Computer Security “Measures and controls that ensure confidentiality, integrity, and availability of IS assets including hardware, software, firmware,

Slides:



Advertisements
Similar presentations
Chapter ADCS CS262/0898/V1 Chapter 1 An Introduction To Computer Security TOPICS Introduction Threats to Computer Systems –Threats, Vulnerabilities.
Advertisements

Database Administration and Security Transparencies 1.
Introduction to Security in Computing Computer and Network Security Semester 1, 2011 Lecture #01.
Is There a Security Problem in Computing? Network Security / G. Steffen1.
1 Computer Security Instructor: Dr. Bo Sun. 2 Course Objectives Understand basic issues, concepts, principles, and mechanisms in computer network security.
Cryptography and Network Security Chapter 1
Lecture 1: Overview modified from slides of Lawrie Brown.
EEC 693/793 Special Topics in Electrical Engineering Secure and Dependable Computing Lecture 3 Wenbing Zhao Department of Electrical and Computer Engineering.
EEC 688/788 Secure and Dependable Computing Lecture 2 Wenbing Zhao Department of Electrical and Computer Engineering Cleveland State University
IT 221: Introduction to Information Security Principles Lecture 1: Introduction to IT Security For Educational Purposes Only Revised: August 28, 2002.
Chapter 1 – Introduction
CSA 223 network and web security Chapter one
Security+ Guide to Network Security Fundamentals
1 Cryptography and Network Security Third Edition by William Stallings Lecturer: Dr. Saleem Al_Zoubi.
Security strategy. What is security strategy? How an organisation plans to protect and respond to security attacks on their information technology assets.
Note1 (Intr1) Security Problems in Computing. Overview of Computer Security2 Outline Characteristics of computer intrusions –Terminology, Types Security.
1 An Overview of Computer Security computer security.
EEC 688/788 Secure and Dependable Computing Lecture 2 Wenbing Zhao Department of Electrical and Computer Engineering Cleveland State University
Sanjay Goel, School of Business/Center for Information Forensics and Assurance University at Albany Proprietary Information 1 Unit Outline Qualitative.
EEC 693/793 Special Topics in Electrical Engineering Secure and Dependable Computing Lecture 3 Wenbing Zhao Department of Electrical and Computer Engineering.
Stephen S. Yau CSE465 & CSE591, Fall Information Assurance (IA) & Security Overview Concepts Security principles & strategies Techniques Guidelines,
Chapter 8 Security Transparencies © Pearson Education Limited 1995, 2005.
Network Security PHILADELPHIA UNIVERSITY Ahmad Alghoul Module 1 Introduction: To Information & Security  Modified by :Ahmad Al Ghoul  Philadelphia.
Security Overview. 2 Objectives Understand network security Understand security threat trends and their ramifications Understand the goals of network.
Sanjay Goel, School of Business/Center for Information Forensics and Assurance University at Albany Proprietary Information 1 Unit Outline Information.
CPSC 6126 Computer Security Information Assurance.
Alter – Information Systems 4th ed. © 2002 Prentice Hall 1 E-Business Security.
Chapter 19 Security Transparencies. 2 Chapter 19 - Objectives Scope of database security. Why database security is a serious concern for an organization.
Author: Andy Reedftp://topsurf.co.uk/reed FdSc IT/Computer Networking & IT(e-commerce) Communications Network Management An Introduction to Security.
© Pearson Education Limited, Chapter 5 Database Administration and Security Transparencies.
Storage Security and Management: Security Framework
Chapter 15: Security (Part 1). The Security Problem Security must consider external environment of the system, and protect the system resources Intruders.
Information Security Rabie A. Ramadan GUC, Cairo Room C Lecture 2.
What does “secure” mean? Protecting Valuables
1 Advanced Database Course (ESED5204) Eng. Hanan Alyazji University of Palestine Software Engineering Department.
Lecture 1: Overview modified from slides of Lawrie Brown.
Prepared by: Dinesh Bajracharya Nepal Security and Control.
How Hospitals Protect Your Health Information. Your Health Information Privacy Rights You can ask to see or get a copy of your medical record and other.
C8- Securing Information Systems
Security in Computer System 491 CS-G(172) By Manesh T
What does secure mean? You have been assigned a task of finding a cloud provider who can provide a secure environment for the launch of a new web application.
John Carpenter & lecture & Information Security 2008 Lecture 1: Subject Introduction and Security Fundamentals.
Chapter 1 Overview The NIST Computer Security Handbook defines the term Computer Security as:
ACM 511 Introduction to Computer Networks. Computer Networks.
Week 10-11c Attacks and Malware III. Remote Control Facility distinguishes a bot from a worm distinguishes a bot from a worm worm propagates itself and.
What security is about in general? Security is about protection of assets –D. Gollmann, Computer Security, Wiley Prevention –take measures that prevent.
Information Security What is Information Security?
SECURITY Professor Mona Mursi. ENVIRONMENT IT infrastructures are made up of many components, abstractly: IT infrastructures are made up of many components,
1 Chapter 1 – Background Computer Security T/ Tyseer Alsamany - Computer Security.
Lecture slides prepared for “Computer Security: Principles and Practice”, 3/e, by William Stallings and Lawrie Brown, Chapter 1 “Overview”. © 2016 Pearson.
Topic 5: Basic Security.
Quality of Information System (IS) reflecting local correctness and reliability of the operating system; the logical completeness of the hardware and software.
Chap1: Is there a Security Problem in Computing?.
Csci5233 computer security & integrity 1 An Overview of Computer Security.
Ingredients of Security
Visual 1. 1 Lesson 1 Overview and and Risk Management Terminology.
Computer Security By Duncan Hall.
14.1 Silberschatz, Galvin and Gagne ©2009 Operating System Concepts with Java – 8 th Edition Protection.
INTRODUCTION TO COMPUTER & NETWORK SECURITY INSTRUCTOR: DANIA ALOMAR.
Is There a Security Problem in Computing?
Security Issues and Ethics in Education Chapter 8 Brooke Blanscet, Morgan Chatman, Lynsey Turner, Bryan Howerton.
1 Network Security Maaz bin ahmad.. 2 Outline Attacks, services and mechanisms Security attacks Security services Security Mechanisms A model for Internetwork.
Advanced System Security Dr. Wayne Summers Department of Computer Science Columbus State University
By: Mark Reed.  Protecting information and information systems from unauthorized access, use, disclosure, disruption, modification, or destruction.
CS457 Introduction to Information Security Systems
Information Security, Theory and Practice.
ISSeG Integrated Site Security for Grids WP2 - Methodology
Security
Mohammad Alauthman Computer Security Mohammad Alauthman
Presentation transcript:

Computer Security “Measures and controls that ensure confidentiality, integrity, and availability of IS assets including hardware, software, firmware, and information being processed, stored, and communicated.” -- National Information System Security Glossary (NSTISSC) Confidentiality Availability Integrity Authenticity What access is possible? privacy secrecy confidentiality of content or existence Is the resource... present?... accessible in a timely fashion?... usable? Is the resource correct? accurate unmodified consistent meaningful Is it owned/created/transmitted by a trusted source? (integrity of the origin)

Terminolog y Computer System - computer hardware and software, including storage media and its associated data, network connectivity, operating system and application software Vulnerability - a weakness in the security of a computer system Threat - a potential harm to computer security Attack - an attempt to exploit a security vulnerability Security AspectThreat confidentialityinterception (snooping) availabilityinterruption (denial of service) integritymodification authenticityfabrication (spoofing)

Vulnerabilities An server crashes as the result of excessive spam. Type of vulnerability? (authenticity, availability, confidentiality, or integrity) A loan company’s program rounds fees up to the nearest cent and adds all remaining fractions to the programmer’s weekly salary. A CS101 student “borrows” a copy of a preliminary version of the final exam from a university dumpster. Using a stolen password, a student alters prior course grades in the university record. The download of a compiler requires four hours because the campus Internet connection is swamped with mp3 downloads. A computer programmer modifies the company payroll program so that it crashes when that programmer no longer appears in the employee database. The transmission line from an ATM to its associated bank is wiretapped and an intercepted message is retransmitted. A flood destroys the disk drive containing all of a company’s accounting records.

theft Hardware Vulnerabilities adding/removing devices flooding communications deletion Software Vulnerabilities modification malicious software  trojan horse -- performs a desirable overt task and an undesirable covert task  virus -- spreads itself to other computers  trapdoor -- a vulnerability within software deletion (availability) Data Vulnerabilities modification (integrity) unwanted access (confidentiality) loss of access (availability) invalid ownership (authenticity) Other Vulnerabilities networks people  logic bomb -- has delayed effect destruction (water, fire, gas, electrical, physical)

Security Defenses PREVENT DETER DEFLECT DETECT RECOVER Is it worth the cost? The “lightning rod” solution. Why back up data?

theft Hardware Controls (examine vulnerabilities) adding/removing devices flooding communications Software Controls encryption - scramble data protocol - sequence of actions that have been agreed upon destruction (water, fire, gas, electrical, physical) Defense - Controls access rules - data ownership and privileges development standards and procedures - data ownership and privileges Human Controls - Policies & Procedures Security policies are rules defining acceptable/unacceptable behavior. Procedures are mechanisms used to implement policies. Principle of Weakest Link Security is no better than its weakest aspect.

Trust We trust that our security policies are sufficient. We trust in our security procedures: ⇒ trust that each procedure contributes to policy ⇒ trust that, collectively, our procedures accomplish our policies ⇒ trust that our procedures are correctly implemented ⇒ trust that our procedures are properly installed and implemented We have X% trust in the integrity of our data. We trust the authenticity of the source of some software/data download. We trust that confidentiality has been maintained for important . We trust that key computing resources will be available when needed. The word assurance is often used to refer to a high level of trust.

Risk Management Risk “Possibility that a particular threat will adversely impact an IS by exploiting a particular vulnerability.” -- National Information System Security Glossary (NSTISSC) securit y Risk Management “The total process to identify, control, and manage the impact of uncertain harmful events, commensurate with the value of the protected assets.” -- National Information System Security Glossary (NSTISSC) risk assessment - analysis of vulnerabilities and associated likelihood and consequences risk mitigation - development of countermeasures

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.