Presentation is loading. Please wait.

Presentation is loading. Please wait.

Overview CSE 465 – Information Assurance Fall 2017 Adam Doupé

Published byClifton Mason Modified over 6 years ago

Similar presentations

Presentation on theme: "Overview CSE 465 – Information Assurance Fall 2017 Adam Doupé"— Presentation transcript:

1 Overview CSE 465 – Information Assurance Fall 2017 Adam Doupé
Arizona State University

2 What is security?

3 Components of Security
Confidentiality Access Control Encryption Integrity Prevention Detection Availability Denial of Service

4 Threats Disclosure Deception Disruption Usurpation

5 Common Threats Snooping (wiretapping) Modification/alteration
Man-in-the-middle (MITM) Masquerading/spoofing Delegation? Repudiation Denial of receipt Delay Denial of service

6 How to Defend Against Threats?
Security policy Security mechanism Policy: A statement of what is and what is not allowed Mechanism: is a method, tool, or procedure for enforcing a security policy

7 Example The system we want to defend is a house. Threats? Policy?
Mechanism?

8 Security Policy Goals Prevention Detection Recovery

9 Defining Policies Natural Language Mathematics Policy Languages

10 Correctness of Security Policy
Assumptions What assumptions did we make in our house example? Policy is correct Mechanism correctly implements policy Trust Who do we trust?

11 Mechanisms Technical Procedural

12 Security Mechanism Effectiveness
Secure Precise Broad

13 Assurance How to trust that the system is secure?
How much to trust the system? Can this be quantified? What does it depend on?

14 Specification What is the system supposed to do? How to define?

15 Design How to design the system?
Does the design satisfy the specification? How to prove this?

16 Implementation How is the design implemented?
Does the implementation satisfy the design? How to prove this?

17 Deployment, Configuration, Operation
How is the implementation… Deployed? Configured? Operation? How to prove this?

18 Cost-Benefit Analysis
Are security measures/mechanisms worth the cost? What factors to consider?

19 Risk Analysis Should an asset be protected?
What threats does it face? What are the consequences if it is attacked? What level to protect an asset? Does risk remain constant? How to quantify risk?

20 Laws/Customs Laws can restrict policy and mechanisms Customs
Various countries have (or have had in the past) laws regrading cryptography Could privacy laws restrict an admin from performing their job? Customs

21

22 Human Issues Who is responsible for security in an organization?
How much budget do they have? How much organizational power do they have? Who enforces the security of a system? People and systems

Download ppt "Overview CSE 465 – Information Assurance Fall 2017 Adam Doupé"

Similar presentations

Cryptography and Network Security 2 nd Edition by William Stallings Note: Lecture slides by Lawrie Brown and Henric Johnson, Modified by Andrew Yang.

Cryptography and Network Security 2 nd Edition by William Stallings Note: Lecture slides by Lawrie Brown and Henric Johnson, Modified by Andrew Yang.
September 10, 2012Introduction to Computer Security ©2004 Matt Bishop Slide #1-1 Chapter 1: Introduction Components of computer security Threats Policies.

September 10, 2012Introduction to Computer Security ©2004 Matt Bishop Slide #1-1 Chapter 1: Introduction Components of computer security Threats Policies.
Chap 1: Overview Concepts of CIA: confidentiality, integrity, and availability Confidentiality: concealment of information –The need arises from sensitive.

Chap 1: Overview Concepts of CIA: confidentiality, integrity, and availability Confidentiality: concealment of information –The need arises from sensitive.
Lecture 1: Overview modified from slides of Lawrie Brown.

Lecture 1: Overview modified from slides of Lawrie Brown.
1 cs691 chow C. Edward Chow Overview of Computer Security CS691 – Chapter 1 of Matt Bishop.

1 cs691 chow C. Edward Chow Overview of Computer Security CS691 – Chapter 1 of Matt Bishop.
1 Overview CSSE 490 Computer Security Mark Ardis, Rose-Hulman Institute March 8, 2004.

1 Overview CSSE 490 Computer Security Mark Ardis, Rose-Hulman Institute March 8, 2004.
Security+ Guide to Network Security Fundamentals

Security+ Guide to Network Security Fundamentals
1 An Overview of Computer Security computer security.

1 An Overview of Computer Security computer security.
Chapter 1: Introduction Components of computer security Threats Policies and mechanisms The role of trust Assurance Operational Issues Human Issues Computer.

Chapter 1: Introduction Components of computer security Threats Policies and mechanisms The role of trust Assurance Operational Issues Human Issues Computer.
July 1, 2004Computer Security: Art and Science ©2002-2004 Matt Bishop Slide #1-1 Chapter 1: Introduction Components of computer security Threats Policies.

July 1, 2004Computer Security: Art and Science © Matt Bishop Slide #1-1 Chapter 1: Introduction Components of computer security Threats Policies.
Stephen S. Yau CSE465 & CSE591, Fall 2006 1 Information Assurance (IA) & Security Overview Concepts Security principles & strategies Techniques Guidelines,

Stephen S. Yau CSE465 & CSE591, Fall Information Assurance (IA) & Security Overview Concepts Security principles & strategies Techniques Guidelines,
April 1, 2004ECS 235Slide #1 Chapter 1: Introduction Components of computer security Threats Policies and mechanisms The role of trust Assurance Operational.

April 1, 2004ECS 235Slide #1 Chapter 1: Introduction Components of computer security Threats Policies and mechanisms The role of trust Assurance Operational.
E-commerce security by Asif Dalwai 886 39 5409. Introduction E-commerce applications Threats in e-commerce applications Measures to handle threats Incorporate.

E-commerce security by Asif Dalwai Introduction E-commerce applications Threats in e-commerce applications Measures to handle threats Incorporate.
Security Overview. 2 Objectives Understand network security Understand security threat trends and their ramifications Understand the goals of network.

Security Overview. 2 Objectives Understand network security Understand security threat trends and their ramifications Understand the goals of network.
Information Systems Controls for System Reliability -Information Security-

Information Systems Controls for System Reliability -Information Security-
Thomas Levy. Agenda 1.Aims: CIAN 2.Common Business Attacks 3.Information Security & Risk Management 4.Access Control 5.Cryptography 6.Physical Security.

Thomas Levy. Agenda 1.Aims: CIAN 2.Common Business Attacks 3.Information Security & Risk Management 4.Access Control 5.Cryptography 6.Physical Security.
Lecture 1: Overview modified from slides of Lawrie Brown.

Lecture 1: Overview modified from slides of Lawrie Brown.
CS526: Information Security Chris Clifton August 26, 2003 Course Overview Portions of the material courtesy Professor Matt Bishop.

CS526: Information Security Chris Clifton August 26, 2003 Course Overview Portions of the material courtesy Professor Matt Bishop.
Computer Security: Principles and Practice First Edition by William Stallings and Lawrie Brown Lecture slides by Lawrie Brown Chapter 1 – Overview.

Computer Security: Principles and Practice First Edition by William Stallings and Lawrie Brown Lecture slides by Lawrie Brown Chapter 1 – Overview.
Computer Security: Principles and Practice

Computer Security: Principles and Practice

Similar presentations

Ads by Google