Information Security

Maintaining confidentialityintegrity, and availability. Sensitive information is only disclosed to authorized parties 

CIA TRIAD

3 Pillars of Information Security
  • Confidentiality:- sensitive information is only disclosed to authorized parties
  • Integrity:- prevent unauthorized modification of data.
  • Availability:-guarantee the data can be accessed authorized parties when requested

Many of us know what CIA is, but if someone ask you about DAD. ?

  • D- Disclosure
  • A- Alteration
  • D- Destruction

The opposite for Confidentiality is Disclosure, Integrity is Alteration and Availability is Destruction.

 SecurityTerminologies:

  • Asset:-  Any Important information about the organization like Computers, servers, data, documents etc.
  • Risk:-Probability of something happening or occurrence.

Risk= Probability * Threat * Vulnerability      or

Risk = likelihood * Impact

  • Threat: -a person or thing likely to cause damage or danger.
  • Vulnerability:-Loophole
  • Payload:-the actual information or message in transmitted data.
  • Exploit:  a software tool designed to take advantage of a flaw in a computer system, typically for malicious purposes such as installing malware.

Difference between Hacking & Ethical Hacking:

  • Hacking means to illegally access other people’s computer systems in order to destroy, disrupt or carry out something illegal.
  • Ethical Hacking is an Authorized way of Hacking

Black Box, Grey Box, and White Box Testing:

Type of Testing

Black box testing
A system without having specific knowledge to the internal workings of the system, no access to the source code, and no knowledge of architecture. In this, You have nothing just a single domain to hack into the full organization.

White box testing
A system with full knowledge and access to all source code and architecture documents. In this, you have full knowledge of network infrastructure etc. to perform security testing.

Gray box testing
A system while having at least some knowledge of the internals of a system like user’s credentials, number of network devices, number of pages in an application etc.

 

2 thoughts on “Information Security

Leave a Reply to veer sharma Cancel reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s