✅ What is Information Security?

(Simple Explanation)

Information Security (also called InfoSec) is about protecting information from people who
shouldn't see or change it.

💡 Simple Definition:

Information Security means keeping data safe, private, and available only to the right people.

📦 Example in Real Life:

Imagine you have a locker at home with important papers (like your marksheets, ID, or bank
documents).

 You lock it with a key — that’s security.

 You give the key only to your parents — that’s access control.

 You check the papers sometimes to make sure no one changed anything — that’s integrity
check.

In the digital world, information like passwords, credit card details, health records, etc. are stored in
computers and websites. InfoSec makes sure:

 Only the right people can see them.

 The data is correct and not changed by hackers.

 It is available when needed (like during online banking).

🔐 Why is Information Security Important?

1. Protects Personal Data

Example: Your bank login, Aadhaar number, or WhatsApp chats should be private.

2. Prevents Financial Loss

Hackers can steal money by breaking into insecure systems.

3. Builds Trust
Companies need your trust to handle your data safely (like Google or Amazon).

4. Legal Compliance
Laws like GDPR require companies to protect your data properly.

✅ Summary:

Information Security is like locking your important digital documents so that no one else can read,
change, or destroy them. It's important because it protects your privacy, money, and trust in
technology.

📊 Comparison Table: Physical Security vs Information Security

Aspect Physical Security Information Security

Protect physical items (documents, Protect digital data (files, emails,

Purpose
rooms) passwords)

Example Locking a drawer Using a password or encryption

Threats Theft, break-in, fire Hacking, phishing, malware

Access Control Physical key or ID card Username, password, OTP

Monitoring CCTV cameras Firewalls, Intrusion Detection Systems

Security Breach Someone enters a restricted area Unauthorized access to a system

🔐 Information Security Visual Diagram

+-----------------------------+

| Information Security |

+-----------------------------+

| | |

[Confidentiality] [Integrity] [Availability]

| | |

Only right people Data is Data is accessible

can access data accurate when needed

and safe

Real-world Examples:

- Use strong passwords (Confidentiality)

- Detect tampered files (Integrity)

- Backup servers to avoid downtime (Availability)

💡 Real-Life Analogy:

Real Life (Locker Example) Digital World (InfoSec)

Locker key Password

Locked drawer Data encryption

CCTV for theft detection Firewall or antivirus

Fireproof cabinet Data backup

Real Life (Locker Example) Digital World (InfoSec)

Restricted access to room Role-based access control (RBAC)

The CIA Triad is the foundation of Information Security. It stands for:

✅ C – Confidentiality
✅ I – Integrity
✅ A – Availability

Each pillar focuses on a different way to protect information.

🔐 1. Confidentiality

👉 Meaning:
Confidentiality ensures that only authorized people can view sensitive data. It prevents
unauthorized access or disclosure.

💡 Real-world Example:

 Your bank account password keeps your balance private.

 Hospitals keep your medical records confidential using login credentials.

 WhatsApp messages are end-to-end encrypted so only sender and receiver can read them.

🔧 How to Achieve Confidentiality:

 Strong passwords and multi-factor authentication (MFA)

 Data encryption (e.g., AES, SSL)

 Access control policies (RBAC)

 Avoiding data leaks by disabling sharing with outsiders

🧾 2. Integrity

👉 Meaning:
Integrity ensures that data is accurate and has not been tampered with. It helps detect if someone
changed the information accidentally or intentionally.

💡 Real-world Example:

 If someone changes your marksheet online, that breaks integrity.

 A file hash (e.g., MD5/SHA-256) checks if a file was modified.

 When updating your profile, your original email should not change unless approved.

🔧 How to Maintain Integrity:

 Use checksums or hash functions to verify data integrity

 Implement version control

  Use audit logs to track changes

 Secure software updates to avoid injecting malware

🌐 3. Availability

👉 Meaning:
Availability means information is accessible when needed, especially during emergencies or business
operations.

💡 Real-world Example:

 You can log into your Gmail account anytime — that’s availability.

 Bank websites have backup servers so you can access them 24/7.

 Cloud storage ensures your files are available from multiple devices.

🔧 How to Ensure Availability:

 Backup and disaster recovery plans

 Server load balancing and failover systems

 Protection from DDoS attacks

 Redundant hardware and network infrastructure

🧠 Summary Table of CIA Triad

Pillar Meaning Real-Life Example Tools/Methods Used

Bank login, email

Confidentiality Keep data private Passwords, Encryption, MFA
encryption

Keep data accurate & Digital signatures, file Hashing, Logs, Access
Integrity
untampered checksums Controls

Website uptime, cloud Backups, Load Balancing,

Availability Keep data accessible
access Anti-DDoS

🔥 Common Cyber Threats Today (Explained with Examples)

1. Phishing

👉 What is it?
A cybercriminal tricks you into clicking a fake link or sharing personal information (like passwords,
bank details) by pretending to be someone you trust (like a bank or government).

💡 Example:
You get an email saying, “Your bank account is locked. Click here to unlock it.” The link leads to a fake
website that looks like your bank’s, and you unknowingly give away your login credentials.
🛡 Prevention:

 Never click unknown links

 Verify sender’s email address

 Use email spam filters

2. Ransomware

👉 What is it?
Ransomware is a type of malware that locks your files or system and demands payment (usually in
Bitcoin) to unlock it.

💡 Example:
In 2017, the WannaCry ransomware attack affected thousands of computers worldwide, especially in
hospitals and companies. Users were locked out and asked to pay to regain access.

🛡 Prevention:

 Keep backups

 Use antivirus software

 Avoid downloading unknown attachments

3. Malware

👉 What is it?
“Malware” is short for “malicious software.” It includes viruses, worms, spyware, trojans, etc., that
harm your system or steal data.

💡 Example:
You download a free movie player from an untrusted site. Behind the scenes, it installs spyware that
logs your keystrokes and sends your passwords to a hacker.

🛡 Prevention:

 Install software from trusted sources only

 Use antivirus and keep it updated

 Avoid pirated software

4. Social Engineering

👉 What is it?
Manipulating or tricking people into giving up confidential information.

💡 Example:
A scammer calls pretending to be IT support and asks for your login password “for a system update.”
You trust them and give it, unknowingly giving them access.
🛡 Prevention:

 Verify before sharing sensitive info

 Conduct security awareness training

 Be cautious of urgent or emotional requests

5. Denial of Service (DoS) / DDoS Attack

👉 What is it?
Attackers overload a website or server with too much traffic so that real users can’t access it.

💡 Example:
An e-commerce website is attacked on a sale day, and it crashes due to traffic overload, causing loss
of sales and reputation.

🛡 Prevention:

 Use DDoS protection tools like Cloudflare

 Load balancing and redundancy

 Monitor traffic patterns

6. SQL Injection

👉 What is it?
A hacker inserts malicious SQL code into a website’s input field to access or manipulate the database.

💡 Example:
On a login page, a hacker types ' OR 1=1-- in the username field. This tricks the database into logging
them in without a valid password.

🛡 Prevention:

 Validate and sanitize input

 Use prepared statements

 Implement proper database security

7. Zero-Day Exploit

👉 What is it?
A cyberattack that happens before the software maker has fixed the vulnerability. It’s called “zero-
day” because developers had zero days to patch it.

💡 Example:
A hacker finds a bug in your browser and uses it to access your computer before the browser
company releases an update.
🛡 Prevention:

 Keep software and systems updated

 Use behavior-based threat detection tools

8. Insider Threats

👉 What is it?
An employee or someone with access to the system intentionally or accidentally leaks data or causes
damage.

💡 Example:
A disgruntled employee copies client data and sells it to competitors or deletes files before leaving
the company.

🛡 Prevention:

 Monitor user activities

 Role-based access control

 Exit policies and NDAs

9. Man-in-the-Middle (MITM) Attack

👉 What is it?
A hacker intercepts communication between two parties (e.g., you and a website) to steal
information.

💡 Example:
Using free public Wi-Fi, a hacker sits between you and your bank's website and captures your login
details.

🛡 Prevention:

 Avoid public Wi-Fi for sensitive tasks

 Use HTTPS and VPNs

 Enable secure browser settings

🧠 Summary Table

Threat Type Description Real-Life Example

Phishing Fake emails/websites to steal info Fake bank email asking for your password

Ransomware Locks files and asks for ransom WannaCry locking hospital systems

Malware Harmful software Trojan disguised as a media player

Threat Type Description Real-Life Example

Social Engineering Tricking people, not systems Impersonating IT support for passwords

DDoS Overloads websites Website crash during a big sale

SQL Injection Exploits website input Logging in without password using SQL code

Zero-Day Attack before patch is available Exploit in a browser or OS before update

Insider Threat Internal person causing harm Employee stealing data

MITM Intercepts communication Hacking data on public Wi-Fi

Prop vivo application process

Please find the details for the hiring process below.

The deadline for submission of video resumes is Sunday, 13th July 2025 till 6 PM.

As also mentioned, we will prioritize students who are available to join us immediately for
internships (part-time or full-time). In case any student is offered a full-time employment
opportunity following the internship, the full-time role will commence from July 2026, upon
completion of their academic commitments. Until then, they may continue working with us as
interns.

Questions included in Video resumes:

Self-introduction (Name, Course & Year, Technical Skills Known, preferred working hours(part time or
Full time) etc)
NOTE:

The duration of the video should be kept within 2 minutes.

Kindly ensure that you also attach your CV.
Job positions are available for candidates for all courses (Bachelor’s, Master’s, Ph.D.).
There is no minimum CGPA requirement.
Link to attach your videos and
resumes : https://www.dropbox.com/request/KVk8y7E8ZXVwq7SUHwNn
Rename the Video file (Name & Position applied for)