1. T.A 2013/2014

2. Wake Up Call! Malware hijacks your email, sends death threats. Found in Japan (Oct 2012) Standford University Recent Network Hack May Cost Them Millions. – Its network had been hacked for the 2 nd time in three months. (August 2013) Three Georgia Tech Hackers have disclosed how to hack iPhones and iPad with malwer in under sixty seconds using a “malicious charger”. (August 2013).

3. “If you know your enemy and know your self, you need not fear the result of a hundred battles” (art of war by Sun Tzu)

4. Why Computer Security? If your personnel do not know or understand how to maintain confidentiality of information, or how to secure it appropriately, not only do you risk having one of your most valuable business assets (information) mishandled, inappropriately used, or obtained by unauthorized persons, but you also risk being in non-compliance of a growing number of laws and regulations that require certain types of information security and privacy awareness and training activities. You also risk damaging another valuable asset, corporate reputation. ( Rebecca Herold, "Managing an Information Security and Privacy Awareness and Training Program" 2005)

5. Definition NIST Computer security handbook : Computer security : the protection afforded to an automated information system in order to attain the application of preserving the integrity, availability, and confidentiality of incoming system resources (includes hardware, software, firmware, information/data, and telecommunications)

6. Key Security Concepts Secure System

7. Aspect of Computer Security Confidentiality – The protection of data from unauthorized disclosure. Availability – protects a system to ensure its availability Integrity – The assurance that data received are exactly as sent by an authorized entity (i.e., contain no modification, insertion, deletion, or replay).

8. Aspect of Computer Security Authentication – The assurance that the communicating entity is the one that it claims to be Access control – The prevention of unauthorized use of a resource Non-repudiatio n – Provides protection against denial by one of the entities involved in a communication of having participated in all or part of the communication.

9. The Scope of Computer Security

10. Computer Security Challenges 1.not simple 2.must consider potential attacks (on mechanisms) 3.procedures used counter-intuitive 4.involve algorithms and secret info 5.must decide where to deploy mechanisms 6.battle of wits between attacker / admin 7.not perceived (appreciated) on benefit until fails 8.requires regular monitoring 9.too often an after-thought 10.regarded as impediment to using system

11. The Threat Interruption Interception Modification Fabrication

12. The Damage

13. Implementation of Security Technology

14. Security Taxonomy

15. The Strategy Policy : what is the security scheme supposed to do? – Value from protected asset – System Vulnerability – Potential treat Implementation : How does it to do? – Preventing – Detection – Responding – Recovery Assurance and evaluation : Does it really work?

16. Summary security concepts Terminology The threat The damage security taxonomy security strategy