Information Security - Comprehensive

University-Level Notes
1. Confidentiality
Confidentiality is a fundamental aspect of the CIA triad in information security. It ensures
that sensitive information is accessible only to those authorised to view it. Confidentiality
protects data from unauthorised access, disclosure, or exposure during storage or
transmission.

Techniques to enforce confidentiality include encryption (e.g., AES, RSA), secure

authentication methods (e.g., passwords, biometrics, multi-factor authentication), and
access controls (DAC, MAC, RBAC). Ensuring confidentiality is critical in healthcare (HIPAA),
finance, military, and government sectors.

Common threats to confidentiality include eavesdropping, data interception, man-in-the-

middle attacks, and insider threats. Mitigation involves the use of encrypted channels (e.g.,
TLS), Virtual Private Networks (VPNs), and regular access audits.

2. Integrity
Integrity ensures that data remains accurate, consistent, and trustworthy throughout its
lifecycle. Any modification, whether accidental or malicious, should be detectable.

Key tools include cryptographic hash functions (SHA-256), which generate unique hash
values for data, and digital signatures which combine hash values with public-key
cryptography to verify authenticity. Checksums and Message Authentication Codes (MACs)
are also used.

Threats to integrity include data tampering, malware infections, SQL injection attacks, and
software bugs. Maintaining data integrity is especially critical in systems where errors can
have legal, financial, or safety consequences (e.g., banking transactions, medical records).

3. Vulnerabilities
A vulnerability is a weakness in a system, application, or process that can be exploited to
compromise its confidentiality, integrity, or availability.

Types include software vulnerabilities (e.g., buffer overflows, code injection), hardware
vulnerabilities (e.g., Spectre, Meltdown), configuration issues (e.g., default passwords), and
human factors (e.g., phishing, poor password hygiene).
Vulnerability management involves identification (via vulnerability scanners like Nessus),
classification (CVSS scores), prioritisation, and remediation (patches, updates, mitigation
strategies). Organisations should maintain a vulnerability management lifecycle for
effective defence.

4. Prevention
Prevention encompasses proactive security controls and strategies designed to stop attacks
before they cause harm.

Preventive measures include deploying firewalls to filter traffic, anti-malware software,

applying least-privilege principles, strong password policies, and regular software updates.
Network segmentation and endpoint protection platforms also contribute to prevention.

While no system can be 100% secure, prevention aims to reduce the attack surface and
delay or deter attackers. Prevention complements detection and response mechanisms in a
layered defence model.

5. Cyber Security
Cybersecurity is the practice of protecting systems, networks, devices, and data from cyber
threats, including hacking, ransomware, phishing, and denial-of-service attacks.

It covers various domains such as network security, application security, information

security, operational security, disaster recovery, and user education. The CIA triad—
Confidentiality, Integrity, and Availability—is at its core.

Modern cybersecurity strategies involve firewalls, intrusion detection/prevention systems

(IDPS), endpoint detection and response (EDR), threat intelligence, and incident response
planning. Cybersecurity is governed by policies, frameworks (e.g., NIST, ISO 27001), and
compliance regulations (e.g., GDPR, HIPAA).

6. Firewall
A firewall is a hardware or software system that enforces a network security policy by
controlling incoming and outgoing traffic.

Types of firewalls include packet-filtering (filters based on IP, port), stateful inspection
(monitors the state of active connections), application-layer (filters traffic based on
application data), and next-generation firewalls (NGFWs) that combine deep packet
inspection with intrusion prevention.
Firewalls use rules or policies to decide whether to allow or block specific traffic. They are
vital for segmenting networks, creating DMZs, and preventing unauthorised access to
internal systems.

7. IDP (Intrusion Detection and Prevention System)

An IDP system detects and actively prevents malicious activities on a network or host.

It combines functionalities of IDS (Intrusion Detection System) and IPS (Intrusion

Prevention System). IDS detects threats and sends alerts, while IPS can block them in real
time.

IDP systems analyse traffic using signature-based detection (matching known attack
patterns) or anomaly-based detection (spotting deviations from normal behavior). They are
critical for identifying zero-day threats, internal threats, and policy violations.

8. Intrusion Detection
Intrusion Detection Systems (IDS) monitor system or network traffic to detect unauthorised
access or anomalies.

Types include Network IDS (NIDS), which monitors traffic at a network level, and Host IDS
(HIDS), which monitors activities on a single host. Detection methods include signature-
based and anomaly-based techniques.

IDS are crucial for early threat detection, forensic analysis, and alerting security teams.
However, they do not prevent attacks and can produce false positives if not tuned properly.

9. CBA (Cost-Benefit Analysis)

Cost-Benefit Analysis (CBA) in security evaluates the economic viability of implementing a
control against the potential damage from a threat.

The process involves identifying assets, estimating potential losses from specific threats,
and comparing this with the cost of deploying a safeguard. If the benefit (i.e., avoided loss)
exceeds the cost, the investment is justified.

CBA helps organisations prioritise investments and optimise resource allocation. It is often
used in conjunction with risk assessment methodologies.

10. Physical Security

Physical security protects IT infrastructure, personnel, and data from physical actions and
events that could cause serious loss or damage.
Controls include access control mechanisms (badges, biometrics), surveillance (CCTV),
barriers (fences, locks), and environmental controls (fire suppression, climate control).

Threats include theft, natural disasters, vandalism, and unauthorised physical access.
Physical security must align with digital security strategies to ensure full protection of
assets.

11. Bull’s Eye Model

The Bull’s Eye Model is a strategic framework for implementing security in a layered and
prioritised manner.

It is structured in concentric layers: Policies (core rules and governance), Network (routing,
segmentation), Systems (servers, endpoints), and Applications (software, services). Security
implementation begins from the centre (policies) and expands outward.

This model ensures that technical measures are guided by organisational goals and policies,
allowing efficient and aligned deployment of security resources.

12. Biometric Security

Biometric security uses unique physical or behavioral traits to authenticate users. It is
considered more secure and user-friendly than traditional methods.

Types include fingerprint recognition, iris scans, facial recognition, voice recognition, and
hand geometry. Biometric systems involve enrollment, template storage, and matching
during authentication.

Advantages: difficult to forge, eliminates password fatigue. Disadvantages: privacy

concerns, high cost, false acceptance/rejection rates, and susceptibility to spoofing without
liveness detection.

13. Risk Management

Risk management in cybersecurity involves identifying, assessing, and controlling risks to
an organisation’s digital assets.

Steps: 1) Asset identification, 2) Threat and vulnerability analysis, 3) Risk assessment

(likelihood × impact), 4) Mitigation strategies (avoid, transfer, reduce, accept).

Effective risk management helps prioritise security efforts, comply with legal requirements,
and reduce the likelihood and impact of security incidents. Tools include risk matrices,
business impact analysis, and threat modelling.

14. Additive Cipher (Caesar Cipher)

An additive cipher is a type of substitution cipher where each letter in the plaintext is
shifted a fixed number of positions in the alphabet.

Caesar Cipher is a classic example. For encryption: C = (P + k) mod 26; for decryption: P = (C
- k) mod 26, where k is the shift key. Only 25 possible keys, making it easy to break via
brute-force.

Although insecure by modern standards, it illustrates the principles of encryption and is a

foundation for more advanced cryptography such as symmetric key algorithms.