B.Tech CSI-401�Topic :�Requirements for data security

Amity School of Engineering & Technology

Contents

• Why is information security important?
• 3 ways a security breach could impact on organization
• CIA

​

​

​

​

​

​

​

​

Amity School of Engineering & Technology

Why is information security important?

Transactions, knowledge, communications, databases, infrastructure; an organization’s information is its most valuable asset.

​

Regardless of any legal or regulatory requirements, keeping your company's information safe should be high on your list of critical actions.

​

If you do, you're:

1. Keeping your sensitive data out of the hands of competitors
2. Retaining data integrity
3. Enabling easy access to data wherever and whenever it’s required for business operations

3

<SELO: 1,9>

<Reference No.: 1>

Amity School of Engineering & Technology

Why is information security important?

If you don't, your vital information could get into the wrong hands or end up being completely useless for your data needs.

​

is data protection necessary?

Data equals trust?

So why is data security important?

People generally expect that companies will safeguard their sensitive data, so any loss of this trust can have huge ramifications for future custom, and ultimately a business’ bottom line.

​

Organizations need to keep that data secure.

​

4

Amity School of Engineering & Technology

The importance of data security.

A subset of information security, data security is about keeping your data safe.

There are several data security methods you can use to guard against these things, but does it really matter?

5

Amity School of Engineering & Technology

3 ways a security breach could impact on organization

1. Costs, fines & reparations

In 2021 alone, the combined cost of global data breaches is set to reach $6 trillion annually (src: UpGuard).

2. Reputational damage

in 2017 (that saw 143 million US citizens’ data fall into the wrong hands) at a staggering $87.5 million.  Almost two years after the breach, the company was still suffering the negative after-effects of their data mistakes. How’s that for reputational damage?

3. Job losses

In high-profile cases, top-level executives at Target, Yahoo and Equifax have paid for security breaches with their jobs.

The importance of data security is no longer just a ‘techie’ concern. Data security is now should be a board-level concern and an essential part of your organization’s business strategy.

6

Amity School of Engineering & Technology

What next?

Industry leaders agree that the future will be an ongoing battle. Companies will be caught in a cycle of data breach prevention, breach mitigation, and data protection advancement.

​

Hackers are always learning, developing and sharing their knowledge.

​

The billions of data sets that make up our world and connect us also opens us up to attack.

 What can you do?

1. Data security is now essential
2. need to employ the best protection
3. Keep your data safe and your insights accessible.

7

Amity School of Engineering & Technology

CIA

The core elements of data security are confidentiality, integrity, and availability. Also known as the CIA triad, this is a security model and guide for organizations to keep their sensitive data protected from unauthorized access and data exfiltration.

 This requires organizations to consider things like risk analysis, organizational policies, and physical and technical measures.

1. Organizations must consider the state of the art and costs of implementation when deciding what measures to take .

(2) Security measures must ensure the ‘confidentiality, integrity and availability’ of the systems and services and the personal data processed within them.

8

Amity School of Engineering & Technology

CIA

(3) The measures must also enable organizations to restore access and availability in a timely manner in the event of a physical or technical incident.

(4) Ultimately, the measures must be appropriate both to the specific circumstances of the organization and the risk that the processing poses.

(5) Where appropriate, organizations should look to use measures such as pseudonymisation and encryption.

(6) Organizations need to ensure that they have appropriate processes in place to test the effectiveness of their measures, and undertake any required improvements.

​

9

Amity School of Engineering & Technology

 What is information security?

The goal of information security (IS) is to protect the confidentiality, integrity and availability of computer system and the data they process from those with malicious intentions. Collectively known as the ‘CIA triad’, confidentiality, integrity and availability are the three key elements of information security.

10

Amity School of Engineering & Technology

Authentication and device identification in IoT security

1. ENABLING DEVICE IDENTIFICATION IN IOT WITH PKI
2. IOT SCALE: PKI should be able to effectively sustain the process of issuing digital certificates in high volumes
3. LONG-LIVED CERTIFICATES :Typically, digital certificates have a finite life span which means they have expiry dates.
4. PKI HARDWARE INTEROPERABILITY: PKI must have the ability to enable direct communication with a hardware security environment such as secure element, or TEE for properly generating cryptographic keys and storing certificates.

11

Amity School of Engineering & Technology

Internet of Things device identification

12

Amity School of Engineering & Technology

BENEFITS

1. Non-intrusive identification of iot devices to enhance security by supporting access control, authentication processes and preventing data breaches caused by forged ip and mac addresses
2. May catch insider threats by performing device identification via device features and user behavior
3. May detect fake iot devices with counterfeit components
4. May detect malfunctioning devices and provide overall device security status

13

Amity School of Engineering & Technology

CS 503

14

<SELO: 1,9>

<Reference No.: 1>

THANK YOU

Amity School of Engineering & Technology