CS 415 IS Week1
CS 415 IS Week1
CS 415 IS Week1
Email: ayaz.khan@students.au.edu.pk
ayaz.khan@mail.au.edu.pk
DEPARTMENT OF
Computer science
Air University, ISLAMABAD Campus
1
COURSE OBJECTIVE
Apply various security and risk management techniques and tools for achieving
3 information security and privacy.
2
COURSE INFORMATION
Theory (100)
Evaluation Method
Distribution Marks
Quizzes (3) 10% 10
Assignments (3) 10 % 10
Practical Task / Semester
10% 10
Projects / Presentations
Midterm Exam 25% 25
Final Exam 45 % 45
Total 100 % 100
3
COURSE INFORMATION
4
COURSE RESOURCES
Reference Books:
Michael E. Whitman, Herbert J.
Mattord, “Principal of information
security”
Bruce Schneier, “Applied
Cryptography”, 2nd Edition or Latest
C.P. Pfleeger, “Security in
Computing”, Prentice-Hall, 4th Edition
or Latest
5
WHY IS SECURITY?
6
WHY IS SECURITY?
7
WHY IS SECURITY?
8
WHY IS SECURITY?
9
SECURITY THREATS
10
SPECIALIZED AREAS OF SECURITY
11
System Components
– Software
– Hardware
– Data
– People
– Procedures
– Networks
WHY IS
SECURITY
DIFFICULT?
BankIslami
BankIslami reported that the attack caused over $6 million in losses to the bank, including suspension
of the specific operations, particularly the online banking service.
Ref: https://propakistani.pk/2021/08/23/heres-a-recap-of-major-recent-cyber-attacks-in-pakistan/
Threat Landscape Elsewhere
PAKISTAN HIT BY NATIONWIDE POWER OUTAGE AFTER
GRID FAILURE
18
PAKISTAN HIT BY NATIONWIDE POWER OUTAGE AFTER
GRID FAILURE
26 (Thursday)
January 2023
1004hrs
(10:04 AM)
19
PAKISTAN HIT BY NATIONWIDE POWER OUTAGE AFTER
GRID FAILURE
https://www.zscaler.com/blogs/secur
ity-research/warhawk-new-backdoor-
arsenal-sidewinder-apt-group-0
20
CYBER SECURITY ATTACKS ON PAKISTAN MILITARY
ORGANISATIONS
•APT: NewsPenguin
21
Communities of interest
Information security
managers & professionals
Information technology
managers & professionals
Non-technical business
managers & professionals
WORLD'S BIGGEST DATA BREACHES
http://www.informationisbeautiful.net/visualizations/worlds-biggest-data-breaches-hacks/
23
COMMON SECURITY THREATS
24
GLOBAL CYBER SPACE ENVMT
26
CYBERSECURITY EFFORTS AT
NATIONAL LVL
Prevention of Electronic Crime Act 2016
National Telecom and Info Security Bd (NTISB) Cabinet Div
National Response Cen for Cyber Crime (NR3C) at FIA Isb
Cybercrime Hotline (9911) and SMS Alert Svc
27
CYBERSECURITY EFFORTS AT
NATIONAL LVL
Act for Website Monitoring - 2015
Forensic Unit at Punjab Forensic Science Agency, 2011
Digital Forensic Lab at Sind Police Forensics Div, 2012
Pakistan Research Center for Cyber Security (PRCCS)
28
CYBERSECURITY EFFORTS AT
NATIONAL LVL
Policy for Internet, Website, Email for Government – 2009/11
Act for Protection from Spam – 2009
NCCS June 2018 (Head quarter At AU)
Pakistan’s National Cyber Security Policy
National Cyber Security Academy(NCSA) 2023 (Head quarter At AU)
Soon…
29
PREVENTION OF ELECTRONIC CRIME
ACT – 2016
30
NATIONAL CYBER SECURITY CHALLENGES
31
NATIONAL CYBER SECURITY CHALLENGES
32
CONCEPTS
33
WHAT IS SECURITY?
A state of being secure and free from
danger or harm; the actions taken to
make someone or something secure
34
WHAT IS CYBER SECURITY?
35
WHAT IS CYBER SECURITY?
The protection of
information and its critical
elements, including systems
and hardware that use, store,
and transmit that information
Committee of National Security Systems (CNSS)
37
WHAT IS INFORMATION SECURITY?
38
WHAT IS INFORMATION SECURITY?
39
LIFE CYCLE INFORMATION SECURITY?
40
COMPONENTS OF INFOSEC
41
CYBER SECURITY INFORMATION SECURITY
It is the practice of protecting the data from outside the It is all about protecting information from unauthorized user,
resource on the internet. access and data modification or removal in order to provide
confidentiality, integrity, and availability.
It is about the ability to protect the use of cyberspace from It deals with protection of data from any form of threat.
cyber attacks.
Cybersecurity to protect anything in the cyber realm. Information security is for information irrespective of the
realm.
Cybersecurity deals with danger against cyberspace. Information security deals with the protection of data from
any form of threat.
Cybersecurity strikes against Cyber crimes, cyber frauds and Information security strives against unauthorized access,
law enforcement. disclosure modification and disruption.
On the other hand cyber security professionals with cyber Information security professionals is the foundation of data
security deals with advanced persistent threat. security and security professionals associated with it
prioritize resources first before dealing with threats.
It deals with threats that may or may not exist in the cyber It deals with information Assets and integrity confidentiality
realm such as a protecting your social media account, and availability.
personal information, etc.
https://www.geeksforgeeks.org/difference-between-cyber-security-and-information-security/
42
ANY QUESTION
43