Chap1: Is there a Security Problem in Computing?.

Slides:



Advertisements
Similar presentations
Chapter ADCS CS262/0898/V1 Chapter 1 An Introduction To Computer Security TOPICS Introduction Threats to Computer Systems –Threats, Vulnerabilities.
Advertisements

Advanced Networks and Computer Security Curt Carver & Jeff Humphries © 1999 Texas A&M University.
1 MIS 2000 Class 22 System Security Update: Winter 2015.
Crime and Security in the Networked Economy Part 4.
Information System protection and Security. Need for Information System Security §With the invent of computers and telecommunication systems, organizations.
The University of Adelaide, School of Computer Science
Introduction to Security in Computing Computer and Network Security Semester 1, 2011 Lecture #01.
Is There a Security Problem in Computing? Network Security / G. Steffen1.
Cryptography and Network Security Chapter 1
E-Commerce Security Issues. General E-Business Security Issues Any E-Business needs to be concerned about network security. The Internet is a “ public.
11 ASSESSING THE NEED FOR SECURITY Chapter 1. Chapter 1: Assessing the Need for Security2 ASSESSING THE NEED FOR SECURITY  Security design concepts 
Lecture 1: Overview modified from slides of Lawrie Brown.
EEC 693/793 Special Topics in Electrical Engineering Secure and Dependable Computing Lecture 3 Wenbing Zhao Department of Electrical and Computer Engineering.
EEC 688/788 Secure and Dependable Computing Lecture 2 Wenbing Zhao Department of Electrical and Computer Engineering Cleveland State University
CSA 223 network and web security Chapter one
Security+ Guide to Network Security Fundamentals
Note1 (Intr1) Security Problems in Computing. Overview of Computer Security2 Outline Characteristics of computer intrusions –Terminology, Types Security.
1 An Overview of Computer Security computer security.
8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.
8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.
EEC 688/788 Secure and Dependable Computing Lecture 2 Wenbing Zhao Department of Electrical and Computer Engineering Cleveland State University
EEC 693/793 Special Topics in Electrical Engineering Secure and Dependable Computing Lecture 3 Wenbing Zhao Department of Electrical and Computer Engineering.
Network Security PHILADELPHIA UNIVERSITY Ahmad Alghoul Module 1 Introduction: To Information & Security  Modified by :Ahmad Al Ghoul  Philadelphia.
Security Overview. 2 Objectives Understand network security Understand security threat trends and their ramifications Understand the goals of network.
CPSC 6126 Computer Security Information Assurance.
Alter – Information Systems 4th ed. © 2002 Prentice Hall 1 E-Business Security.
Computer Security Tran, Van Hoai Department of Systems & Networking Faculty of Computer Science & Engineering HCMC University of Technology.
CHAPTER 3 Information Privacy and Security. CHAPTER OUTLINE  Ethical Issues in Information Systems  Threats to Information Security  Protecting Information.
Defining Security Issues
PART THREE E-commerce in Action Norton University E-commerce in Action.
1 Chapter 9 E- Security. Main security risks 2 (a) Transaction or credit card details stolen in transit. (b) Customer’s credit card details stolen from.
BUSINESS B1 Information Security.
What does “secure” mean? Protecting Valuables
Prepared by: Dinesh Bajracharya Nepal Security and Control.
How Hospitals Protect Your Health Information. Your Health Information Privacy Rights You can ask to see or get a copy of your medical record and other.
Computer Security “Measures and controls that ensure confidentiality, integrity, and availability of IS assets including hardware, software, firmware,
Copyright © 2013 by The McGraw-Hill Companies, Inc. All rights reserved. McGraw-Hill/Irwin Business Plug-In B6 Information Security.
C8- Securing Information Systems
29.1 Lecture 29 Security I Based on the Silberschatz & Galvin’s slides And Stallings’ slides.
Patient Data Security and Privacy Lecture # 7 PHCL 498 Amar Hijazi, Majed Alameel, Mona AlMehaid.
What does secure mean? You have been assigned a task of finding a cloud provider who can provide a secure environment for the launch of a new web application.
Network security Network security. Look at the surroundings before you leap.
John Carpenter & lecture & Information Security 2008 Lecture 1: Subject Introduction and Security Fundamentals.
1 Class 15 System Security. Outline Security Threats (External: malware, spoofing/phishing, sniffing, & data theft: Internal: unauthorized data access,
What security is about in general? Security is about protection of assets –D. Gollmann, Computer Security, Wiley Prevention –take measures that prevent.
SESSION 14 INFORMATION SYSTEMS SECURITY AND CONTROL.
1 Network and E-commerce Security Nungky Awang Chandra Fasilkom Mercu Buana University.
Topic 5: Basic Security.
IT Security. What is Information Security? Information security describes efforts to protect computer and non computer equipment, facilities, data, and.
Csci5233 computer security & integrity 1 An Overview of Computer Security.
Module 2: Designing Network Security
Introduction and Overview of Information Security and Policy By: Hashem Alaidaros 4/10/2015 Lecture 1 IS 332.
CONTROLLING INFORMATION SYSTEMS
Computer Security By Duncan Hall.
Introduction to Computer Security
INTRODUCTION TO COMPUTER & NETWORK SECURITY INSTRUCTOR: DANIA ALOMAR.
1 TMK 264: COMPUTER SECURITY CHAPTER ONE: AN OVERVIEW OF COMPUTER SECURITY.
Is There a Security Problem in Computing?
Network security Cs634 IS  Course Content  Materials  Assessment Agenda 2.
Advanced System Security Dr. Wayne Summers Department of Computer Science Columbus State University
Network security Cs634 IS  Course Content  Materials  Assessment 2 Agenda.
Security
CS 450/650 Fundamentals of Integrated Computer Security
Security in Networking
INFORMATION SYSTEMS SECURITY and CONTROL
Faculty of Science IT Department By Raz Dara MA.
Keselamatan Komputer (Computer Security)
Security in Computing, Fifth Edition
Mohammad Alauthman Computer Security Mohammad Alauthman
Cyber Security For Civil Engineering
Presentation transcript:

Chap1: Is there a Security Problem in Computing?

The risks involved in computing The goals of secure computing: confidentiality, integrity, availability The threats to security in computing: interception, interruption, modification, fabrication SE571 Security in Computing Dr. Ogara 2

Controls available to address these threats: encryption, programming controls, operating systems, network controls, administrative controls, law, and ethics SE571 Security in Computing Dr. Ogara 3

 351 Security practitioners responded  More attacks on Web applications  Virtualization and cloud computing make security more complex  Software is main culprit in breaches  Outsourcing security fell  IT budget trimmed NOT security SE571 Security in Computing Dr. Ogara 4

5

6

 Computing System collection of hardware, software, storage media, data, and people that an organization uses to perform computing tasks. components: hardware, software, and data. SE571 Security in Computing Dr. Ogara 7

 Vulnerability weakness in the security system Example, weaknesses in procedures, design, or implementation, that might be exploited to cause loss or harm. Figure 1.1 – Crack on the wall is a vulnerability SE571 Security in Computing Dr. Ogara 8

 A threat A set of circumstances that has the potential to cause loss or harm. Human initiated e.g. human errors, attacks, denial of service Computer initiated e.g. natural disaster such as Katrina Figure1.1 – getting hurt or drowning SE571 Security in Computing Dr. Ogara 9

 Control Protective measure against vulnerabilities and threats Action, device, procedure, or technique that removes or reduces a vulnerability A threat is blocked by control of a vulnerability. SE571 Security in Computing Dr. Ogara 10

Figure 1-1 Threats, Controls, and Vulnerabilities. SE571 Security in Computing Dr. Ogara 11

 Interception Unauthorized party gains access to an asset The outside party can be a person, a program, or a computing system. Examples, illicit copying of program or data files, or wiretapping to obtain data in a network SE571 Security in Computing Dr. Ogara 12

 Interruption An asset of the system becomes lost, unavailable, or unusable. Examples, malicious destruction of a hardware device, erasure/deletion of a program or data file, and denial of service attack SE571 Security in Computing Dr. Ogara 13

 Modification Unauthorized party not only accesses but tampers with an asset. Example, change the values in a database, alter a program so that it performs an additional computation, or modify data being transmitted electronically ( ). SE571 Security in Computing Dr. Ogara 14

 Fabrication intruder may insert bogus transactions to a network communication system or add records to an existing database, create user accounts SE571 Security in Computing Dr. Ogara 15

Figure 1-2 System Security Threats. SE571 Security in Computing Dr. Ogara 16

 Computer security addresses three important aspects/goals of any computer-related system (CIA): Confidentiality - Ensures that computer- related assets are accessed only by authorized parties Integrity - assets can be modified only by authorized parties or only in authorized ways Availability - assets are accessible to authorized parties at appropriate times SE571 Security in Computing Dr. Ogara 17

 Confidentiality Also called secrecy or privacy Ensures that computer-related assets are accessed only by authorized parties (people or systems) Control  encryption, access control lists, physical security SE571 Security in Computing Dr. Ogara 18

 Integrity Means that assets can be modified only by authorized parties or only in authorized ways. Examples; writing, changing and deleting Control  digital signatures, hashing, code review to detect covert channels SE571 Security in Computing Dr. Ogara 19

 Availability Means that assets are accessible to authorized parties at appropriate times Applies both to data and to services (information and to information processing) Opposite of denial of service SE571 Security in Computing Dr. Ogara 20

 Availability Meaning of availability  It is present in a usable form. It has enough capacity to meet the service’s needs Control  RAID, redundant components (power supply, fan), server clusters SE571 Security in Computing Dr. Ogara 21

Figure 1-3 Relationship Between Confidentiality, Integrity, and Availability. SE571 Security in Computing Dr. Ogara 22

 Apply to all three broad categories of system resources (Figure 1-4) Hardware  Theft  Destruction  Flooding SE571 Security in Computing Dr. Ogara 23

Software (operating system, controllers, utility programs, and application programs)  Deletion  Alteration  Modification  Example, Trojan horse, virus, trapdoor, and information leaks in a program  Theft SE571 Security in Computing Dr. Ogara 24

Data  Data attack is a more widespread and serious problem than either a hardware or software attack  Data items have greater public value than hardware and software because more people know how to use or interpret data SE571 Security in Computing Dr. Ogara 25

Figure 1-4 Vulnerabilities of Computing Systems. SE571 Security in Computing Dr. Ogara 26

 Other Exposed Assets  Networks  Access  Intruder steals computer time but no attack  Destroy software or data  Deny service to legitimate users  Key People  Disgruntled employee may cause damage SE571 Security in Computing Dr. Ogara 27

 Amateurs  Crackers or Malicious Hackers  Career Criminals organized crime and international groups engaged in computer crime  Terrorists denial-of-service attacks and web site defacements are popular SE571 Security in Computing Dr. Ogara 28

 Used to preserve  Confidentiality  Integrity  Availability  May prevent or mitigate attacks  May inform us that security is compromised  May detect a breach as it happens/after it occurs SE571 Security in Computing Dr. Ogara 29

 Encryption Scrambles data so that interpretation is meaningless Unscrambled state, called cleartext Transformed data are called enciphered text or ciphertext May nullify modification or fabrication Important for integrity and confidentiality of data SE571 Security in Computing Dr. Ogara 30

Figure 1-6 Multiple Controls. SE571 Security in Computing Dr. Ogara 31

 Hardware control hardware or smart card implementations of encryption locks or cables limiting access or deterring theft devices to verify users’ identities firewalls intrusion detection systems circuit boards that control access to storage media SE571 Security in Computing Dr. Ogara 32

 Policies and Procedures among users Frequent changes of passwords Training and administration Ethical and legal issues SE571 Security in Computing Dr. Ogara 33

 Physical Controls locks on doors guards at entry points backup copies of important software and data physical site planning that reduces the risk of natural disasters SE571 Security in Computing Dr. Ogara 34

 Awareness of Problem Understand importance of security  Likelihood of Use Controls must be used  Overlapping Controls Use combination of controls /layered defense  Periodic Review SE571 Security in Computing Dr. Ogara 35

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.