 So now let's look into what we call is security of information. So what is information? Basically, when you have a lot of data, you can assimilate that data, do some analysis and get some information out of it. Now, certain information are very key to certain organizations. For example, if there is a company which has a certain set of codes for it, say a new order, and they have to keep it securely from its competitors so that they'll be able to win, say, certain projects or certain tenders. Like this example, there are a lot of information which are to be kept very securely. So how can this be done? So one of the very important thing as we talked about insecurity is it is important to be aware of the risks. So the first topic that we will talk about is called risk management. So how do you do risk management? First is you need to be aware of the risks and then see what are the ways you can manage it. So in risk management what we see is security controls. So what we mean by security controls is you have certain procedures in place which help you to ensure that certain security practices are being followed. The second thing what we look at it is defense in depth. So in defense in depth, we can look at the diagram. So on the diagram, what we see is at the core we have the data, above the data we have the applications that are running on the data. Then we have the host which is the system which is running those applications and then we have the network. So each layer of it has to be secured. For example, the network itself has to have security like any unauthorized person should not be able to enter the network. Then the host itself should be secure. Say if an unauthorized person is able to physically enter the building, the host itself should have security measures so that they cannot be allowed to enter the host computer. Now we look at the application a malicious person is able to enter the system. So the host's level security ensures that the physical system has been secured for only authorized access. Now when we look at application security, so application resides on the host. Now if the host has been breached, so what we can do is have application security where only the people who are authorized to work with the application or get information and access from that application, only they will be able to log into that application. As nowadays what we see is applications are distributed wide on the network. So application security itself becomes pretty important at that point of time and then we have data security. So now what we see is most of the times applications that represent the information get the data from some say a database. Now those databases have to also be secured so that the data in the raw form can also not fall into the wrong hands. So this is what we call defense in depth.