Defining Computer Security cybertechnology security can be thought of in terms of various counter measures: (i) unauthorized access to systems (ii) alteration.

Slides:



Advertisements
Similar presentations
CS898T Mobile and Wireless Network Handheld Device Security By Yuan Chen July 25 th, 2005.
Advertisements

SECURITY IN E-COMMERCE VARNA FREE UNIVERSITY Prof. Teodora Bakardjieva.
Security and Trust in E- Commerce. The E-commerce Security Environment: The Scope of the Problem  Overall size of cybercrime unclear; amount of losses.
E-Commerce Security Issues. General E-Business Security Issues Any E-Business needs to be concerned about network security. The Internet is a “ public.
The Ecommerce Security Environment For most law-abiding citizens, the internet holds the promise of a global marketplace, providing access to people and.
Chapter 17 Controls and Security Measures
Security+ Guide to Network Security Fundamentals
Client/Server Computing Model of computing in which very powerful personal computers (clients) are connected in a network with one or more server computers.
8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.
Introducing Computer and Network Security
8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.
8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.
FIT3105 Security and Identity Management Lecture 1.
Copyright © 2002 Pearson Education, Inc. Slide 5-1 PERTEMUAN 8.
Security Overview. 2 Objectives Understand network security Understand security threat trends and their ramifications Understand the goals of network.
Wireless Network Security. Wireless Security Overview concerns for wireless security are similar to those found in a wired environment concerns for wireless.
Controller of Certifying Authorities PKI Technology - Role of CCA Assistant Controller (Technology) Controller of Certifying Authorities Ministry of Communications.
Chapter 19 Security Transparencies. 2 Chapter 19 - Objectives Scope of database security. Why database security is a serious concern for an organization.
Internet Safety Basics Being responsible -- and safer -- online Visit age-appropriate sites Minimize chatting with strangers. Think critically about.
1 Chapter 8 Securing Information Systems. Outline Security Threats (External: malware, spoofing/phishing, sniffing, & data theft: Internal: unauthorized.
1 Introduction to Security and Cryptology Enterprise Systems DT211 Denis Manley.
1 6 Chapter 6 Implementing Security for Electronic Commerce.
Securing Information Systems
Storage Security and Management: Security Framework
Defining Security Issues
MANAGEMENT & LEGAL IMPLICATIONS OF eCOMMERCE Security.
PART THREE E-commerce in Action Norton University E-commerce in Action.
1 Chapter 9 E- Security. Main security risks 2 (a) Transaction or credit card details stolen in transit. (b) Customer’s credit card details stolen from.
Introducing Computer and Network Security. Computer Security Basics What is computer security? –Answer depends on the perspective of the person you’re.
Computer Security The expression computer security often conjures up notions that are related to: reliability availability safety integrity confidentiality.
Computer Security The expression computer security often conjures up notions that are related to: reliability, availability, safety, integrity, confidentiality,
Exploring Business 2.0 © 2012 Flat World Knowledge Chapter 15: Managing Information And Technology.
E-Commerce Security Technologies : Theft of credit card numbers Denial of service attacks (System not availability ) Consumer privacy (Confidentiality.
Copyright © 2013 by The McGraw-Hill Companies, Inc. All rights reserved. McGraw-Hill/Irwin Business Plug-In B6 Information Security.
C8- Securing Information Systems
Protecting Internet Communications: Encryption  Encryption: Process of transforming plain text or data into cipher text that cannot be read by anyone.
E-Commerce Security Professor: Morteza Anvari Student: Xiaoli Li Student ID: March 10, 2001.
Patient Data Security and Privacy Lecture # 7 PHCL 498 Amar Hijazi, Majed Alameel, Mona AlMehaid.
Types of Electronic Infection
Review 2 Chapters 7, 8, 9. 2  Define a network and its purpose.  Explain how communications technologies are used in our every day lives.  Understand.
3.06 Data Encryption Unit 3 Internet Basics. Introduction In May of 2006, an analyst with the U.S. Department of Veterans Affairs was robbed of his notebook.
ACM 511 Introduction to Computer Networks. Computer Networks.
Security, Social and Legal Issues Regarding Software and Internet.
1 Class 15 System Security. Outline Security Threats (External: malware, spoofing/phishing, sniffing, & data theft: Internal: unauthorized data access,
COSC 513 Operating Systems Project Presentation: Internet Security Instructor: Dr. Anvari Student: Ying Zhou Spring 2003.
1 Network and E-commerce Security Nungky Awang Chandra Fasilkom Mercu Buana University.
Topic 5: Basic Security.
Lecture 24 Wireless Network Security
IT Security. What is Information Security? Information security describes efforts to protect computer and non computer equipment, facilities, data, and.
Chap1: Is there a Security Problem in Computing?.
Database security Diego Abella. Database security Global connection increase database security problems. Database security is the system, processes, and.
LESSON 5-2 Protecting Your Computer Lesson Contents Protecting Your Computer Best Practices for Securing Online and Network Transactions Measures for Securing.
1 Law, Ethical Impacts, and Internet Security. 2 Legal Issues vs. Ethical Issues Ethics — the branch of philosophy that deals with what is considered.
E-Commerce E-Commerce Security?? Instructor: Safaa S.Y. Dalloul E-Business Level Try to be the Best.
Electronic Commerce Semester 1 Term 1 Lecture 14.
LESSON 12 Business Internet. Electronic business, or e-business, is the application of information and communication technologies (ICT) in support of.
Cryptographic Hash Function. A hash function H accepts a variable-length block of data as input and produces a fixed-size hash value h = H(M). The principal.
Firewalls and Tunneling Firewalls –Acts as a barrier against unwanted network traffic –Blocks many communication channels –Can change the design space.
Securing Information Systems
Securing Information Systems
Network Security Presented by: JAISURYA BANERJEA MBA, 2ND Semester.
Security, Social and Legal Issues Regarding Software and Internet
Chapter 5 Electronic Commerce | Security
Securing Information Systems
Done BY: Zainab Sulaiman AL-Mandhari Under Supervisor: Dr.Tarek
Chapter 5 Electronic Commerce | Security
Mohammad Alauthman Computer Security Mohammad Alauthman
A Model For Network Security
Presentation transcript:

Defining Computer Security cybertechnology security can be thought of in terms of various counter measures: (i) unauthorized access to systems (ii) alteration of data that resides in and is transmitted between computer systems (iii) disruption, vandalism, and sabotage of computers systems and networks.

Defining Computer Security Confidentiality: protecting against un- authorized disclosure of information to third parties. Integrity: preventing unauthorized modification of files. Availability: preventing unauthorized withholding of information from those who need it when they need it. DOS

Figure 6-1 Computer Security System Security Data Security Resident Data Transmitted Data vulnerability to "malicious programs" (viruses and worms). vulnerability to access of data.

Four Types of Security Countermeasures Firewalls Anti-Virus Software Encryption Tools Anonymity Tools Others?? Security through obscurity

New Security Problems ? Collaboration Multi-User Applications Ubiquitous / Wireless Net Limiting access (e.g. in schools) Others ???

Encryption Tools (Continued) An encrypted communication will be only as secure and private as its key. In private-key encryption, both parties use the same encryption algorithm and the same private key. Public cryptography uses two keys: one public and the other private.

Encryption (Continued) – public Cryptography If A wishes to communicate with B, A uses B's public key to encode the message. That message can then only be decoded with B's private key, which is secret. Similarly when B responds to A, B uses A's public key to encrypt the message. That message can be decrypted only by using A's private key. Although information about an individual's public key is accessible to others, that individual's ability to communicate encrypted information is not compromised.

Anonymity Tools Users want to secure the integrity and confi- dentiality of their electronic communications. They also wish to protect their identity while engaging in on-line activities. Anonymity tools such as the Anonymizer, and pseudonymity agents such as Lucent's Personalized Web Assistant, enable users to roam the Web either anonymously or pseudonymously.

Anonymity Tools (Continued) able to navigate the Internet without personal identity being revealed. e.g., the user cannot be identified beyond certain technical information such as – the user's IP (Internet protocol) address, – ISP, and so forth.

Code of Network Ethics for Security (continued) Would you would be willing to purchase an automobile that could not be locked (secured) and thus protected against theft? Steele points out that there are no adequate "locks" for computers. He blames Microsoft and other large computer corporations for not ensuring and guaranteeing that the computer software products are more secure.

Code of Network Ethics for Security (Continued) Steele also believes that corporations that produce computer software should assume full responsibility, legal and moral, for any insecure software products they sell. He concludes that we need a "Code of Network Ethics" with a "due diligence" clause, which would spell out specific requirements for businesses engaged in the production of software.

Criticism of Steele’s Argument for a Network Code of Ethics We can agree with Steele's assumptions that consumers desire reliable products and that they expect dependable computer systems. We can also question whether the analogy that Steele draws between computer systems and automobiles is a useful one, or whether it breaks down in certain crucial respects. It is not yet possible to test computer systems for reliability in the same way that we can test automobile systems.

Total Security in Cyberspace Can total security in cyberspace be achieved? If so, would it be a desirable goal? When asked if we would prefer a secure cyberspace, we would likely answer "yes." But we might not be willing to accept the consequences of such a level of security. – e.g., more secure systems might require certain additional features in cyber-technology that would result in computer systems being less friendly and thus more difficult for ordinary users to operate.

Viewing Security as a Process Rather Than as a Product Scheier (2000) claims that anyone who promises a totally secure or "hacker proof" system is selling "snake oil.“ Many security experts assume we simply need to find the right technology or the foolproof encryption device or the right security countermeasures.

Security as a Process (continued) For Schneier, security is a process, not a product. Schneier believes that an important element in that process is risk assessment. Seeking perfect security would make a system useless, because "anything worth doing requires some risk."

Computer Security and Risk Analysis Risk analysis is a methodology used to come to an informed decision about the most cost-effective controls to limit the risks to your assets vis-à-vis the spectrum of threats. Banks and credit card companies can tolerate a considerable amount of credit risk and fraud because they know how to anticipate loses and price their services accordingly. What is the acceptable level of risk in computer systems? How can we assess it?

Risk Assessment (Continued) Many of the ethical issues surrounding computer security are not trivial. They have implications for public safety that can result in the deaths of significant numbers of persons. So it is not clear that all computer security issues can be understood simply in terms of the risk analysis model advocated by Schneier.