Presentation is loading. Please wait.

Presentation is loading. Please wait.

What does secure mean? You have been assigned a task of finding a cloud provider who can provide a secure environment for the launch of a new web application.

Published byArron Lang Modified over 9 years ago

Similar presentations

Presentation on theme: "What does secure mean? You have been assigned a task of finding a cloud provider who can provide a secure environment for the launch of a new web application."— Presentation transcript:

1 What does secure mean? You have been assigned a task of finding a cloud provider who can provide a secure environment for the launch of a new web application. What does secure imply?

2 What is a vulnerability? What is a threat? What is a control? Vulnerabilities, Threats & Controls

3 A vulnerability is a weakness in a system ◦ Allows a threat to cause harm. A threat is a potential negative harmful occurrence ◦ Earthquake, worm, virus, hackers. A control/Safeguard is a protective measure ◦ Reduce risk to protect an asset.

4 Vulnerabilities, Threats & Controls Vulnerability = a weakness in a system ◦ Allows a threat to cause harm Threat = a potential negative harmful occurrence ◦ Earthquake, worm, virus, hackers. Control/Safeguard = a protective measure ◦ Reduce risk to protect an asset.

5 Figure 1-1 Threats, Controls, and Vulnerabilities.

6 Goals of Security What are the 3 goals of security?

7 CIA Triad 7 Confidentiality Integrity Availability Information Security Note: From “Information Security Illuminated”(p.3), by Solomon and Chapple, 2005, Sudbury, MA: Jones and Bartlett. Information kept must be available only to authorized individuals Unauthorized changes must be prevented Authorized users must have access to their information for legitimate purposes

8 Threats 10/15/20158 Confidentiality Integrity Availability Information Security Note: From “Information Security Illuminated”(p.5), by Solomon and Chapple, 2005, Sudbury, MA: Jones and Bartlett. Disclosure Alteration Denial Live Chat 4

9 Goals of Security What are the 3 goals of security?

10 Figure 1-3 Relationship Between Confidentiality, Integrity, and Availability. Confidentiality Availability Integrity Secure

11 CIA Triad

12 Threats What types of threats were discussed by the book? ◦ Hint: defined by their impact.

13 Threats Interception: gained access to an asset.  Wireless network, hacked system, etc.  Impacts confidentiality. Interruption ◦ Unavailability, reduced availability. Modification ◦ Tamper with data, impacts integrity. Fabrication ◦ Spurious transactions, impacts integrity.

14 Figure 1-2 System Security Threats.

15 Figure 1-4 Vulnerabilities of Computing Systems.

16 Figure 1-5 Security of Data.

17 Attacker Needs What 3 things must an attacker have?

18 An Attacker Must Have: Method: skills, knowledge, tools. ◦ Capability to conduct an attack Opportunity: time and access to accomplish attack Motive: a reason to want to attack

19 Software Vulnerabilities Define some different types. ◦ There are many to chose from….

20 Software Vulnerabilities Logic Bomb: employee modification. Trojan Horse: Overtly does one thing and another covertly. Virus: malware which requires a carrier Trapdoor: secret entry points. Information Leak: makes information accessible to unauthorized people. Worm: malware that self-propagates.

21 Criminals Define different types of computer criminals and their motive or motives?

22 Computer Criminals Script Kiddies: Amateurs Crackers/Malicious Hackers: Black Hats Career Criminals: botnets, bank thefts. Terrorists: local and remote. Hacktivists: politically motivated Insiders: employees Phishers/Spear Phishers

23 Motives Financial gain: make money. Competitive advantage: steal information. Curiosity: test skills. Political: achieve a political goal. Cause Harm/damage: reputation or financial Vendetta/Disgruntled: fired employees.

24 Risk What are the different ways a company can deal with risk?

25 How to deal with Risk Accept it: cheaper to leave it unprotected. Mitigate it: lowering the risk to an acceptable level e.g. (laptop encryption). Transfer it: insurance model. Avoid it: sometimes it is better not to do something that creates a great risk. Book lists alternatives.

26 Controls Encryption: confidentiality, integrity ◦ VPN, SSH, Hashes, data at rest, laptops. Software: operating system, development. Hardware: Firewall, locks, IDS, 2-factor. Policies and Procedures: password changes Physical: gates, guards, site planning.

27 Types of Controls Preventive: prevent actions. Detective: notice & alert. Corrective: correcting a damaged system. Recovery: restore functionality after incident. Deterrent: deter users from performing actions. Compensating: compensate for weakness in another control.

28 Figure 1-6 Multiple Controls.

29 Principles Easiest Penetration: attackers use any means available to attack. Adequate Protection: protect computers/data until they lose their value. Effectiveness: controls must be used properly to be effective. Efficiency key. Weakest Link: only as strong as weakest link.

Download ppt "What does secure mean? You have been assigned a task of finding a cloud provider who can provide a secure environment for the launch of a new web application."

Similar presentations

4 Information Security.

4 Information Security.
OSG Computer Security Plans Irwin Gaines and Don Petravick 17-May-2006.

OSG Computer Security Plans Irwin Gaines and Don Petravick 17-May-2006.
Information System protection and Security. Need for Information System Security §With the invent of computers and telecommunication systems, organizations.

Information System protection and Security. Need for Information System Security §With the invent of computers and telecommunication systems, organizations.
K. Salah1 Introduction to Security Overview of Computer Security.

K. Salah1 Introduction to Security Overview of Computer Security.
Introduction to Security in Computing 01204427 Computer and Network Security Semester 1, 2011 Lecture #01.

Introduction to Security in Computing Computer and Network Security Semester 1, 2011 Lecture #01.
Is There a Security Problem in Computing? Network Security / G. Steffen1.

Is There a Security Problem in Computing? Network Security / G. Steffen1.
Chapter 4 McGraw-Hill/Irwin Copyright © 2011 by The McGraw-Hill Companies, Inc. All rights reserved. Ethics and Information Security.

Chapter 4 McGraw-Hill/Irwin Copyright © 2011 by The McGraw-Hill Companies, Inc. All rights reserved. Ethics and Information Security.
Lecture 1: Overview modified from slides of Lawrie Brown.

Lecture 1: Overview modified from slides of Lawrie Brown.
EEC 693/793 Special Topics in Electrical Engineering Secure and Dependable Computing Lecture 3 Wenbing Zhao Department of Electrical and Computer Engineering.

EEC 693/793 Special Topics in Electrical Engineering Secure and Dependable Computing Lecture 3 Wenbing Zhao Department of Electrical and Computer Engineering.
EEC 688/788 Secure and Dependable Computing Lecture 2 Wenbing Zhao Department of Electrical and Computer Engineering Cleveland State University

EEC 688/788 Secure and Dependable Computing Lecture 2 Wenbing Zhao Department of Electrical and Computer Engineering Cleveland State University
Security+ Guide to Network Security Fundamentals

Security+ Guide to Network Security Fundamentals
CST 481/598 Many thanks to Jeni Li.  Potential negative impact to an asset  Probability of a loss  A function of three variables  The probability.

CST 481/598 Many thanks to Jeni Li.  Potential negative impact to an asset  Probability of a loss  A function of three variables  The probability.
Note1 (Intr1) Security Problems in Computing. Overview of Computer Security2 Outline Characteristics of computer intrusions –Terminology, Types Security.

Note1 (Intr1) Security Problems in Computing. Overview of Computer Security2 Outline Characteristics of computer intrusions –Terminology, Types Security.
1 An Overview of Computer Security computer security.

1 An Overview of Computer Security computer security.
Introducing Computer and Network Security

Introducing Computer and Network Security
8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.

8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.
FIT3105 Security and Identity Management Lecture 1.

FIT3105 Security and Identity Management Lecture 1.
EEC 688/788 Secure and Dependable Computing Lecture 2 Wenbing Zhao Department of Electrical and Computer Engineering Cleveland State University

EEC 688/788 Secure and Dependable Computing Lecture 2 Wenbing Zhao Department of Electrical and Computer Engineering Cleveland State University
Copyright © 2002 Pearson Education, Inc. Slide 5-1 PERTEMUAN 8.

Copyright © 2002 Pearson Education, Inc. Slide 5-1 PERTEMUAN 8.
EEC 693/793 Special Topics in Electrical Engineering Secure and Dependable Computing Lecture 3 Wenbing Zhao Department of Electrical and Computer Engineering.

EEC 693/793 Special Topics in Electrical Engineering Secure and Dependable Computing Lecture 3 Wenbing Zhao Department of Electrical and Computer Engineering.

Similar presentations

Ads by Google