Presentation is loading. Please wait.

Presentation is loading. Please wait.

ISA 400 Management of Information Security

Published byReginald Parrish Modified over 7 years ago

Similar presentations

Presentation on theme: "ISA 400 Management of Information Security"— Presentation transcript:

1 ISA 400 Management of Information Security
Week #4 Access Control Philip Robbins – February 4, 2017 Information Security & Assurance Program University of Hawai'i West Oahu

2 Topics Domain: Access Control Review Questions, Q&A Quiz #2
Assignment #2 due February 10, 10PM

3 Access Control 3

4 Access Control Overview Access controls enable management to:
Access Control is the process of allowing only authorized subjects to observe, modify, or otherwise take possession of an object. Access controls enable management to: specify which users can access a system specify what resources those users can access specify what operations those users can perform enforce accountability for those users’ actions 4

5 Access Control Subject Object Subject v.s. Object The active entity
on the network Object The passive entity 5

6 Access Control Domain Objectives
Understand types of controls (preventive v.s. detective) Techniques (discretionary, mandatory, nondiscretionary) Difference between Identification, Authentication, Authorization, Access, and Accountability Authorization mechanisms Logging and monitoring Understand access control threats & attacks 6

7 Access Control Access The flow of information between a subject and an object. Access control mechanisms: Helps protect the assets of an enterprise against threats and vulnerabilities by reducing exposure. Allows access to information systems that have been approved. 7

8 Access Control Threats to Access Controls Denial of Service (DoS)
Distributed Denial of Service (DDoS)  Buffer Overflow Attacks  Sniffers, and Wiretapping Emanations Spoofing / Masquerading Piggybacking & Tailgating 8

9 Access Control Threats to Access Controls Data Remanence
Dumpster Diving  Backdoors Reliance on legacy applications Theft  Social Engineering  Phishing, Pharming Eavesdropping & Shoulder Surfing 9

10 Access Control Planning for Access Control Program
The first element of an effective access control program is to establish an access control policy. Specify who can access the system. Specify what resources they can access. Specify what operations they can perform. Provide individuals accountability. 10

11 Access Control Security Concepts in Ascending Sequence
1. Identification 2. Authentication 3. Authorization 4. Access 5. Auditing 6. Accountability 7. Nonrepudiation 11

12 Access Control Identification
Process by which a subject presents an identity and accountability is initiated. Most common forms: User Name User ID Account Number Personal Identification Number 12

13 Access Control Identification
Process by which a subject presents an identity and accountability is initiated. When establishing identification here are some guidelines: Unique: Must be able to provide positive identification Non-descriptive: Should not expose role or job function of the user Issuance: Must be secure and documented 13

14 Access Control Authentication
Verifying or testing (validating) the identity of a subject (who you are). Forms Type 1: Something you know Type 2: Something you have Type 3: Something you are Compares factors against a database Two step process with identification 14

15 Access Control Type 1: Something you know
PINs, passwords, codes, or IDs (STATIC) Pass phrases Cognitive information (only the user can answer): mother's maiden name The model or color of your first car The city where you were born One-time passwords (DYNAMIC) Is a computer username a Type 1 control form? 15

16 Access Control Type 1: Something you know
PINs, passwords, codes, or IDs (STATIC); most common form… Pass phrases Cognitive information (only the user can answer): mother's maiden name The model or color of your first car The city where you were born One-time passwords (DYNAMIC) No. Usernames are part of the identification process. An associated password is a Type 1 control form. 16

17 Access Control Password Vulnerabilities Type 1: Something you know
Dictionary attack Brute force attack Hybrid attack Rainbow Tables Social engineering Key stroke loggers How could extremely complex passwords be vulnerable? 17

18 Access Control Password Security Type 1: Something you know
All users / admins should change their passwords regularly. Establish minimum length for users (8 chars) and admins (15 chars) Require complexity: include letters, numbers, symbols, both upper and lower case chars. No dictionary (common) or slang words (in any language). No connection to the user: ss#, birthdays, or names. Never write passwords down (esp. online, through , or store on a users computer). Be aware of shoulder surfing. Limit reuse of old passwords. Set account lockout duration (i.e. timeout 30 seconds after first attempt). Set account lockout thresholds (i.e. disable account after 3 attempts). Use graphical passwords. 18

19 Access Control Token Device Type 2: Something you have
Makes one time passwords possible; they are two factor. Synchronous – device synchronizes with an authentication service by using time or a counter. It can generate a password at set times. Asynchronous – Not synchronized with central service. Token generating method uses a challenge/response scheme to authenticate users. Generates a password on an event. 19

20 Access Control Smart Cards Type 2: Something you have
Smart cards add another level of integrity. A PIN provides access to information on the card and the key on the card is used during the authentication process. Contact cards: have 8 electrical contacts (only 6 are used) with an EEPROM. Contactless cards: do not have to be placed in a reader. They are often called EAC proximity cards. 20

21 Access Control Common Biometric Authentication Systems
Type 3: Something you are Common Biometric Authentication Systems ? Which is the most accurate? 21

22 Access Control Common Biometric Authentication Systems
Type 3: Something you are Common Biometric Authentication Systems Palm Scan Hand Geometry Iris Recognition Retina Pattern Fingerprint Facial Scan Voice Recognition 22

23 Access Control Biometric Accuracy Type 3: Something you are
Type I Errors: False Rejection Rate (FRR) Access is being denied to legitimate subjects. Type II Errors: False Acceptance Rate (FAR) Access is being granted to subjects who shouldn’t have access. Crossover Error Rate (CER) Point at which Type I errors equal Type II errors. The lower the CER, the more accurate the biometric. 23

24 Access Control Type 3: Something you are 24

25 Access Control Type 3: Something you are 25

26 Access Control Location-based access control.
What about Type 4??: Someplace you are Location-based access control. Used by credit card companies to control fraud. Can utilize Global Positioning Systems (GPS) or IP address based geo-location 26

27 Access Control Authentication Control Forms in Ascending (Secure) Order Something you know (password, one time password best). Something you have on your machine (key or token stored on PC). Something you have in your possession (smart card w/pin). Something you do (keystrokes, signature). Something you are (biometrics). 27

28 Two-factor / Multi-factor Authentication:
Access Control Increasing Authentication Security To increase security you can use a combination of authentication methods. Two-factor / Multi-factor Authentication: “Strong” authentication requires two (or more) different authentication types to be deployed. Ex. 1: To enter a secured building, you must insert your key card (Type 2) and undergo a retina scan (Type 3). Ex. 2: To log on to an online banking system, you enter your username, password, and then must answer a random personal question (such as your birthplace or mother's maiden name). 28

29 Mutual Authentication:
Access Control Increasing Authentication Security Mutual Authentication: Requires that both parties authenticate with each other before beginning communications. Your computer is required to use its digital certificate to prove its identity to a network server. The server is also required to prove its identity to your computer before they will exchange messages. 29

30 Access Control Pros: Cons: Single Sign On (SSO)
Enables a user to log on once and access all authorized network resources. AKA “federated identity management” Pros: Efficient logon process No need for multiple passwords Cons: Creates single point of failure Not compatible with all of systems 30

31 Access control matrix compares
Authorization Ensures the authenticated subject has access to the appropriate objects given the rights and privileges assigned to the subject. Access control matrix compares Subject Object Intended activity Wide range of variations Deny, R, RW, RWX, Modify, Full 31

32 Access Control Auditing Review & examination of records and activities
Assesses adequacy of system controls Ensures compliance with polices Detects malicious activity Evidence for prosecution Provides problem reporting and analysis 32

33 Relies upon the ability to prove a subject’s identity and activities.
Access Control Accountability Holding one accountable for their actions. Relies upon the ability to prove a subject’s identity and activities. Established by: Identification Authentication Authorization Auditing 33

34 Access Control Monitoring
Used to ensure that controls are properly employed and working effectively. Detect deviation from established access policies. Record authentication process and attempts. 34

35 Access Control Monitoring Logs should include: User IDs
Dates and times for log-n and log-off End system identity, such as- IP address, host name, or MAC address. Successful and rejected authentication and access attempts. Logs can be altered by an attacker. Log protection is therefore very important. 35

36 Access Control Audit Logs need to be reviewed regularly to see the impact of a given events to make decisions on securing the system. Use of automated tools to review the logs is the most effective way to review them. Separation of duties is critical to ensure that any one individual doesn’t have the ability to change logs to cover their tracks. 36

37 Access Control Auditing Issues and Concerns
Control the volume of data (don’t allow rollover logs) Event filtering of clipping level determines the amount of log details captured Audit tools can reduce log size Establish procedures in advance Train personnel in pertinent log review Protect and ensure against unauthorized access Disable auditing or deleting/clearing logs Protect the audit logs from unauthorized changes Store/archive audit logs securely 37

38 Access Control AAA Authentication Authorization Accountability 38

39 Access Control AAA Be sure to understand the difference between:
Access vs. Identification vs. Authentication vs. Authorization Accountability vs. Auditing 39

40 Access Control Established by Nonrepudiation
Ensures that the subject of an activity cannot deny that an activity or event occurred. Established by Identification Authentication Authorization Accountability Auditing 40

41 Access Control Review Access to data and resources are concerned with:
Identification: Who is the subject. Authentication: Verification of the subject. Authorization: What a subject can do. Access: Control between the subject & object. Accounting: What a subject has done. Auditing: Proof of Non-Repudiation. Non-Repudiation: Can’t deny an activity / event. 41

42 Separation of Duties/Responsibilities Rotation of Duties Need to Know
Access Control Principles Separation of Duties/Responsibilities Rotation of Duties Need to Know Implicit v.s. Explicit Deny Least Privilege Compartmentalization Defense in Depth 42

43 Access Control Principles Separation of Duties
- Ensures tasks are broken down and are accomplished / involve by more than one individual. - Check & balance system. 43

44 Least Privilege (Need to Know)
Access Control Principles Least Privilege (Need to Know) Users should have only the necessary (minimum) rights, privileges, or information to perform their tasks (no additional permissions). 44

45 Access Control Principles Job Rotation
- Rotation individuals through jobs / tasks. - Organization does not become dependent on a single employee. 45

46 Access Control Principles Implicit Deny
- “Deny all” authorization and access (black listed) unless specifically allowed (white listed). - Default security rule for firewalls, routers, etc… Explicit Deny - “Allow all” authorization and access (open) unless specifically disallowed (black listed). 46

47 Access Control Review Be sure to understand the difference between:
Least Privilege vs. Separation of Duties vs. Job Rotation & Implicit vs. Explicit Deny 47

48 Mandatory Access Control (MAC) Discretionary Access Control (DAC)
Methods Mandatory Access Control (MAC) Discretionary Access Control (DAC) - Rule Based Access Control Nondiscretionary Access Control Role Based Access Control (RBAC) Task Based Access Control Content-Dependent Access Control Context-Dependent Access Control Centralized v.s. Decentralized Access Control 48

49 Mandatory Access Control (MAC)
Based on Sensitivity Labels Controlled by Security Policy Administrators Users cannot over-ride Security Policy 49

50 Discretionary Access Control (DAC)
Users set privileges on information they own. Sensitivity Labels are not required. Dynamic and allows the sharing of information. Can lead to loss of Information Security Services. 50

51 Role Based Access Controls (RBAC)
Roles are created based on functions and tasks that a role will carry out. Users are assigned to roles, permissions are assigned to the roles and users only acquire permissions on assumption of the role. Permissions assigned to a billet or position (not an individual). Ideal for high turn-over positions. 51

52 Rule Based Access Controls Policy driven.
Used in routers and firewalls for network access. Access Control Lists (ACL’s) are the most common form – also a DAC. Used in NTFS. DAC system because the owner establishes the access controls. Think Hardware. 52

53 Content Dependent Access Control
Based on the actual content of the data. Uses a program to investigate the data to make decisions. Requires more processing power. Types: Database views URL Filters Virus Scanning Application Layer Proxy / Firewall Intrusion Detection / Prevention Systems 53

54 Centralized Access Control
Single entity makes access decision to resources. Strict Control over a Domain Autonomous System / Realm / Zone “Circle of Trust” Examples: RADIUS and TACACS+ server Creates single point of failure. 54

55 Decentralized Access Control
Gives control of access to the people closer to the resources, department managers, and sometimes the user. Doesn’t require a central entity. Faster – less red tape. Overlapping rights / redundant access controls. Policies not enforced uniformly Could cause security gaps. 55

56 Access Control Single Sign On Authorization Creep
Aggregation of Access Single Sign On An intentional result moderated by Directory Services. Authorization Creep User gains access rights as he/she moves around in the system or assumes new duties yet still retains past rights. 56

57 Access Control Information Classification
The practice of evaluating the sensitivity of the organization’s information to ensure that the information receives the appropriate level of protection. 57

58 Classify data by it’s need for:
Access Control Information Classification Classify data by it’s need for: Secrecy / Confidentiality Sensitivity Impact (Value or Cost) Severity (Usefulness) Determines effort, money, & resources allocated to protect data Formalize & stratify the labeling process 58

59 Access Control Classification of Information
- Sensitivity / Confidentiality Labeling Examples Unclassified (UNCLASS) For Official Use Only (FOUO) Confidential Secret (S) Secret Releasable (S//REL) Top Secret (TS) Sensitive Compartmented Information (TS/SCI) 59

60 Access Control Classification of Information Level Type
Result if Disclosed Top Secret highest grave danger Secret restricted data critical damage Confidential between secret and SBU serious damage SBU private in nature no significant damage Unclassified lowest no noticeable damage highest; extremely sensitive negative impact Private personal in nature significant negative impact Sensitive more classified than public Public no serious impact Military Commercial Proprietary data - form of confidential; drastic effects to competitive edge 60

61 Information Classification Benefits
Access Control Information Classification Benefits Establishes ownership of information Identification of Critical Information Assets Greater Understanding of the Value and Handling of Sensitive Data Better Return on Security Investment Greater understanding of the location of Information in the Infrastructure Greater Organizational Awareness 61

62 Access Control Planning for an Information Classification Program
Determine Classification Goals Establish Organizational Support Develop Policy, Standards and Procedures Develop Tools for Implementation Identify Application and Data Owners and Delegation Develop Templates, Labeling and Marking Classify Information and Applications Develop Auditing Procedures Centralize Data Repositories Train Users Periodically Review and Update Classifications Conduct Classification Assurance Testing 62

63 Access Control Bell-LaPadula Confidentiality Security Model - Principle 1: Simple Security (No Read Up) Rule No subject can read from an object with a security classification higher than possessed by the subject. - Principle 2: * - property (No Write Down) Rule Allows a subject to write to an object of equal or greater security classification. Why wouldn’t you be able to write down to a lower class? 63

64 Access Control Bell-LaPadula Confidentiality Security Model - Principle 1: Simple Security (No Read Up) Rule No subject can read from an object with a security classification higher than possessed by the subject. - Principle 2: * - property (No Write Down) Rule Allows a subject to write to an object of equal or greater security classification. Could result in overt leakage of information (spill) from a higher to a lower classification. 64

65 Allows a subject to read any object without regard to the
Access Control Biba Integrity Security Model - Policy 1: Low-Water-Mark Prevents unauthorized modification of data; subjects writing to objects of a higher integrity label. - Policy 2: Ring Allows a subject to read any object without regard to the object’s level of integrity and without lowering the subject’s integrity level. Integrity v.s. classification security models... 65

66 Access Control Capability Tables
Specifies the access rights a certain subject possesses pertaining to specific / multiple objects. A capability table is different from an ACL in that the subject is bound to the table, whereas an ACL is bound to the object. Is used in Kerberos. 66

67 Access Control Matrix (ACM)
A table of subjects and objects indicating what actions individual subjects can take upon individual objects. The table structure of an ACL. Subject and object are identified . Permissions incorporated within the matrix. 67

68 Access Control Categories Physical Controls
Technical / Logical Controls Administrative / Operational Controls Remember there is no best category. Use DiD strategy. 68

69 Access Control Physical Controls
The non-technical environment, such as locks, fire management, gates, and guards. Network segregation Perimeter security Work area separation Data backups Cabling Protected Distribution Systems (PDS) 69

70 Technical / Logical Controls
Access Control Technical / Logical Controls HW and SW mechanisms used to manage access to resources and systems and provide protection for those systems. User access Network & System access Remote access Application access Malware control Encryption 70

71 Administrative / Operational Controls
Access Control Administrative / Operational Controls Policies and procedures defined by an organization’s security policy to implement and enforce overall access control. Security Policy Operational (Security) Procedures Personnel Security, Evaluation, and Clearance Monitoring and Supervision User Management Privilege Management 71

72 Access Control Access Control Types
Preventive – Stop unwanted / unauthorized activity Deterrent – Discourage a potential attacker Detective – Identify an incident’s activities Corrective – Fix systems after an incident Recovery – Restores resources and capabilities Directive – Controls put in place due to regulation or environmental requirement Compensating – Provide alternatives to other controls (security policy, personnel supervision) 72

73 Access Control Examples by Category & Type 73 Reconstruction, Rebuild
Tape backup Disaster Recovery Plan Recovery Fire Extinguisher Unplug, Isolate, Terminate Connection Termination Corrective Layered Defense Sentry, CCTV Beware of Dog Sign; Fence Physical Logging, CCTV, Keystroke monitoring Logs, IDS Password Based Login Warning Banner Technical Supervision, Job Rotation Review Violation Report User Registration Procedures Policy Administrative Compensating Detective Preventive Deterrent Safe 73

74 Review Questions Question #1
An access control policy for a bank teller is an example of the implementation of which of the following? Rule-based policy Identity-based policy User-based policy Role-based policy 74

75 Review Questions Question #1
An access control policy for a bank teller is an example of the implementation of which of the following? Rule-based policy Identity-based policy User-based policy Role-based policy 75

76 Review Questions Question #2
Which access control policy is enforced when an environment uses a nondiscretionary model? Rule-based Role-based Identity-based Mandatory 76

77 Review Questions Question #2
Which access control policy is enforced when an environment uses a nondiscretionary model? Rule-based Role-based (Based on centralized implementation) Identity-based Mandatory 77

78 Review Questions Question #3
An access system that grants users only those rights necessary for them to perform their work is operating on which security principle? Discretionary Access Least Privilege Mandatory Access Separation of Duties 78

79 Review Questions Question #3
An access system that grants users only those rights necessary for them to perform their work is operating on which security principle? Discretionary Access Least Privilege Mandatory Access Separation of Duties 79

80 Review Questions Question #4
What is the reason for enforcing separation of duties? No one person can complete all the steps of a critical activity It induces an atmosphere for collusion It increases dependence on individuals It makes critical tasks easier to accomplish 80

81 Review Questions Question #4
What is the reason for enforcing separation of duties? No one person can complete all the steps of a critical activity It induces an atmosphere for collusion It increases dependence on individuals It makes critical tasks easier to accomplish 81

82 Review Questions Question #5
What security model is dependent on security labels? Discretionary Access Control Label-Based Access Control Mandatory Access Control Non-Discretionary Access Control 82

83 Review Questions Question #5
What security model is dependent on security labels? Discretionary Access Control Label-Based Access Control Mandatory Access Control Non-Discretionary Access Control 83

84 Review Questions Question #6
Which of the following statements pertaining to biometrics is false? Increased system sensitivity can cause a higher false rejection rate The crossover error rate is the point at which FRR equals the FAR False acceptance rate is also known as Type II error Biometrics are based on the Type 2 authentication mechanism 84

85 Review Questions Question #6
Which of the following statements pertaining to biometrics is false? Increased system sensitivity can cause a higher false rejection rate The crossover error rate is the point at which FRR equals the FAR False acceptance rate is also known as Type II error Biometrics are based on the Type 2 authentication mechanism 85

86 Review Questions Question #7
Which approach to a security program makes sure that the people actually responsible for protecting the company’s assets are DRIVING the program? The Delphi approach The top-down approach The bottom-up approach The technology approach 86

87 Review Questions Question #7
Which approach to a security program makes sure that the people actually responsible for protecting the company’s assets are DRIVING the program? The Delphi approach The top-down approach The bottom-up approach The technology approach 87

88 Review Questions Question #8
Which of the following is most likely to be useful in detecting intrusions? Access control lists Security labels Audit trails Information security policies 88

89 Review Questions Question #8
Which of the following is most likely to be useful in detecting intrusions? Access control lists Security labels Audit trails Information security policies 89

90 Review Questions Question #9
What primary role does biometrics play in access control? Authorization Authenticity Authentication Accountability 90

91 Review Questions Question #9
What primary role does biometrics play in access control? Authorization Authenticity Authentication Accountability 91

92 Review Questions Question #10
Which of the following statements relating to the Bell- LaPadula security model is FALSE? A subject is not allowed to read up. The *-property restriction can be escaped by temporarily downgrading a high level subject. A subject is not allowed to read down. It is restricted to confidentiality. 92

93 Review Questions Question #10
Which of the following statements relating to the Bell- LaPadula security model is FALSE? A subject is not allowed to read up. The *-property restriction can be escaped by temporarily downgrading a high level subject. A subject is not allowed to read down. (FALSE / NOT TYPE OF Q&A…) It is restricted to confidentiality. 93

94 Review Questions Question #11
What does the Clark-Wilson security model focus on? Confidentiality Integrity Accountability Availability 94

95 Review Questions Question #11
What does the Clark-Wilson security model focus on? Confidentiality Integrity Accountability Availability 95

96 Review Questions Question #12 (last one)
Which type of control is concerned with avoiding occurrences of risks? Deterrent controls Detective controls Preventive controls Compensating controls 96

97 Review Questions Question #12 (last one)
Which type of control is concerned with avoiding occurrences of risks? Deterrent controls Detective controls Preventive controls Compensating controls 97

98 Quiz #2 Short answer, closed book, closed notes. 98

99 probbins@hawaii.edu Questions? www2.hawaii.edu/~probbins
99

Download ppt "ISA 400 Management of Information Security"

Similar presentations

HIPAA Security Standards Emmanuelle Mirsakov USC School of Pharmacy.

HIPAA Security Standards Emmanuelle Mirsakov USC School of Pharmacy.
CISSP Luncheon Series: Access Control Systems & Methodology

CISSP Luncheon Series: Access Control Systems & Methodology
1 Chapter 8 Fundamentals of System Security. 2 Objectives In this chapter, you will: Understand the trade-offs among security, performance, and ease of.

1 Chapter 8 Fundamentals of System Security. 2 Objectives In this chapter, you will: Understand the trade-offs among security, performance, and ease of.
Access Control Methodologies

Access Control Methodologies
Chapter 2.  CIA Model  Host Security VS Network Security  Least Privileges  Layered Security  Access Controls Prepared by Mohammed Saher2.

Chapter 2.  CIA Model  Host Security VS Network Security  Least Privileges  Layered Security  Access Controls Prepared by Mohammed Saher2.
Information Security Policies and Standards

Information Security Policies and Standards
Sanjay Goel, School of Business/Center for Information Forensics and Assurance University at Albany Proprietary Information 1 Unit Outline Qualitative.

Sanjay Goel, School of Business/Center for Information Forensics and Assurance University at Albany Proprietary Information 1 Unit Outline Qualitative.
Lesson 9-Securing a Network. Overview Identifying threats to the network security. Planning a secure network.

Lesson 9-Securing a Network. Overview Identifying threats to the network security. Planning a secure network.
Computer Security: Principles and Practice

Computer Security: Principles and Practice
7-Access Control Fundamentals Dr. John P. Abraham Professor UTPA.

7-Access Control Fundamentals Dr. John P. Abraham Professor UTPA.
Network Security. Trust Relationships (Trust Zones) High trust (internal) = f c (once you gain access); g p Low trust ( ) = more controls; fewer privileges.

Network Security. Trust Relationships (Trust Zones) High trust (internal) = f c (once you gain access); g p Low trust ( ) = more controls; fewer privileges.
Network security policy: best practices

Network security policy: best practices
Security Risk Management Marcus Murray, CISSP, MVP (Security) Senior Security Advisor, Truesec

Security Risk Management Marcus Murray, CISSP, MVP (Security) Senior Security Advisor, Truesec
D ATABASE S ECURITY Proposed by Abdulrahman Aldekhelallah University of Scranton – CS521 Spring2015.

D ATABASE S ECURITY Proposed by Abdulrahman Aldekhelallah University of Scranton – CS521 Spring2015.
Effectively Integrating Information Technology (IT) Security into the Acquisition Process Section 5: Security Controls.

Effectively Integrating Information Technology (IT) Security into the Acquisition Process Section 5: Security Controls.
Air Force Association (AFA) 1. 1.Access Control 2.Four Steps to Access 3.How Does it Work? 4.User and Guest Accounts 5.Administrator Accounts 6.Threat.

Air Force Association (AFA) 1. 1.Access Control 2.Four Steps to Access 3.How Does it Work? 4.User and Guest Accounts 5.Administrator Accounts 6.Threat.
Chapter 10: Authentication Guide to Computer Network Security.

Chapter 10: Authentication Guide to Computer Network Security.
Tonight 1) Where we are 2) Article Presentation(s) 3) Quiz 4) Lecture 5) In-class lab(s)

Tonight 1) Where we are 2) Article Presentation(s) 3) Quiz 4) Lecture 5) In-class lab(s)
SEC835 Database and Web application security Information Security Architecture.

SEC835 Database and Web application security Information Security Architecture.
Tutorial Chapter 5. 2 Question 1: What are some information technology tools that can affect privacy? How are these tools used to commit computer crimes?

Tutorial Chapter 5. 2 Question 1: What are some information technology tools that can affect privacy? How are these tools used to commit computer crimes?

Similar presentations

Ads by Google