Overview

Information Security (InfoSec) encompasses the strategies, processes, and tools used to protect digital and physical information from unauthorized access, use, disclosure, disruption, modification, or destruction. Its primary objective is to ensure the Confidentiality, Integrity, and Availability (CIA) of data—whether at rest, in transit, or in use—safeguarding it against internal and external threats across all environments.

Projects

• Password Cracking Tool Project

In this project, I used password cracking tools like Hashcat and John the Ripper to simulate attacks on weak password hashes in a controlled lab. The goal was to understand the vulnerabilities associated with poor credential hygiene and to recommend best practices such as enforcing complex password policies and using MFA.

Topics

• Key Concepts
  • Confidentiality:
    Ensuring that information is accessible only to those authorized to have access.
  • Integrity:
    Safeguarding the accuracy and completeness of information and processing methods.
  • Availability:
    Ensuring that authorized users have access to information and associated assets when required.




• Components of Information Security:
  • Access Control
    Mechanisms that restrict unauthorized users from accessing resources.
  • Encryption
    Techniques to secure information by converting it into a code to prevent unauthorized access.
  • Firewalls
    Systems that prevent unauthorized access to or from a private network.
  • Antivirus and Anti-malware
    Software designed to detect and prevent malicious software (malware) from affecting systems.
  • Incident Response
    Strategies and processes for responding to and managing security breaches or cyber-attacks.
  
  
  
  • Threats to Information Security:
    • Cyber Attacks
      Includes phishing, malware, ransomware, and denial-of-service attacks.
    • Insider Threats
      Unauthorized actions by employees or other trusted individuals.
    • Data Breaches
      Incidents where information is accessed or disclosed without authorization.

Resources

• OWASP - Open Web Application Security Project
• NIST Cybersecurity Framework
• Cryptography and Network Security Book
• Cybrary - Security Training Platform


Fundamental of Computer Security (PDF)
Physical Security (PDF)
Operating Systems Security (PDF)
Malware (PDF)
Network Security#1 (PDF)
Network Security#2 (PDF)
Web Security (PDF)
Cryptography (PDF)
Security Models and Practice (PDF)
Distributed-Applications Security (PDF)