Presentation is loading. Please wait.

Presentation is loading. Please wait.

Host and Application Security

Published byRoberto Vera Modified over 5 years ago

Similar presentations

Presentation on theme: "Host and Application Security"— Presentation transcript:

1 Host and Application Security
Lesson 2: What is Security?

2 Well we have to start somewhere
What is security? Discuss.

3 Security is a Feeling We can “feel” secure…
Do not equate feeling with fact – much security work relies on this

4 What the Textbooks say Computer Security ensures the confidentiality, integrity and availability of the system

5 Confidentiality Keeping your secrets secret
Probably the best understood of the three tenets But even here, we need to think about what information is…

6 Integrity Means… Precise Accurate Unmodified
Modified only in acceptable ways Modified only by authorized people/process Consistent Meaningful and usable

7 Availability Present in a usable form
Has the capacity to meet the service needs Making progress with bounded waits Completes in an “acceptable” unit of time

8 Malice? How do we discriminate between safety and security?
Some definitions draw the line around malicious actions Here, we get into definitional angst…

9 Another view Workman: “Information security is generally concerned with the acceptable use of information and technology resources”

10 And another From US National Information Assurance Glossary:
Security: A condition that results from the establishment and maintenance of protective measures that enable an enterprise to perform its mission or critical functions despite risks posed by threats to its use of information systems. Protective measures may involve a combination of deterrence, avoidance, prevention, detection, recovery, and correction that should form part of the enterprise’s risk management approach.

11 We have to look at the system

12 The Attacker Everyone… seriously
Kids (scripting and more) Hackers Criminals Organized Crime Terrorists Governments Oh, and in the attack/defense stakes, America is NOT in the lead by quite a long way

13 And this is how the attacker thinks…
Source: failblog.org

14 The System, Horizontally
It’s the Internet… But it’s not: reality is much more complicated Hybrid devices and ubiquitous connectivity blur the lines between Cyberspace and “reality” Hard to actually isolate a “protected” system Either from the Internet or from the impact of others Basically, we should consider four primary areas: Home users Corporations Government/Military Infrastructure

15 The System, Vertically What parts of the system are there:
Low-level stuff… Operating System issues Applications Users 5/25/2019 The Harris Institute for Assured Information

16 Words Here are some words you should be able to define in the IA context: Vulnerability, threat, attack, risk, control

17 Assignment Read Whittaker and Ford’s paper “How to think about security”. Please download directly from the IEEE Electronic Library not from cached copies on the web.

Download ppt "Host and Application Security"

Similar presentations

Information Security EDU 5815 1. IT Security Terms EDU 5815 2.

Information Security EDU IT Security Terms EDU
Lynn Ray ISO Towson University Strategic Planning for IT Security Copyright Lynn Ray, 2007. This work is the intellectual property rights of the author.

Lynn Ray ISO Towson University Strategic Planning for IT Security Copyright Lynn Ray, This work is the intellectual property rights of the author.
Introduction to Security in Computing 01204427 Computer and Network Security Semester 1, 2011 Lecture #01.

Introduction to Security in Computing Computer and Network Security Semester 1, 2011 Lecture #01.
Guanjong High School Group 2. Physical Network Access Security Getting into a network closet could easily allow someone to disable computers and connect.

Guanjong High School Group 2. Physical Network Access Security Getting into a network closet could easily allow someone to disable computers and connect.
©Ian Sommerville 2006Software Engineering, 8th edition. Chapter 30 Slide 1 Security Engineering.

©Ian Sommerville 2006Software Engineering, 8th edition. Chapter 30 Slide 1 Security Engineering.
Stephen S. Yau CSE465 & CSE591, Fall 2006 1 Information Assurance (IA) & Security Overview Concepts Security principles & strategies Techniques Guidelines,

Stephen S. Yau CSE465 & CSE591, Fall Information Assurance (IA) & Security Overview Concepts Security principles & strategies Techniques Guidelines,
Network Security Peter Behrens Seth Elschlager. Computer Security Preventing unauthorized use of your network and information within that network. Preventing.

Network Security Peter Behrens Seth Elschlager. Computer Security Preventing unauthorized use of your network and information within that network. Preventing.
©Ian Sommerville 2006Software Engineering, 8th edition. Chapter 30 Slide 1 Security Engineering.

©Ian Sommerville 2006Software Engineering, 8th edition. Chapter 30 Slide 1 Security Engineering.
Security Awareness Challenges of Security No single simple solution to protecting computers and securing information Different types of attacks Difficulties.

Security Awareness Challenges of Security No single simple solution to protecting computers and securing information Different types of attacks Difficulties.
Presented by Manager, MIS.  GRIDCo’s intentions for publishing an Acceptable Use Policy are not to impose restrictions that are contrary to GRIDCo’s.

Presented by Manager, MIS.  GRIDCo’s intentions for publishing an Acceptable Use Policy are not to impose restrictions that are contrary to GRIDCo’s.
SEC835 Database and Web application security Information Security Architecture.

SEC835 Database and Web application security Information Security Architecture.
Computer Crime and Information Technology Security

Computer Crime and Information Technology Security
Evolving IT Framework Standards (Compliance and IT)

Evolving IT Framework Standards (Compliance and IT)
Cryptography and Network Security

Cryptography and Network Security
Defining Computer Security cybertechnology security can be thought of in terms of various counter measures: (i) unauthorized access to systems (ii) alteration.

Defining Computer Security cybertechnology security can be thought of in terms of various counter measures: (i) unauthorized access to systems (ii) alteration.
©Ian Sommerville 2006Software Engineering, 8th edition. Chapter 30 Slide 1 Security Engineering 1.

©Ian Sommerville 2006Software Engineering, 8th edition. Chapter 30 Slide 1 Security Engineering 1.
The Security Analysis Process University of Sunderland CSEM02 Harry R. Erwin, PhD.

The Security Analysis Process University of Sunderland CSEM02 Harry R. Erwin, PhD.
 The purpose of this report is to inform people that the spyware and virus threat is growing and what people can do to stop the spread of spyware and.

 The purpose of this report is to inform people that the spyware and virus threat is growing and what people can do to stop the spread of spyware and.
Computer Security “Measures and controls that ensure confidentiality, integrity, and availability of IS assets including hardware, software, firmware,

Computer Security “Measures and controls that ensure confidentiality, integrity, and availability of IS assets including hardware, software, firmware,
Center of Excellence for IT at Bellevue College. Cyber security and information assurance refer to measures for protecting computer systems, networks,

Center of Excellence for IT at Bellevue College. Cyber security and information assurance refer to measures for protecting computer systems, networks,

Similar presentations

Ads by Google