, combination of numbers, letters and case types, • Use the internet with caution and ignore popups, drive-by downloads while surfing, • Taking the time to research the basic aspects of, computer security and educate yourself on, evolving cyber-threats, • Perform daily full system scans and create a, periodic system backup schedule to ensure your, data is retrievable should something happen to, your computer.
Page 29 :
Information Protection and Access, Control, • Access control is a fundamental component, of data security that decide who's allowed to, access and use company information and, resources., • Through authentication and authorization,, access control policies make sure users are, who they say they are and that they have, appropriate access to company data.
Page 30 :
How does access control work?, • Access control identifies users by verifying, various login credentials, which can include, usernames and passwords, PINs, biometric, scans, and security tokens., • Many access control systems also include, multifactor authentication (MFA), a method, that requires multiple authentication methods, to verify a user’s identity.
Page 31 :
How does access control work?, • Once a user is authenticated, access control, then authorizes the appropriate level of, access and allowed actions associated with, that user’s credentials and IP address.
Page 32 :
How does access control work?, • There are four main types of access control., Organizations typically choose the method, that makes the most sense based on their, unique security and compliance requirements., The four access control models are:
Page 33 :
How does access control work?, • Discretionary access control (DAC): In this, method, the owner or administrator of the, protected system, data, or resource sets the, policies for who is allowed access.
Page 34 :
How does access control work?, • Mandatory access control (MAC): In this, nondiscretionary model, people are granted, access based on an information clearance. A, central authority regulates access rights based, on different security levels., • This model is common in government and, military environments.
Page 35 :
How does access control work?, • Role-based access control (RBAC): RBAC grants, access based on defined business functions, rather than the individual user’s identity., • The goal is to provide users with access only to, data that’s been deemed necessary for their roles, within the organization., • This widely used method is based on a complex, combination of role assignments, authorizations,, and permissions.
Page 36 :
How does access control work?, • Role-based access control (RBAC): RBAC grants, access based on defined business functions, rather than the individual user’s identity., • The goal is to provide users with access only to, data that’s been deemed necessary for their roles, within the organization., • This widely used method is based on a complex, combination of role assignments, authorizations,, and permissions.
Page 37 :
How does access control work?, • Attribute-based access control (ABAC): In this, dynamic method, access is based on a set of, attributes and environmental conditions, such, as time of day and location, assigned to both, users and resources.
Page 38 :
Why is access control important?, • Access control keeps confidential information, such as customer data, personally identifiable, information, and intellectual property from, falling into the wrong hands., • It’s a key component of the modern zero trust, security framework, which uses various, mechanisms to continuously verify access to, the company network.
Page 39 :
Why is access control important?, • There are two types of access control: Physical, and Logical., • Physical access control limits access to, campuses, buildings, rooms and physical IT, assets., • Logical access control limits connections to, computer networks, system files and data.
Page 40 :
Why is access control important?, • The goal of access control is to minimize the, security risk of unauthorized access to physical, and logical systems., • Access control is a fundamental component of, security compliance programs that ensures, security technology and access control policies, are in place to protect, confidential information, such as customer, data.
Page 41 :
Why is access control important?, • Most organizations have infrastructure and, procedures that limit access to networks,, computer systems, applications, files and, sensitive data, such as personally identifiable, information (PII) and intellectual property.
Page 42 :
How to access control works, • These security controls work by identifying an, individual or entity, verifying that the person, or application is who or what it claims to be,, and authorizing the access level and set of, actions associated with the username or, Internet Protocol (IP) address.
Page 43 :
How to access control works, • Directory services and protocols, including, Lightweight Directory Access Protocol (LDAP), and Security Assertion Markup Language, (SAML), provide access controls for, authenticating and authorizing users and, entities and enabling them to connect to, computer resources, such as distributed, applications and web servers.
Page 44 :
Security Standards, • To make cybersecurity measures explicit, the, written norms are required., • These norms are known as cybersecurity, standards., • The generic sets of prescriptions for an ideal, execution of certain measures.
Page 45 :
Security Standards, • The standards may involve methods,, guidelines, reference frameworks, etc. It, ensures efficiency of security, facilitates, integration and interoperability, enables, meaningful comparison of measures, reduces, complexity, and provide the structure for new, developments.
Page 46 :
Security Standards, • Security standards are generally provided for, all organizations regardless of their size or the, industry and sector in which they operate., • This section includes information about each, standard that is usually recognized as an, essential component of any cybersecurity, strategy.
Page 47 :
Security Standards, •, •, •, •, •, , ISO, IT Act, Copyright Act, Patent Law, IPR
Page 48 :
Security Standards, • ISO stands for International Organization for, Standardization. International Standards make, things to work., • These standards provide a world-class, specification for products, services and, computers, to ensure quality, safety and, efficiency., • They are instrumental in facilitating, international trade.
Page 49 :
Security Standards, • ISO standard is officially established On 23, February 1947. It is an independent, nongovernmental international organization., • Today, it has a membership of 162 national, standards bodies and 784 technical, committees and subcommittees to take care, of standards development.
Page 50 :
IT Act, • The Information Technology Act also known as, ITA-2000, or the IT Act main aims is to provide, the legal infrastructure in India which deal, with cybercrime and e-commerce., • This act is also used to check misuse of cyber, network and computer in India.
Page 51 :
Copyright Act, • The Copyright Act 1957 amended by the, Copyright Amendment Act 2012 governs the, subject of copyright law in India., • Copyright is a legal term which describes the, ownership of control of the rights to the, authors of "original works of authorship" that, are fixed in a tangible form of expression.
Page 52 :
Copyright Act, • The copyright act covers the followingRights of copyright owners, • Works eligible for protection, • Duration of copyright, • Who can claim copyright
Page 53 :
Patent Law, • Patent law is a law that deals with new, inventions. Traditional patent law protect, tangible scientific inventions, such as circuit, boards, heating coils, car engines, or zippers.
Page 54 :
IPR, • Intellectual property rights is a right that allow, creators, or owners of patents, trademarks or, copyrighted works to benefit from their own, plans, ideas, or other intangible assets or, investment in a creation.
