Presentation is loading. Please wait.

Presentation is loading. Please wait.

Overview of Key Security Concepts and Vocabulary This Document was Funded by the National Science Foundation Federal Cyber Service Scholarship For Service.

Published byMary Knight Modified over 8 years ago

Similar presentations

Presentation on theme: "Overview of Key Security Concepts and Vocabulary This Document was Funded by the National Science Foundation Federal Cyber Service Scholarship For Service."— Presentation transcript:

1 Overview of Key Security Concepts and Vocabulary This Document was Funded by the National Science Foundation Federal Cyber Service Scholarship For Service Program: Grant No. 0113627 Distributed October 2002 Embry-Riddle Aeronautical University Prescott, Arizona USA Overview of Key Concepts & Vocabulary. ©2002, Matt Jaffe, Jan G. Hogle, Susan Gerhart. http://nsfsecurity.pr.erau.edu

2 Some Underlying Vocabulary and Integrating Concepts access  To have access is to be able to do something  Authorization  Authorization means that you’re supposed to have access policy  A security policy describes who is authorized which type(s) of access to what  Mechanisms  Mechanisms are the physical, electronic, and procedural means of enforcing a security policy security architecture  A system’s security architecture consists of all the mechanisms involved in enforcing its security policy attack  An attack is a deliberate attempt to circumvent some mechanism and violate a security policy

3 Overview of Key Concepts & Vocabulary. ©2002, Matt Jaffe, Jan G. Hogle, Susan Gerhart. http://nsfsecurity.pr.erau.edu The Mechanisms of Information Security Crypto COMSEC INFOSEC Information Assurance COMPUSEC Information Security Emissions Security Emissions Security Physical Security Physical Security OPSEC Personnel Security Personnel Security

4 Overview of Key Concepts & Vocabulary. ©2002, Matt Jaffe, Jan G. Hogle, Susan Gerhart. http://nsfsecurity.pr.erau.edu INFOSEC: Information Systems Security Informally : Security of information in electronic form Formally: “The protection of Information Systems (IS) against unauthorized access to or modification of information, whether in storage, processing or transit, and against denial of service to authorized users or the provision of service to unauthorized users, including those measures necessary to detect, document, and counter such threats.”

5 Overview of Key Concepts & Vocabulary. ©2002, Matt Jaffe, Jan G. Hogle, Susan Gerhart. http://nsfsecurity.pr.erau.edu COMPUSEC: Computer Security Informally: Informally: Security of information in computers Formally: “Measures and controls that ensure confidentiality, integrity, and availability of the information processed and stored by a computer.”

6 Overview of Key Concepts & Vocabulary. ©2002, Matt Jaffe, Jan G. Hogle, Susan Gerhart. http://nsfsecurity.pr.erau.edu COMSEC: Communication Security Informally: Protection of information as it is being transmitted from one place to another Formally: “Measures and controls taken to deny unauthorized persons information derived from telecommunications and to ensure the authenticity of such telecommunications. Communications security includes cryptosecurity, transmission security, emissions security, and physical security of COMSEC material.”

7 Overview of Key Concepts & Vocabulary. ©2002, Matt Jaffe, Jan G. Hogle, Susan Gerhart. http://nsfsecurity.pr.erau.eduCryptography Informally: Concealing information (in a reversible manner) Formally: “The principles, means, and methods for rendering plain information unintelligible and for restoring encrypted information to intelligible form.”

8 Overview of Key Concepts & Vocabulary. ©2002, Matt Jaffe, Jan G. Hogle, Susan Gerhart. http://nsfsecurity.pr.erau.edu Emissions Security Informally: Protection against electronic eavesdropping (which can come in some surprisingly nasty forms) Formally: “Protection resulting from all measures taken to deny unauthorized persons information of value which might be derived from intercept and analysis of compromising emanations from crypto-equipment, AIS, and telecommunications systems.”

9 Overview of Key Concepts & Vocabulary. ©2002, Matt Jaffe, Jan G. Hogle, Susan Gerhart. http://nsfsecurity.pr.erau.edu OPSEC Operations Security Informally: “We can tell something is up at the White House by keeping track of the number of pizzas delivered after midnight” Formally: “[The] process denying to potential adversaries information about capabilities and/or intentions by identifying, controlling and protecting generally unclassified evidence of the planning and execution of sensitive activities.

10 Overview of Key Concepts & Vocabulary. ©2002, Matt Jaffe, Jan G. Hogle, Susan Gerhart. http://nsfsecurity.pr.erau.edu Physical Security Informally : Keeping the bad guys out of places they’re not supposed to be Formally: “The physical measures necessary to safeguard equipment, material, and documents from access thereto or observation thereof by unauthorized persons.”

11 Overview of Key Concepts & Vocabulary. ©2002, Matt Jaffe, Jan G. Hogle, Susan Gerhart. http://nsfsecurity.pr.erau.edu Personnel Security Informally: Not hiring bad guys and keeping good guys from becoming bad guys Formally: The ongoing screening, selection, management, and evaluation of people with security clearances, sensitive positions, and/or special access

12 Overview of Key Concepts & Vocabulary. ©2002, Matt Jaffe, Jan G. Hogle, Susan Gerhart. http://nsfsecurity.pr.erau.edu Why So Much Overlap in the Jargon?  As is often the case, what we now realize is basically one subject with several key aspects evolved from originally disparate disciplines, each with its own vocabulary  Many of the key concepts appear in slightly different guises in the separate disciplines; they each had their own, separate terms for essentially the same concepts but the overlap isn’t perfect so use of the older terms still persists  Many of the fields are young enough that the basic insights are still being developed --- a potentially major new vulnerability to computers with CRT displays was just published this year (2002) for the first time; young fields are often characterized by an excess of inconsistent and overlapping jargon

13 Overview of Key Concepts & Vocabulary. ©2002, Matt Jaffe, Jan G. Hogle, Susan Gerhart. http://nsfsecurity.pr.erau.edu Another Note on the Jargon (and Further References)  Except where otherwise noted, the acronyms and formal definitions used here come from American National Standard T1.523-2001 Telecom Glossary 2000  As of October 2002, the Telecom Glossary 2000 was available online at http://www.atis.org/tg2k/; it provides a comprehensive set of references for further informationhttp://www.atis.org/tg2k/

14 Overview of Key Concepts & Vocabulary. ©2002, Matt Jaffe, Jan G. Hogle, Susan Gerhart. http://nsfsecurity.pr.erau.edu About this Project This presentation is part of a larger package of materials on security issues. For more information, go to: http://nsfsecurity.pr.erau.edu http://nsfsecurity.pr.erau.edu Other material available on this topic are:  Introduction to Information Security Introduction to Information Security Introduction to Information Security  The Key Mechanisms of Information Security: Their strengths, weaknesses and inter-dependencies The Key Mechanisms of Information Security The Key Mechanisms of Information Security  Exercises (html): Decision Maze, Crossword Puzzle, Security Scene Decision MazeCrossword PuzzleSecurity SceneDecision MazeCrossword PuzzleSecurity Scene  Quizzes (html): Multiple choice, Fill-in-the-blank Multiple choiceFill-in-the-blankMultiple choiceFill-in-the-blank Please complete a feedback form at http://nsfsecurity.pr.erau.edu/feedback.html to tell us how you used this material and to offer suggestions for improvements. http://nsfsecurity.pr.erau.edu/feedback.html

Download ppt "Overview of Key Security Concepts and Vocabulary This Document was Funded by the National Science Foundation Federal Cyber Service Scholarship For Service."

Similar presentations

Network Security Chapter 1 - Introduction.

Network Security Chapter 1 - Introduction.
Operating System Security

Operating System Security
Cryptography and Network Security 2 nd Edition by William Stallings Note: Lecture slides by Lawrie Brown and Henric Johnson, Modified by Andrew Yang.

Cryptography and Network Security 2 nd Edition by William Stallings Note: Lecture slides by Lawrie Brown and Henric Johnson, Modified by Andrew Yang.
Buffer Overflow Causes. ©2002, Jedidiah R. Crandall, Susan L. Gerhart, Jan G. Hogle. Buffer Overflow Causes Author: Jedidiah.

Buffer Overflow Causes. ©2002, Jedidiah R. Crandall, Susan L. Gerhart, Jan G. Hogle. Buffer Overflow Causes Author: Jedidiah.
Chap 1: Overview Concepts of CIA: confidentiality, integrity, and availability Confidentiality: concealment of information –The need arises from sensitive.

Chap 1: Overview Concepts of CIA: confidentiality, integrity, and availability Confidentiality: concealment of information –The need arises from sensitive.
Lecture 1: Overview modified from slides of Lawrie Brown.

Lecture 1: Overview modified from slides of Lawrie Brown.
IT 221: Introduction to Information Security Principles Lecture 1: Introduction to IT Security For Educational Purposes Only Revised: August 28, 2002.

IT 221: Introduction to Information Security Principles Lecture 1: Introduction to IT Security For Educational Purposes Only Revised: August 28, 2002.
Chapter 1 – Introduction

Chapter 1 – Introduction
1 Cryptography and Network Security Third Edition by William Stallings Lecturer: Dr. Saleem Al_Zoubi.

1 Cryptography and Network Security Third Edition by William Stallings Lecturer: Dr. Saleem Al_Zoubi.
Chapter 1: Introduction Components of computer security Threats Policies and mechanisms The role of trust Assurance Operational Issues Human Issues Computer.

Chapter 1: Introduction Components of computer security Threats Policies and mechanisms The role of trust Assurance Operational Issues Human Issues Computer.
Software Engineering Lifecycle. ©2002. Jan G. Hogle, Susan L. Gerhart. Software Engineering Lifecycle Authors: Jan G. Hogle,

Software Engineering Lifecycle. ©2002. Jan G. Hogle, Susan L. Gerhart. Software Engineering Lifecycle Authors: Jan G. Hogle,
Stephen S. Yau CSE465 & CSE591, Fall 2006 1 Information Assurance (IA) & Security Overview Concepts Security principles & strategies Techniques Guidelines,

Stephen S. Yau CSE465 & CSE591, Fall Information Assurance (IA) & Security Overview Concepts Security principles & strategies Techniques Guidelines,
Applied Cryptography for Network Security

Applied Cryptography for Network Security
Cryptography and Network Security Chapter 1. Chapter 1 – Introduction The art of war teaches us to rely not on the likelihood of the enemy's not coming,

Cryptography and Network Security Chapter 1. Chapter 1 – Introduction The art of war teaches us to rely not on the likelihood of the enemy's not coming,
Lesson 1-What Is Information Security?. Overview History of security. Security as a process.

Lesson 1-What Is Information Security?. Overview History of security. Security as a process.
Introduction (Pendahuluan)  Information Security.

Introduction (Pendahuluan)  Information Security.
Cryptography and Network Security Third Edition by William Stallings Lecture slides by Lawrie Brown.

Cryptography and Network Security Third Edition by William Stallings Lecture slides by Lawrie Brown.
Topics in Information Security Prof. JoAnne Holliday Santa Clara University.

Topics in Information Security Prof. JoAnne Holliday Santa Clara University.
An Introduction to Information Assurance COEN 150 Spring 2007.

An Introduction to Information Assurance COEN 150 Spring 2007.
Principles of Information Security, 2nd Edition1 Introduction.

Principles of Information Security, 2nd Edition1 Introduction.

Similar presentations

Ads by Google