Unit 1 | HTCS 601 Notes | Security Assessment and Risk Analysis Notes | Aktu Notes

Unit 1 | HTCS 601 Notes | Security Assessment and Risk Analysis Notes | Aktu Notes



    SECURITY BASICS


    Information Security (INFOSEC) Overview

    Information Security (INFOSEC) means protecting important data or information from unauthorized access, use, damage, or theft. It ensures that data stays safe, correct, and available when needed.

    Critical Information Characteristics

    These are three main features that define how secure important data is:

    a. Confidentiality

    Means only authorized people can access the data.
    Example: Your bank details should only be known to you and your bank.

    b. Integrity

    Means the information should be correct and not changed by unauthorized people.
    Example: If someone changes your marks in the database, it breaks integrity.

    c. Availability

    Means information should be available whenever needed, especially to authorized users.
    Example: If your college server is down and you can’t check your results, availability is lost.

    Information States

    Information goes through three states and each state must be protected:

    a. Storage

    When data is saved in devices (like hard drives, servers).
    Example: Your college stores your records in a database. That data must be secure.

    b. Processing

    When data is being used or changed by a computer program.
    Example: When your result is being calculated based on your marks.

    c. Transmission

    When data is being sent from one place to another.
    Example: Sending your email or submitting a form online.

    Security Countermeasures


    These are the ways to protect data from threats and risks:

    a. Education, Training, and Awareness
    • People should be taught how to use systems securely.

    • Training helps users avoid common mistakes like clicking on harmful links.

    • Awareness helps people understand risks like phishing and social engineering.
    b. Policy, Procedures, and Practices

    • Policy: Set of rules for using systems securely (like password rules).

    • Procedures: Step-by-step instructions for secure operations (like how to back up data).

    • Practices: Everyday habits that ensure security (like locking your screen).

    Threats

    Threats are anything that can damage or misuse data or systems.

    Examples:

    • Hackers trying to break into a system

    • Viruses and malware

    • Natural disasters (like floods or fire damaging hardware)

    • Human errors (like deleting files by mistake)

    Vulnerabilities

    Vulnerabilities are the weak points in a system that threats can attack.

    Examples:
    • Weak passwords

    • Unpatched software

    • Misconfigured servers

    • Lack of user training

    No comments:

    Post a Comment