Information Security is the main issue with data mining. In order to protect data, information security is the main topic in today's age. A complete guide of lecture notes is set within this document, helping you to achieve a 1st class
Part1: Information Security: ----------------------------------------------------------------
Other = risks (supported by business decisions, Part 2: Elements of Cryptography
processes, additional checks) Cryptography = study of secret writing
Confidentiality = preventing unauthorized disclosure Cipher (enc algo) = method of transforming data so
Integrity = prevent unauthorized modifications cannot be recovered by unauthorized (e)
Availability = prevent unauthorized withholding of info/ Encryption = process of transforming (m) into
resources unintelligible form using (e)
Accountability = cannot prevent improper action, Decryption = process of recovering (m)
securely identifying users, logging, audit trail Decipher = (d)
Reliability/Dependability = systems perform properly in Secret key = (k)
adverse conditions Plaintext = message into cipher (m)
Privacy = personal data/PII, control and requirements Ciphertext = result of applying cipher to plaintext
on data holders (c)
Others = Reporting, awareness, BCP, management Cryptanalysis = deciphering a message by unauthorized
Security assessment = sec-related product to be party
assessed/certified with standards (PCI DSS)
Functionality VS Assurance Cipher = transform plaintext into ciphertext (with a
- F = Sec facilities it provides secret key known to sender and reciever)
- A = guarantees offered as F claims c = ek(m)
Security Threats Analysis m = dk(c)
combating perceived threats (not all are worth it, Costs- typically (e) = public (hidden = fallacy)
Benefits) Secrecy of (m) -> Secrecy of (e)
Risk Analysis
Importance of each threat (probability, severity) (if it Properties
should be combated) no. of possible keys = large
Providing Security - prevent exhaustive search
as strong as the weakest link worst case assumptions
Design > Adding after - full knowledge of (e)
Focus of Control (Data Ops/User/Both) - no. of (c), all using same (k)
- How data handled - known (m) according to (c)
- Ops can be performed on which data - chosen plaintext attack (can keep encrypting)
- Which user perform which action Analysis of security
Location (lower = more computer, higher = more user - worst case assumption, try to break it (be cryptanalyst)
orientation) - believed to be strong (best attempts of experienced
Physical Sec (unauthorized access) ones cant break them)
Data Comms (Crypto and MAC) Broken Ciphers - Caesar Cipher
Assurance VS Complexity - each letter = number
High Assurance = Low Complexity e.g. Trusted Kernels - add (k) = (mod 26) if (k) = 3 , "HELLO" becomes
Bypassing Security Controls "KHOOR"
-attacks privileged apps = bypass protection mech - simple substitution cipher (easy break, 25 keys)
-e.g. gain access to insecure backup, access data before Simple substitution ciphers
transmission - Key = permutation of letters
Security Management - more secure than Caesar cipher (but can be broken
Company Sec pol, BCP ISO/IEC 27002 = ISM easily by hand)
Security Policies - 26! = 4 X 10^26
Set of rules specifying how it should be enforced - some letters are more common
(domain) - enable guesses to be made
- BCP, sec education, sec incident reporting Period = 1, no Random, linear equ = 1
UK Data Protection Act Broken Ciphers - Vigenere Cipher
Tell users what data they hold - polyalphabetic substitution cipher
- protect individual’s personal data - take the number of (m) and the number of (k) and add
The benefits of buying summaries with Stuvia:
Guaranteed quality through customer reviews
Stuvia customers have reviewed more than 700,000 summaries. This how you know that you are buying the best documents.
Quick and easy check-out
You can quickly pay through credit card or Stuvia-credit for the summaries. There is no membership needed.
Focus on what matters
Your fellow students write the study notes themselves, which is why the documents are always reliable and up-to-date. This ensures you quickly get to the core!
Frequently asked questions
What do I get when I buy this document?
You get a PDF, available immediately after your purchase. The purchased document is accessible anytime, anywhere and indefinitely through your profile.
Satisfaction guarantee: how does it work?
Our satisfaction guarantee ensures that you always find a study document that suits you well. You fill out a form, and our customer service team takes care of the rest.
Who am I buying these notes from?
Stuvia is a marketplace, so you are not buying this document from us, but from seller gohmegan. Stuvia facilitates payment to the seller.
Will I be stuck with a subscription?
No, you only buy these notes for $9.67. You're not tied to anything after your purchase.