in other subjects not in the security subject security ok but let's have a very clear idea about what is computer security so you guys already told me some of these words it taught me about protection it was not me Who said this is it was you you send we are trying to protect Information Systems this is what you said by that means we keep hold of three things this is the important what are the 3 things integrity and availability and it's called confidential guys no matter which part of the world you leaving wherever you go security is always always about these three things what are the three things easy to remember confidentiality integrity and availability ok so I will go through this x one by one and explain the meaning of every time ok but for you to remember very easily remember these three letters very familiar acronym of America right Central Intelligence Agency no not that but confidentiality integrity availability you should remember get so you have this year we want we want we want for what one of the student send me a message saying we want our valuable things and you know personal items protect just like that information system resources should be protected what are the resources we want to be protected this software to be protected we want to be protected and the data that is stored in the hardware and not only that don't forget you have you know service computers and everything but none of these things are useful if we don't connect internet and connectivity is very important so we want to protect this one also which is called telecommunication and we want to make sure that this is also protected not only this not only this not only the software we also want to make sure whatever the data that is going here and coming in is also checked that is clear so now all we need to learn about these three things what do we mean by confidential the integrity and that's what we want to learn today is not Dilshan you already gave a letter to your house to house and so he is awarded the unauthorised access has happened what does she usually do after that your time to talk not my type what does the thief usually do after that please talk to me gais otherwise you know I'm already losing interest now I'm looking at my very good Steel valuable things stealing is not there to have a cup of tea I don't think so that so we want to make sure that we don't give unauthorised access cause of unauthorised access outside the should not be able to use power system because of unauthorised access outside should not be able to see our data information as very important we call it disclosure disclosure means people releasing or looking at our information without permission problem right is a big problem so we don't want that and we don't want our systems to be distracted we don't have systems to be district imagine you are doing your online exam M mixer and suddenly the midterm exam system Server is not working that ko destruction and then we have another modification this is something that is different in information systems why modification means someone will come and change things Samay Tak will happen to our system and it will change of a data it should it will change our program it will change the hardware behaviour it will change our software behaviour modification or else they will completely destroyed The Attack will completely destroy the date completely destroy our hardware School destruction so we want to make sure none of these things are there so basically we want protection from all these things that we discuss if we somehow managed to achieve this this this and this this and this if you somehow manage to give protection to these things that I told you we will have confidentiality integrity and availability these are the three things that we are trying to achieve so let's talk about this three things sahi se Nanded definition I don't want to go into each and every definition but you can see the same was appearing right same was happy that you can see availability is their integrity is confidential this yes there are two Newton's call non-repudiation and authentication which we will talk about it but technically speaking even these two guys actually belong to intake I will tell you later ok to Newtons belong to integrate ok so now what is this usually in cybersecurity we call this a try and some people also called the triangle that's also ke triangle so you can see in security we want to have equal integrity protection equal availability action and equal confidence interval so I think what you really need to know is ok what do we mean by this what do you mean by Intex what do you mean by available so that whatever they discussed now I think I think that confidential information should not be made available it should not be disclosed it should not be there for anybody who does not have permission to see you guys tell me a piece of information that you have that is very confidential for you is a secret in other words we are talking about secrecy what is the most secretive thing for you guys anyone who is using computers and systems and website and very good I got one answer but is a private and will not be able to see so I I prefer if you guys can discuss in the public very good I already have an answer in the public chat red one of the most important thing that you need drivers your confidentiality is your password something that everyone should not be able to see that the only people who can see that so very very important ok can you tell me something else that you you think data confidentiality of privacy is needed some other piece of information in some other system I need another answer not only password password is a good answer but I need to know the exam bank account number very good credit card numbers pin numbers you are now understanding this right so these are private things ok this is all about personal information about sleep systems and website and some of these systems have some information and some systems and applications that are very very confidential piece of information PDF file or a word file that you think should be confidential anything let me give you he can you think of a piece of information that needs confidentiality only up to period of time after that it's ok after that time and it's ok but only up to that point it should be confidential should be ok very good I am now getting some good dances exam papers even may be the result right so because the results will have a specific date that you can see should have a lot of confidence according to world famous cyber security organisation is the National Institute of Technology and its not the only organisation that working on cybersecurity and also they only focus is not also on security they have other areas as well but according to them we want to make sure that our information right and our personal information and privacy is protected so we want to assure that the owners have full control who can see my data who can come into the system who can look at these files who can look at this letter code of things so confidentiality in other words it's the same thing as secrecy same thing you can edit and change very important you can edit and change data only if you have permission only if you have permission unchanged it that integrity is a very important requirement that very very important ok can you tell me a system at least that need to make sure integrity is there 100% we need integrity can you give me an example nobody should be able to edit that without permission tell me an example someone saying courseweb that also good because you should as a student you should not be able to login to cause a band change my Aas page are that's very bad that's very good but the sun first name he has given a very good answer which is your research student profile very good now you get the idea you should never be able to go to your profile and I have a change that I can't go into your profile and change your data if you should not be so that subject is configured as 50% assignment not assignment 50% mid-term and assignment and 50% final exam system I change this information and there is some sort of a student who is a very good hacker don't do this you will get punished for your life in the student who has very good marks in exam a + b x 2 and maybe you don't even need to x if you can say great that attacker did not change the data he changed the system is changed to Khud Hi change the way that the system work there are two different things in integrated Data integrity and system intended but most of the time in our discussions we will be talking about dating dating so once again you can clearly see that is also talking about people with permission and without permission if you have the permission to do it you should be able to change you should be able to modify but if you don't have the permission and as a lecturer I can go to the page and footer not but I can't go to your HCG page and footer not I am not the lecture in charge for that subject so I can't do it so that's how it integrity is protect you have to understand ok let's move on the final one should be available if you have permission to look at the data if you have permission to access the data the data and the system should be available in the world will have different tell me in your opinion a system that should never go down so it should never go out of service during a certain time period in example you can think of anything from your life in general something in the industry anything I was sleeping availability I explain the availability so it's basically it should be working that should be available I tell you for the next five minutes ABC down are you guys going to suicide I am I going to suicide are you guys going to like a lot of trouble because of that dishoom lecture system using video conferencing tool not allowed to go down almost 24/7 should work as a traffic system very good traffic control system if it goes down during the height of a period of the city my goodness big problem there is another one exam result 8 p.m. today it should be a very patient and patient information there are some systems now let me let me put something here confidentiality integrity availability ok there are some system we can say which one is this if you have to banking transaction system which one should I use Si I ok ok who was that
