MAJOR PROJECT THEME

                                     

                          INFORMATION SECURITY:

Information security is defined as the protection of information and systems from unauthorized access, use, disclosure, disruption, modification, or destruction in order to provide confidentiality, integrity, and availability.(NIST)

The three fundamental principles of information security are confidentiality, integrity, and availability. Each component of the information security program must be developed to incorporate one or more of these concepts. They are known as the CIA Triad when they work together.

CONFIDENTIALITY: It deals with preventing the unauthorized reading of information. for instance, an unauthorized person cannot read or access to data and information of any users without his consent.

INTEGRITY: It deals with preventing or at least detecting unauthorized "writing".Integrity is one of the important aspects of information security for user to access their data without any fear of cybercrime.

AVAILABILITY:  Availability has become fundamental issue in information security these days. Due to malicious attacks on information frequently these days, the availability of data has been of much concerned now.

                                 Types of Information Security

While there are several types of information security, the most typically utilized in the IT industry include:

    Application Security, Infrastructure Security, Cloud Security, and Cryptography.

  1. Application security: Application security is a method of protecting applications and programming interfaces (APIs) in order to detect, prevent, and identify flaws and other intrusions in your applications. Documentation,  authorization, encoding, and application security checking are all application security characteristics. 

2. Infrastructure security: Infrastructure security relates to the protection of equipment assets such as computers, communications systems, and cloud materials. The goal of infrastructure security is to safeguard against typical cyber crimes as well as natural disasters and other mishaps. Infrastructure security is also important in lowering the chance of damage due to malfunction. 

3. Cloud security :Cloud security is similar to application and infrastructure security, but it focuses only on cloud computing or cloud-connected components and data. Cloud computing security is another name for cloud security, which is a set of security measures designed to protect data, apps, and cloud-based configurations. 

4. Cryptography: Cryptography is the process of encrypting data in order to secure it. It is an information security technique that employs codes to protect trustworthy data from cyber threats. To encrypt data, InfoSec teams use mathematical hypotheses and a set of rule-based computations known as algorithms to modify communications in ways that make them impossible to decode or decrypt.

                                Policy on Information Security

An Information Security Policy (ISP) is a collection of regulations that persons must follow when utilising IT assets. Businesses can develop information security policies to guarantee that workers and other users adhere to security rules and processes. Security rules are designed to ensure that sensitive systems and information are only accessible to authorised users. 

   There are many information securities threat in information security:

            1.Unsecure or Poorly Secured Systems

            2.Social Media Attack

           3.Malware on Endpoints

          4.Security Misconfiguration

          5. Active vs passive attack.

       The primary elements and facets of information security are as follows: 

1. Protection of information (in the sense of safeguarding private information, state and official secrets, and other types of restricted information).

2. Computer security or data security - a collection of hardware and software that ensures the storage, confidentiality, and access to data in computer network.

3.Protection of information and supporting infrastructure from unintentional or malicious effects of a natural disaster.

 

 

 

 

 

 

 

References:  Usmonov, M. (2021) 'Computer and Information Engineering', International Journal of Academic and Applied Research (IJAAR),Vol. 5 Issue 1, January - 2021, Pages: 5-8(Available at:https://scienceweb.uz/publication/6479)

             Asif, S. (2023) Knoweldgehut. Available at: https://www.knowledgehut.com/blog/security/what-is-information-security(Accessed date: May 8 2023)

  Stamp, M., 2011. Information security: principles and practice. John Wiley & Sons.