Information security is a very important component of system and network security. The understanding and implementation of the five pillars of information security, namely, confidentiality, integrity, availability, authenticity, and nonrepudiation, is fundamental to the protection of information assets from the omnipotent adversarial cyber threat. The evolving adversary requires a counter active information security program for both small and large organizations. This chapter defines the fundamental elements of information security, and presents the core standards for information security, threat classes, and data classification standards. With the rapid adoption of the Internet of Things (IoT) paradigm, IoT device security has become an important topic, which is addressed in detail in this chapter. Standards associated with information security in health care, as well as the National Institute of Standards and Technology (NIST) framework for cyber security, are also described in detail. The chapter concludes with a discussion on the foreseeable challenges for information security in the IoT era.

In this chapter, different types of cryptographic algorithms applicable for security in IoT, cloud computing, and Big Data are presented. IoT, cloud computing, and Big Data are based on a highly interconnected network of devices, servers, and massive volumes of data where all kinds of communications seem to be possible. Therefore, the security requirement for such technologies becomes critical, which should be provided by cryptographic algorithms. Two main categories in cryptography are symmetric key cryptography and asymmetric or PKC. The applicable methods for PKC are rather slow compared to symmetric key cryptographic algorithms. Therefore, PKC is used as a complement to symmetric key cryptography for providing security in IoT, cloud computing, and Big Data.

Biometrics refers to 'automated recognition of individuals based on their behavioural and biological characteristics such as fingerprints, iris, face, hand, voice, and gait.' Compared to traditional authentication methods, biometrics are easy to use, convenient, not possible to share, reliable, and cannot be forgotten or lost. Compensating for this need, this chapter will focus on the biometric authentication systems which help to prevent unauthorized access to the local server and cloud resources.

In this chapter, we survey the identification schemes based on multivariate polynomials over a finite field. We provide some basic definitions needed to construct the structure of identification schemes based on multivariate polynomials over a finite field. Then, we provide a brief survey of identification schemes based on multivariate polynomials by considering applications in different platforms. We analyze them in view of the zero knowledge property and the number of passes such as 3-pass and 5-pass. By considering open problems in the literature, we propose a novel identification scheme based on multivariate quadratic polynomials. Then, we compare them in terms of efficiency. We also provide a discussion for cloud, IoT, and big data applications of quantum secure identification schemes.

Cloud computing is viewed as a cost-effective and scalable way of providing computing resources for both large and small organizations. However, as cloud storage is outsourced it is highly susceptible to information security risks. The insider threat may become particularly insidious with the predilection towards cloud computing. Insiders have a significant advantage, as not only do they have knowledge about vulnerabilities in policies, networks or systems but they also have the requisite capability. An `insider' is any individual who has legitimate access to an organization's information technology infrastructure whereas an `insider threat' uses the authority granted to him/her for illegitimate gain. Fundamentally, the insider threat concern is a complex issue, as the problem domain intersects the social, technical, and socio-technical dimensions. From a cloud-computing perspective, the concept of the insider is multi-contextual and consequently propagates more opportunities for malfeasance. The definition of an insider changes from context to context; an insider is someone who works within an organization that uses a cloud-based system and it also includes a user that works for a cloud service provider. Clearly, the concept of the insider within the cloud-computing domain is amorphous. This chapter intends to define the insider threat and identify the various types of insider threats that exist within the cloud-computing domain. This chapter considers the challenges involved in managing the insider threat and possible mitigation strategies including authentication schemes within cloud-based systems. To this end, this chapter also considers the various mitigation strategies that exist within the technical, social and sociotechnical domains in order to identify gaps for further research.

Data protection, data privacy, and information privacy are all terms defined as the process of protecting important data/information from corruption, scam, fraud, loss, or compromise. This includes the relationship between the data collection and technology, the public perception and expectation of privacy, and the political as well as legal roots surrounding that data. Therefore, data protection laws aim to provide a balance between the individual's privacy rights and the proper use of data. Data protection is a concern for individuals and organizations who collect, analyze, store, and transmit data; such data could be written on paper or stored on a computer system or network. Both ways of handling information may be prune to loss, damage, or errors. Documents handled as hardcopies may be copied easily, stolen, lost, destroyed, etc. Therefore, it is very difficult to protect such information available in hardcopy format and, in reality, there is no secure method that would safeguard such documents. One may propose to store them in vaults which are secure and protect documents from humidity, light, and fire; however, many questions would be raised in the process of applying/handling such securing strategy before and after storage. On the other hand, electronic information stored on electronic devices and networks needs to be handled very carefully so that these physical systems and the information stored in them do not fall in the hands of those who may use it in fraud, abuse, scam, etc., in addition to policies which should be in place to secure information during the process of transmission and storage. In this chapter, issues related to data protection laws are discussed.