Study Notes on Introduction to Information Security – Cyber Forensics | Core Paper-III SEM 1

Unit 1: Overview of Information Security

• What is Information and why should we protect it?
• Information Security
• Threats – Frauds, Thefts, Malicious Hackers, Malicious Code, Denial-of-Services Attacks and Social Engineering
• Vulnerability – Types
• Risk – an introduction
• Business Requirements
• Information Security Definitions
• Security Policies
• • Tier1 (Origination-Level)
  • Tier2 (Function Level)
  • Tier3 (Application/Device Level)
• Procedures
• Standards
• Guidelines

• What is Information, and Why Should We Protect It?
  • Information: Data that is meaningful and valuable to an individual or organization.
  • Protection Reasons:
    • Confidentiality: Preventing unauthorized access.
    • Integrity: Ensuring data accuracy and reliability.
    • Availability: Ensuring data is accessible when needed.
    • Compliance: Meeting legal and regulatory requirements.
• Information Security:
  • Definition: Measures to protect information from unauthorized access, disclosure, alteration, and destruction.
  • Components: People, processes, and technology working together to secure information.
• Threats – Frauds, Thefts, Malicious Hackers, Malicious Code, Denial-of-Services Attacks, and Social Engineering:
  • Frauds: Deceptive practices for financial gain.
  • Thefts: Unauthorized taking of information or physical assets.
  • Malicious Hackers: Individuals exploiting vulnerabilities for malicious purposes.
  • Malicious Code: Software designed to harm or exploit systems.
  • Denial-of-Service Attacks: Overwhelming a system to disrupt services.
  • Social Engineering: Manipulating individuals to gain unauthorized access.
• Vulnerability – Types:
  • Software Vulnerabilities: Flaws in software code.
  • Hardware Vulnerabilities: Weaknesses in hardware components.
  • Human Vulnerabilities: Weaknesses in human behaviour.
• Risk – An Introduction:
  • Risk: The potential for loss or harm to assets.
  • Risk Management: Identifying, assessing, and mitigating risks.
  • Risk Components: Threats, vulnerabilities, and impact.
• Business Requirements:
  • Alignment: Ensuring information security supports business objectives.
  • Legal Compliance: Adhering to laws and regulations.
  • Operational Continuity: Maintaining uninterrupted business operations.
• Information Security Definitions:
  • Confidentiality: Ensuring data is only accessed by authorized individuals.
  • Integrity: Safeguarding data from unauthorized modification.
  • Availability: Ensuring timely and reliable access to information.
• Security Policies:
  • Definition: Formalized rules and guidelines for information security.
  • Purpose: Establishing expectations and standards for security.
• Tier 1 (Origination-Level), Tier 2 (Function Level), Tier 3 (Application/Device Level):
  • Tier 1: Organization-wide policies and strategies.
  • Tier 2: Policies specific to functional areas or departments.
  • Tier 3: Policies tailored to individual applications or devices.
• Procedures:
  • Definition: Step-by-step instructions for implementing security policies.
  • Purpose: Ensuring consistency and adherence to security protocols.
• Standards:
  • Definition: Detailed technical specifications and requirements.
  • Role: Guiding the implementation and configuration of security measures.
• Guidelines:
  • Definition: Recommended practices and suggestions.
  • Flexibility: Providing general advice for adapting to specific situations.

Unit 2: Information Asset Classification

• Why should we classify information?
• Information Asset – Owner, Custodian, User
• Information Classification – Secret, Confidential, Private and Public
• Methodology
• Declassification or Reclassification
• Retention and Disposal of Information Assets
• Provide Authorization for Access – Owner, Custodian, User

• Why Should We Classify Information?
  • Protection: Safeguarding sensitive information from unauthorized access.
  • Prioritization: Allocating resources based on the importance of information.
  • Compliance: Meeting regulatory requirements for data protection.
  • Risk Management: Identifying and addressing potential vulnerabilities.
• Information Asset – Owner, Custodian, User:
  • Owner: The individual responsible for the information and its classification.
  • Custodian: Person or system managing and safeguarding the information.
  • User: Individuals with authorized access to classified information.
• Information Classification – Secret, Confidential, Private, and Public:
  • Secret: Highly sensitive information, access restricted to a select few.
  • Confidential: Restricted access to authorized personnel.
  • Private: Information for internal use, not for public disclosure.
  • Public: Information intended for public knowledge and dissemination.
• Methodology:
  • Identification: Recognizing and labelling information according to its sensitivity.
  • Categorization: Assigning specific classifications based on predefined criteria.
  • Labeling: Indicating the classification of documents or data.
• Declassification or Reclassification:
  • Declassification: Process of reducing the sensitivity of information over time.
  • Reclassification: Changing the classification of information due to changes in its importance or sensitivity.
• Retention and Disposal of Information Assets:
  • Retention Policies: Guidelines for how long information should be kept.
  • Secure Disposal: Safely disposing of information at the end of its lifecycle.
  • Data Destruction: Physical or digital methods to make information unrecoverable.
• Provide Authorization for Access – Owner, Custodian, User:
  • Owner Authorization: Granting access based on the information’s sensitivity.
  • Custodian Role: Managing and controlling access permissions.
  • User Access: Adhering to the authorized level of access granted.

Unit 3: Risk Analysis & Risk Management

• Risk Analysis Process
• Asset Definition
• Threat Identification
• Determine Probability of Occurrence
• Determine the Impact of the Threat
• Controls Recommended
• Risk Mitigation
• Control Types/Categories
• Cost/Benefit Analysis

• Risk Analysis Process:
  • Definition: Systematic evaluation of potential threats and vulnerabilities.
  • Objective: Identify, assess, and prioritize risks to an organization’s assets.
• Asset Definition:
  • Assets: Tangible and intangible items critical to an organization.
  • Identification: Define and categorize assets based on their value and importance.
  • Examples: Data, hardware, software, and intellectual property.
• Threat Identification:
  • Threats: Potential events or circumstances that can harm assets.
  • Identification: Recognizing and documenting various types of threats.
  • Sources: Natural disasters, human error, malicious attacks.
• Determine Probability of Occurrence:
  • Probability Assessment: Estimating the likelihood of threats occurring.
  • Factors: Historical data, expert judgment, environmental conditions.
• Determine the Impact of the Threat:
  • Impact Assessment: Evaluating the potential harm or consequences of a threat.
  • Criteria: Financial loss, operational disruption, reputation damage.
• Controls Recommended:
  • Risk Controls: Strategies to reduce or eliminate risks.
  • Preventive Controls: Measures to stop or minimize the likelihood of a threat.
  • Detective Controls: Measures to identify and respond to a threat.
• Risk Mitigation:
  • Mitigation Strategies: Actions taken to reduce the impact or likelihood of risks.
  • Risk Transfer: Shifting risk to third parties, like insurance.
  • Risk Acceptance: Acknowledging and consciously accepting certain risks.
• Control Types/Categories:
  • Technical Controls: Implementing security technologies.
  • Administrative Controls: Policies, procedures, and training.
  • Physical Controls: Securing the physical environment.
• Cost/Benefit Analysis:
  • Analysis: Evaluating the financial costs versus the benefits of risk controls.
  • Decision-Making: Assessing whether the cost of controls justifies the potential risk reduction.
  • Optimization: Balancing security measures with financial constraints.

Unit 4: Access Control

• User Identity and Access Management
• Account Authorization
• Access and Privilege Management
• System and Network Access Control
• Operating Systems Access Controls
• Monitoring Systems Access Controls
• Intrusion Detection System
• Event Logging
• Cryptography

• User Identity and Access Management:
  • User Identity Management: Creating, managing, and securing user identities.
  • Access Management: Controlling user access to resources and data.
  • Authentication Methods: Passwords, biometrics, multi-factor authentication.
• Account Authorization:
  • Authorization Policies: Defining what actions users are allowed to perform.
  • Role-Based Access Control (RBAC): Assigning permissions based on job roles.
  • Least Privilege Principle: Providing the minimum level of access necessary for tasks.
• Access and Privilege Management:
  • Access Management: Granting, modifying, or revoking user access.
  • Privilege Management: Controlling elevated permissions for specific tasks.
  • Access Reviews: Regular assessments of user access to ensure compliance.
• System and Network Access Control:
  • System Access Control: Policies and mechanisms to restrict system access.
  • Network Access Control (NAC): Regulating access to a network based on user and device attributes.
  • Endpoint Security: Ensuring security on devices connecting to the network.
• Operating Systems Access Controls:
  • File and Folder Permissions: Controlling access to files and directories.
  • User Account Controls (UAC): Managing privileges on Windows systems.
  • Security Policies: Defining rules for user behaviour and access.
• Monitoring Systems Access Controls:
  • Access Monitoring: Continuous tracking of user activities and access.
  • Auditing: Reviewing logs and reports to identify unauthorized activities.
  • Alerts and Notifications: Instant notifications for suspicious access patterns.
• Intrusion Detection System:
  • Function: Detecting and responding to unauthorized access or malicious activities.
  • Types: Network-based IDS, Host-based IDS.
  • Real-time Monitoring: Analyzing network traffic and system logs for anomalies.
• Event Logging:
  • Logging Events: Recording security events, user actions, and system activities.
  • Log Analysis: Reviewing logs for security incidents and compliance.
  • Retention Policies: Defining how long logs are retained for auditing and investigation.
• Cryptography:
  • Encryption: Protecting data by converting it into a secure format.
  • Decryption: Reverting encrypted data to its original form.
  • Key Management: Safeguarding cryptographic keys for secure communication.
  • Digital Signatures: Verifying the authenticity and integrity of digital messages.

Unit 5: Physical Security

• Identify Assets to be Protected
• Perimeter Security
• Fire Prevention and Detection
• Safe Disposal of Physical Assets

• Identify Assets to be Protected:
  • Assets: Tangible and intangible items of value to the organization.
  • Identification: Listing and categorizing assets for protection.
  • Importance: Forms the basis for developing a comprehensive security strategy.
• Perimeter Security:
  • Definition: Securing the physical boundaries of an organization.
  • Components: Fences, gates, access control systems.
  • Purpose: Preventing unauthorized access and protecting sensitive areas.
• Fire Prevention and Detection:
  • Prevention Measures: Fire-resistant materials, proper wiring, safe storage.
  • Detection Systems: Smoke detectors, heat sensors, fire alarms.
  • Importance: Minimizing the risk of fire-related damage and loss.
• Safe Disposal of Physical Assets:
  • Definition: Proper disposal of assets at the end of their lifecycle.
  • Methods: Secure data wiping, and physical destruction.
  • Importance: Avoiding data breaches and preventing unauthorized use of discarded assets.