John Carpenter 2008 702904 & 711908 lecture - 01 1 702904 & 711908 Information Security 2008 Lecture 1: Subject Introduction and Security Fundamentals.

Slides:



Advertisements
Similar presentations
Chapter ADCS CS262/0898/V1 Chapter 1 An Introduction To Computer Security TOPICS Introduction Threats to Computer Systems –Threats, Vulnerabilities.
Advertisements

Computer Security CIS326 Dr Rachel Shipsey.
Chapter 15 Security Bernard Chen Spring Protection vs. Security Protection (Ch.14) deals with internal problem Security (Ch. 15) Deals with external.
Is There a Security Problem in Computing? Network Security / G. Steffen1.
G53SEC 1 Foundations of Computer Security. G53SEC Overview of Today’s Lecture: Definitions Fundamental Dilemma Data vs. Information Principles of Computer.
Cryptography and Network Security Chapter 1
Lecture 1: Overview modified from slides of Lawrie Brown.
EEC 688/788 Secure and Dependable Computing Lecture 2 Wenbing Zhao Department of Electrical and Computer Engineering Cleveland State University
IT 221: Introduction to Information Security Principles Lecture 1: Introduction to IT Security For Educational Purposes Only Revised: August 28, 2002.
Security+ Guide to Network Security Fundamentals
19.1 Silberschatz, Galvin and Gagne ©2003 Operating System Concepts with Java Chapter 19: Security The Security Problem Authentication Program Threats.
1 Cryptography and Network Security Third Edition by William Stallings Lecturer: Dr. Saleem Al_Zoubi.
Note1 (Intr1) Security Problems in Computing. Overview of Computer Security2 Outline Characteristics of computer intrusions –Terminology, Types Security.
1 An Overview of Computer Security computer security.
Introducing Computer and Network Security
EEC 688/788 Secure and Dependable Computing Lecture 2 Wenbing Zhao Department of Electrical and Computer Engineering Cleveland State University
CSE2500 System Security and Privacy. CSE2500 System Security and Privacy  Nandita&Srini 2 Lecturers Prof B Srinivasan Phone: Room No: C4.47.
Summary of Lecture 1 Security attack types: either by function or by the property being compromised Security mechanism – prevention, detection and reaction.
Introduction (Pendahuluan)  Information Security.
Security Overview. 2 Objectives Understand network security Understand security threat trends and their ramifications Understand the goals of network.
Sanjay Goel, School of Business/Center for Information Forensics and Assurance University at Albany Proprietary Information 1 Unit Outline Information.
CPSC 6126 Computer Security Information Assurance.
Computer Security Tran, Van Hoai Department of Systems & Networking Faculty of Computer Science & Engineering HCMC University of Technology.
Data Security GCSE ICT.
SEC835 Database and Web application security Information Security Architecture.
Storage Security and Management: Security Framework
Introduction (Based on Lecture slides by J. H. Wang)
Introducing Computer and Network Security. Computer Security Basics What is computer security? –Answer depends on the perspective of the person you’re.
1.1 System Performance Security Module 1 Version 5.
What does “secure” mean? Protecting Valuables
Computer Security “Measures and controls that ensure confidentiality, integrity, and availability of IS assets including hardware, software, firmware,
Environment for Information Security n Distributed computing n Decentralization of IS function n Outsourcing.
@Yuan Xue CS 285 Network Security Fall 2008.
Security in Computer System 491 CS-G(172) By Manesh T
10/17/20151 Computer Security Introduction. 10/17/20152 Introduction What is the goal of Computer Security? A first definition: To prevent or detect unauthorized.
Chapter 1 Overview The NIST Computer Security Handbook defines the term Computer Security as:
1 University of Palestine Information Security Principles ITGD 2202 Ms. Eman Alajrami 2 nd Semester
What security is about in general? Security is about protection of assets –D. Gollmann, Computer Security, Wiley Prevention –take measures that prevent.
SECURITY Professor Mona Mursi. ENVIRONMENT IT infrastructures are made up of many components, abstractly: IT infrastructures are made up of many components,
Lecture slides prepared for “Computer Security: Principles and Practice”, 3/e, by William Stallings and Lawrie Brown, Chapter 1 “Overview”. © 2016 Pearson.
Topic 5: Basic Security.
Security Policies. Threats to security and integrity  Threats to information systems include  Human error –keying errors, program errors, operator errors,
Chap1: Is there a Security Problem in Computing?.
Lecture 1 Page 1 CS 236 Online What Are Our Security Goals? CIA Confidentiality –If it’s supposed to be a secret, be careful who hears it Integrity –Don’t.
Csci5233 computer security & integrity 1 An Overview of Computer Security.
12/18/20151 Computer Security Introduction. 12/18/20152 Basic Components 1.Confidentiality: Concealment of information (prevent unauthorized disclosure.
Computer Security By Duncan Hall.
14.1 Silberschatz, Galvin and Gagne ©2009 Operating System Concepts with Java – 8 th Edition Protection.
Fall 2008CS 334 Computer Security1 CS 334: Computer Security Fall 2008.
Introduction to Computer Security
Computer threats, Attacks and Assets upasana pandit T.E comp.
C OMPUTER THREATS, ATTACKS AND ASSETS DONE BY NISHANT NARVEKAR TE COMP
Lecturer: Eng. Mohamed Adam Isak PH.D Researcher in CS M.Sc. and B.Sc. of Information Technology Engineering, Lecturer in University of Somalia and Mogadishu.
Advanced System Security Dr. Wayne Summers Department of Computer Science Columbus State University
Information Systems Security
CS457 Introduction to Information Security Systems
CS 395: Topics in Computer Security
Network Security Presented by: JAISURYA BANERJEA MBA, 2ND Semester.
Security
CS 450/650 Fundamentals of Integrated Computer Security
Security Shmuel Wimer prepared and instructed by
Information and Network Security
Done BY: Zainab Sulaiman AL-Mandhari Under Supervisor: Dr.Tarek
How to Mitigate the Consequences What are the Countermeasures?
Computer Security Introduction
Computer Security CIS326 Dr Rachel Shipsey.
Computer Security CIS326 Dr Rachel Shipsey.
Chapter 5 Computer Security
Presentation transcript:

John Carpenter & lecture & Information Security 2008 Lecture 1: Subject Introduction and Security Fundamentals

John Carpenter & lecture Lecturer Mr John Carpenter B Eng (Electrical) M Eng Sc (Systems Theory, Pattern Recognition) M Arts (Philosophy – Theory of Mind) Work experience: Embedded Systems Pathology Instrumentation and Databases Project manager Lecturer in Computer Technology, Project Management, and Security

John Carpenter & lecture & Information Security Lecture Introduction Welcome Student Handout: Subject Introduction Assessment Texts Tutorials Lecture 1 Objectives

John Carpenter & lecture & Information Security Principles of Security Securing individual computer systems Models for securing information systems Securing local networks Cryptography as a basis for securing transactions passing across open networks Maybe: Introduction to securing websites Maybe: Securing databases

John Carpenter & lecture Objectives of Lecture 1 Subject Administration Define the objectives of information security Some definitions The four Threats Controls The layers of technology and hence the layers of controls A different point of view Physical security

John Carpenter & lecture References Pfleeger & Pleeger Ch 1, Section 8.4 Gollman Computer Security Ch 1

John Carpenter & lecture There are Problems Theft - of equipment, of proprietary software Theft - Copying of confidential material Fabrication - for gain - Adding false names to company payroll Modification - malicious - Virus infections Access - easy for ‘us’ Access - difficult for ‘them’

John Carpenter & lecture What is Security ? Protection of assets - can take several forms: Prevention Detection Reaction What does this mean for computer assets ?

John Carpenter & lecture What is Information Security ? The objectives of information security are: Confidentiality Integrity Availability to give us: Secure Data

John Carpenter & lecture Confidentiality Only accessible by authorised parties Not revealed More than not reading Confidentiality is distinct from secrecy and privacy ( for you to think about)

John Carpenter & lecture Integrity Associated with loss and corruption Data Integrity: Computerised data to be the same as the external, source data Data not exposed to alteration or destruction No inappropriate modification

John Carpenter & lecture Availability The property of being accessible and useable (without delay) upon demand by an authorised entity We want there to be no denial of service

John Carpenter & lecture Other security issues Accountability Reliability Safety Dependability

John Carpenter & lecture Computer security deals with the prevention and detection of unauthorised actions by users of a computer system security deals with the ready availability of valuable assets by authorised agents, and the denial of that access to all others

John Carpenter & lecture Some Definitions Vulnerability A weakness of some sort Attack When a weakness is exploited Threat A circumstance with a potential for loss Exposure When a vulnerability is visible Control A protective measure NOTE the CLOSED nature of these definitions, the concept of PERIMETER CONTROL.

John Carpenter & lecture Breaches of Security The Four Threats Interruption Interception Modification Fabrication

John Carpenter & lecture Some Principles of Security Principle of Easiest Penetration An intruder will use any means of penetration Principle of Timeliness Items only need to be protected until they lose their value (Only protect valuable items) Principle of Effectiveness Controls must work, and they should be efficient, easy to use, and appropriate

John Carpenter & lecture Costs The costs of additional resources to implement security mechanisms can be quantified (measured) Security mechanisms interfere with users, and can lead to loss of productivity Managing security also costs (Risk Analysis will be covered)

John Carpenter & lecture Controls A control is a protective mechanism A lock with a key An ATM card is a PIN number A login with a password An message that is encrypted What should be the focus of controls ? Should protection mechanisms focus on data, or operations on that data, or should we focus on the users ?

John Carpenter & lecture There are layers of information systems technology Applications Services Operating system Kernel Hardware In which layer (or layers) should security mechanisms be placed ? Should controls be placed in more that one layer ?

John Carpenter & lecture Layers The presence of layers is a feature of technology Separate layers often perform very different functions Similar functions are combined in one layer The boundary between two layers is usually easily defined Layers can often be independently implemented

John Carpenter & lecture One Architecture of Controls Administrative Policies Physical Computer and Network Hardware Software Encryption (concealing)

John Carpenter & lecture Controls: The Onion Model Simple mechanisms, or lots of features ? Should defining and enforcing security be a centralised function ? How to prevent access to the layer below the security mechanism ?

John Carpenter & lecture Attack on the layer below An important concept Needs an understanding of the layers that are used to gain access to an asset When an intruder finds they are blocked at one layer, this intruder may attempt to attack the next layer closer to the asset Circumventing the protection Smashing a door Posing as an employee Posing as a programmer An pretending to be from your bank

John Carpenter & lecture A Different View: Security as a Person problem Roles of individuals in an organisation Directors Managers Professionals Clerks IT staff Personality types Adventurous Anti-social Gregarious

John Carpenter & lecture Physical Security Control ACCESS Control PORTABILITY Detect EXIT VIOLATIONS

John Carpenter & lecture Site Security The concern is with physical things Fire Flood Electric Power Access

John Carpenter & lecture Securing ‘Closed’ Computer systems Media Equipment Site Cold Site Warm Site Hot Site

John Carpenter & lecture Next week Identity and Authentication References: Pfleeger and Pfleeger section 4.5 Gollman Chapter 2 (Anderson Security Engineering )

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.