CPSC 6126 Computer Security Information Assurance.

Slides:

Advertisements

Similar presentations

Chapter ADCS CS262/0898/V1 Chapter 1 An Introduction To Computer Security TOPICS Introduction Threats to Computer Systems –Threats, Vulnerabilities.

Advertisements

Advanced Networks and Computer Security Curt Carver & Jeff Humphries © 1999 Texas A&M University.

Information System Audit : © South-Asian Management Technologies Foundation Chapter 4: Information System Audit Requirements.

The University of Adelaide, School of Computer Science

EEC 688/788 Secure and Dependable Computing Lecture 2 Wenbing Zhao Department of Electrical and Computer Engineering Cleveland State University

Introduction to Security in Computing Computer and Network Security Semester 1, 2011 Lecture #01.

Is There a Security Problem in Computing? Network Security / G. Steffen1.

CSCE 201 Introduction to Information Security Fall 2010.

Lecture 1: Overview modified from slides of Lawrie Brown.

EEC 693/793 Special Topics in Electrical Engineering Secure and Dependable Computing Lecture 3 Wenbing Zhao Department of Electrical and Computer Engineering.

EEC 688/788 Secure and Dependable Computing Lecture 2 Wenbing Zhao Department of Electrical and Computer Engineering Cleveland State University

IT 221: Introduction to Information Security Principles Lecture 1: Introduction to IT Security For Educational Purposes Only Revised: August 28, 2002.

Chapter 1 – Introduction

CSA 223 network and web security Chapter one

Note1 (Intr1) Security Problems in Computing. Overview of Computer Security2 Outline Characteristics of computer intrusions –Terminology, Types Security.

1 An Overview of Computer Security computer security.

EEC 688/788 Secure and Dependable Computing Lecture 2 Wenbing Zhao Department of Electrical and Computer Engineering Cleveland State University

EEC 688/788 Secure and Dependable Computing Lecture 2 Wenbing Zhao Department of Electrical and Computer Engineering Cleveland State University

Lecture 1 Page 1 CS 236, Spring 2008 What Are Our Security Goals? Confidentiality –If it’s supposed to be a secret, be careful who hears it Integrity –Don’t.

EEC 693/793 Special Topics in Electrical Engineering Secure and Dependable Computing Lecture 3 Wenbing Zhao Department of Electrical and Computer Engineering.

Henric Johnson1 Network Security /. 2 Outline Attacks, services and mechanisms Security attacks Security services Methods of Defense A model for Internetwork.

Network Security PHILADELPHIA UNIVERSITY Ahmad Alghoul Module 1 Introduction: To Information & Security  Modified by :Ahmad Al Ghoul  Philadelphia.

Storage Security and Management: Security Framework

Security in Computing (C2021) Week-1. Module Syllabus Summary The main topics of study will include: General Security Problems: attacks; computer criminals;

What does “secure” mean? Protecting Valuables

Prepared by: Dinesh Bajracharya Nepal Security and Control.

Security in Computing Chapter 1, Is There a Security Problem in Computing? Summary created by Kirk Scott 1.

Computer Security “Measures and controls that ensure confidentiality, integrity, and availability of IS assets including hardware, software, firmware,

Security Architecture

What does secure mean? You have been assigned a task of finding a cloud provider who can provide a secure environment for the launch of a new web application.

Lesson 7-Managing Risk. Overview Defining risk. Identifying the risk to an organization. Measuring risk.

John Carpenter & lecture & Information Security 2008 Lecture 1: Subject Introduction and Security Fundamentals.

Chapter 1 Overview The NIST Computer Security Handbook defines the term Computer Security as:

1 University of Palestine Information Security Principles ITGD 2202 Ms. Eman Alajrami 2 nd Semester

What security is about in general? Security is about protection of assets –D. Gollmann, Computer Security, Wiley Prevention –take measures that prevent.

Information Security What is Information Security?

Database Security and Auditing: Protecting Data Integrity and Accessibility Chapter 1 Security Architecture.

1 Chapter 1 – Background Computer Security T/ Tyseer Alsamany - Computer Security.

Lecture slides prepared for “Computer Security: Principles and Practice”, 3/e, by William Stallings and Lawrie Brown, Chapter 1 “Overview”. © 2016 Pearson.

1 Network and E-commerce Security Nungky Awang Chandra Fasilkom Mercu Buana University.

Chap1: Is there a Security Problem in Computing?.

CSCE 548 Secure Software Development Security Operations.

Lecture 1 Page 1 CS 236 Online What Are Our Security Goals? CIA Confidentiality –If it’s supposed to be a secret, be careful who hears it Integrity –Don’t.

Csci5233 computer security & integrity 1 An Overview of Computer Security.

T.A 2013/2014. Wake Up Call! Malware hijacks your , sends death threats. Found in Japan (Oct 2012) Standford University Recent Network Hack May Cost.

Database Security and Auditing: Protecting Data Integrity and Accessibility Chapter 1 Security Architecture.

Introduction to Security CS432 – Security in Computing Copyright © 2005, 2009 by Scott Orr and the Trustees of Indiana University.

Introduction to Security Dr. John P. Abraham Professor UTPA.

Computer Security By Duncan Hall.

Introduction to Computer Security

INTRODUCTION TO COMPUTER & NETWORK SECURITY INSTRUCTOR: DANIA ALOMAR.

Computer threats, Attacks and Assets upasana pandit T.E comp.

1 TMK 264: COMPUTER SECURITY CHAPTER ONE: AN OVERVIEW OF COMPUTER SECURITY.

Is There a Security Problem in Computing?

CSCE 548 Introduction Basic Security Concepts. APOGEE Students Download recorded lectures Contact instructor if needed via – Phone: during office hours.

1 Network Security Maaz bin ahmad.. 2 Outline Attacks, services and mechanisms Security attacks Security services Security Mechanisms A model for Internetwork.

Lecturer: Eng. Mohamed Adam Isak PH.D Researcher in CS M.Sc. and B.Sc. of Information Technology Engineering, Lecturer in University of Somalia and Mogadishu.

Advanced System Security Dr. Wayne Summers Department of Computer Science Columbus State University

By: Mark Reed.  Protecting information and information systems from unauthorized access, use, disclosure, disruption, modification, or destruction.

Lecture 1 Introduction Basic Security Concepts

Issues and Protections

CS 450/650 Fundamentals of Integrated Computer Security

Answer the questions to reveal the blocks and guess the picture.

NET 311 Information Security

Keselamatan Komputer (Computer Security)

Security in Computing, Fifth Edition

What Are Our Security Goals?

Cyber Security For Civil Engineering

Basic Security Concepts

Presentation transcript:

CPSC 6126 Computer Security Information Assurance

Is there a Security Problem in Computing?  Risks involved in computing  Goals of secure computing: confidentiality, integrity, availability  Threats to security in computing: interception, interruption, modification, fabrication  Controls: encryption, programming controls, operating systems, network controls, administrative controls, law, ethics

What does “Secure” mean?  Protecting computer-related assets  Information Systems H’wareH’ware S’wareS’ware DataData People (& procedures)People (& procedures)  Computer Security  Information Assurance

What does “Secure” mean?  Control Risk of Computer Security Learn about threats to computer securityLearn about threats to computer security Understand what causes these threats by studying how vulnerabilities arise in the development and use of computer systems.Understand what causes these threats by studying how vulnerabilities arise in the development and use of computer systems. Survey controls that can reduce or block these threats.Survey controls that can reduce or block these threats. Develop computing style that balances security and risk.Develop computing style that balances security and risk.  Principle of Easiest Penetration “An intruder must be expected to use any available means of penetration. The penetration may not necessarily be by the most obvious means, nor is it necessarily the one against which the most solid defense has been installed.”“An intruder must be expected to use any available means of penetration. The penetration may not necessarily be by the most obvious means, nor is it necessarily the one against which the most solid defense has been installed.”

1.2 Attacks (threats, vulnerabilities and controls)  Vulnerability – weakness in the security system that might be exploited to cause loss or harm.  Threat – set of circumstances that has the potential to cause loss or harm.  Control – protective measure that removes or reduces the vulnerability  A threat is blocked by control of a vulnerability

1.2 Attacks (threats, vulnerabilities and controls)  Threats Interception : unauthorized party has gained access to an assetInterception : unauthorized party has gained access to an asset Interruption : asset becomes lost, unavailable, or unusableInterruption : asset becomes lost, unavailable, or unusable Modification : asset is tampered withModification : asset is tampered with Fabrication : counterfeit objects are added to the assetFabrication : counterfeit objects are added to the asset

1.2 Attacks (method, opportunity, and motive)  Method – the skills, knowledge, tools, and other things with which to be able to pull off the attack  Opportunity – the time and access to accomplish the attack  Motive – a reason to want to perform this attack against this system

1.3 The Meaning of Computer Security  Security Goals Confidentiality (secrecy, privacy) : ensure that assets are accessed only by authorized parties.Confidentiality (secrecy, privacy) : ensure that assets are accessed only by authorized parties. Integrity : assets can be modified only by authorized parties in authorized ways.Integrity : assets can be modified only by authorized parties in authorized ways. Availability : assets are accessible to authorized parties at appropriate times (opposite of denial of service)Availability : assets are accessible to authorized parties at appropriate times (opposite of denial of service)

1.3 The Meaning of Computer Security  Vulnerabilities HardwareHardware  Interruption (denial of service), modification, interception (theft), fabrication (substitution) SoftwareSoftware  Interruption (deletion), modification, interception (theft), fabrication DataData  Interruption (loss), modification, interception, fabrication  Principle of Adequate Protection: Computer items must be protected only until they lose their value. They must be protected to a degree consistent with their value.

1.3 The Meaning of Computer Security  Other Exposed Assets NetworksNetworks AccessAccess Key PeopleKey People

1.4 Computer Criminals  Computer Crime – any crime involving a computer or aided by the use of one  Amateurs  Crackers (NOT hackers)  Career Criminals

1.5 Methods of Defense  Harm occurs when a threat is realized against a vulnerability  Need to neutralize the threat or close the vulnerability Prevent it by blocking the attack or closing the vulnerabilityPrevent it by blocking the attack or closing the vulnerability Deter it by making the the attack harderDeter it by making the the attack harder Deflect it by making this target less attractiveDeflect it by making this target less attractive Detect it (as it happens or after the fact)Detect it (as it happens or after the fact) Recover from its effectsRecover from its effects

1.5 Methods of Defense  Controls  Multi-pronged approach  Encryption  Software controls (internal program controls, independent control programs, operating systems and network system controls, development controls)  Hardware controls  Policies and Procedures  Physical controls

1.5 Methods of Defense  Effectiveness of Controls Awareness of problemAwareness of problem Likelihood of UseLikelihood of Use  Principle of Effectiveness – Controls must be used-and used properly- to be effective. They must be efficient, easy to use, and appropriate. Overlapping controlsOverlapping controls Periodic ReviewPeriodic Review  Principle of Weakest Link – Security can be no stronger than its weakest link.