CONFIDENTIALITY, INTEGRITY, LEGAL INTERCEPTION

Slides:

Advertisements

Similar presentations

Network Security Chapter 1 - Introduction.

Advertisements

© ITU Telecommunication Development Bureau (BDT) – E-Strategy Unit.. Page - 1 Building Confidence in E-government Services ITU-T Workshop on.

Cryptography and Network Security 2 nd Edition by William Stallings Note: Lecture slides by Lawrie Brown and Henric Johnson, Modified by Andrew Yang.

1 Computer Security Instructor: Dr. Bo Sun. 2 Course Objectives Understand basic issues, concepts, principles, and mechanisms in computer network security.

IT 221: Introduction to Information Security Principles Lecture 1: Introduction to IT Security For Educational Purposes Only Revised: August 28, 2002.

Chapter 1 – Introduction

1 Cryptography and Network Security Third Edition by William Stallings Lecturer: Dr. Saleem Al_Zoubi.

6/4/2015National Digital Certification Agency1 Security Engineering and PKI Applications in Modern Enterprises Mohamed HAMDI National.

8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.

Applied Cryptography for Network Security

Introduction (Pendahuluan)  Information Security.

Cryptography and Network Security Third Edition by William Stallings Lecture slides by Lawrie Brown.

Security Overview. 2 Objectives Understand network security Understand security threat trends and their ramifications Understand the goals of network.

Topics in Information Security Prof. JoAnne Holliday Santa Clara University.

An Introduction to Information Assurance COEN 150 Spring 2007.

Information Assurance and Security: Overview. Information Assurance “Measures that protect and defend information and information systems by ensuring.

Lecture 12 Electronic Business (MGT-485). Recap – Lecture 11 E-Commerce Security Environment Security Threats in E-commerce Technology Solutions.

Dr. Lo’ai Tawalbeh 2007 INCS 741: Cryptography Chapter 1:Introduction Dr. Lo’ai Tawalbeh New York Institute of Technology (NYIT) Jordan’s Campus

PART THREE E-commerce in Action Norton University E-commerce in Action.

Copyright © 2006 CyberRAVE LLC. All rights reserved. 1 Virtual Private Network Service Grid A Fixed-to-Mobile Secure Communications Framework Managed Security.

Cryptography and Network Security

Eng. Wafaa Kanakri Second Semester 1435 CRYPTOGRAPHY & NETWORK SECURITY Chapter 1:Introduction Eng. Wafaa Kanakri UMM AL-QURA UNIVERSITY

1 Chapter 9 E- Security. Main security risks 2 (a) Transaction or credit card details stolen in transit. (b) Customer’s credit card details stolen from.

ISO17799 Maturity. Confidentiality Confidentiality relates to the protection of sensitive data from unauthorized use and distribution. Examples include:

E-Commerce Security Professor: Morteza Anvari Student: Xiaoli Li Student ID: March 10, 2001.

IT Strategy for Business © Oxford University Press 2008 All rights reserved Chapter 12 IT Security Strategies.

Customer Interface for wuw.com 1.Context. Customer Interface for wuw.com 2. Content Our web-site can be classified as an service-dominant website. 3.

1 University of Palestine Information Security Principles ITGD 2202 Ms. Eman Alajrami 2 nd Semester

. 1. Computer Security Concepts 2. The OSI Security Architecture 3. Security Attacks 4. Security Services 5. Security Mechanisms 6. A Model for Network.

Telecom and Informatics 1 Security and Privacy in Distributed Services Trial lecture: Security and Privacy in Distributed Services Richard Torbjørn Sanders.

SECURITY Professor Mona Mursi. ENVIRONMENT IT infrastructures are made up of many components, abstractly: IT infrastructures are made up of many components,

1 Chapter 1 – Background Computer Security T/ Tyseer Alsamany - Computer Security.

COSC 513 Operating Systems Project Presentation: Internet Security Instructor: Dr. Anvari Student: Ying Zhou Spring 2003.

Topic 1 – Introduction Huiqun Yu Information Security Principles & Applications.

Information Systems, Security, and e-Commerce* ACCT7320, Controllership C. Bailey *Ch in Controllership : The Work of the Managerial Accountant,

Traditional Security Issues Confidentiality –Prevent unauthorized access or reading of information Integrity –Insure that writing or operations are allowed.

Ch 13 Trustworthiness Myungchul Kim

Network Security Introduction

Cryptography and Network Security Chapter 1. Background  Information Security requirements have changed in recent times  traditionally provided by physical.

CST 312 Pablo Breuer. measures to deter, prevent, detect, and correct security violations that involve the transmission of information.

Electronic Commerce Semester 1 Term 1 Lecture 14.

INFORMATION ASSURANCE POLICY. Information Assurance Information operations that protect and defend information and information systems by ensuring their.

1 Network Security Maaz bin ahmad.. 2 Outline Attacks, services and mechanisms Security attacks Security services Security Mechanisms A model for Internetwork.

Advanced System Security Dr. Wayne Summers Department of Computer Science Columbus State University

LESSON 12 Business Internet. Electronic business, or e-business, is the application of information and communication technologies (ICT) in support of.

The technology behind the USPS EPM. AND COMPLIANCE March 25, 2004 Adam Hoffman.

Lecture 1 Introduction Dr. nermin hamza 1. Aim of Course Overview Cryptography Symmetric and Asymmetric Key management Researches topics 2.

Cryptography and Network Security

CS457 Introduction to Information Security Systems

Securing Information Systems

Issues and Protections

Design for Security Pepper.

Information System and Network Security

PAYMENT GATEWAY Presented by SHUJA ASHRAF SHAH ENROLL: 4471

Information Security.

BY GAWARE S.R. DEPT.OF COMP.SCI

Information and Network Security

SECURITY MECHANISM & E-COMMERCE

INFORMATION SYSTEMS SECURITY and CONTROL

Cryptography and Network Security

Securing a Connected Transportation System

How to Mitigate the Consequences What are the Countermeasures?

ELECTRONIC PAYMENT SYSTEM.

Information Security: Terminology

ITU-T Workshop on Security, Seoul (Korea), May 2002

Security in SDR & cognitive radio

Introduction to Cryptography

Mohammad Alauthman Computer Security Mohammad Alauthman

Cryptography and Network Security

Presentation transcript:

CONFIDENTIALITY, INTEGRITY, LEGAL INTERCEPTION Mr. In-Seop Lee KT/ITU-T SG 2

Importance of Network Security Background Explosive growth of computers and network To protect data and resources To guarantee the authenticity of data To protect systems Security aspects Security Attacks : An action that compromise the information Security Mechanism : Design to protect,prevent,recover from attacks Security Service : Enhance the security of data,systems ITU-T Workshop on Security - Seoul (Korea), 13-14 May 2002 15.11.2018

Relationship between security objectives Treats Security Requirements Security services Security mechanisms Security algorithms Security objectives ITU-T Workshop on Security - Seoul (Korea), 13-14 May 2002 15.11.2018

CONCERNS OF I/T EXECUTIVES Reliability Complexity of the Transition Unproven Services Increased Telecom Costs Increased Operating Costs Quality of Management Tools Security Lack of Standards Lack of Applications to Exploit Other 75% 73% 64% 69% 62% 61% 60% 48% 1% Source: Information Week. ITU-T Workshop on Security - Seoul (Korea), 13-14 May 2002 15.11.2018

ITU-T Workshop on Security - Seoul (Korea), 13-14 May 2002 SECURITY MODEL Information Source Destination NORMAL FLOW A B ITU-T Workshop on Security - Seoul (Korea), 13-14 May 2002 15.11.2018

ITU-T Workshop on Security - Seoul (Korea), 13-14 May 2002 SECURITY THREATS INTERRUPTION A B INTERCEPTION B A X AVAILABILITY CONFIDENTIALITY MODIFICATION A B X FABRICATION A B X INTEGRITY AUTHENTICITY ITU-T Workshop on Security - Seoul (Korea), 13-14 May 2002 15.11.2018

SECURITY REQUIREMENTS CONFIDENTIALITY AUTHENTICATION INTEGRITY AVAILABILITY Communications & IT NON-REPUDIATION ITU-T Workshop on Security - Seoul (Korea), 13-14 May 2002 15.11.2018

ITU-T Workshop on Security - Seoul (Korea), 13-14 May 2002 SECURITY SERVICES Confidentiality Protection of transmitted data Authentication Assuring that communication is authentic Integrity Assuring that message has originality Non-repudiation Preventing denying message Access Control Limit & control the access Availability Automated or physical countermeasures ITU-T Workshop on Security - Seoul (Korea), 13-14 May 2002 15.11.2018

ITU-T Workshop on Security - Seoul (Korea), 13-14 May 2002 MODEL FOR NETWORK SECURITY ITU-T Workshop on Security - Seoul (Korea), 13-14 May 2002 15.11.2018

SIX LAYERS OF NETWORK SECURITY SECURITY AUDITING SECURITY TOOLS SOFTWARE MONITORING PHYSICAL SECURITY NETWORK ADMINISTRATOR ITU-T Workshop on Security - Seoul (Korea), 13-14 May 2002 15.11.2018

ITU-T Workshop on Security - Seoul (Korea), 13-14 May 2002 INTERCEPTION Interception Interception of communications occurs where a private communication between two or more parties, sent via a communications handling system, is covertly monitored in order to understand the content. Background In most developed countries, interception of communications is used by the law enforcement, security and intelligence agencies in their work against serious crime and threats to national security, including terrorism. ITU-T Workshop on Security - Seoul (Korea), 13-14 May 2002 15.11.2018

ITU-T Workshop on Security - Seoul (Korea), 13-14 May 2002 INTERCEPTION Role Interception plays a crucial role in helping law enforcement agencies to combat criminal activity It is also necessary to protect the human rights, that is, disproportionate, or unfettered, use of interception can have consequences for the rights of individuals ITU-T Workshop on Security - Seoul (Korea), 13-14 May 2002 15.11.2018

Secure E-Commerce EXAMPLE Security & Trust Internet intrinsic not possess an unique control world wide changing traditional “paper-based” transactions not offering an adequate protection,mechanisms ITU-T Workshop on Security - Seoul (Korea), 13-14 May 2002 15.11.2018

SECURE E-COMMERCE: Security & Trust For Buyer & Merchant Trust Business & Legal Relationships Security IT Applications & Systems Correct Biz Legal trustworthy Technical Protections ITU-T Workshop on Security - Seoul (Korea), 13-14 May 2002 15.11.2018

STRUCTURING SOLUTIONS Trust Third party Interactions Security Fraud Controls IT Infrastructure International Legislation Insurance Technology & Management Policy ITU-T Workshop on Security - Seoul (Korea), 13-14 May 2002 15.11.2018

ITU-T Workshop on Security - Seoul (Korea), 13-14 May 2002 TECHNICAL SOLUTIONS Mechanisms - Verify the Actors’ Identity - Authorize Access to Resources - Protect Privacy - Keep Confident Sensitive Data Techniques - Firewall, SSL,VPN, IDS, - Authentication, Secure Applications (Web, DBMS, etc.), IPDR and Click Stream Analysis Security Policy ITU-T Workshop on Security - Seoul (Korea), 13-14 May 2002 15.11.2018

OPEN PROBLEMS of E-COMMERCE (credibility,efficiency,solvency) Good’s Quality & Quantity After-sales assistance Privacy Safeguard Buyer’s Solvency Risk Related to the Purchase Business Risk Involved ITU-T Workshop on Security - Seoul (Korea), 13-14 May 2002 15.11.2018

ITU-T Workshop on Security - Seoul (Korea), 13-14 May 2002 TRUST SOLUTIONS International Legislation Customer Profile check Payment Methods assessment For Merchants to preserve the merchant public reputation and credibility to guarantee the payments to reduce the merchants’ economical losses due to fraudulent orders. Third Party Interactions Insurance ITU-T Workshop on Security - Seoul (Korea), 13-14 May 2002 15.11.2018

ITU-T Workshop on Security - Seoul (Korea), 13-14 May 2002 TRUST SOLUTIONS International Legislation Product Quality Product Delivery For Buyers - verification of process control - process based on information Third Party Interactions Insurance ITU-T Workshop on Security - Seoul (Korea), 13-14 May 2002 15.11.2018

ITU-T Workshop on Security - Seoul (Korea), 13-14 May 2002 RISK MANAGEMENT Secure E-commerce Security factors Trust factor Risk Management strategy Managing risks - Scan environments & identify risks Analyze risks & prioritized Define the solution ITU-T Workshop on Security - Seoul (Korea), 13-14 May 2002 15.11.2018

ITU-T Workshop on Security - Seoul (Korea), 13-14 May 2002 Conclusions Security Solutions Business loss Threats Investment costs Trust Solutions Thank you very much !!! ITU-T Workshop on Security - Seoul (Korea), 13-14 May 2002 15.11.2018