Information security

Information security, sometimes shortened to InfoSec, is the practice of protecting information by mitigating information risks. It is part of information risk management. It typically involves preventing or reducing the probability of unauthorized or inappropriate access to data or the unlawful use, disclosure, disruption, deletion, corruption, modification, inspection, recording, or devaluation of information. It also involves actions intended to reduce the adverse impacts of such incidents. Protected information may take any form, e.g., electronic or physical, tangible (e.g., paperwork), or intangible (e.g., knowledge). Information security's primary focus is the balanced protection of data confidentiality, integrity, and availability (also known as the CIA triad) while maintaining a focus on efficient policy implementation, all without hampering organization productivity. This is largely achieved through a structured risk management process that involves: Identifying information and related assets, plus potential threats, vulnerabilities, and impacts; Evaluating the risks Deciding how to address or treat the risks, i.e., to avoid, mitigate, share, or accept them Where risk mitigation is required, selecting or designing appropriate security controls and implementing them Monitoring the activities and making adjustments as necessary to address any issues, changes, or improvement opportunities To standardize this discipline, academics and professionals collaborate to offer guidance, policies, and industry standards on passwords, antivirus software, firewalls, encryption software, legal liability, security awareness and training, and so forth. This standardization may be further driven by a wide variety of laws and regulations that affect how data is accessed, processed, stored, transferred, and destroyed. However, the implementation of any standards and guidance within an entity may have limited effect if a culture of continual improvement is not adopted.

About this result

This page is automatically generated and may contain information that is not correct, complete, up-to-date, or relevant to your search query. The same applies to every other page on this website. Please make sure to verify the information with EPFL's official sources.

Summary

Categories

Official source

https://en.wikipedia.org/wiki/Information_security

About this result

Related categories (84)

Related concepts (54)

Related courses (5)

Related lectures (35)

Related publications (5)

Related startups (2)

Click fraud

Click fraud is a type of fraud that occurs on the Internet in pay-per-click (PPC) online advertising. In this type of advertising, the owners of websites that post the ads are paid based on how many site visitors click on the ads. Fraud occurs when a person, automated script, computer program or an auto clicker imitates a legitimate user of a web browser, clicking on such an ad without having an actual interest in the target of the ad's link in order to increase revenue.

Code injection

Code injection is the exploitation of a computer bug that is caused by processing invalid data. The injection is used by an attacker to introduce (or "inject") code into a vulnerable computer program and change the course of execution. The result of successful code injection can be disastrous, for example, by allowing computer viruses or computer worms to propagate. Code injection vulnerabilities occur when an application sends untrusted data to an interpreter.

F-Secure

F-Secure Corporation is a global cyber security and privacy company, which has its headquarters in Helsinki, Finland. The company has offices in Denmark, Finland, France, Germany, India, Italy, Japan, Malaysia, Netherlands, Norway, Poland, Sweden, the United Kingdom and the United States, with a presence in more than 100 countries, and Security Lab operations in Helsinki and in Kuala Lumpur, Malaysia. F-Secure develops and sells antivirus, VPN, password management, and other consumer cyber security products and services for computers, mobile devices, smart TVs and internet of things devices.

Cyberhaven / CodeTickler

Active in data protection, insider threats and AI technology. Cyberhaven offers AI-powered data protection solutions to detect and prevent insider threats, safeguarding the flow of data in the digital economy.

Rovenso

Active in autonomous robots, security monitoring and multi-modal anomaly detection. Rovenso develops autonomous robots for security and safety monitoring of industrial sites, offering enhanced security and vandalism deterrence through 24/7 unsupervised patrolling.

COM-301: Computer security and privacy

This is an introductory course to computer security and privacy. Its goal is to provide students with means to reason about security and privacy problems, and provide them with tools to confront them.

COM-418: Computers and music

In this class we will explore some of the fundamental ways in which the pervasiveness of digital devices has completely revolutionized the world of music in the last 40 years, both from the point of v

CS-412: Software security

This course focuses on software security fundamentals, secure coding guidelines and principles, and advanced software security concepts. Students learn to assess and understand threats, learn how to d

Time-Synchronization Attacks against Critical Infrastructures and their Mitigation

Marguerite Marie Nathalie Delcourt

This work focuses on the security of critical infrastructures against time-synchronization attacks (TSA). A TSA can impact any network that relies on the dynamic analysis of data, by altering the time synchronization between its nodes. Such attacked networks can start failing. Some TSAs are thwarted by cyber-security tools such as authentication and confidentiality algorithms. However, such tools cannot counter TSAs that are implemented physically. Such TSAs are undetectable but they may be detected if they lead to non-plausible observations. The identification of TSAs requires in-depth knowledge of the system's operation.We focus on TSAs in two settings. First, we consider smart grids. Their control and operation require the timely knowledge of the system state, which is inferred from an estimate computed from measurements. We consider phasor measurements taken from phasor measurement units (PMUs). However, they require a precise time synchronization, which is a weakness as existing synchronization methods are vulnerable to attacks. We aim to assess the vulnerability of the synchrophasor-based state estimation of a system, by exploring the feasibility and detectability of TSAs on PMUs. A widespread technique to make the state estimation more robust is to couple it with a bad-data detection (BDD) scheme. However, it is known that false data injection attacks and TSAs can impact the state estimation without being detected by the BDD algorithms. We present practical attack strategies for undetectable TSAs and novel vulnerability conditions. One of them is a static condition that does not depend on the measurement values. We propose a security requirement that prevents it and a greedy offline algorithm that enforces it. If this requirement is satisfied, the grid may still be attacked, although we reason that it is unlikely. We identify two sufficient and necessary vulnerability conditions which depend on the measurement values. For each, we provide a metric that shows the distance between the observed and vulnerability conditions. Enforcing our requirement requires increasing the amount of measurement points of the grid. We investigate the benefits of utilizing the three-phase model instead of the direct-sequence model for security. We show that if the power system is unbalanced, then the use of the three-phase model enables to detect attacks that are undetectable if the direct-sequence model is used. Numerical results from simulations with real load profiles from the Lausanne grid, confirm our findings. Second, we consider sensor networks for passive-source localization. We focus on the localization of a passive source from time difference of arrival (TDOA) measurements. Such measurements are highly sensitive to time-synchronization offsets. We first illustrate that TSAs can affect the localization and we show that residual analysis does not enable the detection and identification of TSAs. Second, we propose a two-step TDOA-localization technique that is robust against TSAs. It uses a known source to define a weight for each pair of sensors, reflecting the confidence in their synchronization. We then use the weighted least-squares estimator with the new weights and the TDOA measurements received from the unknown source. Our method either identifies the network as being too corrupt, or gives a corrected estimate of the unknown position along with a confidence metric. Numerical results illustrate the performance of our technique.

EPFL2021

We propose an ultra-low power (ULP) Image Signal Processor (ISP) that performs on-the-fly in-processing frame (de)compression and hierarchical event recognition to exploit the temporal and spatial sparsity in an image sequence to achieve a 16× imaging system energy gain. The ISP is fabricated in 40 nm CMOS and consumes only 170 μW at 5 fps for neural network-based intruder detection and 192× compressed image recording.

IEEE2020

The strength of the Barcelona's Eixample comes from its urban plan, a visionary project designed by Ildefons Cerdà in 1859. The original project proposed blocks with a central open space built on two or three sides, allowing the introduction of variation through the urban fabric. However, to increase density the courtyards were privatized thereby reducing the public realm to the streets. The process was nevertheless reversed in 1986 by a new bylaw promoting the recuperation of the courtyards for public space. This project reasserts Cerdà's agenda for a diverse public realm forming a fluid network through streets and reclaimed courtyards and creating unique localities along promenades within a repetitive system. To solve the relation between users and programs, the different uses can coexist by a set of levels, taking up the existing fragmentation of buildings' terraces. Housing is extended by communal gardens, preserving privacy, while cafés and retail expand their activities on the interior and children and the elderly find social activities. The design of these itineraries is solved through parametric optimization, using a gaming pathfinder algorithm, with emphasis on the privacy condition of each block. The engine uses agents (virtual people) to determine the appropriate location and permeability of the threshold between street and courtyard. It is able to manage systematically small, human-scale interventions to (re) introduce a walking dimension into Cerdà's urban fabric.

2012

Topics in computer security

Computer security, cyber security, digital security or information technology security (IT security) is the protection of computer systems and networks from attacks by malicious actors that may result in unauthorized information disclosure, theft of, or damage to hardware, software, or data, as well as from the disruption or misdirection of the services they provide. The field is significant due to the expanded reliance on computer systems, the Internet, and wireless network standards such as Bluetooth and Wi-Fi.

Internet protocol suite

The Internet protocol suite, commonly known as TCP/IP, is a framework for organizing the set of communication protocols used in the Internet and similar computer networks according to functional criteria. The foundational protocols in the suite are the Transmission Control Protocol (TCP), the User Datagram Protocol (UDP), and the Internet Protocol (IP). Early versions of this networking model were known as the Department of Defense (DoD) model because the research and development were funded by the United States Department of Defense through DARPA.

Electronic mail (email or e-mail) is a method of transmitting and receiving messages using electronic devices. It was conceived in the late–20th century as the digital version of, or counterpart to, mail (hence e- + mail). Email is a ubiquitous and very widely used communication medium; in current use, an email address is often treated as a basic and necessary part of many processes in business, commerce, government, education, entertainment, and other spheres of daily life in most countries.

Cybersecurity: Threat Modeling and Solutions

Explores cybersecurity fundamentals, threat modeling, real-world case studies, and digital forensics procedures.

Adversarial Thinking: Defender - Threat Modelling COM-301: Computer security and privacy

Delves into adversarial thinking and threat modeling methodologies to enhance defense strategies.

Malware: Types, Defense, and Botnets COM-301: Computer security and privacy

Explores various malware types, spread mechanisms, defense strategies, and network security implications.