Presentation is loading. Please wait.

Presentation is loading. Please wait.

Stephen S. Yau CSE465 & CSE591, Fall 2006 1 Information Assurance (IA) & Security Overview Concepts Security principles & strategies Techniques Guidelines,

Published by Modified over 8 years ago

Similar presentations

Presentation on theme: "Stephen S. Yau CSE465 & CSE591, Fall 2006 1 Information Assurance (IA) & Security Overview Concepts Security principles & strategies Techniques Guidelines,"— Presentation transcript:

1 Stephen S. Yau CSE465 & CSE591, Fall 2006 1 Information Assurance (IA) & Security Overview Concepts Security principles & strategies Techniques Guidelines, policies & laws

2 Stephen S. Yau CSE465 & CSE591, Fall 2006 2 Basic Concepts of Information Assurance & Security

3 Stephen S. Yau CSE465 & CSE591, Fall 2006 3 Information Forms and States Information Forms –Thoughts and speech –Hard copy –Softcopy –Personal knowledge –Technical skills –Corporate knowledge –Formal and informal meetings –Telephone conversations –Video teleconferences Information States Transmitted, processed, stored

4 Stephen S. Yau CSE465 & CSE591, Fall 2006 4 Threats and Vulnerabilities A threat is a potential occurrence that can have an undesirable effect on the system assets or resources [t1- ch1.2, t2- ch1.2] A vulnerability is a weakness that makes a threat to possibly occur [t1-ch20.1, t2- ch23.1]

5 Stephen S. Yau CSE465 & CSE591, Fall 2006 5 Four Categories of Threats Disclosure: Unauthorized access to information –Snooping Deception: Acceptance of false data –Alteration –Spoofing –Denial of receipt Disruption: Interruption or prevention of correct operations –Alteration Usurpation: Unauthorized control of part of a system –Alteration –Spoofing –Delay –Denial of Service, DDoS t1-ch1.2, t2-ch1.2

6 Stephen S. Yau CSE465 & CSE591, Fall 2006 6 Necessary Protection In order to secure information, some or all of the following protections of a system are needed –Protect working area from outside intrusion or theft –Store key equipment in secure room, and make sure it works properly –Review programs carefully for potential malicious logic –Keep track of all sensitive files, documents, conference record, experiment results, which may be on printed papers. stored in magnetic storage media, CDs or DVDs. Protect them from unauthorized access. Backup this information periodically in case of system failure –Encrypt sensitive information when storage or transmission. –Choose good passwords and change them periodically –Report abnormal actions immediately

7 Stephen S. Yau CSE465 & CSE591, Fall 2006 7 Information Assurance (IA) is information operations (IO) that protect and defend information and information systems by ensuring their Information Assurance (IA) is information operations (IO) that protect and defend information and information systems by ensuring their availability, integrity, authentication, confidentiality and nonrepudiation. DoD Definition of Information Assurance

8 Stephen S. Yau CSE465 & CSE591, Fall 2006 8 Information Characteristics Availability: Timely and reliable access to data and information services for authorized user. Integrity: Protection against unauthorized modification or destruction of information Authentication: Security measure designed to establish validity of transmission, message, or originator, or means of verifying an individual’s authorization to receive specific categories of information t1-ch1.1, t2-ch1.1

9 Stephen S. Yau CSE465 & CSE591, Fall 2006 9 Information Characteristics (cont.) Confidentiality: Assurance that information is not disclosed to unauthorized persons, processes, or devices. Nonrepudiation: Assurance that sender of data is provided with proof of delivery to recipient, and recipient is provided with proof of sender’s identification. Privacy: Ability and/or right to protect certain personal data; extends ability and/or right to prevent invasion of personal information or space. Extends to families, but not to legal persons, such as corporations, organizations, schools

10 Stephen S. Yau CSE465 & CSE591, Fall 2006 10 Information Characteristics (cont.) Secrecy: Refers to effect of mechanisms used to limit number of principals who can access information, such as cryptography or computer access control Denial of Service: Mechanisms which prevent legitimate user from using the system.

11 Stephen S. Yau CSE465 & CSE591, Fall 2006 11 Information System Information system consisting of  Computer systems and networks  Information  Operating environments

12 Stephen S. Yau CSE465 & CSE591, Fall 2006 12 INFOSEC INFOSEC: Information Systems Security –Protection of information systems against unauthorized access to or modification of information, whether in storage, processing or transit, and against denial of service to authorized users or provision of service to unauthorized users, including those measures necessary to detect, document, and counter such threats.

13 Stephen S. Yau CSE465 & CSE591, Fall 2006 13 OPSEC OPSEC: Operations Security –A process that determines what information adversaries can obtain or piece together from observation and to provide measures for reducing such vulnerabilities to acceptable levels

14 Stephen S. Yau CSE465 & CSE591, Fall 2006 14 Other Important Terms Orange Book: –The DoD Trusted Computer System Evaluation Criteria (DoD 5200.28-STD) [ –The DoD Trusted Computer System Evaluation Criteria (DoD 5200.28-STD) [t1-ch18.2, t2-ch21.2]Indicators: –Data derived from open sources or from detectable actions that the threat can piece together or interpret to reach conclusions or official estimates concerning friendly intentions, capabilities, or activities. –Data derived from open sources or from detectable actions that the threat can piece together or interpret to reach conclusions or official estimates concerning friendly intentions, capabilities, or activities. Profile indicator Deviation indicator Tip-off indicator

15 Stephen S. Yau CSE465 & CSE591, Fall 2006 15 Challenges for IA Development of computer and network systems, and information technology expend the need of information to be protected and defended Information becomes most important resource of an organization World is more connected with Internet Information warfare, espionage more common and threatening

Download ppt "Stephen S. Yau CSE465 & CSE591, Fall 2006 1 Information Assurance (IA) & Security Overview Concepts Security principles & strategies Techniques Guidelines,"

Similar presentations

Security by Design A Prequel for COMPSCI 702. Perspective “Any fool can know. The point is to understand.” - Albert Einstein “Sometimes it's not enough.

Security by Design A Prequel for COMPSCI 702. Perspective “Any fool can know. The point is to understand.” - Albert Einstein “Sometimes it's not enough.
Cryptography and Network Security 2 nd Edition by William Stallings Note: Lecture slides by Lawrie Brown and Henric Johnson, Modified by Andrew Yang.

Cryptography and Network Security 2 nd Edition by William Stallings Note: Lecture slides by Lawrie Brown and Henric Johnson, Modified by Andrew Yang.
Chap 1: Overview Concepts of CIA: confidentiality, integrity, and availability Confidentiality: concealment of information –The need arises from sensitive.

Chap 1: Overview Concepts of CIA: confidentiality, integrity, and availability Confidentiality: concealment of information –The need arises from sensitive.
Lecture 1: Overview modified from slides of Lawrie Brown.

Lecture 1: Overview modified from slides of Lawrie Brown.
Coping with Electronic Records Setting Standards for Private Sector E-records Retention.

Coping with Electronic Records Setting Standards for Private Sector E-records Retention.
IT 221: Introduction to Information Security Principles Lecture 1: Introduction to IT Security For Educational Purposes Only Revised: August 28, 2002.

IT 221: Introduction to Information Security Principles Lecture 1: Introduction to IT Security For Educational Purposes Only Revised: August 28, 2002.
1 Cryptography and Network Security Third Edition by William Stallings Lecturer: Dr. Saleem Al_Zoubi.

1 Cryptography and Network Security Third Edition by William Stallings Lecturer: Dr. Saleem Al_Zoubi.
1 An Overview of Computer Security computer security.

1 An Overview of Computer Security computer security.
Chapter 1: Introduction Components of computer security Threats Policies and mechanisms The role of trust Assurance Operational Issues Human Issues Computer.

Chapter 1: Introduction Components of computer security Threats Policies and mechanisms The role of trust Assurance Operational Issues Human Issues Computer.
Applied Cryptography for Network Security

Applied Cryptography for Network Security
Lesson 1-What Is Information Security?. Overview History of security. Security as a process.

Lesson 1-What Is Information Security?. Overview History of security. Security as a process.
Introduction (Pendahuluan)  Information Security.

Introduction (Pendahuluan)  Information Security.
Security Overview. 2 Objectives Understand network security Understand security threat trends and their ramifications Understand the goals of network.

Security Overview. 2 Objectives Understand network security Understand security threat trends and their ramifications Understand the goals of network.
Information Assurance and Security: Overview. Information Assurance “Measures that protect and defend information and information systems by ensuring.

Information Assurance and Security: Overview. Information Assurance “Measures that protect and defend information and information systems by ensuring.
Presented by Manager, MIS.  GRIDCo’s intentions for publishing an Acceptable Use Policy are not to impose restrictions that are contrary to GRIDCo’s.

Presented by Manager, MIS.  GRIDCo’s intentions for publishing an Acceptable Use Policy are not to impose restrictions that are contrary to GRIDCo’s.
Information Security Technological Security Implementation and Privacy Protection.

Information Security Technological Security Implementation and Privacy Protection.
SEC835 Database and Web application security Information Security Architecture.

SEC835 Database and Web application security Information Security Architecture.
Lecture slides prepared for “Computer Security: Principles and Practice”, 2/e, by William Stallings and Lawrie Brown, Chapter 1 “Overview”.

Lecture slides prepared for “Computer Security: Principles and Practice”, 2/e, by William Stallings and Lawrie Brown, Chapter 1 “Overview”.
N ational I NFOSEC E ducation and T raining P rogram Educational Solutions for a Safer World http//www.nsa.gov:8080/isso/programs/nietp/index.htm.

N ational I NFOSEC E ducation and T raining P rogram Educational Solutions for a Safer World http//
Cryptography and Network Security

Cryptography and Network Security

Similar presentations

Ads by Google