Fundamentals of Information Security
eBook - ePub

Fundamentals of Information Security

A Complete Go-to Guide for Beginners to Understand All the Aspects of Information Security (English Edition)

Sanil Nadkarni

Share book
  1. English
  2. ePUB (mobile friendly)
  3. Available on iOS & Android
eBook - ePub

Fundamentals of Information Security

A Complete Go-to Guide for Beginners to Understand All the Aspects of Information Security (English Edition)

Sanil Nadkarni

Book details
Book preview
Table of contents
Citations

About This Book

An Ultimate Guide to Building a Successful Career in Information Security Key Features

  • Understand the basics and essence of Information Security.
  • Understand why Information Security is important.
  • Get tips on how to make a career in Information Security.
  • Explore various domains within Information Security.
  • Understand different ways to find a job in this field.

  • Description
    The book starts by introducing the fundamentals of Information Security. You will deep dive into the concepts and domains within Information Security and will explore the different roles in Cybersecurity industry. The book includes a roadmap for a technical and non-technical student who want to make a career in Information Security. You will also understand the requirement, skill and competency required for each role. The book will help you sharpen your soft skills required in the Information Security domain. The book will help you with ways and means to apply for jobs and will share tips and tricks to crack the interview. This is a practical guide will help you build a successful career in Information Security. What will you learn
  • Understand how to build and expand your brand in this field.
  • Explore several domains in Information Security.
  • Review the list of top Information Security certifications.
  • Understand different job roles in Information Security.
  • Get tips and tricks that will help you ace your job interview.

  • Who this book is for
    The book is for anyone who wants to make a career in Information Security. Students, aspirants and freshers can benefit a lot from this book. Table of Contents
    1. Introduction to Information Security
    2. Domains in Information Security
    3. Information Security for non-technical professionals
    4. Information Security for technical professionals
    5. Skills required for a cybersecurity professional
    6. How to find a job
    7. Personal Branding About the Authors
    Presently, I'm a Chief Information Security officer at SLK Global Solutions. I'm obsessed with technology and even call myself a security evangelist. I have published over 100 + articles in the realm of cyber security. I have acquired the privilege to compose for magazines like, computer weekly, tech-target, CIO INDIA Review, CISO platform and US mortgage banking. I'm slowly making my move towards seminaries like CISO Forum and Security Communities as a faculty. I have an extensive experience in building robust information security framework and foundation for IT/ITES/Banking across different geographies. Linkedin profile: https://www.linkedin.com/in/sanil-n-95306b13/

Frequently asked questions

How do I cancel my subscription?
Simply head over to the account section in settings and click on “Cancel Subscription” - it’s as simple as that. After you cancel, your membership will stay active for the remainder of the time you’ve paid for. Learn more here.
Can/how do I download books?
At the moment all of our mobile-responsive ePub books are available to download via the app. Most of our PDFs are also available to download and we're working on making the final remaining ones downloadable now. Learn more here.
What is the difference between the pricing plans?
Both plans give you full access to the library and all of Perlego’s features. The only differences are the price and subscription period: With the annual plan you’ll save around 30% compared to 12 months on the monthly plan.
What is Perlego?
We are an online textbook subscription service, where you can get access to an entire online library for less than the price of a single book per month. With over 1 million books across 1000+ topics, we’ve got you covered! Learn more here.
Do you support text-to-speech?
Look out for the read-aloud symbol on your next book to see if you can listen to it. The read-aloud tool reads text aloud for you, highlighting the text as it is being read. You can pause it, speed it up and slow it down. Learn more here.
Is Fundamentals of Information Security an online PDF/ePUB?
Yes, you can access Fundamentals of Information Security by Sanil Nadkarni in PDF and/or ePUB format, as well as other popular books in Computer Science & Programming in SQL. We have over one million books available in our catalogue for you to explore.

Information

Year
2020
ISBN
9789389328400

CHAPTER 1

Introduction to Information Security

“Any informed borrower is simply less vulnerable to fraud and abuse.”
- Alan Greenspan
Like everyone else, Anuj was very happy to surprise his parents on their 25th wedding anniversary. Coming from a middle-class family, possessing your own car is almost like a fantasy fulfilled. Anuj’s dad forever desired to possess his own car. But, weighed down with responsibilities, it seemed unlikely for him. Anuj knew just what he had to do. Procuring a new car did not seem to fit his pocket, so he decided to strike a pre-owned car online. While browsing through many online sites he stumbled upon an advertisement link. To his astonishment, the deal proposed an SUV car for only Rs. 100,000! Anuj could not keep himself and clicked on the link. No sooner had he clicked the link; he received an SMS stating that Rupees 1 lac had been transacted from his account. Before he could even perceive, his computer was hacked, and he was cheated out of his hard-earned cash. The police further said the incidence could have been avoided if he was aware and educated about cyber-crimes.
This is just one of the many incidents that happen every day. Read on to know more about information security and how to stay protected amidst a myriad of threats that lurk online.

Introduction to information security

I am sure you must have heard stories from your grandparents, gloating about how they maintained and safeguarded their documents. But, to our astonishment, long gone are those days when all our data was sheltered using traditional means. As we dwell in the 21st century, we have finally decided to pull our stakes and hold all our confidential data online. If we look closely, today more than 99% of the data and the organizations which hold it in a unified and compact manner are driven online.
But amidst this, is our crucial data really safe from outsider threats?
Every single modern-day business stores its data on servers, laptops, desktops, or any other crack or crevice on the internet. Regardless of the fact if you are a budding entrepreneur, holder of an MNC, or just any Tom, Dick, and Harry using the internet and its worldly privileges, securing, and safeguarding your data from black hats is extremely important.
If you want to keep away from being a sufferer and if you set your heart on educating yourself about information security, then today salvation has come your way through my book. In this chapter, we are going to see the importance of privacy, confidentiality, integrity, and availability of data in information security and why it is such a huge thing.

Structure

In this chapter, we will discuss the following topics:
  • Comprehend the essence of information security
  • What key principles drive information security?
  • Why is information security the need of the hour?

Objectives

After studying this chapter, you should be able to:
  • Understand the different facets of information security
  • Comprehend what motivates people to take up information security
  • Gain some insight into cyber crimes

What is information security?

The way the motto of human life is larger than emotional fulfillment, peace of mind, or even pleasure, similarly, the term information security was born with the purpose of shielding our intellectual and confidential data. And this pivotal purpose is served by safeguarding the crucial data of any organization from all sorts of unsolicited access, vulnerabilities, malicious usage, exposure, breach, embezzlement, tempering, split, etc. Not just this, information security also aims at reducing the high gradient of risks generated through threats.
The supreme motto of information security is to practice values such as confidentiality, integrity, and availability of data, all the while fighting and resisting any malignancy which will crop up in the way and pose information risk.
Have you ever wondered about the relevance of information security in the 21st century and the digital world?
If not, let me walk you through it!
Adore it or abhor it, technology has spread its wings in almost all facets of human lives. Just as new innovations and inventions strengthen and build a more technologically advanced world, information security also adds to the rapid productivity and growth in the same manner. From listening to our favorite beats to binge-reading our favorite book, the digital world is the one that is providing us with these things. I often sit back and ponder as to what all digitalization has done to us. I realize that it has not only led us towards growth and development but has also exposed us to an infinite amount of e-threats and has left our security questioned.
With all the nations standing unified through digital platforms, information technology is now the need of the hour.

Future of information security

Our future success is directly proportional to our ability to comprehend, adopt, and integrate cybersecurity.
From the genesis of the first virus in the 1970s which was detected on APRANET to the most skilfully chalked out credit card attack in the year 2017, the significance of information security has increased tenfold in today’s world. Data breaches and phishing attacks are no longer uncommon, due to which information security is rendered crucial.
Ask any Tom, Dick, or Harry, they will not shrink from saying technology has taken a chief position in their lives. Life without technology and internet services is a life full of impossibilities. The severity and impact of data breaches and online embezzlements are increasing like wildfire and this is a blatant signal for people to start taking data theft and data exposure through online sites more seriously by putting on a guard of defense.
We are engulfed with more problems than imagined!

Hackers are hacking. Why and how?

Can I whisper something to you? (Humans create more threat than machines).
The bigger threat to mankind from the usage of technology is man itself. We fear not the ever-growing and ever-expanding reach of technology, but the ever augmenting power and skills of the people who use it for malicious causes. Those people who make wrongful use of these technological powers mostly do it for personal gains, revenge, etc.
These people, mostly known as hackers or black hats, are like goons and invisible money launderers whose sole aim is to exploit every piece of data they can get their hands on to achieve their selfish motives. This does sound ghastly, but that’s the sad truth. And as days pass by, the number of these hackers simply increases.
Hacking is becoming an art by every passing day. Every hacker’s aim is to become more dexterous and adroit in the usage of technology and chalk out more well-planned attacks on a mass level. 2020 has been a bitter-sweet experience for many. In such a time as this, we are either talking about Covid19 or cyber-attacks.
Here is a list of top 10 cybersecurity threats in 2020:
  • Phishing attacks: Can you imagine almost 78% of cyber spying occurrences in 2019 were done through phishing? With phishing endeavors now being launched through cloud services, this number is undoubtedly going to shoot up in 2020.
    Phishing attacks generally adopt social engineering to ransack user accreditation for both on-premise attacks and cloud service attacks. The absolute confidence that users have on their workplace cloud conditions will unintentionally make users more vulnerable to phishing attacks.
  • Remote worker endpoint security: Remote workers usually work in the absence of network perimeter security. They eliminate the layered part of cybersecurity defense. Mobile devices can at times camouflage indicative signs of phishing attacks and other cybersecurity defenses. It is predicted that 25% of data breaching will involve mobile phones and computers in 2020.
  • Cloud jacking: Cloud jacking is expected to emerge as one of the most leading cyber threats in 2020. It is expected to rise due to the dependency of businesses on cloud computing. These attacks will be executed to intrude, gain control, and even alter sensitive files stored in cloud services.
    While cloud service providers are responsible for this, the customers are responsible for protecting their data, keeping an eye on the access, managing configurations, observing abnormal user behaviors, and system vulnerabilities.
  • IoT devices: A recent report revealed that the Internet of Things (IoT) market is plausible to increase to $1.1 trillion by 2026. The soaring use of IoT devices foreshadows the increasing cybersecurity threats. There could also be a grave threat to the Internet of Medical Things (IoMT). Since the majority of these IoT’s are in their early stage, it is more vulnerable to cyber threats.
  • Sophisticated and targeted ransomware attacks: For the last few years, Ransomware attacks have been a prime concern for businesses. It’s the simplicity of this software that has made it effortless for attackers to achieve their objective. Ransomware kits are easily available on hidden webs. These attacks are a major concern for businesses, as a single attack can cause major damages.
  • Deepfakes: Machine learning with the aid of artificial intelligence is what really deepfake is. It uses an existing image or video of an individual to exploit and present activity that in reality didn’t occur. There are a lot of suppositions that might shoot up as a massive threat. There are speculations about deepfakes techniques being used to exploit the 2020 U.S elections. 2020 might actually end up as the year of doom if deepfakes goes on to manifest more phishing scams.
  • Mobile malware: Mobile malware is venomous software that was produced to target mobile phone users. Data stored on mobile phones are increasing as users are shifting from the desktop operating system to phones. As more and more crucial tasks are performed on phone, Mobile Malware is predicted to increase cybersecurity threats.
  • 5G to Wi-Fi security vulnerabilities: More than ever before, companies need to find ways to enhance cybersecurity skills. There’s no question about attackers finding new vulnerabilities in the 5G to Wi-Fi handover. With 5G networks rapidly growing, wireless conveyors are transferring more calls and data to Wi-Fi networks to save bandwidth. The software vulnerability in this handover provides an opportunity for hackers to trade-off security.
  • Insider threats: The 2019 Verizon Data Breach Investigators Report (DBIR) says 34% of breaches involve internal factors. Insider Threats not only involve venomous attacks, but also ignorant use of systems and data by employees. As a precaution against these threats organizations should accurately scrutinize and investigate signs that could be indicators of insider threats. Commonly used anti-virus and anti-malware are usually ineffective to fight against these threats. Insider tools require distinguished tools. These tools detect insider threats by observing:
    • Unapproved logins
    • New apps installed on confined computers
    • Users who were recently given admin rights
    • A new device on constricted networks, and more
    These tools may at times combine machine learning and intelligent tagging to identify malicious activities.
  • Application Programming Interface (API) vulnerabilities and breaches: Recent research by Imperva speculates that application programming Interface lags behind web app security across many organizations. There are more than two-thirds of the organizations that easily make API available to the public. This leads to external forces to tap into their app environment and software platforms.
    Even as reliance on API increases, API breaches are expected to become more and more prominent in current times. This will activate unfavorable influence on top-notch apps in financial processes, communication, peer to peer, and the internet community. There are possibilities of it being exposed as the weakest link, leading cloud-native threats, risking user data, and privacy.
Further information is not intended to make you a hacker!
Some well-known hacking techniques are as follows:
  • Ransomware: This malware holds a user’s account in its custody and asks for ransom in exchange for granting quick access to the original user.
  • Trojans: These are highly malicious types of malware that disguise themselves as benevolent or helpful entities even though they are in the process of causing grave damage to your computer systems.
  • Botnets: Botnets are mostly used to undertake DDOS attacks and criminal activities on a large scale by spamming computer networks.
  • Browser Hijacks: These are forms of unwanted software that make changes in your default browser settings to plan out malicious activities.
  • Rootkits: These are software used by third-party users to infiltrate into someone else’s computer system and alter files without the knowledge of the owner.
  • Worms: Worms are unlike viruses, who do not need any sort of provocation to spread from one compu...

Table of contents