Presentation is loading. Please wait.

Presentation is loading. Please wait.

Security Mark A. Magumba. Definitions Security implies the minimization of threats and vulnerabilities A security threat is a harmful event or object.

Published byJob Leslie Lyons Modified over 8 years ago

Similar presentations

Presentation on theme: "Security Mark A. Magumba. Definitions Security implies the minimization of threats and vulnerabilities A security threat is a harmful event or object."— Presentation transcript:

1 Security Mark A. Magumba

2 Definitions Security implies the minimization of threats and vulnerabilities A security threat is a harmful event or object that poses danger to the system Threats are measured according to their probability and impact Examples of threats include malware like viruses and trojans, hacking, man in the middle attacks

3 Vulnerabilities A vulnerability is a weakness that allows a threat to occur Examples of vulnerabilities – Weak passwords – Poor configuration – Poor security policies

4 The CIA model Security based on three pillars – Confidentiality Ensuring that there is no undue disclosure of information to unauthorized parties Involves measures like passwords, encryption, Intrusion Detection – Integrity Ensures there are no unauthorized changes to data and systems Involves measures like checksums, parity checking, logging and system auditing

5 The CIA model Availability – Is about ensuring that resources and data are available to authorized users when they need them

6 Risk Assessment It is important to do a risk assessment to determine what security measures to implement Security implementation can be expensive therefore priorities have to be made in order to protect the most critical systems For instance a common classification is as follows: – mission critical systems as level 1 (usually 5% of an organization’s systems), – systems that are required but not critical and can endure some amount of downtime as level 2 (usually 20% of an organization’s systems), – and a local Desktop computer as a Level 3 system (usually 75% of an organization’s systems) The more critical a system is the more security should be applied

7 Security Policy A security policy is a document that outlines how security will be implemented in an organization It helps to standardize security and set security goals upon which to evaluate organizational security

8 Security Standards Security standards are used to standardize security across organizations and solutions They describe the security capabilities of a given solution These security capabilities do not necessarily translate into actual security but describe the attainable level of security for a particular system For security conscious organizations IT products may be required to pass a certain security certification

9 Security Standards Information Technology Security Evaluation Criteria (ITSEC) is a European security standard Trusted Systems evaluation Criteria (TSEC) is an American Security standard developed by DoD Both standards are organized into levels A system may be said to be TSEC level B compliant which means it satisfies security functionality described in the TSEC’s standard level A

10 Practical elements of security Authentication – Involves parties proving they are who they claim to be and includes where you are authentication which is based on where a party is for instance systems that use source ip address to grant or revoke access What you have authentication which relies on what a user has for instance an access card What you are authentication which relies on some biological trait like finger print or voice recognition What you know authentication which relies on what you know for instance a password – Multifactor authentication which combines what you are, where you are, who you are and what you know to provide more complete authentication

11 Practical elements of security Authorization – Involves granting access to resources to authorized users and revoking it from unauthorized users – The level of authorization is defined in terms of permissions – Common permissions include read, write, execute – Authorization systems rely on access control lists

12 Practical elements of security Encryption – Is the transformation of human readable plain text to unreadable cypher text – It employs an encryption algorithm which uses an encryption key – To be rendered readable the cypher text must be decrypted using the algorithm and decryption key – Only the intended recipient may have the correct decryption key – Without it even if information fell into the wrong hands it would be of no use to them

13 Practical elements of security Auditing – Involves monitoring systems to ensure that security objectives are being met – Usually implemented through logging – Logging is the automatic recording of important system events – The depth and extent of logging depends on your system’s risk profile

Download ppt "Security Mark A. Magumba. Definitions Security implies the minimization of threats and vulnerabilities A security threat is a harmful event or object."

Similar presentations

Protection of Information Assets I. Joko Dewanto 1.

Protection of Information Assets I. Joko Dewanto 1.
Chap 1: Overview Concepts of CIA: confidentiality, integrity, and availability Confidentiality: concealment of information –The need arises from sensitive.

Chap 1: Overview Concepts of CIA: confidentiality, integrity, and availability Confidentiality: concealment of information –The need arises from sensitive.
DESIGNING A PUBLIC KEY INFRASTRUCTURE

DESIGNING A PUBLIC KEY INFRASTRUCTURE
Security Controls – What Works

Security Controls – What Works
Chapter 1 – Introduction

Chapter 1 – Introduction
Information Security Policies and Standards

Information Security Policies and Standards
Security+ Guide to Network Security Fundamentals

Security+ Guide to Network Security Fundamentals
19.1 Silberschatz, Galvin and Gagne ©2003 Operating System Concepts with Java Chapter 19: Security The Security Problem Authentication Program Threats.

19.1 Silberschatz, Galvin and Gagne ©2003 Operating System Concepts with Java Chapter 19: Security The Security Problem Authentication Program Threats.
6/4/2015National Digital Certification Agency1 Security Engineering and PKI Applications in Modern Enterprises Mohamed HAMDI National.

6/4/2015National Digital Certification Agency1 Security Engineering and PKI Applications in Modern Enterprises Mohamed HAMDI National.
1 An Overview of Computer Security computer security.

1 An Overview of Computer Security computer security.
Introducing Computer and Network Security

Introducing Computer and Network Security
© 2008 Prentice Hall Business Publishing Accounting Information Systems, 11/e Romney/Steinbart1 of 222 C HAPTER 7 Information Systems Controls for Systems.

© 2008 Prentice Hall Business Publishing Accounting Information Systems, 11/e Romney/Steinbart1 of 222 C HAPTER 7 Information Systems Controls for Systems.
Silberschatz, Galvin and Gagne  2002 19.1 Operating System Concepts Module 19: Security The Security Problem Authentication Program Threats System Threats.

Silberschatz, Galvin and Gagne  Operating System Concepts Module 19: Security The Security Problem Authentication Program Threats System Threats.
Computer Security: Principles and Practice

Computer Security: Principles and Practice
Security Overview. 2 Objectives Understand network security Understand security threat trends and their ramifications Understand the goals of network.

Security Overview. 2 Objectives Understand network security Understand security threat trends and their ramifications Understand the goals of network.
Stephen S. Yau CSE 465-591, Fall 2006 1 Security Strategies.

Stephen S. Yau CSE , Fall Security Strategies.
Brian Bradley.  Data is any type of stored digital information.  Security is about the protection of assets.  Prevention: measures taken to protect.

Brian Bradley.  Data is any type of stored digital information.  Security is about the protection of assets.  Prevention: measures taken to protect.
Fraud Prevention and Risk Management

Fraud Prevention and Risk Management
11 CERTIFICATE SERVICES AND SECURE AUTHENTICATION Chapter 10.

11 CERTIFICATE SERVICES AND SECURE AUTHENTICATION Chapter 10.
Security Risk Management Marcus Murray, CISSP, MVP (Security) Senior Security Advisor, Truesec

Security Risk Management Marcus Murray, CISSP, MVP (Security) Senior Security Advisor, Truesec

Similar presentations

Ads by Google