Presentation is loading. Please wait.

Presentation is loading. Please wait.

C OMPUTER S ECURITY C ONCEPTS By: Qubilah D’souza 411109 TE computer.

Similar presentations


Presentation on theme: "C OMPUTER S ECURITY C ONCEPTS By: Qubilah D’souza 411109 TE computer."— Presentation transcript:

1 C OMPUTER S ECURITY C ONCEPTS By: Qubilah D’souza 411109 TE computer

2 R EFERENCE : Operating Systems – By W Stallings(page number 636-637).

3 S UMMARY : Computer security. Three key objectives. Three objectives in terms of requirements and the definition of loss of security in each category.

4 COMPUTER SECURITY: The protection afforded to an automated information system in order to attain the applicable objectives of preserving the integrity,availability and confidentiality of information system resources(includes hardware,software,firmware,informa tion/data)

5 T HIS DEFINITION INTRODUCES 3 KEY OBJECTIVES : 1. CONFIDENTIALITY DATA CONFIDENTIALITY: assures that private or confidential information is not made available or disclosed to unauthorised individuals, PRIVACY: assures that individuals control or influence what information related to them may be collected and stored and by whom and to whom that information may be disclosed

6 2. INTEGRITY DATA INTEGRITY: Assures that information and programs are changed only in specific and authorized manner SYSTEM INTEGRITY: Assures that a system performs its intended function in an unimpaired manner, free from deliberate or inadvertent unauthorized manipulation of system

7 3.AVAILABILITY Assures that systems work promptly and services is not denied to authorized users THESE THREE CONCEPTS FORM IS OFTEN REFFERED TO AS THE CIA TRIAD CONFIDENTIALITY,INTEGRITY AND AVAILABILITY ARE LISTED AS THE THREE SECURITY OBJECTIVES FOR INFORMATION AND FOR INFORMATION SYSTEMS

8 THESE THREE CONCEPTS FORM IS OFTEN REFFERED TO AS THE CIA TRIAD CONFIDENTIALITY,INTEGRITY AND AVAILABILITY ARE LISTED AS THE THREE SECURITY OBJECTIVES FOR INFORMATION AND FOR INFORMATION SYSTEMS

9 FIPS PUB 199 (STANDARDS FOR SECURITY CATEGORIZATION OF FEDRAL INFORMATION AND INFORMATION SYSTEM) provides useful categorization of these three objectives in terms of requirements and the definition of loss of security in each category.

10 1.CONFIDENTIALITY Preserving authorized restrictions on information access and disclosure,including means for protecting personal privacy and proprietary information. Loss of confidentiality is the unauthorized disclosure of information

11 2.INTEGRITY Guarding against improper information modification or destruction. A loss of integrity is the unauthorized modification or destruction of. information

12 3.AVAILABILITY Ensuring timely and reliable access to and use of information. A loss of availability is the disruption of access to or use of information or an information system.

13 CIA triad is well established still there are two additional concepts are needed to present the complete picture 1.Authenticity 2.Accountability

14 1.Authenticity The property of being genuine and being able to be verified and trusted; confidence in the validity of transmission, a message, or message originator. This means verifying that the user are who they say the are and that each input arriving at the system came from a trusted source

15 2.Accountability The security goal that generates the requirement for action of an entity to be traced uniquely to that entity. This supports non repudiation, fault isolation, intrusion detection and prevention, and after action recovery and legal action. This helps to trace a security breach to a responsible party

16


Download ppt "C OMPUTER S ECURITY C ONCEPTS By: Qubilah D’souza 411109 TE computer."

Similar presentations


Ads by Google