Information security is “the state of the well-being of information and infrastructure in which the possibility of theft,

tampering, or disruption of information and services is kept low or tolerable.” Information security refers to the
protection or safeguarding of information and information systems that use, store, and transmit information from
unauthorized access, disclosure, alteration, and destruction.

Today, organizations are increasingly getting networked, as information is exchanged at the speed of thought. Also,
the evolution of technology, focused on ease of use. Routine tasks rely on the use of computers for accessing,
providing, or just storing information. However, as information assets differentiate the competitive organization
from others of its kind, so do they register an increase in their contribution to the corporate capital? There is a sense
of urgency on behalf of the organization to secure these assets from likely threats and vulnerabilities. The subject of
addressing information security is vast and it is the endeavor of this course to give the student a comprehensive
body of knowledge required to secure the information assets under his/her consideration.

This course assumes that organizational policies exist that are endorsed from the top-level management and that
business objective and goals related to the security have been incorporated as part of the corporate strategy. A
security policy is the specification of how objects in a security domain are allowed to interact. The importance of
security in the contemporary information and telecommunications scenario cannot be overemphasized. There are
myriad reasons for securing ICT infrastructure. The evolution of computers has transcended from the annals of
universities to laptops and PDAs. Initially, computers were designed to facilitate research, and this did not place
much emphasis on security as these resources, being scarce, were meant for sharing. The permeation of computers
into the routine workspace, and daily life, see more control being transferred to computers and a higher dependency
on them for facilitating important routine tasks. This further increased the usage of network environment and
network-based applications. Any disruption meant loss of time, money, and sometimes-even loss of life. Also, the
increasing complexity of computer infrastructure administration and management is showing direct impact of
security breach on the corporate asset base and goodwill.

*Necesidad de la seguridad; la seguridad es necesaria debido a (puntos 1-5):

1. La evolución de la tecnología se centra en la facilidad de uso

2. Dependemos del uso de ordenadores para acceder, proveer o almacenar info.
3. Aumento de entornos de red y apps de red
4. Impacto directo de las brechas de seguridad en los assets y la buena voluntad
5. Mayor complejidad de las estructuras de administración y gestión de ordenadores.
CSF consists of a set of key components such as the following.

Core

It offers a set of operations or activities that help in attaining the desired security outcomes. It includes industry
standards, practices, guidelines, operations, functions, and results that interact with cybersecurity activities.

Tiers

They are different levels of implementations that help in assessing and planning cybersecurity activities. They offer
segment-wise approaches for enterprises to deal with cybersecurity risks.

Profiles

They are used to determine how standards, practices, guidelines, functions, and their categories should be aligned
with the business needs, risk tolerance, and resources. A profile allows enterprises to build a roadmap to minimize
security risks.

Implementation Guidelines

They propose common techniques to adopt the NIST CSF. It defines common information flow and decisions at
different levels within an enterprise to manage risks.
The following are some of the security challenges faced by security professionals and organizations:

• Compliance to government laws and regulations

• Lack of qualified and skilled cybersecurity professionals
• Difficulty in centralizing security in a distributed computing environment
• Difficulty in overseeing end-to-end processes due to complex IT infrastructure
• Fragmented and complex privacy and data protection regulations
• Use of a serverless architecture and applications that rely on third-party cloud providers
• Compliance issues and issues with data removal and retrieval due to the implementation of Bring Your Own
Device (BYOD) policies in companies
• Relocation of sensitive data from legacy data centers to the cloud without proper configuration
• Weak links in supply-chain management
• Increase in cybersecurity risks such as data loss and unpatched vulnerabilities and errors due to the usage of
shadow IT
• Shortage of research visibility and training for IT employees
Essentials of Network Security A completely secure and robust network can be designed with proper implementation
and configuration of network security elements. Network security relies on three main security elements:

Network Security Controls

Network security controls are the security features that should be appropriately configured and implemented to
ensure network security. These are the cornerstones of any systematic discipline of security. These security controls
work together to allow or restrict the access to organization’s resources based on identity management.

Network Security Protocols

Network security protocols implement security related operations to ensure the security and integrity of data in
transit. The network security protocols ensure the security of the data passing through the network. They implement
methods that restrict unauthorized users from accessing the network. The security protocols use encryption and
cryptographic techniques to maintain the security of messages passing through the network.

Network Security Devices

Network security appliances are devices that are deployed to protect computer networks from unwanted traffic and
threats. These devices can be categorized into active devices, passive devices, and preventative devices. It also
consists of Unified Threat Management (UTM) which combines features of all the devices.
In addition to the broad categories of challenges discussed in the above, a security professional may face following
challenges in maintaining the security of network:

• Protecting the network from attacks via the Internet.

• Protecting public servers such as web, e-mail, and DNS servers.
• Containing damage when a network or system is compromised.
• Preventing internal attacks against the network.
• Protecting highly important and sensitive information like customer databases, financial records, and trade
secrets.
• Developing guidelines for security professionals to handle the network in a secure manner.
• Enabling intrusion detection and logging capabilities.

Preventive Approach: The preventive approach essentially consists of methods or techniques that can easily prevent
threats or attacks in the target network. The preventive approaches mainly used in networks are as follows: o Access
control mechanisms such as a firewall. o Admission control mechanisms such as NAC and NAP. o Cryptographic
applications such as IPsec and SSL. o Biometric techniques such as speech or facial recognition.
Reactive Approach: The reactive approach is complementary to the preventive approach. This approach addresses
attacks and threats that the preventative approach may have failed to avert, such as DoS and DDoS attacks. It is
necessary to implement both preventive and reactive approaches to ensure the security of the network. Reactive
approaches include security monitoring methods such as IDS, SIMS, TRS, and IPS.

Retrospective Approach: The retrospective approach examines the causes for attacks in the network. These include:
Fault finding mechanisms such as protocol analyzers and traffic monitors. o Security forensics techniques such as
CSIRT and CERT. o Post-mortem analysis mechanism including risk and legal assessments.

Proactive Approach: The proactive approach consists of methods or techniques that are used to inform decision
making for countering future attacks on the target network. Threat intelligence and risk assessment are examples of
methods that can be used to assess probable future threats on the organization. The methods in this approach
facilitate in the implementation of preemptive security actions and measures against potential incidents.
End User: The end user refers to the people who use the end product deployed by an organization. The end user
accesses the developed products through devices such as desktop computers, laptops, tablet computers, and smart
phones.

Leadership: An informed leadership can help an organization in taking exemplary decisions regarding the security of
the network and systems in an organization. They are required to be proactive in finding the weaknesses and
strengths in a network.

People involved in an IH&R team include:

Information Security Officer (ISO)

An ISO governs the security posture of an organization and bears responsibility for all IH&R activities in the context
of overall organizational information security. The officer is responsible for setting IH&R goals, approving the
process, granting permissions, and contacting the stakeholders and other management authorities of the
organization. The ISO must head all the members of the IH&R team, including the incident manager and incident
handler. The officer is also responsible for providing incident handling guidance and training to security team
members across the organization, evaluating their actions and consequences, and suggesting corrective actions to
perfect incident handling.

Incident Manager (IM)

The IM is responsible for managing all IH&R activities. The IM must be a technical expert with a clear understanding
of and experience with handling security issues. The IM will focus on incidents as well as analyze and review incident
handling processes from managerial and technical perspectives. He or she must drive the IR team to encourage
focused incident containment and recovery.

Incident Coordinator

Incident coordinators connect different stakeholders affected by incidents, such as the incident handling team, the
legal team, the human resources team, clients, and vendors. They play a vital role in coordinating between security
teams and networking groups, facilitate communication, and keep everyone updated on the status of the incident.
The incident coordinator should possess communication and technical skills and have a solid business sense of the
organization’s operations.

Forensic Investigator

Forensic investigators—experts in the forensic investigation of incidents—help organizations and law enforcement
agencies to investigate and prosecute the perpetrators of cybercrimes. They are responsible for maintaining
forensics readiness across an organization and implementing effective IH&R. They must also preserve and submit the
evidence required to legally prosecute the attackers.

Threat Researcher

Threat researchers supplement security analysts by researching threat intelligence data. They gather all details about
prevalent incident and security issues and help spread its awareness among users. They also use this information to
build or maintain a database of internal intelligence.

System Administrator

System administrators look after the working and security of systems and can be very helpful in the IR process—
they configure systems and provide and grant access. They can also help in gathering system information, separating
the impacted systems from the network, and analyzing system data to detect and verify incidents. They can also
facilitate containment and eradication by installing new patches and updates and by upgrading the systems across
an organization. They are also responsible for backup, system recovery, and analyzing system logs.

Network Administrator

Network administrators are responsible for examining a computer network’s traffic for signs of incidents or attacks,
such as DoS, DDoS, firewall breaches, or other malicious forms of code. They install and use network sniffing and
capturing tools as well as loggers to identify the network events involved in an attack. They must analyze network
logs, gather logs of suspicious activity, and help in the detection of incidents at a primary level. They perform the
actions necessary to block network traffic from a suspected intruder.