1. Principles of Information System Security: Text and Cases Gurpreet Dhillon PowerPoint Prepared by Youlong Zhuang University of Missouri-Columbia

2. Principles of Information System Security: Text and Cases Chapter Two Security of Technical Systems in Organizations: An Introduction

3. Copyright 2006 John Wiley & Sons, Inc.2-3 Learning Objectives Understand the core information system security requirements of an organization Define types of vulnerabilities Describe the three principles of security Identify the three principles of easiest penetration, timeliness, and effectiveness

4. Copyright 2006 John Wiley & Sons, Inc.2-4 Principle of Easiest Penetration A string is only as strong as its weakest link. Weakest points Doors and windows of a house What is the vulnerability of your information system? “Perpetrators don’t have the values assumed by the technologists. They generally stick to the easiest, safest, simplest means to accomplishing their objectives.” [Donn Parker] Consider a range of possible security breaches– strengthening one might make another more attractive to a perpetrator

5. Copyright 2006 John Wiley & Sons, Inc.2-5 Vulnerabilities At a technical level, What should we protect? Hardware Software Date

6. Copyright 2006 John Wiley & Sons, Inc.2-6 Vulnerabilities (cont’d) What threats are there? Modification Destruction Disclosure Interception Interruption fabrication

7. Copyright 2006 John Wiley & Sons, Inc.2-7 Vulnerabilities (cont’d) Modification Data is altered without authorization Someone may change the value directly Altered software may perform additional computations Changed hardware may modify data Data can be modified in store or in transmission

8. Copyright 2006 John Wiley & Sons, Inc.2-8 Vulnerabilities (cont’d) Destruction Hardware, software, or data is destroyed Hardware may be destroyed by the environment Software may be destroyed by malicious intent Data may be destroyed by deletion, or failure of hardware/software

9. Copyright 2006 John Wiley & Sons, Inc.2-9 Vulnerabilities (cont’d) Disclosure Mostly about data Make data available without due consent Data is stolen but owner still has it Impact on security and privacy Intentional or unintended Can be managed by instituting proper program and software controls

10. Copyright 2006 John Wiley & Sons, Inc.2-10 Vulnerabilities (cont’d) Interception Unauthorized access to computer resources Copying of programs, data, or other confidential information An interceptor may use computing resources at one location to access assets elsewhere

11. Copyright 2006 John Wiley & Sons, Inc.2-11 Vulnerabilities (cont’d) Interruption Systems unavailable for legitimate use Damaged hardware Malfunctioned operating system Congested network Denial of service

12. Copyright 2006 John Wiley & Sons, Inc.2-12 Vulnerabilities (cont’d) Fabrication Spurious transactions are inserted into a network or records added to an existing database Counterfeited objects placed by unauthorized parties May be difficult to distinguish between genuine and forged one Phishing

13. Copyright 2006 John Wiley & Sons, Inc.2-13 A Summary of Vulnerabilities (Table 2.1) Computing resource Type of Vulnerabilities HardwareDestruction; Interception; Interruption SoftwareModification; Interception; Interruption DataDestruction; Interception; Interruption; Fabrication; Modification; Disclosure

14. Copyright 2006 John Wiley & Sons, Inc.2-14 Hardware Vulnerability Destruction, interception, interruption Lock and key and common sense may help in preventing loss or destruction of hardware Natural disaster or terrorist attacks are possible Even theft and replication of hardware can lead to serious security concerns

15. Copyright 2006 John Wiley & Sons, Inc.2-15 Software Vulnerability Modification, interception, interruption Logic bombs Trojan horse Virus Trapdoor More people are involved in the software protection than in the hardware protection

16. Copyright 2006 John Wiley & Sons, Inc.2-16 Data Vulnerability Have the broadest impact The cost of data lost Recover or reconstruct Lost competitiveness Difficult to measure Time sensitive Confidentiality, integrity, and availability of data – context dependent

17. Copyright 2006 John Wiley & Sons, Inc.2-17 Confidentiality Protection of private data, either as it resides in the computer systems or during transmission Means to protect confidentiality Access control Lock and key password Encryption Confidentiality of data has been compromised where inference can be drawn without disclosure Need to know principle may work well in military environment, but in business, the need to withhold principles is more appropriate

18. Copyright 2006 John Wiley & Sons, Inc.2-18 Confidentiality Attribute and Protection of Data and Software (Table 2.2) DataSoftware ConfidentialityA set of rules to determine if a subject has access to an object Limited access to code Kinds of controls Labels, encryption, discretionary and mandatory access control, reuse prevention Copyright, patents, labels, physical access control locks Possible losses Disclosure, inference, espionagePiracy, trade secret loss, espionage

19. Copyright 2006 John Wiley & Sons, Inc.2-19 Integrity An unimpaired condition, a state of completeness and wholeness and adherence to a code of values A simpler definition, data and programs are changed only in a specified and authorized manner All data is presented and accounted for, irrespective of it being accurate or correct Plays a greater role at a system and user policy levels of abstraction than at the data level Part of authenticity in Clark-Wilson Model (Chapter 3)

20. Copyright 2006 John Wiley & Sons, Inc.2-20 Integrity (cont’d) Prevention mechanisms Blocking unauthorized attempts to change the data or change the data in an unauthorized manner Someone breaks into the sales system and tries to change the data is an example of an unauthorized attempts to change the data A sales personnel attempt to post transactions so as to earn bonuses is an example of change the data in an unauthorized manner

21. Copyright 2006 John Wiley & Sons, Inc.2-21 Integrity (cont’d) Detection mechanisms Reporting violations of integrity, but not stopping violations from taking place Confidentiality vs. integrity Data been compromised Trustworthiness and correctness of data

22. Copyright 2006 John Wiley & Sons, Inc.2-22 Integrity Attribute and Protection of Data and Software, Table 2.3 DataSoftware IntegrityUnimpaired, complete, whole, correct Unimpaired, everything present and in an ordered manner Kinds of controls Hash totals, check bits, sequence number checks, missing data checks Hash totals, pedigree checks, escrow, vendor assurance sequencing Possible losses Larceny, fraud, concatenationTheft, fraud, concatenation

23. Copyright 2006 John Wiley & Sons, Inc.2-23 Availability Data and service are accessible when and where needed by legitimate users Relate to aspects of reliability Denial of service is perhaps the best known example System designs are based on pattern of use Availability attacks are most difficult to detect Identifying a certain atypical event

24. Copyright 2006 John Wiley & Sons, Inc.2-24 Availability Attribute and Protection of Data and Software, Table 2.4 DataSoftware AvailabilityPresent and accessible when and where needed Usable and accessible when and where needed Kinds of controls Redundancy, back up, recovery plan, statistical pattern recognition Escrow, redundancy, back up, recovery plan Possible losses Denial of service, failure to provide, sabotage, larceny Larceny, failure to act, interference

25. Copyright 2006 John Wiley & Sons, Inc.2-25 Authentication Assures that the message is from a source it claims to be from A third party cannot masquerade as one of the two parties Extrinsic correct and valid Timeliness is an important attribute Able to trace to its original

26. Copyright 2006 John Wiley & Sons, Inc.2-26 Authentication Attribute and Protection of Data and Software, Table 2.5 DataSoftware Authentication Genuine. Accepted as conforming to a fact Genuine. Unquestioned origin Kinds of controls Audit log, verification validation Vendor assurances, pedigree documentation. Hash totals, maintenance log. Serial checks Possible losses Replacement, false data entry, failure to act, repudiation, deception, misrepresentation Piracy, misrepresentation, replacement, fraud

27. Copyright 2006 John Wiley & Sons, Inc.2-27 Non repudiation Non repudiation is to prevent an individual or entity from denying having performed a particular action Business and society increase reliance on electronic communications and maintaining legality of electronic documents Digital signature is one such approach More details in subsequent chapters

28. Copyright 2006 John Wiley & Sons, Inc.2-28 Non Repudiation Attribute and Protection of Data and Software (Table 2.6) DataSoftware Non repudiation Genuine, true and authentic communication Genuine. True Kinds of controls Authentication, validation checks Integrity controls, non modification controls Possible losses Monetary, loss of identity, disclosure of private information Vulnerability of software code, fraud, misconstrued software

29. Copyright 2006 John Wiley & Sons, Inc.2-29 Methods of Defense Encryption Change data to unintelligible form If used successfully Reduce the chances of interception or modification If used improperly Performance may be compromised

30. Copyright 2006 John Wiley & Sons, Inc.2-30 Methods of Defense (cont’d) Encryption Only party in control can decrypt a message analogous to managing access keys to your house Security of encrypted data is as good as the protection of the keys and the machines

31. Copyright 2006 John Wiley & Sons, Inc.2-31 Methods of Defense (cont’d) Software controls Software development controls Conformance to standards and methodologies Good testing, coding, and maintenance Operating system controls Protecting individual user Establishing extensive checklists

32. Copyright 2006 John Wiley & Sons, Inc.2-32 Methods of Defense (cont’d) Software controls Program controls Internal to the software Access limitations Above controls can be instituted at an input, processing, and output levels Balance between ease of use and level of security controls

33. Copyright 2006 John Wiley & Sons, Inc.2-33 Methods of Defense (cont’d) Physical and hardware controls Locks and doors, guards at entry, and the general physical site planning Smart card applications and circuit boards controlling access to disk drives

34. Copyright 2006 John Wiley & Sons, Inc.2-34 Three Principles The principle of easiest penetration Foundation for security Identifying and managing the weakest links in the security chain The principle of timeliness Delay in cracking a system Protecting data long enough The principle of effectiveness Balance between controls Controls should not be a hindrance to the business

35. Copyright 2006 John Wiley & Sons, Inc.2-35 Copyright 2006 John Wiley & Sons, Inc. All rights reserved. Reproduction or translation of this work beyond that permitted in section 117 of the 1976 United States Copyright Act without express permission of the copyright owner is unlawful. Request for further information should be addressed to the Permission Department, John Wiley & Sons, Inc. The purchaser may make back-up copies for his/her own use only and not for distribution or resale. The Publisher assumes no responsibility for errors, omissions, or damages caused by the use of these programs or from the use of the information herein.