Cryptography and Network Security:
Principles and Practice Eighth Edition
Chapter 1
Information and Network Security
Concepts
Copyright © 2020 Pearson Education, Inc. All Rights Reserved.
Copyright © 2020 Pearson Education, Inc. All Rights Reserved.
Cybersecurity (1 of 3)
Cybersecurity is the collection of tools, policies, security
concepts, security safeguards, guidelines, risk management
approaches, actions, training, best practices, assurance, and
technologies that can be used to protect the cyberspace
environment and organization and users’ assets.
Organization and users’ assets include connected computing
devices, personnel, infrastructure, applications, services,
telecommunications systems, and the totality of transmitted
and/or stored information in the cyberspace environment.
Copyright © 2020 Pearson Education, Inc. All Rights Reserved.
Cybersecurity (2 of 3)
Cybersecurity strives to ensure the attainment and
maintenance of the security properties of the organization
and users’ assets against relevant security risks in the
cyberspace environment. The general security objectives
comprise the following: availability; integrity, which may
include data authenticity and nonrepudiation; and
confidentiality
Copyright © 2020 Pearson Education, Inc. All Rights Reserved.
Cybersecurity (3 of 3)
Information Security
• This term refers to preservation of confidentiality, integrity,
and availability of information. In addition, other properties,
such as authenticity, accountability, nonrepudiation, and
reliability can also be involved
Network Security
• This term refers to protection of networks and their service
from unauthorized modification, destruction, or disclosure,
and provision of assurance that the network performs its
critical functions correctly and there are no harmful side
effects
Copyright © 2020 Pearson Education, Inc. All Rights Reserved.
Security Objectives (1 of 2)
• The cybersecurity definition introduces three key
objectives that are at the heart of information and network
security:
– Confidentiality: This term covers two related
concepts:
▪ Data confidentiality: Assures that private or
confidential information is not made available or
disclosed to unauthorized individuals
▪ Privacy: Assures that individuals control or
influence what information related to them may be
collected and stored and by whom and to whom
that information may be disclosed
Copyright © 2020 Pearson Education, Inc. All Rights Reserved.
Security Objectives (2 of 2)
• Integrity: This term covers two related concepts:
– Data integrity: Assures that data and programs are changed only
in a specified and authorized manner. This concept also
encompasses data authenticity, which means that a digital object
is indeed what it claims to be or what it is claimed to be, and
nonrepudiation, which is assurance that the sender of information
is provided with proof of delivery and the recipient is provided with
proof of the sender’s identity, so neither can later deny having
processed the information
– System integrity: Assures that a system performs its intended
function in an unimpaired manner, free from deliberate or
inadvertent unauthorized manipulation of the system
• Availability: Assures that systems work promptly and service is not
denied to authorized users
Copyright © 2020 Pearson Education, Inc. All Rights Reserved.
Figure 1.1 Essential Information and
Network Security Objectives
Copyright © 2020 Pearson Education, Inc. All Rights Reserved.
Computer Security Challenges
• Security is not simple
• Potential attacks on the security
features need to be considered
• Procedures used to provide
particular services are often
counter-intuitive
• It is necessary to decide where
to use the various security
mechanisms
• Requires constant monitoring
• Is too often an afterthought
• Security mechanisms typically
involve more than a particular
algorithm or protocol
• Security is essentially a battle of
