• No results found

lec 1-IS

N/A
N/A
Info
Download
Protected

Academic year: 2020

Share "lec 1-IS"

Copied!
37
0
0

Loading.... (view fulltext now)

Download now ( 37 Page )

Full text

(1)

Information Security

(2)

Roadmap

Security?

• Security types

• Possible Security violation

Key objectives of computer securityOSI security architecture

(3)

What is Security?

“The quality or state of being secure—to be

free from danger”

A successful organization should have multiple

layers of security in place:

Physical securityPersonal security

Operations security

Communications security

(4)

What is security?

The protection of information and its

critical elements, including systems and hardware that use, store, and transmit that information

• Necessary tools: policy, awareness,

(5)

Definitions

Computer Security - generic name for

the collection of tools designed to protect data and to thwart hackers

Network Security - measures to protect

data during their transmission over a network

Internet Security - measures to protect

(6)

Information security:

a “well-informed sense of assurance that

(7)

Network and Internet security

The field of network and Internet

(8)

Possible security violations:

User A transmits a file to user B. The file

(9)

D transmits a message to computer E,

instructing E to update an authorization

(10)

User F constructs its own message and

transmits to E as if coming from D

(11)

Key objectives of

computer Security

:

Three key objectives of computer security are:

• Confidentiality • Integrity

• Availability

Two additional most commonly mentioned security concepts :

(12)

Confidentiality:

This term covers two related concepts:

Data confidentiality:

Assures that private or confidential information is not made available or disclosed to unauthorized individuals.

Privacy:

(13)

Integrity

This term covers two related concepts:

Data integrity:

Assures that information and programs are changed only in a specified and authorized manner.

System integrity:

(14)

Availability

(15)
(16)

Authenticity:

The property of being genuine and being

able to be verified and trusted; confidence in the validity of a transmission, a message, or message originator.

This means verifying that users are who

(17)

Accountability

The security goal that generates the

requirement for actions of an entity to be traced uniquely to that entity. This supports nonrepudiation, deterrence, fault

isolation, intrusion detection and

(18)

OSI Security architecture

ITU-T X.800 Security Architecture for OSI local copy defines a systematic way of defining and providing security requirements provides a useful, although abstract, overview of network security concepts

The OSI security architecture focuses on

security attack

(19)

Security Attack

any action that compromises the security of information

owned by an organization

information security is about how to prevent attacks, or

failing that, to detect attacks on information-based systems

have a wide range of attacks

Threat Vs. Attack

Threat: a circumstance or scenario with the potential to

exploit a vulnerability, and cause harm to a system.

(20)

Classify Security Attacks as

passive attacks - eavesdropping on, or

monitoring of, transmissions to:

obtain message contents, or

monitor traffic flows

active attacks -modification of data stream to:

masquerade of one entity as some other

replay previous messages

(21)
(22)
(23)
(24)
(25)
(26)
(27)
(28)

Security Service

is something that enhances the security of the

data processing systems and the information transfers of an organization

– intended to counter security attacks

make use of one or more security mechanisms

to provide the service

– replicate functions normally associated with

physical documents

eg have signatures, dates; need protection

(29)

Security Services

 X.800 defines it as:

A service provided by a protocol layer of

communicating open systems, which ensures adequate security of the systems or of data transfers

 RFC 2828 defines it as:

A processing or communication service provided by a system to give a specific kind of protection to system resources

(30)

Security Services (X.800)

Authentication - assurance that the communicating entity is

the one claimed

Access Control - prevention of the unauthorized use of a

resource

Data Confidentiality –protection of data from unauthorized

disclosure

Data Integrity - assurance that data received is as sent by an

authorized entity

Non-Repudiation - protection against denial by one of the

(31)

Security Mechanism

A mechanism that is designed to detect, prevent,

or recover from a security attack.

Examples of mechanisms are encryption

(32)

Security Mechanisms (X.800)

specific security mechanisms:

encipherment, digital signatures, access

controls, data integrity, authentication

exchange, traffic padding, routing control, notarization

• pervasive security mechanisms:

trusted functionality, security labels, event

(33)

Key information security concepts • Access • Asset • Attack • Control, safeguard / Countermeasure • Exploit • Exposure • Loss • Risk

• Subjects and

objects

• Threat

(34)

Security Policy

At the least, a security policy is an

informal description of desired systems behaviors.

• More usefully, a security policy is a formal

statement of rules and practices that specify or regulate how a system or

organization provides security services to protect sensitive and critical system

(35)

Factors needed to consider while developing a

Security Policy

(36)

Security

Implementation

Security implementation involves four complementary course of actions

(37)

References

Download now ( PPTX - 37 Page - 563.42 KB )

Related documents

Muscle Excitation of the Lower Extremity During a Single Leg Rotational Squat in Individuals With and Without a Previous Hamstrings Strain Injury

The purpose of this study was to determine if differences in lower extremity muscle excitation are present in individuals with a previous hamstrings injury, as compared

Exchange market pressure and the credibility of Macau's currency Board

As a result, the CBA’s credibility is re fl ected in the narrowing of interest rate di ff erentials vis-à-vis the anchor currency, exchange rate and/or foreign reserves stability

Brush talk as the 'lingua franca' of diplomacy in Japanese-Korean encounters, c. 1600–1868.

As an example of non-state actors in early modern diplomatic history, this article focuses on the well-documented encounters between embassies from Chosŏn Korea and their Japanese

econstor zbw

Individuals are more likely to join the programmer community (and will start to free ride at a later point in time), when they receive a greater benefit from the OSS, have a longer

On the Benefits of a Monetary Union: does it pay to be bigger?

The welfare benefits of a monetary union are due to two main channels: the internalization of all the external effects produced within the monetary union by the national

ABA Training CONVENIENT. AFFORDABLE. ONLINE.

ABA Small Business Banker Certificate $595 • Banking Today or Principles of Banking • Calling on Small Business Customers • Credit Products for Small Businesses. • Deposit

Income levels,governance and inlusive human development in Sub-Saharan Africa

In the light of the above, rising income levels in Africa will contribute to inclusive development in the post-2015 agenda because the conception, definition

LACTIL. Product data record (PDR) Sodium Lactate; Sodium PCA; Glycine; Fructose; Urea; Niacinamide; Inositol; Sodium Benzoate; Lactic Acid

http://eur-lex.europa.eu/LexUriServ/LexUriServ.do?uri=OJ:L:2009:342:0059:0209:en:PDF Some of the CMR substances mentioned below and listed in Annex VI to Regulation (EC) No