Fundamentals of Information Security
eBook - ePub

Fundamentals of Information Security

A Complete Go-to Guide for Beginners to Understand All the Aspects of Information Security (English Edition)

Sanil Nadkarni

Buch teilen
  1. English
  2. ePUB (handyfreundlich)
  3. Über iOS und Android verfügbar
eBook - ePub

Fundamentals of Information Security

A Complete Go-to Guide for Beginners to Understand All the Aspects of Information Security (English Edition)

Sanil Nadkarni

Angaben zum Buch
Buchvorschau
Inhaltsverzeichnis
Quellenangaben

Über dieses Buch

An Ultimate Guide to Building a Successful Career in Information Security Key Features

  • Understand the basics and essence of Information Security.
  • Understand why Information Security is important.
  • Get tips on how to make a career in Information Security.
  • Explore various domains within Information Security.
  • Understand different ways to find a job in this field.

  • Description
    The book starts by introducing the fundamentals of Information Security. You will deep dive into the concepts and domains within Information Security and will explore the different roles in Cybersecurity industry. The book includes a roadmap for a technical and non-technical student who want to make a career in Information Security. You will also understand the requirement, skill and competency required for each role. The book will help you sharpen your soft skills required in the Information Security domain. The book will help you with ways and means to apply for jobs and will share tips and tricks to crack the interview. This is a practical guide will help you build a successful career in Information Security. What will you learn
  • Understand how to build and expand your brand in this field.
  • Explore several domains in Information Security.
  • Review the list of top Information Security certifications.
  • Understand different job roles in Information Security.
  • Get tips and tricks that will help you ace your job interview.

  • Who this book is for
    The book is for anyone who wants to make a career in Information Security. Students, aspirants and freshers can benefit a lot from this book. Table of Contents
    1. Introduction to Information Security
    2. Domains in Information Security
    3. Information Security for non-technical professionals
    4. Information Security for technical professionals
    5. Skills required for a cybersecurity professional
    6. How to find a job
    7. Personal Branding About the Authors
    Presently, I'm a Chief Information Security officer at SLK Global Solutions. I'm obsessed with technology and even call myself a security evangelist. I have published over 100 + articles in the realm of cyber security. I have acquired the privilege to compose for magazines like, computer weekly, tech-target, CIO INDIA Review, CISO platform and US mortgage banking. I'm slowly making my move towards seminaries like CISO Forum and Security Communities as a faculty. I have an extensive experience in building robust information security framework and foundation for IT/ITES/Banking across different geographies. Linkedin profile: https://www.linkedin.com/in/sanil-n-95306b13/

Häufig gestellte Fragen

Wie kann ich mein Abo kündigen?
Gehe einfach zum Kontobereich in den Einstellungen und klicke auf „Abo kündigen“ – ganz einfach. Nachdem du gekündigt hast, bleibt deine Mitgliedschaft für den verbleibenden Abozeitraum, den du bereits bezahlt hast, aktiv. Mehr Informationen hier.
(Wie) Kann ich Bücher herunterladen?
Derzeit stehen all unsere auf Mobilgeräte reagierenden ePub-Bücher zum Download über die App zur Verfügung. Die meisten unserer PDFs stehen ebenfalls zum Download bereit; wir arbeiten daran, auch die übrigen PDFs zum Download anzubieten, bei denen dies aktuell noch nicht möglich ist. Weitere Informationen hier.
Welcher Unterschied besteht bei den Preisen zwischen den Aboplänen?
Mit beiden Aboplänen erhältst du vollen Zugang zur Bibliothek und allen Funktionen von Perlego. Die einzigen Unterschiede bestehen im Preis und dem Abozeitraum: Mit dem Jahresabo sparst du auf 12 Monate gerechnet im Vergleich zum Monatsabo rund 30 %.
Was ist Perlego?
Wir sind ein Online-Abodienst für Lehrbücher, bei dem du für weniger als den Preis eines einzelnen Buches pro Monat Zugang zu einer ganzen Online-Bibliothek erhältst. Mit über 1 Million Büchern zu über 1.000 verschiedenen Themen haben wir bestimmt alles, was du brauchst! Weitere Informationen hier.
Unterstützt Perlego Text-zu-Sprache?
Achte auf das Symbol zum Vorlesen in deinem nächsten Buch, um zu sehen, ob du es dir auch anhören kannst. Bei diesem Tool wird dir Text laut vorgelesen, wobei der Text beim Vorlesen auch grafisch hervorgehoben wird. Du kannst das Vorlesen jederzeit anhalten, beschleunigen und verlangsamen. Weitere Informationen hier.
Ist Fundamentals of Information Security als Online-PDF/ePub verfügbar?
Ja, du hast Zugang zu Fundamentals of Information Security von Sanil Nadkarni im PDF- und/oder ePub-Format sowie zu anderen beliebten Büchern aus Computer Science & Programming in SQL. Aus unserem Katalog stehen dir über 1 Million Bücher zur Verfügung.

Information

Verlag
BPB Publications
Jahr
2020
ISBN
9789389328400
Thema
Computer Science
Thema
Programming in SQL

CHAPTER 1

Introduction to Information Security

“Any informed borrower is simply less vulnerable to fraud and abuse.”
- Alan Greenspan
Like everyone else, Anuj was very happy to surprise his parents on their 25th wedding anniversary. Coming from a middle-class family, possessing your own car is almost like a fantasy fulfilled. Anuj’s dad forever desired to possess his own car. But, weighed down with responsibilities, it seemed unlikely for him. Anuj knew just what he had to do. Procuring a new car did not seem to fit his pocket, so he decided to strike a pre-owned car online. While browsing through many online sites he stumbled upon an advertisement link. To his astonishment, the deal proposed an SUV car for only Rs. 100,000! Anuj could not keep himself and clicked on the link. No sooner had he clicked the link; he received an SMS stating that Rupees 1 lac had been transacted from his account. Before he could even perceive, his computer was hacked, and he was cheated out of his hard-earned cash. The police further said the incidence could have been avoided if he was aware and educated about cyber-crimes.
This is just one of the many incidents that happen every day. Read on to know more about information security and how to stay protected amidst a myriad of threats that lurk online.

Introduction to information security

I am sure you must have heard stories from your grandparents, gloating about how they maintained and safeguarded their documents. But, to our astonishment, long gone are those days when all our data was sheltered using traditional means. As we dwell in the 21st century, we have finally decided to pull our stakes and hold all our confidential data online. If we look closely, today more than 99% of the data and the organizations which hold it in a unified and compact manner are driven online.
But amidst this, is our crucial data really safe from outsider threats?
Every single modern-day business stores its data on servers, laptops, desktops, or any other crack or crevice on the internet. Regardless of the fact if you are a budding entrepreneur, holder of an MNC, or just any Tom, Dick, and Harry using the internet and its worldly privileges, securing, and safeguarding your data from black hats is extremely important.
If you want to keep away from being a sufferer and if you set your heart on educating yourself about information security, then today salvation has come your way through my book. In this chapter, we are going to see the importance of privacy, confidentiality, integrity, and availability of data in information security and why it is such a huge thing.

Structure

In this chapter, we will discuss the following topics:
  • Comprehend the essence of information security
  • What key principles drive information security?
  • Why is information security the need of the hour?

Objectives

After studying this chapter, you should be able to:
  • Understand the different facets of information security
  • Comprehend what motivates people to take up information security
  • Gain some insight into cyber crimes

What is information security?

The way the motto of human life is larger than emotional fulfillment, peace of mind, or even pleasure, similarly, the term information security was born with the purpose of shielding our intellectual and confidential data. And this pivotal purpose is served by safeguarding the crucial data of any organization from all sorts of unsolicited access, vulnerabilities, malicious usage, exposure, breach, embezzlement, tempering, split, etc. Not just this, information security also aims at reducing the high gradient of risks generated through threats.
The supreme motto of information security is to practice values such as confidentiality, integrity, and availability of data, all the while fighting and resisting any malignancy which will crop up in the way and pose information risk.
Have you ever wondered about the relevance of information security in the 21st century and the digital world?
If not, let me walk you through it!
Adore it or abhor it, technology has spread its wings in almost all facets of human lives. Just as new innovations and inventions strengthen and build a more technologically advanced world, information security also adds to the rapid productivity and growth in the same manner. From listening to our favorite beats to binge-reading our favorite book, the digital world is the one that is providing us with these things. I often sit back and ponder as to what all digitalization has done to us. I realize that it has not only led us towards growth and development but has also exposed us to an infinite amount of e-threats and has left our security questioned.
With all the nations standing unified through digital platforms, information technology is now the need of the hour.

Future of information security

Our future success is directly proportional to our ability to comprehend, adopt, and integrate cybersecurity.
From the genesis of the first virus in the 1970s which was detected on APRANET to the most skilfully chalked out credit card attack in the year 2017, the significance of information security has increased tenfold in today’s world. Data breaches and phishing attacks are no longer uncommon, due to which information security is rendered crucial.
Ask any Tom, Dick, or Harry, they will not shrink from saying technology has taken a chief position in their lives. Life without technology and internet services is a life full of impossibilities. The severity and impact of data breaches and online embezzlements are increasing like wildfire and this is a blatant signal for people to start taking data theft and data exposure through online sites more seriously by putting on a guard of defense.
We are engulfed with more problems than imagined!

Hackers are hacking. Why and how?

Can I whisper something to you? (Humans create more threat than machines).
The bigger threat to mankind from the usage of technology is man itself. We fear not the ever-growing and ever-expanding reach of technology, but the ever augmenting power and skills of the people who use it for malicious causes. Those people who make wrongful use of these technological powers mostly do it for personal gains, revenge, etc.
These people, mostly known as hackers or black hats, are like goons and invisible money launderers whose sole aim is to exploit every piece of data they can get their hands on to achieve their selfish motives. This does sound ghastly, but that’s the sad truth. And as days pass by, the number of these hackers simply increases.
Hacking is becoming an art by every passing day. Every hacker’s aim is to become more dexterous and adroit in the usage of technology and chalk out more well-planned attacks on a mass level. 2020 has been a bitter-sweet experience for many. In such a time as this, we are either talking about Covid19 or cyber-attacks.
Here is a list of top 10 cybersecurity threats in 2020:
  • Phishing attacks: Can you imagine almost 78% of cyber spying occurrences in 2019 were done through phishing? With phishing endeavors now being launched through cloud services, this number is undoubtedly going to shoot up in 2020.
    Phishing attacks generally adopt social engineering to ransack user accreditation for both on-premise attacks and cloud service attacks. The absolute confidence that users have on their workplace cloud conditions will unintentionally make users more vulnerable to phishing attacks.
  • Remote worker endpoint security: Remote workers usually work in the absence of network perimeter security. They eliminate the layered part of cybersecurity defense. Mobile devices can at times camouflage indicative signs of phishing attacks and other cybersecurity defenses. It is predicted that 25% of data breaching will involve mobile phones and computers in 2020.
  • Cloud jacking: Cloud jacking is expected to emerge as one of the most leading cyber threats in 2020. It is expected to rise due to the dependency of businesses on cloud computing. These attacks will be executed to intrude, gain control, and even alter sensitive files stored in cloud services.
    While cloud service providers are responsible for this, the customers are responsible for protecting their data, keeping an eye on the access, managing configurations, observing abnormal user behaviors, and system vulnerabilities.
  • IoT devices: A recent report revealed that the Internet of Things (IoT) market is plausible to increase to $1.1 trillion by 2026. The soaring use of IoT devices foreshadows the increasing cybersecurity threats. There could also be a grave threat to the Internet of Medical Things (IoMT). Since the majority of these IoT’s are in their early stage, it is more vulnerable to cyber threats.
  • Sophisticated and targeted ransomware attacks: For the last few years, Ransomware attacks have been a prime concern for businesses. It’s the simplicity of this software that has made it effortless for attackers to achieve their objective. Ransomware kits are easily available on hidden webs. These attacks are a major concern for businesses, as a single attack can cause major damages.
  • Deepfakes: Machine learning with the aid of artificial intelligence is what really deepfake is. It uses an existing image or video of an individual to exploit and present activity that in reality didn’t occur. There are a lot of suppositions that might shoot up as a massive threat. There are speculations about deepfakes techniques being used to exploit the 2020 U.S elections. 2020 might actually end up as the year of doom if deepfakes goes on to manifest more phishing scams.
  • Mobile malware: Mobile malware is venomous software that was produced to target mobile phone users. Data stored on mobile phones are increasing as users are shifting from the desktop operating system to phones. As more and more crucial tasks are performed on phone, Mobile Malware is predicted to increase cybersecurity threats.
  • 5G to Wi-Fi security vulnerabilities: More than ever before, companies need to find ways to enhance cybersecurity skills. There’s no question about attackers finding new vulnerabilities in the 5G to Wi-Fi handover. With 5G networks rapidly growing, wireless conveyors are transferring more calls and data to Wi-Fi networks to save bandwidth. The software vulnerability in this handover provides an opportunity for hackers to trade-off security.
  • Insider threats: The 2019 Verizon Data Breach Investigators Report (DBIR) says 34% of breaches involve internal factors. Insider Threats not only involve venomous attacks, but also ignorant use of systems and data by employees. As a precaution against these threats organizations should accurately scrutinize and investigate signs that could be indicators of insider threats. Commonly used anti-virus and anti-malware are usually ineffective to fight against these threats. Insider tools require distinguished tools. These tools detect insider threats by observing:
    • Unapproved logins
    • New apps installed on confined computers
    • Users who were recently given admin rights
    • A new device on constricted networks, and more
    These tools may at times combine machine learning and intelligent tagging to identify malicious activities.
  • Application Programming Interface (API) vulnerabilities and breaches: Recent research by Imperva speculates that application programming Interface lags behind web app security across many organizations. There are more than two-thirds of the organizations that easily make API available to the public. This leads to external forces to tap into their app environment and software platforms.
    Even as reliance on API increases, API breaches are expected to become more and more prominent in current times. This will activate unfavorable influence on top-notch apps in financial processes, communication, peer to peer, and the internet community. There are possibilities of it being exposed as the weakest link, leading cloud-native threats, risking user data, and privacy.
Further information is not intended to make you a hacker!
Some well-known hacking techniques are as follows:
  • Ransomware: This malware holds a user’s account in its custody and asks for ransom in exchange for granting quick access to the original user.
  • Trojans: These are highly malicious types of malware that disguise themselves as benevolent or helpful entities even though they are in the process of causing grave damage to your computer systems.
  • Botnets: Botnets are mostly used to undertake DDOS attacks and criminal activities on a large scale by spamming computer networks.
  • Browser Hijacks: These are forms of unwanted software that make changes in your default browser settings to plan out malicious activities.
  • Rootkits: These are software used by third-party users to infiltrate into someone else’s computer system and alter files without the knowledge of the owner.
  • Worms: Worms are unlike viruses, who do not need any sort of provocation to spread from one compu...

Inhaltsverzeichnis