Csci5233 Computer Security & Integrity 1 Overview of Security & Java (based on GS: Ch. 1)

Slides:

Advertisements

Similar presentations

Mobile Devices: Know the RISKS. Take the STEPS. PROTECT AND SECURE Health Information.

Advertisements

Information System Audit : © South-Asian Management Technologies Foundation Chapter 4: Information System Audit Requirements.

HIPAA: FEDERAL REGULATIONS REGARDING PATIENT SECURITY.

Csci5931 Web Security1 Case Study: A Forensic Lesson for Web Security (MSS, part one)

VM: Chapter 5 Guiding Principles for Software Security.

© Copyright 2014 Saul Ewing LLP The Coalition for Academic Scientific Computation HIPAA Legal Framework and Breach Analysis Presented by: Bruce D. Armon,

Security Controls – What Works

Information Security Policies and Standards

SECURITY What does this word mean to you? The sum of all measures taken to prevent loss of any kind.

Privacy, Confidentiality, and Security M8120 Fall 2001.

6/4/2015National Digital Certification Agency1 Security Engineering and PKI Applications in Modern Enterprises Mohamed HAMDI National.

1 An Overview of Computer Security computer security.

Developing Network Security Strategies Network Security D ESIGN Network Security M ECHANISMS.

ITS Offsite Workshop 2002 PolyU IT Security Policy PolyU IT/Computer Systems Security Policy (SSP) By Ken Chung Senior Computing Officer Information Technology.

Chapter 9 Information Systems Controls for System Reliability— Part 2: Confidentiality and Privacy Copyright © 2012 Pearson Education, Inc. publishing.

© 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company All rights reserved. Security Policies and Implementation Issues.

Chapter Extension 22 Managing Computer Security Risk © 2008 Pearson Prentice Hall, Experiencing MIS, David Kroenke.

Developing a Security Policy Chapter 2. Learning Objectives Understand why a security policy is an important part of a firewall implementation Determine.

Ferst Center Incident Incident Identification – Border Intrusion Detection System Incident Response – Campus Executive Incident Response Team Incident.

Information Security Compliance System Owner Training Richard Gadsden Information Security Office Office of the CIO – Information Services Sharon Knowles.

A First Course in Information Security

Auditing for Security Management By Cyril Onwubiko Network Security Analyst at COLT Telecom Invited Guest Lecture delivered at London Metropolitan University,

Information Security Technological Security Implementation and Privacy Protection.

SEC835 Database and Web application security Information Security Architecture.

Lesson 8-Information Security Process. Overview Introducing information security process. Conducting an assessment. Developing a policy. Implementing.

Information Security Update CTC 18 March 2015 Julianne Tolson.

1 Deployment of Computer Security in an Organization CE-408 Sir Syed University of Engineering & Technology 99-CE-282, 257 & 260.

“ Technology Working For People” Intro to HIPAA and Small Practice Implementation.

1 Oppliger: Ch. 15 Risk Management. 2 Outline Introduction Formal risk analysis Alternative risk analysis approaches/technologies –Security scanning –Intrusion.

How Hospitals Protect Your Health Information. Your Health Information Privacy Rights You can ask to see or get a copy of your medical record and other.

1 Secure Commonwealth Panel Health and Medical Subpanel Debbie Condrey - Chief Information Officer Virginia Department of Health December 16, 2013 Virginia.

Chapter 12 by Lisa Reeves Bertin Securing Information in a Network.

Lecture Materials for the John Wiley & Sons book: Cyber Security: Managing Networks, Conducting Tests, and Investigating Intrusions October 7, 2015 DRAFT1.

Network Security Lecture 9 Presented by: Dr. Munam Ali Shah.

Today’s Lecture Covers < Chapter 6 - IS Security

Policy Review (Top-Down Methodology) Lesson 7. Policies From the Peltier Text, p. 81 “The cornerstones of effective information security programs are.

Sample Security Model. Security Model Secure: Identity management & Authentication Filtering and Stateful Inspection Encryption and VPN’s Monitor: Intrusion.

April 14, A Watershed Date in HIPAA Privacy Compliance: Where Should You Be in HIPAA Security Compliance and How to Get There… John Parmigiani National.

Unit 6b System Security Procedures and Standards Component 8 Installation and Maintenance of Health IT Systems This material was developed by Duke University,

Chapter 01: Introduction to Network Security. Network  A Network is the inter-connection of communications media, connectivity equipment, and electronic.

John Carpenter & lecture & Information Security 2008 Lecture 1: Subject Introduction and Security Fundamentals.

Security Policies and Procedures. cs490ns-cotter2 Objectives Define the security policy cycle Explain risk identification Design a security policy –Define.

Copyright © 2009 by The McGraw-Hill Companies, Inc. All Rights Reserved. McGraw-Hill Chapter 6 The Privacy and Security of Electronic Health Information.

Note1 (Admi1) Overview of administering security.

Imagine a health system that focuses on health, not just health care. Imagine a sustainable health system with one goal: to improve the lives of the people.

Strategic Approaches to Improving Ethical Behavior

Chapter 2 Securing Network Server and User Workstations.

© ITT Educational Services, Inc. All rights reserved.Page 1 IS3230 Access Security © ITT Educational Services, Inc. All rights reserved. IS3230 Access.

Module 11: Designing Security for Network Perimeters.

IT Security. What is Information Security? Information security describes efforts to protect computer and non computer equipment, facilities, data, and.

Csci5233 computer security & integrity 1 An Overview of Computer Security.

Lessons Learned from Recent HIPAA Breaches HHS Office for Civil Rights.

Copyright © 2015 by Saunders, an imprint of Elsevier Inc. All rights reserved. Chapter 3 Privacy, Confidentiality, and Security.

Overview of Network Security. Network Security2 New Challenges 1.Security does not focus on a “product” only; it is a process and focuses on the whole.

Safeguarding Sensitive Information. Agenda Overview Why are we here? Roles and responsibilities Information Security Guidelines Our Obligation Has This.

MIS5001: Information Technology Management Ethics and Continuity Management Larry Brandolph

IS3220 Information Technology Infrastructure Security

Unit 2 Personal Cyber Security and Social Engineering Part 2.

Appendix A: Designing an Acceptable Use Policy. Overview Analyzing Risks That Users Introduce Designing Security for Computer Use.

Privacy, Confidentiality, and Security

Design for Security Pepper.

CHAPTER FOUR OVERVIEW SECTION ETHICS

CMIT100 Chapter 15 - Information.

IS4550 Security Policies and Implementation

IS4550 Security Policies and Implementation Unit 5 User Policies

ISMS Information Security Management System

CHAPTER FOUR OVERVIEW SECTION ETHICS

Session 5: Securing Home Networks Conclusions & Recommendations

Session 1 – Introduction to Information Security

Presentation transcript:

csci5233 Computer Security & Integrity 1 Overview of Security & Java (based on GS: Ch. 1)

csci5233 Computer Security & Integrity 2 Security Goals for Application Development 1. Protect sensitive data 2. Control access to resources 3. Log activity  c.f., Five security goals: authenticity, confidentiality, integrity, availability, and non-repudiatibility  Q: Compare the three goals in this chapter with the five goals above.

csci5233 Computer Security & Integrity 3 Security Policy  An explicit statement of what actions are and are not allowed within an organization.  Acceptable use of corporate resources  Remote access policy  User privileges, …  It helps to define the limits of what your application needs to protect against.  It helps to identify the important resources.  It is guided by the business needs, rules, and related laws (example: HIPAA - Health Insurance Portability and Accountability Act of 1996 )HIPAA

csci5233 Computer Security & Integrity 4 Analysis of Security Requirements  Security requirements of an application is affected by the organization’s security policy. It is usually a compromise.  Two areas need to be carefully examined: A. Risk Assessment  Cost of data loss or exposure  “Worthiness” of data  Value of the application  Cost of unauthorized use of the application  Where is the weakest link?  … B. Data Exposure

csci5233 Computer Security & Integrity 5 Analysis of Security Requirements B. Data Exposure  Identify the types of vulnerability: When, where, how and by whom would the data be most likely be exposed?  Which of the vulnerability are most in need of strengthening (per the security policy)?  Two major types of vulnerability: 1. People  External  Internal  Roles 2. Vulnerability points  Potential points of vulnerability in the system, where data are access, transmitted, stored, etc.

csci5233 Computer Security & Integrity 6 Analysis of Security Requirements  An example of security requirements analysis  Design of a Network Security Testing Environment (a draft) nment.pdf

csci5233 Computer Security & Integrity 7 Analysis of Security Requirements  Usability of the system should be integrated into the security requirements.  Ideally, the enforcement of the security requirements should be “transparent” to the end users.  Achieving a successful balance between usability and security of a system is one of the hardest parts of creating a secure system.

csci5233 Computer Security & Integrity 8 Analysis of Security Requirements  Contingency plans  How would the organization respond to security breaches?  How about violation of privacy?  Violation of copyright?

csci5233 Computer Security & Integrity 9 Implementation of Security  Security technologies & tools  The OS  IP security  VPN (virtual private networks)  Firewalls  ID (intrusion detection) tools & systems  Java security features and tools o Java language features (Ch. 2) o Byte code verifier o Class loader o Java cryptography (JCA, JCE: Ch. 3)