1. Information Security Basics of the Information Security Sohrab Monfared IT Instructor / Security Specialist @CentreICT

2. Information security aka. InfoSec Information security, sometimes shortened to InfoSec, is the practice of Defending information from unauthorized access, use, disclosure, disruption, modification, perusal, inspection, recording or destruction. It is a general term that can be used regardless of the form the data may take (electronic, physical, etc.) 3. Defending? Defend from who? Competitor BMW vs Toyota P.R.C. vs U.S.A. Huawei vs CISCO Black Hat Hackers IT Specialists who are mostly hired by Organized/Unorganized criminals. 4. Who is the target though? Governments Oh, you've got some economical plans? Let us have a look ;) Military New artillery shell? New machine gun? Corporations You've got some products? We(Attackers) may want to damage it or maybe make a copy. Financial Institutions Mr.X is a rich guy, let's see how many Franklins he has in his account. 5. Key Concepts of InfoSec CIA! not FBI, nor NSA! Confidentiality Integrity This means that data cannot be modified in an unauthorized or undetected manner. Availability The system and the resources should works properly and be available. 6. How to make it secure then? No way, you can not ;) In the best case, you can reduce the damage and the causality of a data breach. But wait... I think I've got some hints for that. 7. Logical vs Physical First we decide it by logic, then we apply it by physic :D Logical: Least Privileges Do we really need to run the Firefox as administrator? Physical: Separation of Duties A web developer doesn't need the root password of the server. 8. Who DID it? Who was wise and well informed! Defense In Depth is the most effective method of defense. 9. Access Control Access to protected information must be restricted to people who are authorized to access the information. Access control is generally considered in three steps: Identification Who are you? Are you really Dean Davis? Authentication How can you prove that? Any driver's license? Authorization Okay Mr.Davis but wait... You are a Programmer, not a Network Administrator! 10. Cryptography Information security uses cryptography to transform usable information into a form that renders it unusable by anyone other than an authorized user. What about Encryption? It was the exact definition of the Encryption and for doing it, we use the Cryptography techniques. Hello J$$$qpys (Encryption) J$$$qpys Hello (Decryption) 11. Almost done... Thanks for your attention (Questions are welcome)