Digital Information Security

Sayed Ahmad Sahim

Kandahar Universitysayedahmad.sahim@gmail.com

May 20, 2015

Sayed Ahmad Sahim (Kandahar University) Digital Information Security May 20, 2015 1 / 21

Table of Contents

1 Introduction

2 Information vs Data

3 Three objectives of information security

4 Security Policy

5 90/10 RuleITIC/KnowBe4 2013-14 Survey

6 Security Violation

7 Security ObjectivesGood Computing Practices

8 Conclusion

Sayed Ahmad Sahim (Kandahar University) Digital Information Security May 20, 2015 2 / 21

introduction

SecuritySecurity is a continuous process of protecting an object from attack (Rizza,2005).

Figure : Security Definition

Sayed Ahmad Sahim (Kandahar University) Digital Information Security May 20, 2015 3 / 21

Information SecurityInformation Security refers to the protection of information from unautho-rized access, use, misuse, disclosure, destruction, modification, or disrup-tion. (Afshin Rezakhani, 2011)

Figure : Information Security

Sayed Ahmad Sahim (Kandahar University) Digital Information Security May 20, 2015 4 / 21

Information vs Data

Data is unprocessed facts and figures without any added interpretationor analysis (Dutcher, 2015).Information is data that has been interpreted so that it has meaningfor the user (Dutcher, 2015).Knowledge is a combination of information, experience and insightthat may benefit the individual or the organisation (Dutcher, 2015).

Figure : Information vs Data

Sayed Ahmad Sahim (Kandahar University) Digital Information Security May 20, 2015 5 / 21

Three objectives of information security

Confidentiality

Integrity

Availability

Sayed Ahmad Sahim (Kandahar University) Digital Information Security May 20, 2015 6 / 21

Confidentiality

Confidentiality: Confidentiality is the term used to prevent the disclosure ofinformation to unauthorized individuals or systems (Y. and hoon Kim, 2007).

Figure : Confidentiality

Sayed Ahmad Sahim (Kandahar University) Digital Information Security May 20, 2015 7 / 21

Integrity

Integrity refers to the protection of information from unauthorized modifi-cation or destruction. Ensuring integrity is ensuring that information andinformation systems are accurate, complete and uncorrupted (Y. and hoonKim, 2007).

Figure : Integrity

Sayed Ahmad Sahim (Kandahar University) Digital Information Security May 20, 2015 8 / 21

Availability

Availability refers to the protection of information and information systemsfrom unauthorized disruption. Ensuring availability is ensuring timely andreliable access to and use of information and information systems(Y. andhoon Kim, 2007).

Figure : Availability

Sayed Ahmad Sahim (Kandahar University) Digital Information Security May 20, 2015 9 / 21

CIA

Figure : cia

Sayed Ahmad Sahim (Kandahar University) Digital Information Security May 20, 2015 10 / 21

Security Policy

Security policies are the foundation and the bottom line of information se-curity in an organization.

A well written and implemented policy contains sufficient informationon what must be done to protect information and people in theorganization (SAAN, 2015).

Security policies also establish computer usage guidelines for staff inthe course of their job duties (SAAN, 2015).

Information Security policy defines framework for how to useinformation and information systems.

Sayed Ahmad Sahim (Kandahar University) Digital Information Security May 20, 2015 11 / 21

Question

You may ask.

Why do I need to learn about Security?”Isn’t this just an IT Problem?”

Good Security Standards follow the 90 / 10 Rule (University ofCalifornia):

10% of security safeguards are technical.90% of security safeguards rely on the computer user YOU toadhere to good computing practices.

Sayed Ahmad Sahim (Kandahar University) Digital Information Security May 20, 2015 12 / 21

Question

You may ask.

Why do I need to learn about Security?”Isn’t this just an IT Problem?”

Good Security Standards follow the 90 / 10 Rule (University ofCalifornia):

10% of security safeguards are technical.90% of security safeguards rely on the computer user YOU toadhere to good computing practices.

Sayed Ahmad Sahim (Kandahar University) Digital Information Security May 20, 2015 12 / 21

ITIC/KnowBe4 2013-14 Survey

ITIC/KnowBe4 2013 - 2014 Security Deployment Trends Survey, 80percent of companies identified ”end user carelessness” as thegreatest security threat to their network and data. Link

Sayed Ahmad Sahim (Kandahar University) Digital Information Security May 20, 2015 13 / 21

What are the consequences for Security violation?

Risk to integrity of confidential information

Risk to security of personal information

Loss of valuable business information

Loss of Reputation

Loss of client interest

Internal disciplinary action

Penalties

Sayed Ahmad Sahim (Kandahar University) Digital Information Security May 20, 2015 14 / 21

Security Objectives

Learn and practice good computer security practices.

Top 12 practices

Report anything unusual

If it sets off a warning in your mind, it just may be a problem!

Sayed Ahmad Sahim (Kandahar University) Digital Information Security May 20, 2015 15 / 21

Good Computing Practices

1 Unique User ID or Log-In Name2 Password Protection3 Workstation Security Physical Security4 Security for Workstations, Portable Devices & Laptops5 Data Management ”backup, archive, restore, disposal”6 Prevent the spread of viruses, Worm, Trojan and time bomb.

Sayed Ahmad Sahim (Kandahar University) Digital Information Security May 20, 2015 16 / 21

Good Computing Practices

7 Secure Remote Access8 E-Mail Security9 Safe Internet Use

10 Reporting Security Incidents / Breaches11 Your Responsibility to Adhere to Information Security Policies.12 Do not use Cracked or unlicensed softwares.

Sayed Ahmad Sahim (Kandahar University) Digital Information Security May 20, 2015 17 / 21

Conclusion

To achieve better security:

IT personnels are responsible for creating necessary security policywhich include rules for end users

Educating End Users

End Users are required to adopt and not violate security rules

Sayed Ahmad Sahim (Kandahar University) Digital Information Security May 20, 2015 18 / 21

Sayed Ahmad Sahim (Kandahar University) Digital Information Security May 20, 2015 19 / 21

Refrences

N. M. Afshin Rezakhani, AbdolMajid Hajebi. Standardization of allinformation security management systems. March 2011.

J. Dutcher. How to define data, information and knowledge. May 2015.URL http://searchdatamanagement.techtarget.com/feature/

Defining-data-information-and-knowledge.

J. M. Rizza. Computer network security. In University ofTennessee-Chattanooga Chattanooga, TN, U. S.A., April 2005.

S. I. I. R. R. SAAN. Security Policy Roadmap - Process for CreatingSecurity Policies. http://www.sans.org/reading-room/whitepapers/policyissues/

security-policy-roadmapprocess-creating-security-policies-494,2015. Accessed: 20-May-2015.

S. F. Y. and P. hoon Kim. It security review: Privacy, protection, accesscontrol, assurance and system security. April 2007.

Sayed Ahmad Sahim (Kandahar University) Digital Information Security May 20, 2015 20 / 21

The End

Sayed Ahmad Sahim (Kandahar University) Digital Information Security May 20, 2015 21 / 21