Security Mark A. Magumba. Definitions Security implies the minimization of threats and vulnerabilities A security threat is a harmful event or object.

Slides:



Advertisements
Similar presentations
Protection of Information Assets I. Joko Dewanto 1.
Advertisements

Chap 1: Overview Concepts of CIA: confidentiality, integrity, and availability Confidentiality: concealment of information –The need arises from sensitive.
DESIGNING A PUBLIC KEY INFRASTRUCTURE
Security Controls – What Works
Chapter 1 – Introduction
Information Security Policies and Standards
Security+ Guide to Network Security Fundamentals
19.1 Silberschatz, Galvin and Gagne ©2003 Operating System Concepts with Java Chapter 19: Security The Security Problem Authentication Program Threats.
6/4/2015National Digital Certification Agency1 Security Engineering and PKI Applications in Modern Enterprises Mohamed HAMDI National.
1 An Overview of Computer Security computer security.
Introducing Computer and Network Security
© 2008 Prentice Hall Business Publishing Accounting Information Systems, 11/e Romney/Steinbart1 of 222 C HAPTER 7 Information Systems Controls for Systems.
Silberschatz, Galvin and Gagne  Operating System Concepts Module 19: Security The Security Problem Authentication Program Threats System Threats.
Computer Security: Principles and Practice
Security Overview. 2 Objectives Understand network security Understand security threat trends and their ramifications Understand the goals of network.
Stephen S. Yau CSE , Fall Security Strategies.
Brian Bradley.  Data is any type of stored digital information.  Security is about the protection of assets.  Prevention: measures taken to protect.
Fraud Prevention and Risk Management
11 CERTIFICATE SERVICES AND SECURE AUTHENTICATION Chapter 10.
Security Risk Management Marcus Murray, CISSP, MVP (Security) Senior Security Advisor, Truesec
D ATABASE S ECURITY Proposed by Abdulrahman Aldekhelallah University of Scranton – CS521 Spring2015.
Information Security Technological Security Implementation and Privacy Protection.
ISOM MIS3150 Data and Info Mgmt Database Security Arijit Sengupta.
Confidentiality Integrity Accountability Communications Data Hardware Software Next.
Security Security is a measure of the system’s ability to protect data and information from unauthorized access while still providing access to people.
BUSINESS B1 Information Security.
Introducing Computer and Network Security. Computer Security Basics What is computer security? –Answer depends on the perspective of the person you’re.
Tutorial Chapter 5. 2 Question 1: What are some information technology tools that can affect privacy? How are these tools used to commit computer crimes?
Security Architecture
Important acronyms AO = authorizing official ISO = information system owner CA = certification agent.
Patient Data Security and Privacy Lecture # 7 PHCL 498 Amar Hijazi, Majed Alameel, Mona AlMehaid.
Security Standards and Threat Evaluation. Main Topic of Discussion  Methodologies  Standards  Frameworks  Measuring threats –Threat evaluation –Certification.
IT Strategy for Business © Oxford University Press 2008 All rights reserved Chapter 12 IT Security Strategies.
Network Security. 2 SECURITY REQUIREMENTS Privacy (Confidentiality) Data only be accessible by authorized parties Authenticity A host or service be able.
Ali Pabrai, CISSP, CSCS ecfirst, chairman & ceo Preparing for a HIPAA Security Audit.
Module 4 Quiz. 1. Which of the following statements about Network Address Translation (NAT) are true? Each correct answer represents a complete solution.
1 University of Palestine Information Security Principles ITGD 2202 Ms. Eman Alajrami 2 nd Semester
Information Security What is Information Security?
Database Security and Auditing: Protecting Data Integrity and Accessibility Chapter 1 Security Architecture.
Federal Information Security Management Act (FISMA) By K. Brenner OCIO Internship Summer 2013.
Security Engineering Assurance & Control Objectives Priyanka Vanjani ASU Id #
Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the OWASP License. The OWASP.
1 Chapter 1 – Background Computer Security T/ Tyseer Alsamany - Computer Security.
1 Network and E-commerce Security Nungky Awang Chandra Fasilkom Mercu Buana University.
IT Security. What is Information Security? Information security describes efforts to protect computer and non computer equipment, facilities, data, and.
Database security Diego Abella. Database security Global connection increase database security problems. Database security is the system, processes, and.
Csci5233 computer security & integrity 1 An Overview of Computer Security.
Security fundamentals Topic 1 Addressing security threats and vulnerabilities.
Database Security and Auditing: Protecting Data Integrity and Accessibility Chapter 1 Security Architecture.
Introduction and Overview of Information Security and Policy By: Hashem Alaidaros 4/10/2015 Lecture 1 IS 332.
Access Control / Authenticity Michael Sheppard 11/10/10.
Control and Security Frameworks Chapter Three Prepared by: Raval, Fichadia Raval Fichadia John Wiley & Sons, Inc
Cryptography and Network Security Chapter 1. Background  Information Security requirements have changed in recent times  traditionally provided by physical.
E-Commerce E-Commerce Security?? Instructor: Safaa S.Y. Dalloul E-Business Level Try to be the Best.
Chapter 21: Evaluating Systems Dr. Wayne Summers Department of Computer Science Columbus State University
Sicherheitsaspekte beim Betrieb von IT-Systemen Christian Leichtfried, BDE Smart Energy IBM Austria December 2011.
Important acronyms AO = authorizing official ISO = information system owner CA = certification agent.
Unit 2 Personal Cyber Security and Social Engineering Part 2.
Lecturer: Eng. Mohamed Adam Isak PH.D Researcher in CS M.Sc. and B.Sc. of Information Technology Engineering, Lecturer in University of Somalia and Mogadishu.
By: Mark Reed.  Protecting information and information systems from unauthorized access, use, disclosure, disruption, modification, or destruction.
Computer Security: Principles and Practice First Edition by William Stallings and Lawrie Brown Lecture slides by Lawrie Brown Chapter 17 – IT Security.
Database Security Carl J. Hoppe 20 November 2013.
Security Issues in Information Technology
Securing Network Servers
Web Applications Security Cryptography 1
Design for Security Pepper.
Secure Software Confidentiality Integrity Data Security Authentication
INFORMATION SECURITY The protection of information from accidental or intentional misuse of a persons inside or outside an organization Comp 212 – Computer.
CLIENT/SERVER COMPUTING ENVIRONMENT
How to Mitigate the Consequences What are the Countermeasures?
Presentation transcript:

Security Mark A. Magumba

Definitions Security implies the minimization of threats and vulnerabilities A security threat is a harmful event or object that poses danger to the system Threats are measured according to their probability and impact Examples of threats include malware like viruses and trojans, hacking, man in the middle attacks

Vulnerabilities A vulnerability is a weakness that allows a threat to occur Examples of vulnerabilities – Weak passwords – Poor configuration – Poor security policies

The CIA model Security based on three pillars – Confidentiality Ensuring that there is no undue disclosure of information to unauthorized parties Involves measures like passwords, encryption, Intrusion Detection – Integrity Ensures there are no unauthorized changes to data and systems Involves measures like checksums, parity checking, logging and system auditing

The CIA model Availability – Is about ensuring that resources and data are available to authorized users when they need them

Risk Assessment It is important to do a risk assessment to determine what security measures to implement Security implementation can be expensive therefore priorities have to be made in order to protect the most critical systems For instance a common classification is as follows: – mission critical systems as level 1 (usually 5% of an organization’s systems), – systems that are required but not critical and can endure some amount of downtime as level 2 (usually 20% of an organization’s systems), – and a local Desktop computer as a Level 3 system (usually 75% of an organization’s systems) The more critical a system is the more security should be applied

Security Policy A security policy is a document that outlines how security will be implemented in an organization It helps to standardize security and set security goals upon which to evaluate organizational security

Security Standards Security standards are used to standardize security across organizations and solutions They describe the security capabilities of a given solution These security capabilities do not necessarily translate into actual security but describe the attainable level of security for a particular system For security conscious organizations IT products may be required to pass a certain security certification

Security Standards Information Technology Security Evaluation Criteria (ITSEC) is a European security standard Trusted Systems evaluation Criteria (TSEC) is an American Security standard developed by DoD Both standards are organized into levels A system may be said to be TSEC level B compliant which means it satisfies security functionality described in the TSEC’s standard level A

Practical elements of security Authentication – Involves parties proving they are who they claim to be and includes where you are authentication which is based on where a party is for instance systems that use source ip address to grant or revoke access What you have authentication which relies on what a user has for instance an access card What you are authentication which relies on some biological trait like finger print or voice recognition What you know authentication which relies on what you know for instance a password – Multifactor authentication which combines what you are, where you are, who you are and what you know to provide more complete authentication

Practical elements of security Authorization – Involves granting access to resources to authorized users and revoking it from unauthorized users – The level of authorization is defined in terms of permissions – Common permissions include read, write, execute – Authorization systems rely on access control lists

Practical elements of security Encryption – Is the transformation of human readable plain text to unreadable cypher text – It employs an encryption algorithm which uses an encryption key – To be rendered readable the cypher text must be decrypted using the algorithm and decryption key – Only the intended recipient may have the correct decryption key – Without it even if information fell into the wrong hands it would be of no use to them

Practical elements of security Auditing – Involves monitoring systems to ensure that security objectives are being met – Usually implemented through logging – Logging is the automatic recording of important system events – The depth and extent of logging depends on your system’s risk profile

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.