We think you have liked this presentation. If you wish to download it, please recommend it to your friends in any social system. Share buttons are a little bit lower. Thank you!
Presentation is loading. Please wait.
Published byMelanie Cunningham
Modified about 1 year ago
September 10, 2012Introduction to Computer Security ©2004 Matt Bishop Slide #1-1 Chapter 1: Introduction Components of computer security Threats Policies and mechanisms The role of trust Assurance Operational Issues Human Issues
September 10, 2012Introduction to Computer Security ©2004 Matt Bishop Slide #1-2 Basic Components Confidentiality –Keeping data and resources hidden Integrity –Data integrity (integrity) –Origin integrity (authentication) Availability –Enabling access to data and resources
September 10, 2012Introduction to Computer Security ©2004 Matt Bishop Slide #1-3 Classes of Threats Disclosure –Snooping Deception –Modification, spoofing, repudiation of origin, denial of receipt Disruption –Modification Usurpation –Modification, spoofing, delay, denial of service
September 10, 2012Introduction to Computer Security ©2004 Matt Bishop Slide #1-4 Policies and Mechanisms Policy says what is, and is not, allowed –This defines “security” for the site/system/etc. Mechanisms enforce policies Composition of policies –If policies conflict, discrepancies may create security vulnerabilities
September 10, 2012Introduction to Computer Security ©2004 Matt Bishop Slide #1-5 Goals of Security Prevention –Prevent attackers from violating security policy Detection –Detect attackers’ violation of security policy Recovery –Stop attack, assess and repair damage –Continue to function correctly even if attack succeeds
September 10, 2012Introduction to Computer Security ©2004 Matt Bishop Slide #1-6 Trust and Assumptions Underlie all aspects of security Policies –Unambiguously partition system states –Correctly capture security requirements Mechanisms –Assumed to enforce policy –Support mechanisms work correctly
September 10, 2012Introduction to Computer Security ©2004 Matt Bishop Slide #1-7 Types of Mechanisms secure precise broad set of reachable statesset of secure states
September 10, 2012Introduction to Computer Security ©2004 Matt Bishop Slide #1-8 Assurance Specification –Requirements analysis –Statement of desired functionality Design –How system will meet specification Implementation –Programs/systems that carry out design
September 10, 2012Introduction to Computer Security ©2004 Matt Bishop Slide #1-9 Operational Issues Cost-Benefit Analysis –Is it cheaper to prevent or recover? Risk Analysis –Should we protect something? –How much should we protect this thing? Laws and Customs –Are desired security measures illegal? –Will people do them?
September 10, 2012Introduction to Computer Security ©2004 Matt Bishop Slide #1-10 Human Issues Organizational Problems –Power and responsibility –Financial benefits People problems –Outsiders and insiders –Social engineering
September 10, 2012Introduction to Computer Security ©2004 Matt Bishop Slide #1-11 Tying Together Threats Policy Specification Design Implementation Operation
September 10, 2012Introduction to Computer Security ©2004 Matt Bishop Slide #1-12 Key Points Policy defines security, and mechanisms enforce security –Confidentiality –Integrity –Availability Trust and knowing assumptions Importance of assurance The human factor
An Overview of Computer and Network Security Nick Feamster CS 6262 Spring 2009.
Introduction to Network Security INFSCI 1075: Network Security Amir Masoumzadeh.
Course Overview and Introduction Nick Feamster CS 6262: Network Security Spring 2009.
Welcome Cyber Defense Bootcamp for High School Teacher Cyber Defense Lab (ISAT/CS Room 140) Department of Computer Science James Madison University Summer,
Report on the Workshop on GENI and Security or, What Happens When the GENI Leaves the Bottle? Matt Bishop Department of Computer Science University of.
Nick Coblentz OWASP CLASP Overview.
VA Course © AZ 2004 upd LM /11/2007 Introduction to security.
March 2011 Created by: Margie Harvey & Dorraine Teitsch.
Towards Application Security Design | Process | Organization –Software Development Process –Security Design Process & Artifacts –Security Team composition.
© Crown Copyright (2000) Module 1 Evaluation Overview.
Network Security Chapter 1 - Introduction. Chapter 1 – Introduction The art of war teaches us to rely not on the likelihood of the enemy's not coming,
Security Threats and Protection Mechanisms. Learning Objectives Internet security issues (intellectual property rights, client, communication channels,
The Datacentric Grid and the Public/Private Boundary David Skillicorn School of Computing Queens University, Kingston
DNS Security and Stability Analysis Working Group (DSSA) DSSA Update Prague – June, 2012.
Computer Systems & Architecture Lesson 2 4. Achieving Qualities.
Maintenance Planning and Control : Modeling and Analysis w Slides on chapter 1.
Copyright © 2005 SOA Software, Inc. All Rights Reserved. Specifications Subject to Change Without Notice. Overcoming the SOA Network Fallacy Roberto Medrano.
Nishidh, CISSP. To comply with Sarbanes oxley and other legislations To comply with industry standards and business partner requirements To protect.
1 Monitoring Compliance with HIPAA Privacy HIPAA Summit VII Session /15/03 Patricia Johnston, CHP, FHIMSS Texas Health Resources
Prepared for Cerner Illuminations Session 4.07 – Accountability for Use or Disclosure of a Patients Electronic Record Requirements for a Security and Privacy.
IGF Hyderabad 2008 Dimensions of Cyber Security & Cyber Crime Michael Lewis, Carnegie Mellon University & Deputy Director, Q-CERT.
How Do You Create a Successful Information Security Program? Hire a GREAT ISO!! Tammy L. Clark, CISSP, CISM, CISA Information Security Officer Georgia.
FINANCIAL & BUSINESS SERVICES Welcome & Thank you for Attending Financial and Business Services Internal Controls Workshop.
Security Threat Analysis CS3517 Distributed Systems and Security Lecture 17.
Learning Objectives 6.1 Explain the importance of mission, vision, and value statement and how they set the foundation for the planning process. 6.2 Describe.
Presented by. © 2012 ISACA. All rights reserved. No part of this publication may be used, copied, reproduced, modified, distributed, displayed, stored.
1 Designing a future Internet: Architecture and requirements David Clark MIT CSAIL August 2008.
Incident Response Incident Response Process Forensics.
2010 HPRCT Presentation – Optimized Human Error Evaluation June 22 nd, 2010 Presenter: Terry J. Herrmann, P.E. Associate, Structural Integrity Associates.
Trust in E-Commerce Topic 9. Introduction Trust & Risk Strategic Thrusts Framework of Trust Questions Conclusion Related Web Sites.
© 2016 SlidePlayer.com Inc. All rights reserved.