1
00:00:00,210 --> 00:00:07,350
So the next important concept that we are going to see is availability, the information availability

2
00:00:07,350 --> 00:00:10,340
is crucial for modern information security.

3
00:00:10,830 --> 00:00:19,440
It is the information being accessible as required, when required, were required and to whom required.

4
00:00:20,250 --> 00:00:27,000
So basically, information availability is that information must be easily accessible by individuals

5
00:00:27,120 --> 00:00:27,990
who need it.

6
00:00:28,860 --> 00:00:34,340
For example, data related to customers must be accessible in the marketing department.

7
00:00:34,830 --> 00:00:41,010
In practice, availability of information requires a control system such as, for example, the big

8
00:00:41,010 --> 00:00:49,500
backup of data and the capacity planning procedures and criteria for approval of the systems.

9
00:00:50,130 --> 00:00:56,460
Now, the incident management procedures, the management of removable media, the information processing

10
00:00:56,460 --> 00:01:03,420
procedures, the maintenance and testing of equipment, continuity consent procedures, as well as the

11
00:01:03,420 --> 00:01:10,590
procedures to control the usage of systems, ensure that the data is available then and that it is needed.

12
00:01:13,120 --> 00:01:20,170
Now, when it comes to information security, physical security is not provided in an organization,

13
00:01:20,170 --> 00:01:26,590
if the physical security is not provided, the access to unauthorized personnel would be unchallenged.

14
00:01:27,130 --> 00:01:33,400
This means that if information is not protected through physical security, the organization would be

15
00:01:33,610 --> 00:01:42,070
subject to theft, natural disaster and other physical security addresses reliability and accessibility

16
00:01:42,070 --> 00:01:42,880
of the data.

17
00:01:44,290 --> 00:01:47,830
Now auditing and system effectiveness of evaluation.

18
00:01:48,730 --> 00:01:54,790
A type of audit, which is very important, what availability is the system effectiveness evaluation,

19
00:01:55,030 --> 00:02:02,140
which shows how well the system meets the need of the organization by taking a larger view of the system

20
00:02:02,380 --> 00:02:06,060
and the organization's auditing systems?

21
00:02:06,080 --> 00:02:09,850
And this is the clarity and timeliness of the information.

22
00:02:11,620 --> 00:02:18,820
Next comes security policies, the security policy of a system should determine who is using the system

23
00:02:19,150 --> 00:02:26,410
and set the user privileges, current and future decisions should be based on the enterprise, the security

24
00:02:26,410 --> 00:02:26,890
policy.

25
00:02:27,850 --> 00:02:35,410
Security policies addresses impliedly timeliness and the accessibility of information, we have seen

26
00:02:35,410 --> 00:02:37,390
security policies in all directions.

27
00:02:37,420 --> 00:02:43,570
I have also explained to you about security policies, so I would not I will not stress upon this point

28
00:02:43,570 --> 00:02:44,340
in this lecture.

29
00:02:45,450 --> 00:02:48,430
System monitoring and operational control as well.

30
00:02:48,840 --> 00:02:50,940
Operational controls are rules.

31
00:02:51,750 --> 00:02:52,770
Please listen closely.

32
00:02:53,130 --> 00:03:00,870
Operational controls are the rules that should be implemented and monitored in order to protect the

33
00:03:00,870 --> 00:03:05,280
information of the organization, the implement the security policy.

34
00:03:05,760 --> 00:03:11,130
And in this, we provide greatly to enforce the security policy.

35
00:03:11,670 --> 00:03:14,280
So you can see that all these things are interdependent.

36
00:03:14,280 --> 00:03:17,370
System monitoring is dependent on security policies.

37
00:03:17,670 --> 00:03:24,570
And while auditing, we ensure that all the security policies are in place and they can be enforced.

38
00:03:24,930 --> 00:03:28,350
The system monitoring and the operational controls work toolkit.

39
00:03:29,280 --> 00:03:33,180
So this is how basically availability is very important.

40
00:03:33,760 --> 00:03:36,690
Now, next comes business continuity.

41
00:03:37,260 --> 00:03:44,480
Business continuity is a very important component in maintaining operations in cases of network attack.

42
00:03:45,060 --> 00:03:51,960
Now, without a business continuity plan, the organization will not be sure that the last information

43
00:03:51,960 --> 00:03:53,280
can ever be restored.

44
00:03:53,790 --> 00:03:58,470
That is why business continuity addresses the timeliness and the accessibility.

45
00:03:59,520 --> 00:04:01,410
Backups are very important.

46
00:04:01,530 --> 00:04:09,300
Backups are a copy of all the information applications on operating system settings that are stored

47
00:04:09,300 --> 00:04:16,590
within the computer to reduce the amount of loss and provide maximum restorable capability to the organization.

48
00:04:17,280 --> 00:04:20,010
Backups at risk, timeliness and accessibility.

49
00:04:20,400 --> 00:04:27,390
That is why I always tell my students to backup their data at least once a month, either in the cloud

50
00:04:27,600 --> 00:04:29,150
or in their hard drives.

51
00:04:30,180 --> 00:04:36,690
Now we'll see what is available to me by taking the example of Bob, Judy and a server.

52
00:04:39,050 --> 00:04:46,730
Now, you can see that Bob is trying to access some data from the server here, but since the definition

53
00:04:46,730 --> 00:04:51,910
of availability speeds, that data should be a bit available when and where it is needed.

54
00:04:52,400 --> 00:04:59,090
Now, let us have Trudy, who is completely, you know, bombarding the packets on the server and the

55
00:04:59,090 --> 00:05:01,500
server is not functioning anymore.

56
00:05:01,940 --> 00:05:09,740
So Bob here will not be receiving any data, which means the availability principle of information security

57
00:05:10,070 --> 00:05:11,460
is being violated.

58
00:05:12,230 --> 00:05:19,310
Now, many cases when the server is not able to deliver the messages, all the information to its customers,

59
00:05:19,310 --> 00:05:23,990
mostly, it's probably because of the availability issues.

60
00:05:23,990 --> 00:05:29,160
And the most obvious reason is the denial of service attack by malicious hackers.

61
00:05:29,900 --> 00:05:35,960
So I hope you understood the meaning of the security element of availability and what are the different

62
00:05:35,960 --> 00:05:38,160
factors that affect availability?

63
00:05:38,810 --> 00:05:39,450
That's it.

64
00:05:39,470 --> 00:05:45,830
Those are the three lectures that we just see of a man to have an overview of the CIA tried to you.

65
00:05:46,220 --> 00:05:51,550
And we will be looking after the CIA in upcoming elections in that in depth.

66
00:05:51,710 --> 00:05:53,620
So don't worry for time.

67
00:05:53,630 --> 00:05:59,300
We just make sure that you have understood the definitions of these terms and what are the elements

68
00:05:59,300 --> 00:06:08,390
of information security in the next lecture will talk about different and distinct with respect to ethical

69
00:06:08,390 --> 00:06:08,810
hacking.

70
00:06:09,260 --> 00:06:11,270
I will see you in the next lecture.