Presentation is loading. Please wait.

Presentation is loading. Please wait.

Saad Haj Bakry, PhD, CEng, FIEE 1 Security Policy Issues Saad Haj Bakry, PhD, CEng, FIEE.

Published byAnnis Copeland Modified over 9 years ago

Similar presentations

Presentation on theme: "Saad Haj Bakry, PhD, CEng, FIEE 1 Security Policy Issues Saad Haj Bakry, PhD, CEng, FIEE."— Presentation transcript:

1 Saad Haj Bakry, PhD, CEng, FIEE 1 Security Policy Issues Saad Haj Bakry, PhD, CEng, FIEE

2 2 Definition (1) ISO Information Processing Vocabulary TermDefinition Data The representation of facts, concepts and instructions in a formalized manner suitable for communication, interpretation, or processing. Information The meaning that is currently assigned to data by means of conventions applied to that data. Security Policy Issues

3 Saad Haj Bakry, PhD, CEng, FIEE 3 Definition (1) ISO Information Processing Vocabulary TermDefinition Data Integrity The data quality that exists as long as accidental or malicious destruction, alteration, or loss of data does not occur Data Corruption / Contamination The violation of data integrity. Security Policy Issues

4 Saad Haj Bakry, PhD, CEng, FIEE 4 Definition (1) ISO Information Processing Vocabulary TermDefinition Functional Unit The entity of hardware, or software, or both capable of accomplishing a specific purpose. Data SourceThe functional unit that originates data for transmission. Data SourceThe functional unit that accepts transmitted data. Security Policy Issues

5 Saad Haj Bakry, PhD, CEng, FIEE 5 Definition (1) Signal Processing of Voice / Data / Video TermDefinition Source Encoding Coding signal in digital form: Telephone Voice (64 kbps) / Video (135 Mbps) Compression Reduction of transmission bandwidth. Telephone Voice (32 kbps) / Video (45 Mbps) Encryption Using encoding (encryption / enciphering) as means for protecting data from interception by unauthorized parties Security Policy Issues

6 Saad Haj Bakry, PhD, CEng, FIEE 6 Definition (1) A Cipher / An Encryption Method Definition A procedure / an algorithm / a process and a transformation key Procedure / Algorithm / Process A designed sequence of steps for transforming a plain text into a cipher text using a transformation key Transformation Key The key determines a particular transformation (digital string) from a set of possible transformations. Security Policy Issues

7 Saad Haj Bakry, PhD, CEng, FIEE 7 Definition (1) ISO Information Processing Vocabulary TermDefinition SecurityThe condition of being secure or the condition of being protected from or exposed danger. PrivacyThe state or quality of being private. Security Policy Issues

8 Saad Haj Bakry, PhD, CEng, FIEE 8 Definition (1) ISO Information Processing Vocabulary TermDefinition CryptographyA discipline involving principles, means, and methods for changing data so that it is not readable. CryptanalysisAn attack on one of the principles, means, or methods (to recover readability) Security Policy Issues

9 Saad Haj Bakry, PhD, CEng, FIEE 9 Definition (1) ISO Information Processing Vocabulary TermDefinition Encryption / Enciphering The process of changing data (plain text) so that it becomes unreadable (cipher text). Decryption / Deciphering The process of transforming cipher text back into plain text. Security Policy Issues

10 Saad Haj Bakry, PhD, CEng, FIEE 10 Definition (2) ISO Information Processing Vocabulary Computer System Security The technological and the administrative safeguards established and applied to data processing to protect hardware, software, and data from accidental or malicious destruction or disclosure.

11 Saad Haj Bakry, PhD, CEng, FIEE 11 Analysis of Definition (2) IssueDescription Object (to be protected) Hardware / Software / Data Challenges (source) Accidental / Malicious Effect (protection from) Destruction / Disclosure Means (of protection) Technological / Administrative

12 Saad Haj Bakry, PhD, CEng, FIEE 12 Definition (3) ISO Information Processing Vocabulary Privacy Protection The implementation of appropriate administrative, technical, and physical safeguards to ensure the security and confidentiality of data records, and to protect both security and confidentiality against any threat or hazard that could result in substantial harm, embarrassment, inconvenience or unfairness to any individual about whom such information is maintained.

13 Saad Haj Bakry, PhD, CEng, FIEE 13 Analysis of Definition (3) IssueDescription Object (to be protected) Information / Data: Records (associated with individuals, or organizations: privacy) Challenge (to object) Security / Privacy Effect (protection from) Threat & hazard that could result in harm, embarrassment, inconvenience, or unfairness Means (of protection) Physical / Administrative / Technical

14 Saad Haj Bakry, PhD, CEng, FIEE 14 Definition (2) ISO-OSI Special Interest Group on Security Network Security Goals Protection of data against: undetected loss and repetition unauthorized modification unauthorized disclosure Data is Sequenced Sealed Private Ensuring correct identity of sender & receiver Signed by Sender Stamped by Receiver

15 Saad Haj Bakry, PhD, CEng, FIEE 15 Definition (3) Intranet-Internet Flow / Flooding Security of Network Flow Protection from undesired data streams entering the Intranet (Private / National Networks) Firewalls Protection of private data streams from leaking out of the Intranet Protection from denial of service : Flooding: undesired generation of data. Anti-Virus

16 Saad Haj Bakry, PhD, CEng, FIEE 16 Basic Data Security Terms TermDefinition Plaintext Source text / Unencrypted data CryptographyTransforming “plaintext” to “cipher text” (encrypted text) using a “cipher” and a “key” Cipher text Encrypted text / Incomprehensible data Cipher / Cryptosystem A technique / A procedure / An algorithm (a computer science term) for encrypting data / messages A Key A string of digits used to encrypt data (like a password) / Longer keys lead to stronger encryption CryptanalysisBreaking / cracking encyption

17 Saad Haj Bakry, PhD, CEng, FIEE 17 Risk v. Cost Cost Risk Balance

18 Saad Haj Bakry, PhD, CEng, FIEE 18 Profile Benefits Current State A Security Map of Broad Scope: “A Base for Investigations” Future Policy “Reengineering” Management “TQM” Risk / Cost “Balance”

19 Saad Haj Bakry, PhD, CEng, FIEE 19 Profile Principles: Scope T PO Technology Organization People Environment Challenges Accidental Malicious Protection Technical Administrative Challenges: Technology / Organization / People / Environment Protection: Awareness / Practices / Legal / Management Access / identity / Integrity / Confidentiality / Flow / Contingency

20 Saad Haj Bakry, PhD, CEng, FIEE 20 Profile Principles: Levels / Modules The Internet Level (Module) Potential World Wide Business Activities The Extranet Level (Module) Partners / Suppliers / Customers “Business Activities” The Intranet Level (Module) Intra-organization Activities Security

21 Saad Haj Bakry, PhD, CEng, FIEE 21 Challenges: Organization / People LevelsNon-MaliciousMalicious Organization: Intranet / Business: Extranet / Public: Internet Management “Environment” / Misbehaviour / Misuse Conflicting Objectives Hostility Hackers (Internal / External)

22 Saad Haj Bakry, PhD, CEng, FIEE 22 Challenges: Technology LevelsNon-MaliciousMalicious Organization : Intranet / Business: Extranet / Public: Internet Design / Implementation Vulnerability: System Failure Logical Deficiencies Protocol Un-robustness Computer Viruses: Undesired (harmful) technology components Spreading the Disease (network)

23 Saad Haj Bakry, PhD, CEng, FIEE 23 Challenges: Environment LevelsAccidental / Malicious Non- Malicious Organization : Intranet / Business: Extranet / Public: Internet Noise Power Failure Disasters: Flood / Fire / Earth quick / … Rules: Regulations / Practices / Legal Issues Management: Policy / Practices

24 Saad Haj Bakry, PhD, CEng, FIEE 24 Challenges: Effect / Results Denial of Service Performance Degradation Loss of Privacy Data Corruption System Failures Loss of Data Flooding Problems of Identity

25 Saad Haj Bakry, PhD, CEng, FIEE 25 Protection: Technical (See Paper) Firewalls Reliable Technology Traffic Padding Access Control Authentication of Identities Cryptography Error Detection & Correction Anti-Virus Measures

26 Saad Haj Bakry, PhD, CEng, FIEE 26 Protection: Administrative (Issues) Awareness: For Who: Users / IT Staff Subject: Understanding Network Security Legal Issues: National / International Rules (IT Security / Punishment) Job Practices & Management: People’s Interaction with Other People & with Machines

27 Saad Haj Bakry, PhD, CEng, FIEE 27 Protection: Administrative (Organizations) International Government Professional Private Intranet / Extranets Standards Management Technical Laws

28 Saad Haj Bakry, PhD, CEng, FIEE 28 Cost Effectiveness Scope / Objectives / Requirements Cost / Benefits Priorities Internet / Extranet / Intranet

29 Saad Haj Bakry, PhD, CEng, FIEE 29 Profile: Generic Architecture LevelDescription Computer Tools User Interface Computer Database Security Components Elements (Products) Economy (Cost / Benefit) Positions / Functions Profile Base Security: Tools Security: Challenges / Protection IntranetExtranetInternet

30 Saad Haj Bakry, PhD, CEng, FIEE 30 Profile: Use / Benefits UseDescription Current State Mapping / understanding current state Policy Development Assessing / diagnosing (problems) Evaluation criteria (requirements) The problem of choice. Target State Developing / mapping target state Implementation / Testing Monitoring / follow up progress Testing performance Management / Improvement Gradual improvement (TQM) Incremental improvement (Reengineering)

31 Saad Haj Bakry, PhD, CEng, FIEE 31 Development: Profile / Policy / Application Building Profile Architecture Mapping Current State Policy Development Mapping Target State Implementation / Testing Management/ Improvement TQM Reengineering Incremental Gradual

32 Saad Haj Bakry, PhD, CEng, FIEE 32 Security Policies Key to the security of the Organization / Network / Information Vulnerability Possible Attackers Possible Threats Possible Damage Data Theft www.cerias.com www.baselinesoft.com www.sans.org Response Security Needs Security V. Performance

33 Saad Haj Bakry, PhD, CEng, FIEE 33 Cyber-Crimes National Security Policy: USA National Infrastructure Protection Act Denial of Service Attack / Distribution of Viruses (Federal Crimes: Fines & Jail Time). Web Sites www.usdoj.gov/criminalwww.usdoj.gov/criminal/cyberc rime/ compcrime.html www.cybertime.gov

34 Saad Haj Bakry, PhD, CEng, FIEE 34 Reference H.M. Deitel, P.J. Deitel, K. Steinbuhler, e- Business and e-Commerce for Managers, Prentice-Hall, Upper Saddler River, New Jersey, 2001

Download ppt "Saad Haj Bakry, PhD, CEng, FIEE 1 Security Policy Issues Saad Haj Bakry, PhD, CEng, FIEE."

Similar presentations

Network Security Chapter 1 - Introduction.

Network Security Chapter 1 - Introduction.
Module 1 Evaluation Overview © Crown Copyright (2000)

Module 1 Evaluation Overview © Crown Copyright (2000)
Cryptography and Network Security 2 nd Edition by William Stallings Note: Lecture slides by Lawrie Brown and Henric Johnson, Modified by Andrew Yang.

Cryptography and Network Security 2 nd Edition by William Stallings Note: Lecture slides by Lawrie Brown and Henric Johnson, Modified by Andrew Yang.
Lecture 1: Overview modified from slides of Lawrie Brown.

Lecture 1: Overview modified from slides of Lawrie Brown.
Network Management Functions

Network Management Functions
HIPAA Security Standards What’s happening in your office?

HIPAA Security Standards What’s happening in your office?
ISO Information Security Management

ISO Information Security Management
Chapter 1 – Introduction

Chapter 1 – Introduction
Network Security Policy

Network Security Policy
Chapter 17 Controls and Security Measures

Chapter 17 Controls and Security Measures
1 Cryptography and Network Security Third Edition by William Stallings Lecturer: Dr. Saleem Al_Zoubi.

1 Cryptography and Network Security Third Edition by William Stallings Lecturer: Dr. Saleem Al_Zoubi.
Client/Server Computing Model of computing in which very powerful personal computers (clients) are connected in a network with one or more server computers.

Client/Server Computing Model of computing in which very powerful personal computers (clients) are connected in a network with one or more server computers.
Lecture III : Communication Security, Services & Mechanisms Internet Security: Principles & Practices John K. Zao, PhD SMIEEE National Chiao-Tung University.

Lecture III : Communication Security, Services & Mechanisms Internet Security: Principles & Practices John K. Zao, PhD SMIEEE National Chiao-Tung University.
1 An Overview of Computer Security computer security.

1 An Overview of Computer Security computer security.
8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.

8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.
8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.

8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.
8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.

8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.
Saad Haj Bakry, PhD, CEng, FIEE 1 Understanding Network Security: the ISO Principles Saad Haj Bakry, PhD, CEng, FIEE P RESENTATIONS IN N ETWORK S ECURITY.

Saad Haj Bakry, PhD, CEng, FIEE 1 Understanding Network Security: the ISO Principles Saad Haj Bakry, PhD, CEng, FIEE P RESENTATIONS IN N ETWORK S ECURITY.
Stephen S. Yau CSE465 & CSE591, Fall 2006 1 Information Assurance (IA) & Security Overview Concepts Security principles & strategies Techniques Guidelines,

Stephen S. Yau CSE465 & CSE591, Fall Information Assurance (IA) & Security Overview Concepts Security principles & strategies Techniques Guidelines,
Applied Cryptography for Network Security

Applied Cryptography for Network Security

Similar presentations

Ads by Google