Information

Security
Lecture 1
Introductio
nOsamah Ahmad
[email protected]
 Lecture 01
• Course policies (attendance, • What is Cyber-security?
assessment)
• Information Security vs
• Introduction Cybersecurity
• Motivation • Why Cyber security is
• Why Information Security? Important?
• Introduction to the Course
• Why we need information
security?
• What is information
Security?
• What is
Cyberspace?
Attendance
Policy
• 75% Presence is required as per university policy.
• Once attendance is marked, students marked absent will
remain absent; even if you arrive later.
• Students are advised to come to the class on time. students
arriving 15 minutes late in class will be marked as absent.
Makeup
Policy
• No makeup for assignment, quizzes, projects or exam – No
exceptions.
• Surprise Quizzes – Not necessary.
• No Best of Quizzes/Assignments
Zero Tolerance of
Cheating
• Plagiarism/Copy/Cheating is highly condemned and
those involved in this process will get zero marks.
• Any form of cheating will earn you zero Marks.
• This policy will be applied to all students involved in
the incidence
• Including those whose material was copied

5
 Assessment
division
Assignments 15%
Quizzes 15%
Mid Term 20%
Coursera Assignment 20%

Final Exam 30%

Course Web
Resource
• Course web resource:
• http://moellim.riphah.edu.pk/

• Here you will find:

• course material, lecture slides, assignment submission,
course announcements, etc.
• Important Announcement to Respective CR
 Instructor
Osamah Ahmad
• Jr. Lecturer: Faculty of Computing, RIU
• Education
• MS (Information Security) from RISE
• BS COMSATS University Islamabad
• Certifications
• CEH
• CHFI
Introduce yourself

• Name
• Interests in IS

• Any Interest/work in area of Information Security

 State of IS 2022
Interesting STATS

10
Information Security

• Objective of this course is to cover the breath of the field of

the Information Security
• Course contents are largely inspired by:
• Certified Information Systems Security Professional
(CISSP)
• Most credible IS certification since 1994
• International Information Systems Security Certification
Consortium (ISC)2
• https://www.isc2.org/cissp-training.aspx
• Eight domains of security make up the CISSP Common Body
of Knowledge (CBK)
• Covers breath of the Information Systems Security
• An Inch Deep & A Mile Wide
Recommended
Books
• Official (ISC)2 Guide to the CISSP CBK
• 6th Edition
• 2021

• ALL-IN-ONE CISSP EXAM GUIDE

• By Shon Harris
• Sixth Edition
• McGraw Hill, 2013
Reference
Books
• Computer Security: Principles and Practice, 3rd edition by
William Stallings
• Principles of Information Security, 6th edition by M.
Whitman and H. Mattord
• Computer Security, 3rd edition by Dieter Gollmann
• Computer Security Fundamentals, 3rd edition by William
Easttom
 Why we study information
Security?
• A cyber security degree teaches you:
• How to protect computer,
• Software Systems
• Networks
• Data from cyber attacks.
• You’ll learn how to monitor systems and mitigate threats when they
happen. Below are just some of the reasons you might want to study
init.
• Growing job opportunities
• Application analyst
• Security analyst
• Security engineer
• Security architect
• Make an impact
• Fast-moving industry
Why we study information
Security?) Cont.…
Why we study information
Security?) Cont.…
Why we study information
Security?) Cont.…
Motivation (Why we study
information Security?) Cont.…
 Introduction to the
Course
Introduction to Information security domains (old: 10 domains, New 8
Domains)
1. Security Governance & Risk Management
2. Security Architecture and Design
3. Access Control
4. Cryptography
5. Telecommunications & Network Security
6. Software Development Security
7. Physical (Environmental) Security
8. Security Operations,
9. Business Continuity & Disaster Recovery Planning
10. Legal, Regulations, Investigations & Compliance
 Introduction to the Course
Cont..
• Introduction to Information security domains
(New 8 Domains)
1. Security & Risk Management
2. Asset Security
3. Security Engineering + Cryptography
4. Communications & Network Security
5. Identity and Access Management
6. Security and Assessment and Testing
7. SecurityOperations + Business
Continuity & Disaster Recovery Planning
8. Security in Software Development Life Cycle
 Need for information
•
security?
To prevent data breaches
• loss of critical business information is quite common
• breaches involving business secrets, confidential health information, and intellectual
property
• To check for compromised credentials and broken
authentication
• or key
Usually a result of lack of authentication, weak passwords, and poor certificate
management
• To avoid account hijacking
• Phishing, fraud, and software exploitations are still very common
• Third-party applications can be used by attackers to launch attacks
• To mitigate cyber threats from malicious insiders
• Intruder can destroy the whole information infrastructure or manipulate data for their own
purpose
• responsibility of an organization
• To take effective measures to control the encryption process and keys.
• Effective monitoring, logging, and auditing activities are extremely important to keep everything
under control.
 What is information
security?
• The state of being protected against the
unauthorized use of information, especially
electronic data, or the measures taken to
achieve this.
• Information security (IS) is designed to
protect the Integrity, Confidentiality and
Availability of Information from those with
malicious intents.
 What is
Cyberspace?

Cyberspace allows users to share information, interact,

swap ideas, play games, engage in discussions or
social forums, conduct business and create intuitive
media, among many other activities.

The term cyberspace was initially introduced by

William Gibson in his 1984 book, Neuromancer.
 What is
•
Cybersecurity?
The virtual space created by interconnected computers and computer
networks on the Internet.
• Cybersecurity is defined by NIST as the
• “ability to protect or defend the use of cyberspace from cyber attacks.”
• Simply, cybersecurity is related to attacks from the inside or outside of an organization.
It is the framework of protecting and securing anything that is vulnerable to hacks,
attacks, or unauthorized access which mainly consists of computers, devices, networks,
servers, and programs.
 Cybersecurity vs Information
Security
Cybersecurity is meant to protect Information security is intended to
attacks in cyberspace such as protect data from any form of threat
data, storage sources, devices, regardless of being analogue or
etc. digital.

Cybersecurity usually deals with

cybercrimes, cyber frauds and information security deals with
law enforcement. unauthorised access, disclosure
modification and disruption.

Information security, on the

other hand, lays the foundation
Cybersecurity is handled by of data security and includes the
professionals who are trained to prioritizing the resources first
deal with advanced persistent before eradicating the threats or
threats (APT) specifically. attacks.
 Why Cyber security is
Important?
• Cybersecurity is important because it protects
all categories of data from theft and damage
• This includes
• Sensitive data, personally identifiable information (PII),
protected health information (PHI), personal information,
intellectual property, data, and governmental and
industry information systems.
• Without a cybersecurity program,
• organizations cannot defend itself against data breach
campaigns, making it an irresistible target for
cybercriminals.
 Summary of Lecture 01
• Students failing to maintain the minimum 75% attendance as
per university policy will not be allowed to appear in the
final exam.
• Growing job opportunities
• Need for information security
• Cyberspace and cybersecurity
 End of Lecture 01
• Course policies (attendance, • What is Cybersecurity?
assessment) • Information Security vs
• Motivation Cybersecurity
• Why you study Information • Why Cyber security is
Security? Important?
• Introduction to the Course
• Why we need information
security?
• What is information
Security?
• What is
Cyberspace?