Download presentation
Presentation is loading. Please wait.
1
Host and Application Security
Lesson 2: What is Security?
2
Well we have to start somewhere
What is security? Discuss.
3
Security is a Feeling We can “feel” secure…
Do not equate feeling with fact – much security work relies on this
4
What the Textbooks say Computer Security ensures the confidentiality, integrity and availability of the system
5
Confidentiality Keeping your secrets secret
Probably the best understood of the three tenets But even here, we need to think about what information is…
6
Integrity Means… Precise Accurate Unmodified
Modified only in acceptable ways Modified only by authorized people/process Consistent Meaningful and usable
7
Availability Present in a usable form
Has the capacity to meet the service needs Making progress with bounded waits Completes in an “acceptable” unit of time
8
Malice? How do we discriminate between safety and security?
Some definitions draw the line around malicious actions Here, we get into definitional angst…
9
Another view Workman: “Information security is generally concerned with the acceptable use of information and technology resources”
10
And another From US National Information Assurance Glossary:
Security: A condition that results from the establishment and maintenance of protective measures that enable an enterprise to perform its mission or critical functions despite risks posed by threats to its use of information systems. Protective measures may involve a combination of deterrence, avoidance, prevention, detection, recovery, and correction that should form part of the enterprise’s risk management approach.
11
We have to look at the system
12
The Attacker Everyone… seriously
Kids (scripting and more) Hackers Criminals Organized Crime Terrorists Governments Oh, and in the attack/defense stakes, America is NOT in the lead by quite a long way
13
And this is how the attacker thinks…
Source: failblog.org
14
The System, Horizontally
It’s the Internet… But it’s not: reality is much more complicated Hybrid devices and ubiquitous connectivity blur the lines between Cyberspace and “reality” Hard to actually isolate a “protected” system Either from the Internet or from the impact of others Basically, we should consider four primary areas: Home users Corporations Government/Military Infrastructure
15
The System, Vertically What parts of the system are there:
Low-level stuff… Operating System issues Applications Users 5/25/2019 The Harris Institute for Assured Information
16
Words Here are some words you should be able to define in the IA context: Vulnerability, threat, attack, risk, control
17
Assignment Read Whittaker and Ford’s paper “How to think about security”. Please download directly from the IEEE Electronic Library not from cached copies on the web.
Similar presentations
© 2025 SlidePlayer.com. Inc.
All rights reserved.