Overview CSE 365 – Information Assurance Fall 2018 Adam Doupé

Slides:



Advertisements
Similar presentations
Cryptography and Network Security 2 nd Edition by William Stallings Note: Lecture slides by Lawrie Brown and Henric Johnson, Modified by Andrew Yang.
Advertisements

September 10, 2012Introduction to Computer Security ©2004 Matt Bishop Slide #1-1 Chapter 1: Introduction Components of computer security Threats Policies.
Chap 1: Overview Concepts of CIA: confidentiality, integrity, and availability Confidentiality: concealment of information –The need arises from sensitive.
Lecture 1: Overview modified from slides of Lawrie Brown.
1 cs691 chow C. Edward Chow Overview of Computer Security CS691 – Chapter 1 of Matt Bishop.
1 Overview CSSE 490 Computer Security Mark Ardis, Rose-Hulman Institute March 8, 2004.
Security+ Guide to Network Security Fundamentals
1 An Overview of Computer Security computer security.
Chapter 1: Introduction Components of computer security Threats Policies and mechanisms The role of trust Assurance Operational Issues Human Issues Computer.
July 1, 2004Computer Security: Art and Science © Matt Bishop Slide #1-1 Chapter 1: Introduction Components of computer security Threats Policies.
Stephen S. Yau CSE465 & CSE591, Fall Information Assurance (IA) & Security Overview Concepts Security principles & strategies Techniques Guidelines,
April 1, 2004ECS 235Slide #1 Chapter 1: Introduction Components of computer security Threats Policies and mechanisms The role of trust Assurance Operational.
E-commerce security by Asif Dalwai Introduction E-commerce applications Threats in e-commerce applications Measures to handle threats Incorporate.
Security Overview. 2 Objectives Understand network security Understand security threat trends and their ramifications Understand the goals of network.
Information Systems Controls for System Reliability -Information Security-
Thomas Levy. Agenda 1.Aims: CIAN 2.Common Business Attacks 3.Information Security & Risk Management 4.Access Control 5.Cryptography 6.Physical Security.
Lecture 1: Overview modified from slides of Lawrie Brown.
CS526: Information Security Chris Clifton August 26, 2003 Course Overview Portions of the material courtesy Professor Matt Bishop.
Computer Security: Principles and Practice First Edition by William Stallings and Lawrie Brown Lecture slides by Lawrie Brown Chapter 1 – Overview.
Computer Security: Principles and Practice
Computer Security “Measures and controls that ensure confidentiality, integrity, and availability of IS assets including hardware, software, firmware,
CS461/ECE422 — Computer Security I — Spring 2012.
Chapter 1 Overview The NIST Computer Security Handbook defines the term Computer Security as:
IT Strategy for Business © Oxford University Press 2008 All rights reserved Chapter 12 IT Security Strategies.
1 University of Palestine Information Security Principles ITGD 2202 Ms. Eman Alajrami 2 nd Semester
SECURITY Professor Mona Mursi. ENVIRONMENT IT infrastructures are made up of many components, abstractly: IT infrastructures are made up of many components,
Lecture slides prepared for “Computer Security: Principles and Practice”, 3/e, by William Stallings and Lawrie Brown, Chapter 1 “Overview”. © 2016 Pearson.
IT Controls Global Technology Auditing Guide 1.
Features Governmental organization Critically important ICT objects Distributed infrastructure Three levels of confidentiality Dozens of subsidiary organizations.
Csci5233 computer security & integrity 1 An Overview of Computer Security.
12/18/20151 Computer Security Introduction. 12/18/20152 Basic Components 1.Confidentiality: Concealment of information (prevent unauthorized disclosure.
T.A 2013/2014. Wake Up Call! Malware hijacks your , sends death threats. Found in Japan (Oct 2012) Standford University Recent Network Hack May Cost.
Visual 1. 1 Lesson 1 Overview and and Risk Management Terminology.
Introduction and Overview of Information Security and Policy By: Hashem Alaidaros 4/10/2015 Lecture 1 IS 332.
Fall 2008CS 334 Computer Security1 CS 334: Computer Security Fall 2008.
Chapter 19: Building Systems with Assurance Dr. Wayne Summers Department of Computer Science Columbus State University
July 1, 2004Computer Security: Art and Science © Matt Bishop Slide #1-1 Chapter 1: Introduction Components of computer security Threats Policies.
Foundations of Organizational Information Assurance Fall 2007 Dr. Barbara Endicott-Popovsky IMT551.
November 1, 2004Introduction to Computer Security ©2004 Matt Bishop Slide #1-1 Chapter 1: Introduction Components of computer security Threats Policies.
Dr. Mark Gaynor, Dr. Feliciano Yu, Bryan Duepner.
Advanced System Security Dr. Wayne Summers Department of Computer Science Columbus State University
Computer Security Introduction
CS457 Introduction to Information Security Systems
CS 395: Topics in Computer Security
Introductory Computer Security
Introduction to Information Assurance
Overview CSE 465 – Information Assurance Fall 2017 Adam Doupé
Information Security, Theory and Practice.
Threat Modeling - An Overview All Your Data is Mine
Design for Security Pepper.
CMIT100 Chapter 15 - Information.
Chapter 1: Introduction
Information System and Network Security
Applications of Cryptography
Microsoft Dumps PDF CompTIA SY0-501 Dumps PDF CompTIA Security+ Certification RealExamCollection.com.
I have many checklists: how do I get started with cyber security?
NET 311 Information Security
Chapter 1: Introduction
Chapter 19: Building Systems with Assurance
Chapter 1: Introduction
Another perspective on Network Security
Cryptography and Network Security
Security Basics CSCE 489/689 (Software Security) Fall 2018
An Overview of Computer Security
Advanced System Security
Computer Security Introduction
Security.
Chapter 1: Introduction
Unit # 1: Overview of the Course Dr. Bhavani Thuraisingham
Overview CSE 365 – Information Assurance Fall 2019 Adam Doupé
Presentation transcript:

Overview CSE 365 – Information Assurance Fall 2018 Adam Doupé Arizona State University http://adamdoupe.com

What is security?

Components of Security Confidentiality Access Control Encryption Integrity Prevention Detection Availability Denial of Service

Threats Disclosure Deception Disruption Usurpation

Common Threats Snooping (wiretapping) Modification/alteration Man-in-the-middle (MITM) Masquerading/spoofing Delegation? Repudiation Denial of receipt Delay Denial of service

How to Defend Against Threats? Security policy Security mechanism Policy: A statement of what is and what is not allowed Mechanism: is a method, tool, or procedure for enforcing a security policy

Example The system we want to defend is a house. Threats? Policy? Mechanism?

Security Policy Goals Prevention Detection Recovery

Defining Policies Natural Language Mathematics Policy Languages

Correctness of Security Policy Assumptions What assumptions did we make in our house example? Policy is correct Mechanism correctly implements policy Trust Who do we trust?

Mechanisms Technical Procedural

Security Mechanism Effectiveness Secure Precise Broad

Assurance How to trust that the system is secure? How much to trust the system? Can this be quantified? What does it depend on?

Specification What is the system supposed to do? How to define?

Design How to design the system? Does the design satisfy the specification? How to prove this?

Implementation How is the design implemented? Does the implementation satisfy the design? How to prove this?

Deployment, Configuration, Operation How is the implementation… Deployed? Configured? Operation? How to prove this?

Cost-Benefit Analysis Are security measures/mechanisms worth the cost? What factors to consider?

Risk Analysis Should an asset be protected? What threats does it face? What are the consequences if it is attacked? What level to protect an asset? Does risk remain constant? How to quantify risk?

Laws/Customs Laws can restrict policy and mechanisms Customs Various countries have (or have had in the past) laws regrading cryptography Could privacy laws restrict an admin from performing their job? Customs

Human Issues Who is responsible for security in an organization? How much budget do they have? How much organizational power do they have? Who enforces the security of a system? People and systems