Information Security, Theory and Practice.

Slides:



Advertisements
Similar presentations
Operating System Security
Advertisements

Security by Design A Prequel for COMPSCI 702. Perspective “Any fool can know. The point is to understand.” - Albert Einstein “Sometimes it's not enough.
Cryptography and Network Security 2 nd Edition by William Stallings Note: Lecture slides by Lawrie Brown and Henric Johnson, Modified by Andrew Yang.
Lecture 1: Overview modified from slides of Lawrie Brown.
1 Cryptography and Network Security Third Edition by William Stallings Lecturer: Dr. Saleem Al_Zoubi.
Stephen S. Yau CSE465 & CSE591, Fall Information Assurance (IA) & Security Overview Concepts Security principles & strategies Techniques Guidelines,
Computer Security: Principles and Practice
Cryptography and Network Security Third Edition by William Stallings Lecture slides by Lawrie Brown.
Security Overview. 2 Objectives Understand network security Understand security threat trends and their ramifications Understand the goals of network.
Cryptography and Network Security Chapter 1 Fourth Edition by William Stallings Lecture slides by Lawrie Brown.
Network Security. Trust Relationships (Trust Zones) High trust (internal) = f c (once you gain access); g p Low trust ( ) = more controls; fewer privileges.
SEC835 Database and Web application security Information Security Architecture.
Cryptography and Network Security Overview & Chapter 1 Fifth Edition by William Stallings Lecture slides by Lawrie Brown.
Storage Security and Management: Security Framework
Lecture slides prepared for “Computer Security: Principles and Practice”, 2/e, by William Stallings and Lawrie Brown, Chapter 1 “Overview”.
Thomas Levy. Agenda 1.Aims: CIAN 2.Common Business Attacks 3.Information Security & Risk Management 4.Access Control 5.Cryptography 6.Physical Security.
Cryptography and Network Security
Security Security is a measure of the system’s ability to protect data and information from unauthorized access while still providing access to people.
Lecture 1: Overview modified from slides of Lawrie Brown.
Computer Security: Principles and Practice First Edition by William Stallings and Lawrie Brown Lecture slides by Lawrie Brown Chapter 1 – Overview.
Computer Security “Measures and controls that ensure confidentiality, integrity, and availability of IS assets including hardware, software, firmware,
Network Security Essentials Chapter 1
8/30/2010CS 686 Definition of Security/Privacy EJ Jung CS 686 Special Topics in CS Privacy and Security.
CS461/ECE422 — Computer Security I — Spring 2012.
Chapter 1 Overview The NIST Computer Security Handbook defines the term Computer Security as:
1 Chpt. 12: INFORMATION SYSTEM QUALITY, SECURITY, AND CONTROL.
. 1. Computer Security Concepts 2. The OSI Security Architecture 3. Security Attacks 4. Security Services 5. Security Mechanisms 6. A Model for Network.
Working with HIT Systems
SECURITY Professor Mona Mursi. ENVIRONMENT IT infrastructures are made up of many components, abstractly: IT infrastructures are made up of many components,
Lecture slides prepared for “Computer Security: Principles and Practice”, 3/e, by William Stallings and Lawrie Brown, Chapter 1 “Overview”. © 2016 Pearson.
© G. Dhillon Principles of IS Security Security of Technical Systems in Organizations – an introduction.
CIT 380: Securing Computer SystemsSlide #1 CIT 380: Securing Computer Systems Introduction.
IT Security. What is Information Security? Information security describes efforts to protect computer and non computer equipment, facilities, data, and.
Chap1: Is there a Security Problem in Computing?.
Introduction and Overview of Information Security and Policy By: Hashem Alaidaros 4/10/2015 Lecture 1 IS 332.
Lecture1.1(Chapter 1) Prepared by Dr. Lamiaa M. Elshenawy 1.
PREPARED BY: MS. ANGELA R.ICO & MS. AILEEN E. QUITNO (MSE-COE) COURSE TITLE: OPERATING SYSTEM PROF. GISELA MAY A. ALBANO PREPARED BY: MS. ANGELA R.ICO.
Information Management System Ali Saeed Khan 29 th April, 2016.
Database Security Threats. Database An essential corporate resource Data is a valuable resource Must be strictly controlled, managed and secured May have.
Network Security Overview
Computer Security: Principles and Practice First Edition by William Stallings and Lawrie Brown Lecture slides by Lawrie Brown Chapter 17 – IT Security.
Lecture 1 Introduction Dr. nermin hamza 1. Aim of Course Overview Cryptography Symmetric and Asymmetric Key management Researches topics 2.
CS457 Introduction to Information Security Systems
Computer and Network Security
Cryptography: an overview
Cryptography: an overview
Issues and Protections
Design for Security Pepper.
Chapter 1: Introduction
Secure Software Confidentiality Integrity Data Security Authentication
Chapter 17 Risks, Security and Disaster Recovery
BINF 711 Amr El Mougy Sherif Ismail.
Tool Server Workstation Router Universal
NET 311 Information Security
Computer and Network Security
Security Protection Goals
امنیت شبکه علی فانیان
Lecture 1: Foundation of Network Security
INFORMATION SYSTEMS SECURITY and CONTROL
Cryptography and Network Security
Cryptography: an overview
Database Security &Threats
Module 2 OBJECTIVE 14: Compare various security mechanisms.
Introduction to Cryptography
Mohammad Alauthman Computer Security Mohammad Alauthman
Cryptography and Network Security
Security Mechanisms Network Security.
A Model For Network Security
Definition Of Computer Security
Unit # 1: Overview of the Course Dr. Bhavani Thuraisingham
Presentation transcript:

Information Security, Theory and Practice. ISA 562 Information Security, Theory and Practice.

What is computer security? At it’s essence, it is an arms race! Adversaries find vulnerabilities, and attack them. Security experts find vulnerabilities and develop countermeasures. Security managers try to deploy countermeasures, trace attacks, and recover from them. Efforts to formalize the field Build theoretical models and formal analysis of systems. Efforts to at least organize the field Categorize attack types, countermeasure types, etc.

C.I.A. Confidentiality Integrity Availability

C.I.A. Confidentiality: Preventing unauthorized access to the information. Encryption Access Control User Authentication / identification Physical security Integrity Availability

C.I.A. Confidentiality Integrity: ensuring that data is unaltered Backups Checksums Error correcting codes Message authentication and digital signatures Availability Integrity: mention metadata, e.g. timestamps

C.I.A. Confidentiality Integrity Availability: accessible when needed by those that are authorized Physical protection from attacks and nature. Redundancy of storage, servers, etc. Give example of credit card blacklists

A.A.A.A. Assurance Authenticity Anonymity Accountability

A.A.A.A. Assurance: guarantee that the system provides the properties it has been trusted to provide. Policies about how the system can be used by various users Permissions of various users Protection of the system through some security mechanism. Might include legal means, reputation, … Not just about data, but also resources. Authenticity Anonymity Accountability

A.A.A.A. Assurance Authenticity: a method for verifying that policies and permissions are genuine. In other words: non-repudiation. People can’t go back on their word. Solved by using digital signatures, which also provide integrity. Anonymity Accountability

A.A.A.A. Assurance Authenticity Anonymity: certain records or actions cannot be attributed to a particular individual. Aggregation and noise. (Differential privacy) Mixing Proxies, such as ToR Accountability To provide authenticity and confidentiality, we need mechanism for proving our identity. These open us to attack as well, as our identity become linked across the Internet.

A.A.A.A. Assurance Authenticity Anonymity Accountability: actions of an entity are traceable. Non-repudiation of actions. Supports after-action recovery and legal action.

C.I.A. Examples Not all attacks have the same impact. Both student grades, and student enrollment are regulated by FERPA. An attack revealing either would be an attack on confidentiality, but, clearly grade information is more sensitive than enrollment. Medical data is an asset with a high requirement for integrity. Lives could be at stake if someone changes the information. Bus schedules have a medium requirement. Availability: a system for tracking the current location of police officers in a large city would have high need for availability. My course website has a low need.

Terminology Source: Computer Security, Principles and Practice. William Stallings, Lawrie Brown

Attacks and consequences Source: Computer Security, Principles and Practice. William Stallings, Lawrie Brown

Assets Hardware Software Data Communication lines and networks

Countermeasures Source: Computer Security, Principles and Practice. William Stallings, Lawrie Brown

Countermeasures Source: Computer Security, Principles and Practice. William Stallings, Lawrie Brown

Overall strategy Security Policy Value of assets Vulnerabilities of the system Potential threats and likelihood of attacks Ease of use vs. security gains. Cost of security vs. cost of failure and recovery. Source: Computer Security, Principles and Practice. William Stallings, Lawrie Brown

Overall strategy Security Implementation Prevention Detection Response Recovery Source: Computer Security, Principles and Practice. William Stallings, Lawrie Brown

Overall strategy Assurance and Evaluation How sure are we that the system meets the policy requirements? Assurance is a degree of confidence. Quantifying and evaluating it formally is nearly impossible. Evaluation through testing, possibly using some formal or technical means, and also through human attempts at penetration. Source: Computer Security, Principles and Practice. William Stallings, Lawrie Brown

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.