Presentation is loading. Please wait.

Presentation is loading. Please wait.

Computer Security “Measures and controls that ensure confidentiality, integrity, and availability of IS assets including hardware, software, firmware,

Published byCaren Whitehead Modified over 9 years ago

Similar presentations

Presentation on theme: "Computer Security “Measures and controls that ensure confidentiality, integrity, and availability of IS assets including hardware, software, firmware,"— Presentation transcript:

1 Computer Security “Measures and controls that ensure confidentiality, integrity, and availability of IS assets including hardware, software, firmware, and information being processed, stored, and communicated.” -- National Information System Security Glossary (NSTISSC) Confidentiality Availability Integrity Authenticity What access is possible? privacy secrecy confidentiality of content or existence Is the resource... present?... accessible in a timely fashion?... usable? Is the resource correct? accurate unmodified consistent meaningful Is it owned/created/transmitted by a trusted source? (integrity of the origin)

2 Terminolog y Computer System - computer hardware and software, including storage media and its associated data, network connectivity, operating system and application software Vulnerability - a weakness in the security of a computer system Threat - a potential harm to computer security Attack - an attempt to exploit a security vulnerability Security AspectThreat confidentialityinterception (snooping) availabilityinterruption (denial of service) integritymodification authenticityfabrication (spoofing)

3 Vulnerabilities An email server crashes as the result of excessive spam. Type of vulnerability? (authenticity, availability, confidentiality, or integrity) A loan company’s program rounds fees up to the nearest cent and adds all remaining fractions to the programmer’s weekly salary. A CS101 student “borrows” a copy of a preliminary version of the final exam from a university dumpster. Using a stolen password, a student alters prior course grades in the university record. The download of a compiler requires four hours because the campus Internet connection is swamped with mp3 downloads. A computer programmer modifies the company payroll program so that it crashes when that programmer no longer appears in the employee database. The transmission line from an ATM to its associated bank is wiretapped and an intercepted message is retransmitted. A flood destroys the disk drive containing all of a company’s accounting records.

4 theft Hardware Vulnerabilities adding/removing devices flooding communications deletion Software Vulnerabilities modification malicious software  trojan horse -- performs a desirable overt task and an undesirable covert task  virus -- spreads itself to other computers  trapdoor -- a vulnerability within software deletion (availability) Data Vulnerabilities modification (integrity) unwanted access (confidentiality) loss of access (availability) invalid ownership (authenticity) Other Vulnerabilities networks people  logic bomb -- has delayed effect destruction (water, fire, gas, electrical, physical)

5 Security Defenses PREVENT DETER DEFLECT DETECT RECOVER Is it worth the cost? The “lightning rod” solution. Why back up data?

6 theft Hardware Controls (examine vulnerabilities) adding/removing devices flooding communications Software Controls encryption - scramble data protocol - sequence of actions that have been agreed upon destruction (water, fire, gas, electrical, physical) Defense - Controls access rules - data ownership and privileges development standards and procedures - data ownership and privileges Human Controls - Policies & Procedures Security policies are rules defining acceptable/unacceptable behavior. Procedures are mechanisms used to implement policies. Principle of Weakest Link Security is no better than its weakest aspect.

7 Trust We trust that our security policies are sufficient. We trust in our security procedures: ⇒ trust that each procedure contributes to policy ⇒ trust that, collectively, our procedures accomplish our policies ⇒ trust that our procedures are correctly implemented ⇒ trust that our procedures are properly installed and implemented We have X% trust in the integrity of our data. We trust the authenticity of the source of some software/data download. We trust that confidentiality has been maintained for important email. We trust that key computing resources will be available when needed. The word assurance is often used to refer to a high level of trust.

8 Risk Management Risk “Possibility that a particular threat will adversely impact an IS by exploiting a particular vulnerability.” -- National Information System Security Glossary (NSTISSC) securit y Risk Management “The total process to identify, control, and manage the impact of uncertain harmful events, commensurate with the value of the protected assets.” -- National Information System Security Glossary (NSTISSC) risk assessment - analysis of vulnerabilities and associated likelihood and consequences risk mitigation - development of countermeasures

Download ppt "Computer Security “Measures and controls that ensure confidentiality, integrity, and availability of IS assets including hardware, software, firmware,"

Similar presentations

Chapter 1 - 1 ADCS CS262/0898/V1 Chapter 1 An Introduction To Computer Security TOPICS Introduction Threats to Computer Systems –Threats, Vulnerabilities.

Chapter ADCS CS262/0898/V1 Chapter 1 An Introduction To Computer Security TOPICS Introduction Threats to Computer Systems –Threats, Vulnerabilities.
Database Administration and Security Transparencies 1.

Database Administration and Security Transparencies 1.
Introduction to Security in Computing 01204427 Computer and Network Security Semester 1, 2011 Lecture #01.

Introduction to Security in Computing Computer and Network Security Semester 1, 2011 Lecture #01.
Is There a Security Problem in Computing? Network Security / G. Steffen1.

Is There a Security Problem in Computing? Network Security / G. Steffen1.
1 Computer Security Instructor: Dr. Bo Sun. 2 Course Objectives Understand basic issues, concepts, principles, and mechanisms in computer network security.

1 Computer Security Instructor: Dr. Bo Sun. 2 Course Objectives Understand basic issues, concepts, principles, and mechanisms in computer network security.
Cryptography and Network Security Chapter 1

Cryptography and Network Security Chapter 1
Lecture 1: Overview modified from slides of Lawrie Brown.

Lecture 1: Overview modified from slides of Lawrie Brown.
EEC 693/793 Special Topics in Electrical Engineering Secure and Dependable Computing Lecture 3 Wenbing Zhao Department of Electrical and Computer Engineering.

EEC 693/793 Special Topics in Electrical Engineering Secure and Dependable Computing Lecture 3 Wenbing Zhao Department of Electrical and Computer Engineering.
EEC 688/788 Secure and Dependable Computing Lecture 2 Wenbing Zhao Department of Electrical and Computer Engineering Cleveland State University

EEC 688/788 Secure and Dependable Computing Lecture 2 Wenbing Zhao Department of Electrical and Computer Engineering Cleveland State University
IT 221: Introduction to Information Security Principles Lecture 1: Introduction to IT Security For Educational Purposes Only Revised: August 28, 2002.

IT 221: Introduction to Information Security Principles Lecture 1: Introduction to IT Security For Educational Purposes Only Revised: August 28, 2002.
Chapter 1 – Introduction

Chapter 1 – Introduction
CSA 223 network and web security Chapter one

CSA 223 network and web security Chapter one
Security+ Guide to Network Security Fundamentals

Security+ Guide to Network Security Fundamentals
1 Cryptography and Network Security Third Edition by William Stallings Lecturer: Dr. Saleem Al_Zoubi.

1 Cryptography and Network Security Third Edition by William Stallings Lecturer: Dr. Saleem Al_Zoubi.
Security strategy. What is security strategy? How an organisation plans to protect and respond to security attacks on their information technology assets.

Security strategy. What is security strategy? How an organisation plans to protect and respond to security attacks on their information technology assets.
Note1 (Intr1) Security Problems in Computing. Overview of Computer Security2 Outline Characteristics of computer intrusions –Terminology, Types Security.

Note1 (Intr1) Security Problems in Computing. Overview of Computer Security2 Outline Characteristics of computer intrusions –Terminology, Types Security.
1 An Overview of Computer Security computer security.

1 An Overview of Computer Security computer security.
EEC 688/788 Secure and Dependable Computing Lecture 2 Wenbing Zhao Department of Electrical and Computer Engineering Cleveland State University

EEC 688/788 Secure and Dependable Computing Lecture 2 Wenbing Zhao Department of Electrical and Computer Engineering Cleveland State University
Sanjay Goel, School of Business/Center for Information Forensics and Assurance University at Albany Proprietary Information 1 Unit Outline Qualitative.

Sanjay Goel, School of Business/Center for Information Forensics and Assurance University at Albany Proprietary Information 1 Unit Outline Qualitative.
EEC 693/793 Special Topics in Electrical Engineering Secure and Dependable Computing Lecture 3 Wenbing Zhao Department of Electrical and Computer Engineering.

EEC 693/793 Special Topics in Electrical Engineering Secure and Dependable Computing Lecture 3 Wenbing Zhao Department of Electrical and Computer Engineering.

Similar presentations

Ads by Google