Chapter Goals Discuss the CIA triad

Slides:



Advertisements
Similar presentations
Information System protection and Security. Need for Information System Security §With the invent of computers and telecommunication systems, organizations.
Advertisements

McGraw-Hill/Irwin ©2009 The McGraw-Hill Companies, All Rights Reserved CHAPTER 4 ETHICS AND INFORMATION SECURITY Business Driven Information Systems 2e.
Computer Viruses.
Copyright © 2015 McGraw-Hill Education. All rights reserved. No reproduction or distribution without the prior written consent of McGraw-Hill Education.
CSA 223 network and web security Chapter one
Security+ Guide to Network Security Fundamentals
19.1 Silberschatz, Galvin and Gagne ©2003 Operating System Concepts with Java Chapter 19: Security The Security Problem Authentication Program Threats.
Chapter 15 Computer Security Techniques Patricia Roy Manatee Community College, Venice, FL ©2008, Prentice Hall Operating Systems: Internals and Design.
Lesson 9-Securing a Network. Overview Identifying threats to the network security. Planning a secure network.
Security. If I get 7.5% interest on $5,349.44, how much do I get in a month? (.075/12) = * 5, = $ What happens to the.004? =
Chapter 14 Simulation and Other Applications. 2 Chapter Goals Define simulation Give examples of complex systems Distinguish between continuous and discrete.
Chapter 17 Computer Security. Chapter Goals Discuss the CIA triad List three types of authentication credentials Create secure passwords and assess the.
BUSINESS B1 Information Security.
Chapter 12 Information Systems. 2 Managing Information Information system Software that helps the user organize and analyze data Electronic spreadsheets.
Viruses & Destructive Programs
PHYSICAL ITSECURITY scope. 1.What is password security?. 2.Why can't I tell anyone my password? 3.What about writing my password down 4.Social engineering.
Chapter 17 Security. Information Systems Cryptography Key Exchange Protocols Password Combinatorics Other Security Issues 12-2.
Operating system Security By Murtaza K. Madraswala.
Chapter 14 Simulation and Other Applications. 2 What Is Simulation? Simulation A model of a complex system and the experimental manipulation of the model.
Lecture 7 Page 1 CS 236, Spring 2008 Challenge/Response Authentication Authentication by what questions you can answer correctly –Again, by what you know.
What is risk online operation:  massive movement of operation to the internet has attracted hackers who try to interrupt such operation daily.  To unauthorized.
Ingredients of Information Security. - Who has access the asset? - Is the asset correct? - Is the asset accessible? …uncorrupted? …authentic?
1 Network and E-commerce Security Nungky Awang Chandra Fasilkom Mercu Buana University.
Topic 5: Basic Security.
Identification Authentication. 2 Authentication Allows an entity (a user or a system) to prove its identity to another entity Typically, the entity whose.
13LECTURE NET301 11/23/2015Lect13 NET THE PROBLEM OF NETWORK SECURITY The Internet allows an attacker to attack from anywhere in the world from.
Chapter 12 Information Systems. 2 Chapter Goals Define the role of general information systems Explain how spreadsheets are organized Create spreadsheets.
INFORMATION TECHNOLOGY IN A GLOBAL SOCIETY: SECURITY Taylor Moncrief.
Sarvajanik college of engineering and technology. Created by:- Keshvi Khambhati (co-m) Ria Bhatia (co-m) Meghavi Gandhi (co-m) Jarul Mehta(co-m) Topic.
Access Control / Authenticity Michael Sheppard 11/10/10.
14.1 Silberschatz, Galvin and Gagne ©2009 Operating System Concepts with Java – 8 th Edition Protection.
INTRODUCTION TO COMPUTER & NETWORK SECURITY INSTRUCTOR: DANIA ALOMAR.
CSCE 201 Identification and Authentication Fall 2015.
My topic is…………. - It is the fundamental building block and the primary lines of defense in computer security. - It is a basic for access control and.
Any criminal action perpetrated primarily through the use of a computer.
SECURITY Prepared By: Dr. Vipul Vekariya.. 2 S ECURITY Secure system will control, through use of specific futures, access to information that only properly.
Cyber security. Malicious Code Social Engineering Detect and prevent.
Challenge/Response Authentication
Technical Implementation: Security Risks
Chapter 40 Internet Security.
Botnets A collection of compromised machines
BUSINESS DRIVEN TECHNOLOGY
MANAGEMENT of INFORMATION SECURITY, Fifth Edition
3.6 Fundamentals of cyber security
Security Risks Malware (Malicious software)
Challenge/Response Authentication
Lecture 8. Cyber Security, Ethics and Trust
Network security threats
Security Shmuel Wimer prepared and instructed by
Operating system Security
INFORMATION SECURITY The protection of information from accidental or intentional misuse of a persons inside or outside an organization Comp 212 – Computer.
WELCOME.
Botnets A collection of compromised machines
Teaching Computing to GCSE
– Communication Technology in a Changing World
Chap 10 Malicious Software.
ISNE101 Dr. Ken Cosh Week 13.
Chapter 17 Computer Security.
Security.
Security.
Faculty of Science IT Department By Raz Dara MA.
Chapter 12 Information Systems.
Security.
Chap 10 Malicious Software.
Net301 LECTURE 11 11/23/2015 Lect13 NET301.
Module 2 OBJECTIVE 14: Compare various security mechanisms.
Computer Security By: Muhammed Anwar.
Chapter # 3 COMPUTER AND INTERNET CRIME
Operating System Concepts
Presentation transcript:

Chapter Goals Discuss the CIA triad Types of authentication credentials Create secure passwords and assess the security level of others Define categories of malware List the types of security attacks

Information Security Information security The techniques and policies used to ensure proper access to data Confidentiality Ensuring that data is protected from unauthorized access

CIA Triad of Information Security Ensuring that data can be modified only by appropriate mechanisms Ensuring that data is protected from unauthorized access The degree to which authorized users can access information for legitimate purposes

Preventing Unauthorized Access Authentication credentials Information users provide to identify themselves for computer access User knowledge Name, password, PIN Smart card/Token A card or hardware token with an embedded memory chip used for identification (Can also be an app on your smartphone now) Biometrics Human characteristics such as fingerprints, retina or voice patterns

Preventing Unauthorized Access Guidelines for passwords Easy to remember, hard to guess Don’t use family or pet names Don’t make it accessible Use combination uppercase/lowercase letters, digits and special characters Don’t leave computer when logged in Don’t ever tell anyone Don’t include in an email Don’t use the same password in lots of places

Preventing Unauthorized Access Typical Password Criteria Contain six or more characters Contain at least one uppercase and one lowercase letter Contain at least one digit Contain at least one special character

Good or Bad? Worst? Acceptable? Marginable? Good? nelldale JohnLewis GingerCat Longhorns aatnv.AATNV One2Three 7December1939 red&whIte%blUe7 g&OoD#3PaSs Worst? Acceptable? Marginable? Good?

Preventing Unauthorized Access CAPTCHA Software that verifies that the user is not another computer You have to look at a weird set of characters and key them back in. Why does this work?

Preventing Unauthorized Access Fingerprint analysis – a stronger level of verification than username and password iPhone Touch ID What if somebody steals your digitized fingerprint?

2 Factor Authentication Two Factor Authentication, also known as 2FA, two step verification or TFA (as an acronym), is an extra layer of security that is known as "multi factor authentication" that requires not only a password and username but also something that only, and only, that user has on them, i.e. a piece of information only they should know or have immediately to hand - such as a physical token. Using a username and password together with a piece of information that only the user knows makes it harder for potential intruders to gain access and steal that person's personal data or identity.

Computer Security Malicious Code A computer program that attempts to bypass appropriate authorization and/or perform unauthorized functions Worm stands alone, targets network resources Trojan horse disguised as benevolent resource Virus self-replicating Logic bomb set up to execute at system event

Antivirus Software Software installed to detect and remove malicious code Signature detection recognizes known malware and removes Heuristics are strategies used to identify general patterns

Computer Security Security Attacks An attack on the computer system itself Password guessing Obvious Phishing Trick users into revealing security information Spoofing Malicious user masquerades as authorized user Back door Unauthorized access to anyone who knows it exists

Computer Security Buffer overflow Defect that could cause a system to crash and leave the user with heightened privileges Denial-of-service Attacks that prevent authorized user from accessing the system Man-in-the-middle Network communication is intercepted in an attempt to obtain key data Have you ever experienced one of these?

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.