What is Information Security?
Information Security is a system that prevents unauthorized access to information.Let's open this up a little bit more, we need to think of a system that prevents all unauthorized transactions.Let's give an example from Turkey. The Turkish Standards Institute divides information security into three heads.These are the ones that are going to Privacy:
Protection of information from unauthorized access Integrity: Complete, complete, consistent and accurate information Availability: Access to information when needed by the authorities We see almost the same things we said above here.
These are 3 basic elements that are already present in many systems.
Threats Against Information
These threats are divided into an average of 15 pieces.
Backdoor,
means backdoor in Turkish.It opens an alternative door for the computer system to peer its own security or encryption technique and be difficult to spot.This opens up access to the computer's information.
Exploit,
the Turkish word meaning is abuse or exploitation.It is software written in a software language.When it runs on a computer system, it performs what we call it.There are many types of these Exploits. Let's take a look at them.
- Local Exploits
-
- Remote Exploits
-
- Dos-Exploits
-
- Command-Execution-Exploits
-
- SQL-Injection-Exploits
-
- Zero-Day-Exploits
These are the main types of exploits, so let's take a look at them briefly.
Local Exploits,
a file such as .exe must work inside the computer.Remote Exploits is already used to exploit a vulnerability on the network.
Dos-Exploits is one of the first exploits to appear. It attacks a system, slows it down and causes it to stop.
Command-Execution-Exploits is the type of exploit that comes to an attacker's reach when we install code that we want into a program subject injection system that can exploit that system. Unfortunately, I can't explain them because the other exploit types are too long.
Trogen is a Trojan horse with turkish meaning.This system starts with the operation of malicious software thrown at the computer.It can make changes within the system without being seen in the system. That's the average threat.There are many other threats, but there is no need to describe them here.
Methods of protection against threats
If we don't want access to the information stored in the system, this can be important to you.At first, we need to check the movements of the computer to ensure this security.Computer Access Control authenticates and confirms access to a person who wants to access this system computer system.The advantage of this system is that only certain powers are granted to approved persons.In other words, they can access the desired places. Authentication is when this system proves a person's identity.For example, only pin passwords issued to administrators can be. Or, special codes sent to your phone can be cited as examples.
Source : Bilgi Güvenliği Yönetimi Nedir / Detaylı Anlatım
