Overview of Key Security Concepts and Vocabulary This Document was Funded by the National Science Foundation Federal Cyber Service Scholarship For Service.

Slides:



Advertisements
Similar presentations
Network Security Chapter 1 - Introduction.
Advertisements

Operating System Security
Cryptography and Network Security 2 nd Edition by William Stallings Note: Lecture slides by Lawrie Brown and Henric Johnson, Modified by Andrew Yang.
Buffer Overflow Causes. ©2002, Jedidiah R. Crandall, Susan L. Gerhart, Jan G. Hogle. Buffer Overflow Causes Author: Jedidiah.
Chap 1: Overview Concepts of CIA: confidentiality, integrity, and availability Confidentiality: concealment of information –The need arises from sensitive.
Lecture 1: Overview modified from slides of Lawrie Brown.
IT 221: Introduction to Information Security Principles Lecture 1: Introduction to IT Security For Educational Purposes Only Revised: August 28, 2002.
Chapter 1 – Introduction
1 Cryptography and Network Security Third Edition by William Stallings Lecturer: Dr. Saleem Al_Zoubi.
Chapter 1: Introduction Components of computer security Threats Policies and mechanisms The role of trust Assurance Operational Issues Human Issues Computer.
Software Engineering Lifecycle. ©2002. Jan G. Hogle, Susan L. Gerhart. Software Engineering Lifecycle Authors: Jan G. Hogle,
Stephen S. Yau CSE465 & CSE591, Fall Information Assurance (IA) & Security Overview Concepts Security principles & strategies Techniques Guidelines,
Applied Cryptography for Network Security
Cryptography and Network Security Chapter 1. Chapter 1 – Introduction The art of war teaches us to rely not on the likelihood of the enemy's not coming,
Lesson 1-What Is Information Security?. Overview History of security. Security as a process.
Introduction (Pendahuluan)  Information Security.
Cryptography and Network Security Third Edition by William Stallings Lecture slides by Lawrie Brown.
Topics in Information Security Prof. JoAnne Holliday Santa Clara University.
An Introduction to Information Assurance COEN 150 Spring 2007.
Principles of Information Security, 2nd Edition1 Introduction.
Review security basic concepts IT 352 : Lecture 2- part1 Najwa AlGhamdi, MSc – 2012 /1433.
Effectively Integrating Information Technology (IT) Security into the Acquisition Process Section 5: Security Controls.
SEC835 Database and Web application security Information Security Architecture.
Lecture slides prepared for “Computer Security: Principles and Practice”, 2/e, by William Stallings and Lawrie Brown, Chapter 1 “Overview”.
Dr. Lo’ai Tawalbeh 2007 INCS 741: Cryptography Chapter 1:Introduction Dr. Lo’ai Tawalbeh New York Institute of Technology (NYIT) Jordan’s Campus
N ational I NFOSEC E ducation and T raining P rogram Educational Solutions for a Safer World http//
Cryptography and Network Security
Key Mechanisms of Information Security. ©2002, Matt Jaffe, Jan G. Hogle, Susan Gerhart. MENU.
Lecture 1: Overview modified from slides of Lawrie Brown.
An Introduction to Information Security Why there’s more to hide than you might think and why hiding it is a lot tougher than you ever dreamed of in your.
Computer Security: Principles and Practice
Security Architecture
Sample Security Model. Security Model Secure: Identity management & Authentication Filtering and Stateful Inspection Encryption and VPN’s Monitor: Intrusion.
Buffer Overflow Causes Quiz. ©2002, Jedidiah R. Crandall, Susan L. Gerhart, Jan G. Hogle. Quiz: Buffer Overflow Causes Author:
Buffer Overflow Defenses. ©2002, Jedidiah R. Crandall, Susan L. Gerhart, Jan G. Hogle. Buffer Overflow Defenses Author:
Chapter 1 Overview The NIST Computer Security Handbook defines the term Computer Security as:
1 University of Palestine Information Security Principles ITGD 2202 Ms. Eman Alajrami 2 nd Semester
. 1. Computer Security Concepts 2. The OSI Security Architecture 3. Security Attacks 4. Security Services 5. Security Mechanisms 6. A Model for Network.
Buffer Overflow Defenses Quiz. ©2002, Jedidiah R. Crandall, Susan L. Gerhart, Jan G. Hogle. Quiz: Buffer Overflow Defenses.
Database Security and Auditing: Protecting Data Integrity and Accessibility Chapter 1 Security Architecture.
1 Chapter 1 – Background Computer Security T/ Tyseer Alsamany - Computer Security.
Lecture slides prepared for “Computer Security: Principles and Practice”, 3/e, by William Stallings and Lawrie Brown, Chapter 1 “Overview”. © 2016 Pearson.
Topic 1 – Introduction Huiqun Yu Information Security Principles & Applications.
How to Use BO Demos. ©2002, Jedidiah R. Crandall, Susan L. Gerhart, Jan G. Hogle. How to Use Buffer Overflow Demos (applets)
Database Security and Auditing: Protecting Data Integrity and Accessibility Chapter 1 Security Architecture.
Introduction and Overview of Information Security and Policy By: Hashem Alaidaros 4/10/2015 Lecture 1 IS 332.
Communications security
Lecture1.1(Chapter 1) Prepared by Dr. Lamiaa M. Elshenawy 1.
CST 312 Pablo Breuer. measures to deter, prevent, detect, and correct security violations that involve the transmission of information.
By Marwan Al-Namari & Hafezah Ben Othman Author: William Stallings College of Computer Science at Al-Qunfudah Umm Al-Qura University, KSA, Makkah 1.
PREPARED BY: MS. ANGELA R.ICO & MS. AILEEN E. QUITNO (MSE-COE) COURSE TITLE: OPERATING SYSTEM PROF. GISELA MAY A. ALBANO PREPARED BY: MS. ANGELA R.ICO.
1 Network Security Maaz bin ahmad.. 2 Outline Attacks, services and mechanisms Security attacks Security services Security Mechanisms A model for Internetwork.
Cases Study: Code Red. ©2002, Jedidiah R. Crandall, Susan L. Gerhart, Jan G. Hogle. Case Study: Code Red Author: Jedidiah.
Lecture 1 Introduction Dr. nermin hamza 1. Aim of Course Overview Cryptography Symmetric and Asymmetric Key management Researches topics 2.
Information Security and Privacy By: Mike Battestilli.
CS457 Introduction to Information Security Systems
Buffer Overflow Defenses
Information System and Network Security
Data & Network Security
CNET334 - Network Security
NET 311 Information Security
Computer and Network Security
Quiz: Buffer Overflow Causes
Case Study: Code Red Author: Jedidiah R. Crandall,
Information Security: Terminology
Security.
Introduction to Cryptography
Cryptography and Network Security
Unit # 1: Overview of the Course Dr. Bhavani Thuraisingham
Presentation transcript:

Overview of Key Security Concepts and Vocabulary This Document was Funded by the National Science Foundation Federal Cyber Service Scholarship For Service Program: Grant No Distributed October 2002 Embry-Riddle Aeronautical University Prescott, Arizona USA Overview of Key Concepts & Vocabulary. ©2002, Matt Jaffe, Jan G. Hogle, Susan Gerhart.

Some Underlying Vocabulary and Integrating Concepts access  To have access is to be able to do something  Authorization  Authorization means that you’re supposed to have access policy  A security policy describes who is authorized which type(s) of access to what  Mechanisms  Mechanisms are the physical, electronic, and procedural means of enforcing a security policy security architecture  A system’s security architecture consists of all the mechanisms involved in enforcing its security policy attack  An attack is a deliberate attempt to circumvent some mechanism and violate a security policy

Overview of Key Concepts & Vocabulary. ©2002, Matt Jaffe, Jan G. Hogle, Susan Gerhart. The Mechanisms of Information Security Crypto COMSEC INFOSEC Information Assurance COMPUSEC Information Security Emissions Security Emissions Security Physical Security Physical Security OPSEC Personnel Security Personnel Security

Overview of Key Concepts & Vocabulary. ©2002, Matt Jaffe, Jan G. Hogle, Susan Gerhart. INFOSEC: Information Systems Security Informally : Security of information in electronic form Formally: “The protection of Information Systems (IS) against unauthorized access to or modification of information, whether in storage, processing or transit, and against denial of service to authorized users or the provision of service to unauthorized users, including those measures necessary to detect, document, and counter such threats.”

Overview of Key Concepts & Vocabulary. ©2002, Matt Jaffe, Jan G. Hogle, Susan Gerhart. COMPUSEC: Computer Security Informally: Informally: Security of information in computers Formally: “Measures and controls that ensure confidentiality, integrity, and availability of the information processed and stored by a computer.”

Overview of Key Concepts & Vocabulary. ©2002, Matt Jaffe, Jan G. Hogle, Susan Gerhart. COMSEC: Communication Security Informally: Protection of information as it is being transmitted from one place to another Formally: “Measures and controls taken to deny unauthorized persons information derived from telecommunications and to ensure the authenticity of such telecommunications. Communications security includes cryptosecurity, transmission security, emissions security, and physical security of COMSEC material.”

Overview of Key Concepts & Vocabulary. ©2002, Matt Jaffe, Jan G. Hogle, Susan Gerhart. Informally: Concealing information (in a reversible manner) Formally: “The principles, means, and methods for rendering plain information unintelligible and for restoring encrypted information to intelligible form.”

Overview of Key Concepts & Vocabulary. ©2002, Matt Jaffe, Jan G. Hogle, Susan Gerhart. Emissions Security Informally: Protection against electronic eavesdropping (which can come in some surprisingly nasty forms) Formally: “Protection resulting from all measures taken to deny unauthorized persons information of value which might be derived from intercept and analysis of compromising emanations from crypto-equipment, AIS, and telecommunications systems.”

Overview of Key Concepts & Vocabulary. ©2002, Matt Jaffe, Jan G. Hogle, Susan Gerhart. OPSEC Operations Security Informally: “We can tell something is up at the White House by keeping track of the number of pizzas delivered after midnight” Formally: “[The] process denying to potential adversaries information about capabilities and/or intentions by identifying, controlling and protecting generally unclassified evidence of the planning and execution of sensitive activities.

Overview of Key Concepts & Vocabulary. ©2002, Matt Jaffe, Jan G. Hogle, Susan Gerhart. Physical Security Informally : Keeping the bad guys out of places they’re not supposed to be Formally: “The physical measures necessary to safeguard equipment, material, and documents from access thereto or observation thereof by unauthorized persons.”

Overview of Key Concepts & Vocabulary. ©2002, Matt Jaffe, Jan G. Hogle, Susan Gerhart. Personnel Security Informally: Not hiring bad guys and keeping good guys from becoming bad guys Formally: The ongoing screening, selection, management, and evaluation of people with security clearances, sensitive positions, and/or special access

Overview of Key Concepts & Vocabulary. ©2002, Matt Jaffe, Jan G. Hogle, Susan Gerhart. Why So Much Overlap in the Jargon?  As is often the case, what we now realize is basically one subject with several key aspects evolved from originally disparate disciplines, each with its own vocabulary  Many of the key concepts appear in slightly different guises in the separate disciplines; they each had their own, separate terms for essentially the same concepts but the overlap isn’t perfect so use of the older terms still persists  Many of the fields are young enough that the basic insights are still being developed --- a potentially major new vulnerability to computers with CRT displays was just published this year (2002) for the first time; young fields are often characterized by an excess of inconsistent and overlapping jargon

Overview of Key Concepts & Vocabulary. ©2002, Matt Jaffe, Jan G. Hogle, Susan Gerhart. Another Note on the Jargon (and Further References)  Except where otherwise noted, the acronyms and formal definitions used here come from American National Standard T Telecom Glossary 2000  As of October 2002, the Telecom Glossary 2000 was available online at it provides a comprehensive set of references for further informationhttp://

Overview of Key Concepts & Vocabulary. ©2002, Matt Jaffe, Jan G. Hogle, Susan Gerhart. About this Project This presentation is part of a larger package of materials on security issues. For more information, go to: Other material available on this topic are:  Introduction to Information Security Introduction to Information Security Introduction to Information Security  The Key Mechanisms of Information Security: Their strengths, weaknesses and inter-dependencies The Key Mechanisms of Information Security The Key Mechanisms of Information Security  Exercises (html): Decision Maze, Crossword Puzzle, Security Scene Decision MazeCrossword PuzzleSecurity SceneDecision MazeCrossword PuzzleSecurity Scene  Quizzes (html): Multiple choice, Fill-in-the-blank Multiple choiceFill-in-the-blankMultiple choiceFill-in-the-blank Please complete a feedback form at to tell us how you used this material and to offer suggestions for improvements.

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.