Blockchain

Technology
Module 1.1
Information

• Information is organized or classified data, which has

some meaningful values for the receiver. Information is the
processed data on which decisions and actions are based.
• For the decision to be meaningful, the processed data
must qualify for the following characteristics −
• Timely − Information should be available when required.
• Accuracy − Information should be accurate.
• Completeness − Information should be complete.
Information Security

• Information Security is not only about securing information from

unauthorized access. Information Security is basically the practice
of preventing unauthorized access, use, disclosure, disruption,
modification, inspection, recording or destruction of information.
• Information can be physical or electronic one. Information can be
anything like Your details or we can say your profile on social
media, your data in mobile phone, your biometrics etc.
• Thus, Information Security spans so many research areas like
Cryptography, Mobile Computing, Cyber Forensics, Online Social
Media etc.
Information Security

• During First World War, Multi-tier Classification System

was developed keeping in mind sensitivity of information.
• With the beginning of Second World War formal alignment
of Classification System was done.
• Alan Turing was the one who successfully decrypted
Enigma Machine which was used by Germans to encrypt
warfare data.
Information Security
• Information Security programs are build around 3 objectives, commonly known as CIA – Confidentiality,
Integrity, Availability.
• Confidentiality – means information is not disclosed to unauthorized individuals, entities and process.
For example if we say I have a password for my Gmail account but someone saw while I was doing a
login into Gmail account. In that case my password has been compromised and Confidentiality has been
breached.
• Integrity – means maintaining accuracy and completeness of data. This means data cannot be edited in
an unauthorized way. For example if an employee leaves an organisation then in that case data for that
employee in all departments like accounts, should be updated to reflect status to JOB LEFT so that data
is complete and accurate and in addition to this only authorized person should be allowed to edit
employee data.
• Availability – means information must be available when needed. For example if one needs to access
information of a particular employee to check whether employee has outstanded the number of leaves,
in that case it requires collaboration from different organizational teams like network operations,
development operations, incident response and policy/change management. Denial of service attack is
Information Security
Need of Information Security

1. Protecting the functionality of the organization:

• The decision maker in organizations must set policy and
operates their organization in compliance with the complex,
shifting legislation, efficient and capable applications.

2. Enabling the safe operation of applications:

• The organization is under immense pressure to acquire and
operates integrated, efficient and capable applications. The
modern organization needs to create an environment that
safeguards application using the organizations IT systems,
particularly those application that serves as important
elements of the infrastructure of the organization.
Need of Information Security

3. Protecting the data that the organization collect and use:

• Data in the organization can be in two forms are either in rest or in motion, the motion
of data signifies that data is currently used or processed by the system. The values of the
data motivated the attackers to steal or corrupts the data. This is essential for the
integrity and the values of the organization’s data. Information security ensures the
protection of both data in motion as well as data in rest.

4. Safeguarding technology assets in organizations:

• The organization must add intrastate services based on the size and scope of the
organization. Organizational growth could lead to the need for public key infrastructure,
PKI an integrated system of the software, encryption methodologies. The information
security mechanism used by large organizations is complex in comparison to a small
organization. The small organization generally prefers symmetric key encryption of
data.
Need of Information Security
Information security is needed because some organizations can be
damaged by hostile application or intruders. There can be multiple forms of
damage which are interrelated. These includes −
• It can be damage or destruction of computer systems.
• It can be damage or destruction of internal data.
• It can be used to loss of sensitive information to hostile parties.
• It is the use of sensitive information to steal items of monetary value.
• It is the use of sensitive information against the organization’s customers
which may result in legal action by customers against the organization
and loss of customers.
• It is used to damage to the reputation of an organization.
• It can be used to monetary damage due to loss of sensitive information,
destruction of data, hostile use of sensitive data, or damage to the
organization’s reputation.