What does secure mean? You have been assigned a task of finding a cloud provider who can provide a secure environment for the launch of a new web application.

Slides:

Advertisements

Similar presentations

4 Information Security.

Advertisements

OSG Computer Security Plans Irwin Gaines and Don Petravick 17-May-2006.

Information System protection and Security. Need for Information System Security §With the invent of computers and telecommunication systems, organizations.

K. Salah1 Introduction to Security Overview of Computer Security.

Introduction to Security in Computing Computer and Network Security Semester 1, 2011 Lecture #01.

Is There a Security Problem in Computing? Network Security / G. Steffen1.

Chapter 4 McGraw-Hill/Irwin Copyright © 2011 by The McGraw-Hill Companies, Inc. All rights reserved. Ethics and Information Security.

Lecture 1: Overview modified from slides of Lawrie Brown.

EEC 693/793 Special Topics in Electrical Engineering Secure and Dependable Computing Lecture 3 Wenbing Zhao Department of Electrical and Computer Engineering.

EEC 688/788 Secure and Dependable Computing Lecture 2 Wenbing Zhao Department of Electrical and Computer Engineering Cleveland State University

Security+ Guide to Network Security Fundamentals

CST 481/598 Many thanks to Jeni Li.  Potential negative impact to an asset  Probability of a loss  A function of three variables  The probability.

Note1 (Intr1) Security Problems in Computing. Overview of Computer Security2 Outline Characteristics of computer intrusions –Terminology, Types Security.

1 An Overview of Computer Security computer security.

Introducing Computer and Network Security

8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.

FIT3105 Security and Identity Management Lecture 1.

EEC 688/788 Secure and Dependable Computing Lecture 2 Wenbing Zhao Department of Electrical and Computer Engineering Cleveland State University

Copyright © 2002 Pearson Education, Inc. Slide 5-1 PERTEMUAN 8.

EEC 693/793 Special Topics in Electrical Engineering Secure and Dependable Computing Lecture 3 Wenbing Zhao Department of Electrical and Computer Engineering.

Network Security PHILADELPHIA UNIVERSITY Ahmad Alghoul Module 1 Introduction: To Information & Security  Modified by :Ahmad Al Ghoul  Philadelphia.

Factors to be taken into account when designing ICT Security Policies

Security Overview. 2 Objectives Understand network security Understand security threat trends and their ramifications Understand the goals of network.

Sanjay Goel, School of Business/Center for Information Forensics and Assurance University at Albany Proprietary Information 1 Unit Outline Information.

CPSC 6126 Computer Security Information Assurance.

Alter – Information Systems 4th ed. © 2002 Prentice Hall 1 E-Business Security.

Lecture 11 Electronic Business (MGT-485). Recap – Lecture 10 Transaction costs Network Externalities Switching costs Critical mass of customers Pricing.

© 2009 IDBI Intech, Inc. All rights reserved.IDBI Intech Confidential 1 Information (Data) Security & Risk Mitigation.

CHAPTER 3 Information Privacy and Security. CHAPTER OUTLINE  Ethical Issues in Information Systems  Threats to Information Security  Protecting Information.

CHAPTER 4 Information Security. CHAPTER OUTLINE 4.1 Introduction to Information Security 4.2 Unintentional Threats to Information Security 4.3 Deliberate.

Computer Crime and Information Technology Security

CHAPTER 4 Information Security. Key Information Security Terms Information Security refers to all of the processes and policies designed to protect an.

BUSINESS B1 Information Security.

Information Security Rabie A. Ramadan GUC, Cairo Room C Lecture 2.

Introducing Computer and Network Security. Computer Security Basics What is computer security? –Answer depends on the perspective of the person you’re.

What does “secure” mean? Protecting Valuables

Prepared by: Dinesh Bajracharya Nepal Security and Control.

Computer Security “Measures and controls that ensure confidentiality, integrity, and availability of IS assets including hardware, software, firmware,

C8- Securing Information Systems

7 Information Security.

Mobile Banking By: Chenyu Gong, Jalal Hafidi, Harika Malineni.

Lesson 7-Managing Risk. Overview Defining risk. Identifying the risk to an organization. Measuring risk.

Computer Crime crime accomplished through knowledge or use of computer technology. Computers are tools – we choose how to use / apply the technology.

What security is about in general? Security is about protection of assets –D. Gollmann, Computer Security, Wiley Prevention –take measures that prevent.

Information Security What is Information Security?

SECURITY Professor Mona Mursi. ENVIRONMENT IT infrastructures are made up of many components, abstractly: IT infrastructures are made up of many components,

7 Information Security.

Chap1: Is there a Security Problem in Computing?.

Csci5233 computer security & integrity 1 An Overview of Computer Security.

Introduction and Overview of Information Security and Policy By: Hashem Alaidaros 4/10/2015 Lecture 1 IS 332.

Introduction to Security CS432 – Security in Computing Copyright © 2005, 2009 by Scott Orr and the Trustees of Indiana University.

Introduction to Security Dr. John P. Abraham Professor UTPA.

Computer Security By Duncan Hall.

Introduction to Computer Security

Computer threats, Attacks and Assets upasana pandit T.E comp.

Is There a Security Problem in Computing?

CHAPTER 7 Information Security. 1.Introduction to Information Security 2.Unintentional Threats to Information Systems 3.Deliberate Threats to Information.

Cyber Security – Client View Peter Gibbons | Head of Cyber Security, Group Business Services Suppliers’ Summer Conference 15/07/2015.

Advanced System Security Dr. Wayne Summers Department of Computer Science Columbus State University

DEPARTMENT OF COMPUTER SCIENCE INTRODUCTION TO CYBER AND SECURITY.

Threats By Dr. Shadi Masadeh.

INFORMATION SECURITY The protection of information from accidental or intentional misuse of a persons inside or outside an organization Comp 212 – Computer.

Securing Information Systems

Chapter # 3 COMPUTER AND INTERNET CRIME

Mohammad Alauthman Computer Security Mohammad Alauthman

Cyber Security For Civil Engineering

Presentation transcript:

What does secure mean? You have been assigned a task of finding a cloud provider who can provide a secure environment for the launch of a new web application. What does secure imply?

What is a vulnerability? What is a threat? What is a control? Vulnerabilities, Threats & Controls

A vulnerability is a weakness in a system ◦ Allows a threat to cause harm. A threat is a potential negative harmful occurrence ◦ Earthquake, worm, virus, hackers. A control/Safeguard is a protective measure ◦ Reduce risk to protect an asset.

Vulnerabilities, Threats & Controls Vulnerability = a weakness in a system ◦ Allows a threat to cause harm Threat = a potential negative harmful occurrence ◦ Earthquake, worm, virus, hackers. Control/Safeguard = a protective measure ◦ Reduce risk to protect an asset.

Figure 1-1 Threats, Controls, and Vulnerabilities.

Goals of Security What are the 3 goals of security?

CIA Triad 7 Confidentiality Integrity Availability Information Security Note: From “Information Security Illuminated”(p.3), by Solomon and Chapple, 2005, Sudbury, MA: Jones and Bartlett. Information kept must be available only to authorized individuals Unauthorized changes must be prevented Authorized users must have access to their information for legitimate purposes

Threats 10/15/20158 Confidentiality Integrity Availability Information Security Note: From “Information Security Illuminated”(p.5), by Solomon and Chapple, 2005, Sudbury, MA: Jones and Bartlett. Disclosure Alteration Denial Live Chat 4

Goals of Security What are the 3 goals of security?

Figure 1-3 Relationship Between Confidentiality, Integrity, and Availability. Confidentiality Availability Integrity Secure

CIA Triad

Threats What types of threats were discussed by the book? ◦ Hint: defined by their impact.

Threats Interception: gained access to an asset.  Wireless network, hacked system, etc.  Impacts confidentiality. Interruption ◦ Unavailability, reduced availability. Modification ◦ Tamper with data, impacts integrity. Fabrication ◦ Spurious transactions, impacts integrity.

Figure 1-2 System Security Threats.

Figure 1-4 Vulnerabilities of Computing Systems.

Figure 1-5 Security of Data.

Attacker Needs What 3 things must an attacker have?

An Attacker Must Have: Method: skills, knowledge, tools. ◦ Capability to conduct an attack Opportunity: time and access to accomplish attack Motive: a reason to want to attack

Software Vulnerabilities Define some different types. ◦ There are many to chose from….

Software Vulnerabilities Logic Bomb: employee modification. Trojan Horse: Overtly does one thing and another covertly. Virus: malware which requires a carrier Trapdoor: secret entry points. Information Leak: makes information accessible to unauthorized people. Worm: malware that self-propagates.

Criminals Define different types of computer criminals and their motive or motives?

Computer Criminals Script Kiddies: Amateurs Crackers/Malicious Hackers: Black Hats Career Criminals: botnets, bank thefts. Terrorists: local and remote. Hacktivists: politically motivated Insiders: employees Phishers/Spear Phishers

Motives Financial gain: make money. Competitive advantage: steal information. Curiosity: test skills. Political: achieve a political goal. Cause Harm/damage: reputation or financial Vendetta/Disgruntled: fired employees.

Risk What are the different ways a company can deal with risk?

How to deal with Risk Accept it: cheaper to leave it unprotected. Mitigate it: lowering the risk to an acceptable level e.g. (laptop encryption). Transfer it: insurance model. Avoid it: sometimes it is better not to do something that creates a great risk. Book lists alternatives.

Controls Encryption: confidentiality, integrity ◦ VPN, SSH, Hashes, data at rest, laptops. Software: operating system, development. Hardware: Firewall, locks, IDS, 2-factor. Policies and Procedures: password changes Physical: gates, guards, site planning.

Types of Controls Preventive: prevent actions. Detective: notice & alert. Corrective: correcting a damaged system. Recovery: restore functionality after incident. Deterrent: deter users from performing actions. Compensating: compensate for weakness in another control.

Figure 1-6 Multiple Controls.

Principles Easiest Penetration: attackers use any means available to attack. Adequate Protection: protect computers/data until they lose their value. Effectiveness: controls must be used properly to be effective. Efficiency key. Weakest Link: only as strong as weakest link.