Cyber Security is a very complex term which passes through multi-dimensional request and response. In the current age, it is a challenging task for a small enterprise to big enterprise to secure themselves from external and internal cyber-attacks.
Cyber Security is a subset of information security which deals with securing the information, data and from both internal and external cyber threats. It is a proactive practice to safeguard the confidential information of the organization from unauthorized access by enforcing the layered security policies and protocol.
The task is more complex due to the variety of nature of cyber-attacks and the inability of quality response in the absence of adequate security measures.
The word 'Cyber' is not singular; it has its many forms to understand the concept using different terminologies such as:
● Cyber Space: It’s a virtual world of the digital data formed by bits.
● Cyber Economy: Complex structure of interconnected networked systems and its environment.
Cyber Space is a manmade ecosystem. It comprises of all interconnected networks, database, a source of information.
Cyber Space is not only including the software, hardware, data and information system, but the people surrounding it and social interaction within this network and infrastructure.
According to NIST (National Institute of Standards and Technology), Cyber Security is "The ability to protect or defend the use of cyberspace from cyber attacks."
SECURITY CONCEPTS
Information content & information determinacy determine the type of software applications. Content refers to input & output data, determinacy refers to the predictability of order & timing of information.
There are three different tools which are useful for system designers to make a robust and secure product i.e. Confidentiality, Integrity, and Availability.
In the above image, there are three key concepts shown and all three are related to each other, which is known as the CIA triad, it is considered to be the main pillars of the security, which anyone who protects an information system must understand: Confidentiality, Integrity, and Availability. Each component is critical to overall security, with the failure of any one component resulting in potential system compromise.
Confidentiality: It means to protect personal privacy information from unauthorized access to devices, processes or individuals. If we understand it in the parts, it can be described as Information must have protection enable from the different types of users to access it. There must be a limitation to access the information, who are authorized can only access the information. And last the authentication system which authenticates the user before accessing information.
Integrity: It normally refers to the data integrity, or to make ensure that data stored is accurate and no unauthorized modifications are done. The loss of integrity is considered as the unauthorized modification or destruction of the information. Disrupting a message in transit can have serious consequences.
For E.g.: if it is possible to modify the fund transfer message during online banking, an attacker can take this advantage to fulfill his or her benefit by stealing the credentials. So to ensure the integrity of this type of message is important for any security systems.
Availability: Ensuring the timely and reliable access of information to the authorized users for the systems to provide a value. The loss of the availability of the information is the loss or disruption of access to the information.
Although the use of CIA TRIAD to define security objective is well established, there are additional concepts which are important to learn and understand which makes the complete picture, they are Authentication, Authorization, and Nonrepudiation. Understanding each of the six concepts will help to implement robust security mechanisms.
Authentication: The primary goal is to focus the information on being genuine and source of the message for any security systems. This means that users are who they say and every piece of information came from the trusted source.
Nowadays we have seen Authentication system requires more than one factor of authentication, it is called Multifactor Authentication.
Such as password required combining with Fingerprint or retina scan or voice verification and PIN (Personal Identification Number), as it is useful in validating the user (owner of the fingerprint) and PIN number (something that user knows).
Authorization: It focuses on whether the user is verifiably granted permission to do so. When the system authenticates the user it also verifies and checks access privileges granted to the user. Which in simple terms means what a user can or cannot do while using the system.
Nonrepudiation: It is assuring that the sender of the data is provided with the proof of delivery and recipient is provided with the sender’s identity, so neither can deny in later part of having processed the data. In the normal physical world, it can be understood as the notary done on the stamp paper for any kind of deals. Where neither of the parties can deny the deal in the later stages
To meet such requirements, systems have to normally rely on the asymmetric cryptography or public key cryptography. While symmetric key systems use a single key to encrypt and decrypt the data. Asymmetric cryptography uses one key(private) for signing the data and another key(public) for verifying the data.
Subscribe on YouTube - NotesWorld
For PDF copy of Solved Assignment
Any University Assignment Solution
.webp)
