SlideShare a Scribd company logo

Cis326week1lesson1

Download as PPT, PDF
F
Fahad_1

This document provides an overview of the topics covered in a computer security course, including passwords, encryption, authentication, and key management. It recommends several books for additional reading and references websites with online security and cryptography courses. The main aspects of security are prevention, detection, and reaction. Computer security deals with preventing unauthorized access and detecting abuse by system users.

TechnologyNews & Politics
1 of 20
1 Computer Security CIS326 Dr Rachel Shipsey
2 This course will cover the following topics: • passwords • access controls • symmetric and asymmetric encryption • confidentiality • authentication and certification • security for electronic mail • key management
3 The following books are recommended as additional reading to the CIS326 study guide • Computer Security by Dieter Gollman • Secrets and Lies by Bruce Schneier • Security in Computing by Charles Pfleeger • Network Security Essentials by William Stallings • Cryptography - A Very Short Introduction by Fred Piper and Sean Murphy • Practical Cryptography by Niels Ferguson and Bruce Schneier
4 There are also many websites dealing with the subjects discussed in this course. For example, the following website provides links to a large number of sites who have security and cryptography course on-line: http://avirubin.com/courses.html
5 What is Security? Security is the protection of assets. The three main aspects are: • prevention • detection • re-action
6 Some differences between traditional security and information security • Information can be stolen - but you still have it • Confidential information may be copied and sold - but the theft might not be detected • The criminals may be on the other side of the world
7 Computer Security deals with the prevention and detection of unauthorised actions by users of a computer system.
8 There is no single definition of security What features should a computer security system provide?
9 Confidentiality • The prevention of unauthorised disclosure of information. • Confidentiality is keeping information secret or private. • Confidentiality might be important for military, business or personal reasons.
10 Integrity • Integrity is the unauthorised writing or modification of information. • Integrity means that there is an external consistency in the system - everything is as it is expected to be. • Data integrity means that the data stored on a computer is the same as the source documents.
11 Availability • Information should be accessible and useable upon appropriate demand by an authorised user. • Availability is the prevention of unauthorised withholding of information. • Denial of service attacks are a common form of attack.
12 Non-repudiation • Non-repudiation is the prevention of either the sender or the receiver denying a transmitted message. • A system must be able to prove that certain messages were sent and received. • Non-repudiation is often implemented by using digital signatures.
13 Authentication • Proving that you are who you say you are, where you say you are, at the time you say it is. • Authentication may be obtained by the provision of a password or a scan of your retina.
14 Access Controls • The limitation and control of access through identification and authentication. • A system needs to be able to indentify and authenticate users for access to data, applications and hardware. • In a large system there may be a complex structure determining which users and applications have access to which objects.
15 Accountability • The system managers are accountable to scrutiny from outside. • Audit trails must be selectively kept and protected so that actions affecting security can be traced back to the responsible party
16 Security systems • A security system is not just a computer package. It also requires security conscious personnel who respect the procedures and their role in the system. • Conversely, a good security system should not rely on personnel having security expertise.
17 Risk Analysis • The disadvantages of a security system are that they are time-consuming, costly, often clumsy, and impede management and smooth running of the organisation. • Risk analysis is the study of the cost of a particular system against the benefits of the system.
18 Designing a Security System There are a number of design considerations: • Does the system focus on the data, operations or the users of the system? • What level should the security system operate from? Should it be at the level of hardware, operating system or applications package? • Should it be simple or sophisticated? • In a distributed system, should the security be centralised or spread? • How do you secure the levels below the level of the security system?
19 Security Models A security model is a means for formally expressing the rules of the security policy in an abstract detached way. The model should be: • easy to comprehend • without ambiguities • possible to implement • a reflection of the policies of the organisation.
20 Summary By now you should have some idea about • Why we need computer security (prevention, detection and re-action) • What a computer security system does (confidentiality, integrity, availability, non- repudiation, authentication, access control, accountability) • What computer security exerts do (design, implement and evaluate security systems)

Recommended

Computer security
Computer securityComputer security
Computer security
YUSRA FERNANDO
 
security and ethical challenges in information systems
security and ethical challenges in information systemssecurity and ethical challenges in information systems
security and ethical challenges in information systems
hilal12
 
Information security challenges in today’s banking environment
Information security challenges in today’s banking environmentInformation security challenges in today’s banking environment
Information security challenges in today’s banking environment
Evan Francen
 
Smart city project's Information Security challenges
Smart city project's Information Security challenges Smart city project's Information Security challenges
Smart city project's Information Security challenges
Behak Kangarloo
 
Lesson 2 Cryptography tools
Lesson 2 Cryptography toolsLesson 2 Cryptography tools
Lesson 2 Cryptography tools
MLG College of Learning, Inc
 
Network Security Goals
Network Security GoalsNetwork Security Goals
Network Security Goals
Kabul Education University
 
Cia security model
Cia security modelCia security model
Cia security model
Imran Ahmed
 
Computer security concepts
Computer security conceptsComputer security concepts
Computer security concepts
G Prachi
 

Recommended

Computer security
Computer securityComputer security
Computer security
YUSRA FERNANDO
 
security and ethical challenges in information systems
security and ethical challenges in information systemssecurity and ethical challenges in information systems
security and ethical challenges in information systems
hilal12
 
Information security challenges in today’s banking environment
Information security challenges in today’s banking environmentInformation security challenges in today’s banking environment
Information security challenges in today’s banking environment
Evan Francen
 
Smart city project's Information Security challenges
Smart city project's Information Security challenges Smart city project's Information Security challenges
Smart city project's Information Security challenges
Behak Kangarloo
 
Lesson 2 Cryptography tools
Lesson 2 Cryptography toolsLesson 2 Cryptography tools
Lesson 2 Cryptography tools
MLG College of Learning, Inc
 
Network Security Goals
Network Security GoalsNetwork Security Goals
Network Security Goals
Kabul Education University
 
Cia security model
Cia security modelCia security model
Cia security model
Imran Ahmed
 
Computer security concepts
Computer security conceptsComputer security concepts
Computer security concepts
G Prachi
 
Introduction to information security
Introduction to information securityIntroduction to information security
Introduction to information security
Kumawat Dharmpal
 
Lesson 2
Lesson 2Lesson 2
Lesson 2
MLG College of Learning, Inc
 
Introduction to Network Security
Introduction to Network SecurityIntroduction to Network Security
Introduction to Network Security
John Ely Masculino
 
06. security concept
06. security concept06. security concept
06. security concept
Muhammad Ahad
 
Lesson 2 - IDPS
Lesson 2 - IDPSLesson 2 - IDPS
Lesson 2 - IDPS
MLG College of Learning, Inc
 
Information and network security 2 nist security definition
Information and network security 2 nist security definitionInformation and network security 2 nist security definition
Information and network security 2 nist security definition
Vaibhav Khanna
 
Ppt.1
Ppt.1Ppt.1
Ppt.1
veeresh35
 
Lesson 3- Remote Access
Lesson 3- Remote AccessLesson 3- Remote Access
Lesson 3- Remote Access
MLG College of Learning, Inc
 
Information and network security 3 security challenges
Information and network security 3 security challengesInformation and network security 3 security challenges
Information and network security 3 security challenges
Vaibhav Khanna
 
Lesson 3
Lesson 3Lesson 3
Lesson 3
MLG College of Learning, Inc
 
Database security
Database securityDatabase security
Database security
Zubair Rahim
 
Information security
Information security Information security
Information security
razendar79
 
Introduction to information security
Introduction to information securityIntroduction to information security
Introduction to information security
jayashri kolekar
 
Technical seminar on Security
Technical seminar on Security Technical seminar on Security
Technical seminar on Security
STS
 
Lesson 1
Lesson 1Lesson 1
Lesson 1
MLG College of Learning, Inc
 
Information and network security 1 introduction
Information and network security 1 introductionInformation and network security 1 introduction
Information and network security 1 introduction
Vaibhav Khanna
 
Data Security Explained
Data Security ExplainedData Security Explained
Data Security Explained
Happiest Minds Technologies
 
Chapter 1: Overview of Network Security
Chapter 1: Overview of Network SecurityChapter 1: Overview of Network Security
Chapter 1: Overview of Network Security
Shafaan Khaliq Bhatti
 
Computer Security Primer - Eric Vanderburg - JURINNOV
Computer Security Primer - Eric Vanderburg - JURINNOVComputer Security Primer - Eric Vanderburg - JURINNOV
Computer Security Primer - Eric Vanderburg - JURINNOV
Eric Vanderburg
 
Network security
Network securityNetwork security
Network security
quest university nawabshah
 
Ch 3 95
Ch 3 95Ch 3 95
Ch 3 95
Jecka Cortez
 
интеллигенция в 1980 е гг.
интеллигенция в 1980 е гг.интеллигенция в 1980 е гг.
интеллигенция в 1980 е гг.
Alexandre1234567
 

More Related Content

What's hot

Introduction to Network Security
Introduction to Network SecurityIntroduction to Network Security
Introduction to Network Security
John Ely Masculino
 

What's hot (20)

Introduction to information security
Introduction to information securityIntroduction to information security
Introduction to information security
 
Lesson 2
Lesson 2Lesson 2
Lesson 2
 
Introduction to Network Security
Introduction to Network SecurityIntroduction to Network Security
Introduction to Network Security
 
06. security concept
06. security concept06. security concept
06. security concept
 
Lesson 2 - IDPS
Lesson 2 - IDPSLesson 2 - IDPS
Lesson 2 - IDPS
 
Information and network security 2 nist security definition
Information and network security 2 nist security definitionInformation and network security 2 nist security definition
Information and network security 2 nist security definition
 
Ppt.1
Ppt.1Ppt.1
Ppt.1
 
Lesson 3- Remote Access
Lesson 3- Remote AccessLesson 3- Remote Access
Lesson 3- Remote Access
 
Information and network security 3 security challenges
Information and network security 3 security challengesInformation and network security 3 security challenges
Information and network security 3 security challenges
 
Lesson 3
Lesson 3Lesson 3
Lesson 3
 
Database security
Database securityDatabase security
Database security
 
Information security
Information security Information security
Information security
 
Introduction to information security
Introduction to information securityIntroduction to information security
Introduction to information security
 
Technical seminar on Security
Technical seminar on Security Technical seminar on Security
Technical seminar on Security
 
Lesson 1
Lesson 1Lesson 1
Lesson 1
 
Information and network security 1 introduction
Information and network security 1 introductionInformation and network security 1 introduction
Information and network security 1 introduction
 
Data Security Explained
Data Security ExplainedData Security Explained
Data Security Explained
 
Chapter 1: Overview of Network Security
Chapter 1: Overview of Network SecurityChapter 1: Overview of Network Security
Chapter 1: Overview of Network Security
 
Computer Security Primer - Eric Vanderburg - JURINNOV
Computer Security Primer - Eric Vanderburg - JURINNOVComputer Security Primer - Eric Vanderburg - JURINNOV
Computer Security Primer - Eric Vanderburg - JURINNOV
 
Network security
Network securityNetwork security
Network security
 

Viewers also liked

интеллигенция в 1980 е гг.
интеллигенция в 1980 е гг.интеллигенция в 1980 е гг.
интеллигенция в 1980 е гг.
Alexandre1234567
 
top level view of computer function and interconnection
top level view of computer function and interconnectiontop level view of computer function and interconnection
top level view of computer function and interconnection
Sajid Marwat
 
Chapter 3 - Top Level View of Computer / Function and Interconection
Chapter 3 - Top Level View of Computer / Function and InterconectionChapter 3 - Top Level View of Computer / Function and Interconection
Chapter 3 - Top Level View of Computer / Function and Interconection
César de Souza
 
Physical Layer
Physical LayerPhysical Layer
Physical Layer
rosmida
 

Viewers also liked (10)

Ch 3 95
Ch 3 95Ch 3 95
Ch 3 95
 
интеллигенция в 1980 е гг.
интеллигенция в 1980 е гг.интеллигенция в 1980 е гг.
интеллигенция в 1980 е гг.
 
top level view of computer function and interconnection
top level view of computer function and interconnectiontop level view of computer function and interconnection
top level view of computer function and interconnection
 
Chapter 3 - Top Level View of Computer / Function and Interconection
Chapter 3 - Top Level View of Computer / Function and InterconectionChapter 3 - Top Level View of Computer / Function and Interconection
Chapter 3 - Top Level View of Computer / Function and Interconection
 
Physical Layer
Physical LayerPhysical Layer
Physical Layer
 
Network Fundamentals: Ch8 - Physical Layer
Network Fundamentals: Ch8 - Physical LayerNetwork Fundamentals: Ch8 - Physical Layer
Network Fundamentals: Ch8 - Physical Layer
 
Physical Layer
Physical LayerPhysical Layer
Physical Layer
 
Lecture3 Physical Layer
Lecture3 Physical LayerLecture3 Physical Layer
Lecture3 Physical Layer
 
Physical Layer of ISO-OSI model and Devices
Physical Layer of ISO-OSI model and DevicesPhysical Layer of ISO-OSI model and Devices
Physical Layer of ISO-OSI model and Devices
 
Computer function-and-interconnection 3
Computer function-and-interconnection 3Computer function-and-interconnection 3
Computer function-and-interconnection 3
 

Similar to Cis326week1lesson1

Lecture 01- What is Information Security.ppt
Lecture 01- What is Information Security.pptLecture 01- What is Information Security.ppt
Lecture 01- What is Information Security.ppt
shahadd2021
 
Lecture Data Classification And Data Loss Prevention
Lecture Data Classification And Data Loss PreventionLecture Data Classification And Data Loss Prevention
Lecture Data Classification And Data Loss Prevention
Nicholas Davis
 
Data Classification And Loss Prevention
Data Classification And Loss PreventionData Classification And Loss Prevention
Data Classification And Loss Prevention
Nicholas Davis
 
Lecture data classification_and_data_loss_prevention
Lecture data classification_and_data_loss_preventionLecture data classification_and_data_loss_prevention
Lecture data classification_and_data_loss_prevention
Nicholas Davis
 
Data Network Security
Data Network SecurityData Network Security
Data Network Security
Atif Rehmat
 
Security & Risk Mgmt_WK1.pptx
Security & Risk Mgmt_WK1.pptxSecurity & Risk Mgmt_WK1.pptx
Security & Risk Mgmt_WK1.pptx
dotco
 

Similar to Cis326week1lesson1 (20)

Network Security
Network SecurityNetwork Security
Network Security
 
Security Management in Cloud Computing by Shivani Gogia - Aravali College of ...
Security Management in Cloud Computing by Shivani Gogia - Aravali College of ...Security Management in Cloud Computing by Shivani Gogia - Aravali College of ...
Security Management in Cloud Computing by Shivani Gogia - Aravali College of ...
 
Ch1 cse
Ch1 cseCh1 cse
Ch1 cse
 
security in is.pptx
security in is.pptxsecurity in is.pptx
security in is.pptx
 
17 info sec_ma_imt_27_2_2012
17 info sec_ma_imt_27_2_201217 info sec_ma_imt_27_2_2012
17 info sec_ma_imt_27_2_2012
 
Introduction to Cybersecurity.pdf
Introduction to Cybersecurity.pdfIntroduction to Cybersecurity.pdf
Introduction to Cybersecurity.pdf
 
Lecture 01- What is Information Security.ppt
Lecture 01- What is Information Security.pptLecture 01- What is Information Security.ppt
Lecture 01- What is Information Security.ppt
 
Lecture Data Classification And Data Loss Prevention
Lecture Data Classification And Data Loss PreventionLecture Data Classification And Data Loss Prevention
Lecture Data Classification And Data Loss Prevention
 
Data Classification And Loss Prevention
Data Classification And Loss PreventionData Classification And Loss Prevention
Data Classification And Loss Prevention
 
Lecture data classification_and_data_loss_prevention
Lecture data classification_and_data_loss_preventionLecture data classification_and_data_loss_prevention
Lecture data classification_and_data_loss_prevention
 
Information Security
Information SecurityInformation Security
Information Security
 
ISBB_Chapter6.pptx
ISBB_Chapter6.pptxISBB_Chapter6.pptx
ISBB_Chapter6.pptx
 
informations_security_presentations.pptx
informations_security_presentations.pptxinformations_security_presentations.pptx
informations_security_presentations.pptx
 
SECURITY AND CONTROL
SECURITY AND CONTROLSECURITY AND CONTROL
SECURITY AND CONTROL
 
Presentation2 (2)
Presentation2 (2)Presentation2 (2)
Presentation2 (2)
 
Information Security
Information SecurityInformation Security
Information Security
 
Data Network Security
Data Network SecurityData Network Security
Data Network Security
 
Security & Risk Mgmt_WK1.pptx
Security & Risk Mgmt_WK1.pptxSecurity & Risk Mgmt_WK1.pptx
Security & Risk Mgmt_WK1.pptx
 
Security & Risk Mgmt_WK1.pptx
Security & Risk Mgmt_WK1.pptxSecurity & Risk Mgmt_WK1.pptx
Security & Risk Mgmt_WK1.pptx
 
chapter 1. Introduction to Information Security
chapter 1. Introduction to Information Security chapter 1. Introduction to Information Security
chapter 1. Introduction to Information Security
 

Recently uploaded

Ransomware_Q4_2023. The report. [EN].pdf
Ransomware_Q4_2023. The report. [EN].pdfRansomware_Q4_2023. The report. [EN].pdf
Ransomware_Q4_2023. The report. [EN].pdf
Overkill Security
 
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire business
panagenda
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Miguel Araújo
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Drew Madelung
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
sammart93
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?
Igalia
 

Recently uploaded (20)

How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Script
 
Ransomware_Q4_2023. The report. [EN].pdf
Ransomware_Q4_2023. The report. [EN].pdfRansomware_Q4_2023. The report. [EN].pdf
Ransomware_Q4_2023. The report. [EN].pdf
 
FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024
 
MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a Fresher
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century education
 
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
 
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire business
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
 
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ..."I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
 
Artificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : UncertaintyArtificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : Uncertainty
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?
 
MS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectorsMS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectors
 
A Beginners Guide to Building a RAG App Using Open Source Milvus
A Beginners Guide to Building a RAG App Using Open Source MilvusA Beginners Guide to Building a RAG App Using Open Source Milvus
A Beginners Guide to Building a RAG App Using Open Source Milvus
 

Cis326week1lesson1

  • 2. 2 This course will cover the following topics: • passwords • access controls • symmetric and asymmetric encryption • confidentiality • authentication and certification • security for electronic mail • key management
  • 3. 3 The following books are recommended as additional reading to the CIS326 study guide • Computer Security by Dieter Gollman • Secrets and Lies by Bruce Schneier • Security in Computing by Charles Pfleeger • Network Security Essentials by William Stallings • Cryptography - A Very Short Introduction by Fred Piper and Sean Murphy • Practical Cryptography by Niels Ferguson and Bruce Schneier
  • 4. 4 There are also many websites dealing with the subjects discussed in this course. For example, the following website provides links to a large number of sites who have security and cryptography course on-line: http://avirubin.com/courses.html
  • 5. 5 What is Security? Security is the protection of assets. The three main aspects are: • prevention • detection • re-action
  • 6. 6 Some differences between traditional security and information security • Information can be stolen - but you still have it • Confidential information may be copied and sold - but the theft might not be detected • The criminals may be on the other side of the world
  • 7. 7 Computer Security deals with the prevention and detection of unauthorised actions by users of a computer system.
  • 8. 8 There is no single definition of security What features should a computer security system provide?
  • 9. 9 Confidentiality • The prevention of unauthorised disclosure of information. • Confidentiality is keeping information secret or private. • Confidentiality might be important for military, business or personal reasons.
  • 10. 10 Integrity • Integrity is the unauthorised writing or modification of information. • Integrity means that there is an external consistency in the system - everything is as it is expected to be. • Data integrity means that the data stored on a computer is the same as the source documents.
  • 11. 11 Availability • Information should be accessible and useable upon appropriate demand by an authorised user. • Availability is the prevention of unauthorised withholding of information. • Denial of service attacks are a common form of attack.
  • 12. 12 Non-repudiation • Non-repudiation is the prevention of either the sender or the receiver denying a transmitted message. • A system must be able to prove that certain messages were sent and received. • Non-repudiation is often implemented by using digital signatures.
  • 13. 13 Authentication • Proving that you are who you say you are, where you say you are, at the time you say it is. • Authentication may be obtained by the provision of a password or a scan of your retina.
  • 14. 14 Access Controls • The limitation and control of access through identification and authentication. • A system needs to be able to indentify and authenticate users for access to data, applications and hardware. • In a large system there may be a complex structure determining which users and applications have access to which objects.
  • 15. 15 Accountability • The system managers are accountable to scrutiny from outside. • Audit trails must be selectively kept and protected so that actions affecting security can be traced back to the responsible party
  • 16. 16 Security systems • A security system is not just a computer package. It also requires security conscious personnel who respect the procedures and their role in the system. • Conversely, a good security system should not rely on personnel having security expertise.
  • 17. 17 Risk Analysis • The disadvantages of a security system are that they are time-consuming, costly, often clumsy, and impede management and smooth running of the organisation. • Risk analysis is the study of the cost of a particular system against the benefits of the system.
  • 18. 18 Designing a Security System There are a number of design considerations: • Does the system focus on the data, operations or the users of the system? • What level should the security system operate from? Should it be at the level of hardware, operating system or applications package? • Should it be simple or sophisticated? • In a distributed system, should the security be centralised or spread? • How do you secure the levels below the level of the security system?
  • 19. 19 Security Models A security model is a means for formally expressing the rules of the security policy in an abstract detached way. The model should be: • easy to comprehend • without ambiguities • possible to implement • a reflection of the policies of the organisation.
  • 20. 20 Summary By now you should have some idea about • Why we need computer security (prevention, detection and re-action) • What a computer security system does (confidentiality, integrity, availability, non- repudiation, authentication, access control, accountability) • What computer security exerts do (design, implement and evaluate security systems)