4_Information Security_methodical_lesson_2_v

Methodological Instructions

Theme: Information Security

Objective: 10.6.2.1 explain the meaning of information security, confidentiality, integrity and accessibility

Assessment criteria

Explain what the terms information security, privacy and data sustainability

Know the differences between the terms information security, privacy and integrity

Basic Level:

Multiplication table (7-9 grade)

Key words and phrases:

Numeral system, binary, hexadecimal, octal and decimal system alphabet and how translate between numeral systems and vice versa, Numeral system is a ____

Translate number from binary system to decimal system…

I.                   THEORY

Information security

Information security, sometimes shortened to InfoSec, is the practice of preventing unauthorized access, use, disclosure, disruption, modification, inspection, recording or destruction of information. The information or data may take any form, e.g. electronic or physical. Information security's primary focus is the balanced protection of the confidentiality, integrity and availability of data (also known as the CIA triad) while maintaining a focus on efficient policy implementation, all without hampering organization productivity. This is largely achieved through a multi-step risk management process that identifies assets, threat sources, vulnerabilities, potential impacts, and possible controls, followed by assessment of the effectiveness of the risk management plan.

To standardize this discipline, academics and professionals collaborate and seek to set basic guidance, policies, and industry standards on password, antivirus software, firewall, encryption software, legal liability and user/administrator training standards. This standardization may be further driven by a wide variety of laws and regulations that affect how data is accessed, processed, stored, and transferred. However, the implementation of any standards and guidance within an entity may have limited effect if a culture of continual improvement isn't adopted.

Confidentiality of information is a requirement for a person who has received access to any information not to transfer this information to third parties without the consent of its owner. The very word "Confidentiality" comes from the English "confidence", in translation it means "trust." It is precisely because the confidentiality of information is respected that a person, having entrusted his personal data to state bodies, can be sure that they will not fall into the wrong hands and will not be used against him. Also, the confidentiality of information is of great importance while maintaining state and commercial secrets.

Confidentiality is a guarantee that information can be read and interpreted only by people and processes that are authorized to do so. Ensuring confidentiality includes procedures and measures preventing disclosure by unauthorized users. Information that may be considered confidential is also called sensitive. An example would be a mail message that is protected from being read by anyone other than the addressee.

Confidentiality is a property of information that ensures that only certain persons have access to information.

For example. The company "Mercury" has information, namely the sales report. Access is available only to employees of the sales and accounting department. Moreover, the staff of the sales department have all the information (it will be described in more detail below), and the accounting department only for the final calculations (in order to calculate sales taxes.).

Thus, confidentiality means not only access to information, but also the delimitation of access to information, then Petrov has access to one piece of information, Serikov to the second, and Ismailov to all the information.

The integrity of information is the condition that the information has not been changed when performing any operation on it.

Integrity is the guarantee that the information remains unchanged, correct and authentic. Ensuring integrity involves the prevention and definition of unauthorized creation, modification, or deletion of information. An example would be measures to ensure that the mail message was not changed during shipment.

Integrity is a property of information that ensures that only certain individuals can change information.

For example.

1. Let's continue the example with the firm "Mercury" and with their sales report. As it was said earlier, the Sales Department has access to all information, and the accounting department only to a certain part. But for safety, this is still not enough. It is also necessary to differentiate access among the Sales Department. The department has two specialists Serikov and Petrov, each with their own report. It is necessary that everyone can have the right to write only in their report. Suddenly, Petrov underestimated sales of Serikov.

2. The firm "Mercury" created and sent a payment on the RB to his bank, but the hacker Talgat intercepted the payment and inserted the number of his account in the recipient field. This is a direct violation of integrity. To avoid this, it is necessary to take a number of measures, for example, EDS.

3. Illegal change of information can also bring many problems. For example, an attacker can forge any document, as a result of which damage can be caused. Or the integrity of the data may be compromised as a result of a power outage.

Data integrity can be verified in various ways. The most common is hash functions. The hash function calculates a certain value according to information from one of the numerical methods. This value has a fixed size. It is called a hash sum. The hash function is designed so that even with a slight change in information, the hash sum is very different from the original. If the value of the hash sum is different from what was received earlier - the information has been changed.

The availability of information means that subjects who have the right to access information can use it without hindrance at any time. There are several different types of access rights to information. These are the rights to read, copy, modify and delete it. In order to avoid loss of information access rights, it is important to distinguish between people.

Accessibility is the guarantee that authorized users can access and work with information assets, resources and systems that they need, while ensuring the required performance. Ensuring accessibility includes measures to maintain the availability of information, despite the potential for interference, including system failure and deliberate attempts to violate accessibility. An example would be access protection and ensuring the throughput of the mail service.

Accessibility is a property of information that ensures that people who have access to information can access at the right time.

For example. The general director of the firm “Mercury” came to work on Monday morning, turned on the computer and was surprised to find that he could not open the sales base for sales. So what happened? Elementary Watson! On Sunday night, a pipe burst in the ceiling, water got into the computer where the base was stored, and the hard drive burned safely. Since the director has never heard of information security, and the local network was created by a student, there was no backup or redundancy in the form of RAID. This is the simplest example, you can cite a bunch of examples, the company's website was not available and the client could not open the website of one company, but opened another website and naturally bought the product of the second company.

VISUAL AIDS AND MATERIALS.

1.                  Slides

2.                  https://www.techopedia.com/definition/10282/information-security-is

3.                  https://zerde.gov.kz/en/activity/information-security/

4.                  https://searchsecurity.techtarget.com/definition/information-security-infosec

5.                  Скачано с www.znanio.ru