SlideShare une entreprise Scribd logo

System security

Télécharger en tant que PPTX, PDF
S
sommerville-videos

Accompanies video on my YouTube channel on system security

TechnologieActualités & Politique
1  sur  18
System security System security, 2013 Slide 1
Security • The security of a system is a system property that reflects the system’s ability to protect itself from accidental or deliberate external attack. System security, 2013 Slide 2
Principal dependability properties System security, 2013 Slide 3
• Security is essential as most systems are networked so that external access to the system through the Internet is possible. • Security is a pre-condition for availability, reliability and safety. System security, 2013 Slide 4
Damage from insecurity • Denial of service – The system is forced into a state where normal services are unavailable or where service provision is significantly degraded System security, 2013 Slide 5
• Corruption of programs or data – The programs or data in the system may be modified in an unauthorised way System security, 2013 Slide 6
• Disclosure of confidential information – Information that is managed by the system may be exposed to people who are not authorised to read or use that information System security, 2013 Slide 7
• Asset – Something, such as a computer system, that needs to be protected – Example: The records of patients receiving treatment in a hospital System security, 2013 Slide 8
• Exposure – Possible loss or harm that could result from a security failure – Potential financial loss from future patients who do not seek treatment because they do not trust the clinic to maintain their data. Financial loss from legal action by patients. Loss of reputation. System security, 2013 Slide 9
• Vulnerability – A weakness in a system that may be exploited to cause loss or harm – A weak password system which makes it easy for users to set guessable passwords System security, 2013 Slide 10
• Attack – An exploitation of a system’s vulnerability that is a deliberate attempt to cause some damage – An impersonation of an authorized user to gain access to records system System security, 2013 Slide 11
• Threat – A system vulnerability that is subjected to an attack. – An unauthorized user will gain access to the system by guessing the credentials (login name and password) of an authorized user. System security, 2013 Slide 12
• Control – A protective measure that reduces a system’s vulnerability. – A password checking system that disallows user passwords that are proper names or words that are normally included in a dictionary. System security, 2013 Slide 13
Security assurance • Vulnerability avoidance – The system is designed so that vulnerabilities do not occur. For example, if there is no external network connection then external attack is impossible System security, 2013 Slide 14
• Attack detection and elimination – The system is designed so that attacks on vulnerabilities are detected and neutralised before they result in an exposure. For example, virus checkers find and remove viruses before they infect a system System security, 2013 Slide 15
• Exposure limitation and recovery – The system is designed so that the adverse consequences of a successful attack are minimised. For example, a backup policy allows damaged information to be restored System security, 2013 Slide 16
Summary • Security is a system property that reflects the system’s ability to protect itself from malicious use • A system has to be secure if we are to be confident in its dependability • Damage includes – Denial of service – Loss or corruption of data – Disclosure of confidential information System security, 2013 Slide 17
Summary • Security can be maintained through strategies such as – Vulnerability avoidance – Attack detection and elimination – Exposure limitation and recovery System security, 2013 Slide 18

Recommandé

Types of cyber attacks
Types of cyber attacksTypes of cyber attacks
Types of cyber attacks
krishh sivakrishna
 
System Security-Chapter 1
System Security-Chapter 1System Security-Chapter 1
System Security-Chapter 1
Vamsee Krishna Kiran
 
Cia security model
Cia security modelCia security model
Cia security model
Imran Ahmed
 
System security
System securitySystem security
System security
invertis university
 
The CIA triad.pptx
The CIA triad.pptxThe CIA triad.pptx
The CIA triad.pptx
GulnurAzat
 
Security risk management
Security risk managementSecurity risk management
Security risk management
G Prachi
 
Intruders
IntrudersIntruders
Intruders
Dr.Florence Dayana
 
IT Security management and risk assessment
IT Security management and risk assessmentIT Security management and risk assessment
IT Security management and risk assessment
CAS
 

Recommandé

Types of cyber attacks
Types of cyber attacksTypes of cyber attacks
Types of cyber attacks
krishh sivakrishna
 
System Security-Chapter 1
System Security-Chapter 1System Security-Chapter 1
System Security-Chapter 1
Vamsee Krishna Kiran
 
Cia security model
Cia security modelCia security model
Cia security model
Imran Ahmed
 
System security
System securitySystem security
System security
invertis university
 
The CIA triad.pptx
The CIA triad.pptxThe CIA triad.pptx
The CIA triad.pptx
GulnurAzat
 
Security risk management
Security risk managementSecurity risk management
Security risk management
G Prachi
 
Intruders
IntrudersIntruders
Intruders
Dr.Florence Dayana
 
IT Security management and risk assessment
IT Security management and risk assessmentIT Security management and risk assessment
IT Security management and risk assessment
CAS
 
Operating system security
Operating system securityOperating system security
Operating system security
Ramesh Ogania
 
Cyber Security Vulnerabilities
Cyber Security VulnerabilitiesCyber Security Vulnerabilities
Cyber Security Vulnerabilities
Siemplify
 
Operating system security
Operating system securityOperating system security
Operating system security
Rachel Jeewa
 
Types of attacks
Types of attacksTypes of attacks
Types of attacks
Vivek Gandhi
 
Mobile Device Security
Mobile Device SecurityMobile Device Security
Mobile Device Security
Nemwos
 
Intruders
IntrudersIntruders
Intruders
techn
 
Intrusion detection system ppt
Intrusion detection system pptIntrusion detection system ppt
Intrusion detection system ppt
Sheetal Verma
 
1. introduction to cyber security
1. introduction to cyber security1. introduction to cyber security
1. introduction to cyber security
Animesh Roy
 
Security services
Security servicesSecurity services
Security services
Gayan Geethanjana
 
Incident response methodology
Incident response methodologyIncident response methodology
Incident response methodology
Piyush Jain
 
Security vulnerability
Security vulnerabilitySecurity vulnerability
Security vulnerability
A. Shamel
 
Attacks on Mobiles\Cell Phones
Attacks on Mobiles\Cell PhonesAttacks on Mobiles\Cell Phones
Attacks on Mobiles\Cell Phones
Faizan Shaikh
 
Cyber security
Cyber securityCyber security
Cyber security
Dr. Kishor Nikam
 
Vulnerability assessment and penetration testing
Vulnerability assessment and penetration testingVulnerability assessment and penetration testing
Vulnerability assessment and penetration testing
Abu Sadat Mohammed Yasin
 
Network security (vulnerabilities, threats, and attacks)
Network security (vulnerabilities, threats, and attacks)Network security (vulnerabilities, threats, and attacks)
Network security (vulnerabilities, threats, and attacks)
Fabiha Shahzad
 
Application Security | Application Security Tutorial | Cyber Security Certifi...
Application Security | Application Security Tutorial | Cyber Security Certifi...Application Security | Application Security Tutorial | Cyber Security Certifi...
Application Security | Application Security Tutorial | Cyber Security Certifi...
Edureka!
 
Network Security
Network SecurityNetwork Security
Network Security
MAJU
 
Security policies
Security policiesSecurity policies
Security policies
Nishant Pahad
 
Intrusion detection
Intrusion detectionIntrusion detection
Intrusion detection
CAS
 
Application security
Application securityApplication security
Application security
Hagar Alaa el-din
 
Cyber crime presentation By Vaibhav Gaur
Cyber crime presentation By Vaibhav GaurCyber crime presentation By Vaibhav Gaur
Cyber crime presentation By Vaibhav Gaur
Vaibhav's Group
 
Data security and Integrity
Data security and IntegrityData security and Integrity
Data security and Integrity
Zaid Shabbir
 

Contenu connexe

Tendances

Operating system security
Operating system securityOperating system security
Operating system security
Rachel Jeewa
 
Intruders
IntrudersIntruders
Intruders
techn
 
Intrusion detection system ppt
Intrusion detection system pptIntrusion detection system ppt
Intrusion detection system ppt
Sheetal Verma
 

Tendances (20)

Operating system security
Operating system securityOperating system security
Operating system security
 
Cyber Security Vulnerabilities
Cyber Security VulnerabilitiesCyber Security Vulnerabilities
Cyber Security Vulnerabilities
 
Operating system security
Operating system securityOperating system security
Operating system security
 
Types of attacks
Types of attacksTypes of attacks
Types of attacks
 
Mobile Device Security
Mobile Device SecurityMobile Device Security
Mobile Device Security
 
Intruders
IntrudersIntruders
Intruders
 
Intrusion detection system ppt
Intrusion detection system pptIntrusion detection system ppt
Intrusion detection system ppt
 
1. introduction to cyber security
1. introduction to cyber security1. introduction to cyber security
1. introduction to cyber security
 
Security services
Security servicesSecurity services
Security services
 
Incident response methodology
Incident response methodologyIncident response methodology
Incident response methodology
 
Security vulnerability
Security vulnerabilitySecurity vulnerability
Security vulnerability
 
Attacks on Mobiles\Cell Phones
Attacks on Mobiles\Cell PhonesAttacks on Mobiles\Cell Phones
Attacks on Mobiles\Cell Phones
 
Cyber security
Cyber securityCyber security
Cyber security
 
Vulnerability assessment and penetration testing
Vulnerability assessment and penetration testingVulnerability assessment and penetration testing
Vulnerability assessment and penetration testing
 
Network security (vulnerabilities, threats, and attacks)
Network security (vulnerabilities, threats, and attacks)Network security (vulnerabilities, threats, and attacks)
Network security (vulnerabilities, threats, and attacks)
 
Application Security | Application Security Tutorial | Cyber Security Certifi...
Application Security | Application Security Tutorial | Cyber Security Certifi...Application Security | Application Security Tutorial | Cyber Security Certifi...
Application Security | Application Security Tutorial | Cyber Security Certifi...
 
Network Security
Network SecurityNetwork Security
Network Security
 
Security policies
Security policiesSecurity policies
Security policies
 
Intrusion detection
Intrusion detectionIntrusion detection
Intrusion detection
 
Application security
Application securityApplication security
Application security
 

En vedette

Identity Theft Presentation
Identity Theft PresentationIdentity Theft Presentation
Identity Theft Presentation
Randall Chesnutt
 
Data Privacy and Protection Presentation
Data Privacy and Protection PresentationData Privacy and Protection Presentation
Data Privacy and Protection Presentation
mlw32785
 
Safety & security
Safety & securitySafety & security
Safety & security
Rohit Mohan
 
central air conditioning system
central air conditioning systemcentral air conditioning system
central air conditioning system
UiTM Shah Alam
 
Air Conditioning System
Air Conditioning SystemAir Conditioning System
Air Conditioning System
Sumit Ranjan
 

En vedette (20)

Cyber crime presentation By Vaibhav Gaur
Cyber crime presentation By Vaibhav GaurCyber crime presentation By Vaibhav Gaur
Cyber crime presentation By Vaibhav Gaur
 
Data security and Integrity
Data security and IntegrityData security and Integrity
Data security and Integrity
 
Indentify Theft Slide Show
Indentify Theft Slide ShowIndentify Theft Slide Show
Indentify Theft Slide Show
 
Software Security
Software SecuritySoftware Security
Software Security
 
what is data security full ppt
what is data security full pptwhat is data security full ppt
what is data security full ppt
 
Introduction to Data Protection and Information Security
Introduction to Data Protection and Information SecurityIntroduction to Data Protection and Information Security
Introduction to Data Protection and Information Security
 
Identity Theft Presentation
Identity Theft PresentationIdentity Theft Presentation
Identity Theft Presentation
 
Data Privacy and Protection Presentation
Data Privacy and Protection PresentationData Privacy and Protection Presentation
Data Privacy and Protection Presentation
 
Fire fighting
Fire fightingFire fighting
Fire fighting
 
Electronic security system
Electronic security systemElectronic security system
Electronic security system
 
Bms for security systems
Bms for security systemsBms for security systems
Bms for security systems
 
Safety & security
Safety & securitySafety & security
Safety & security
 
Fire fighting
Fire fightingFire fighting
Fire fighting
 
Fire fighting active system
Fire fighting active systemFire fighting active system
Fire fighting active system
 
Fire fighting passive system
Fire fighting passive systemFire fighting passive system
Fire fighting passive system
 
Safety and security for buildings
Safety and security for buildingsSafety and security for buildings
Safety and security for buildings
 
Types of air conditioning systems
Types of air conditioning systemsTypes of air conditioning systems
Types of air conditioning systems
 
central air conditioning system
central air conditioning systemcentral air conditioning system
central air conditioning system
 
Fire Fighting System
Fire Fighting SystemFire Fighting System
Fire Fighting System
 
Air Conditioning System
Air Conditioning SystemAir Conditioning System
Air Conditioning System
 

Similaire à System security

Security ConceptsDr. Y. ChuCIS3360 Security in Computing.docx
Security ConceptsDr. Y. ChuCIS3360 Security in Computing.docxSecurity ConceptsDr. Y. ChuCIS3360 Security in Computing.docx
Security ConceptsDr. Y. ChuCIS3360 Security in Computing.docx
bagotjesusa
 

Similaire à System security (20)

System safety
System safetySystem safety
System safety
 
OPERATING SYSTEM SECURITY
OPERATING SYSTEM SECURITYOPERATING SYSTEM SECURITY
OPERATING SYSTEM SECURITY
 
CH01-CompSec4e.pptx
CH01-CompSec4e.pptxCH01-CompSec4e.pptx
CH01-CompSec4e.pptx
 
Ch13 - Security Engineering
Ch13 - Security EngineeringCh13 - Security Engineering
Ch13 - Security Engineering
 
Cybersecurity 5 improving cybersecurity
Cybersecurity 5 improving cybersecurityCybersecurity 5 improving cybersecurity
Cybersecurity 5 improving cybersecurity
 
Cybersecurity 5 improving cybersecurity
Cybersecurity 5 improving cybersecurityCybersecurity 5 improving cybersecurity
Cybersecurity 5 improving cybersecurity
 
Network Security Topic 1 intro
Network Security Topic 1 introNetwork Security Topic 1 intro
Network Security Topic 1 intro
 
Ch13 security engineering
Ch13 security engineeringCh13 security engineering
Ch13 security engineering
 
Isys20261 lecture 02
Isys20261 lecture 02Isys20261 lecture 02
Isys20261 lecture 02
 
Security ConceptsDr. Y. ChuCIS3360 Security in Computing.docx
Security ConceptsDr. Y. ChuCIS3360 Security in Computing.docxSecurity ConceptsDr. Y. ChuCIS3360 Security in Computing.docx
Security ConceptsDr. Y. ChuCIS3360 Security in Computing.docx
 
S.Karthika,II-M.sc(Computer Science),Bon Secours college for women,thanjavur
S.Karthika,II-M.sc(Computer Science),Bon Secours college for women,thanjavurS.Karthika,II-M.sc(Computer Science),Bon Secours college for women,thanjavur
S.Karthika,II-M.sc(Computer Science),Bon Secours college for women,thanjavur
 
Computer security overview
Computer security overviewComputer security overview
Computer security overview
 
Database security
Database securityDatabase security
Database security
 
Module -5 Security.pdf
Module -5 Security.pdfModule -5 Security.pdf
Module -5 Security.pdf
 
Data information and security unit 1.pdf
Data information and security unit 1.pdfData information and security unit 1.pdf
Data information and security unit 1.pdf
 
Security in network computing
Security in network computingSecurity in network computing
Security in network computing
 
Securing information system
Securing information systemSecuring information system
Securing information system
 
Chapter- I introduction
Chapter- I introductionChapter- I introduction
Chapter- I introduction
 
Chapter-I introduction
Chapter-I introductionChapter-I introduction
Chapter-I introduction
 
The 5 Layers of Security Testing by Alan Koch
The 5 Layers of Security Testing by Alan KochThe 5 Layers of Security Testing by Alan Koch
The 5 Layers of Security Testing by Alan Koch
 

Plus de sommerville-videos

System of systems classification
System of systems classificationSystem of systems classification
System of systems classification
sommerville-videos
 

Plus de sommerville-videos (20)

Architectural patterns for real-time systems
Architectural patterns for real-time systemsArchitectural patterns for real-time systems
Architectural patterns for real-time systems
 
Introduction to real time software systems script
Introduction to real time software systems scriptIntroduction to real time software systems script
Introduction to real time software systems script
 
System of systems classification
System of systems classificationSystem of systems classification
System of systems classification
 
Reuse landscape
Reuse landscapeReuse landscape
Reuse landscape
 
Introduction to systems of systems
Introduction to systems of systemsIntroduction to systems of systems
Introduction to systems of systems
 
Scaling agile
Scaling agileScaling agile
Scaling agile
 
Agile methods for large systems
Agile methods for large systemsAgile methods for large systems
Agile methods for large systems
 
User stories
User storiesUser stories
User stories
 
Agile and plan based development processes
Agile and plan based development processesAgile and plan based development processes
Agile and plan based development processes
 
Fundamental software engineering activities
Fundamental software engineering activitiesFundamental software engineering activities
Fundamental software engineering activities
 
Introducing Software Engineering
Introducing Software EngineeringIntroducing Software Engineering
Introducing Software Engineering
 
Why se script
Why se scriptWhy se script
Why se script
 
Ariane 5 launcher failure
Ariane 5 launcher failure Ariane 5 launcher failure
Ariane 5 launcher failure
 
Airbus Flight Control System
Airbus Flight Control SystemAirbus Flight Control System
Airbus Flight Control System
 
Warsaw airbus accident
Warsaw airbus accidentWarsaw airbus accident
Warsaw airbus accident
 
Stakeholders, viewpoints and concerns
Stakeholders, viewpoints and concernsStakeholders, viewpoints and concerns
Stakeholders, viewpoints and concerns
 
Requirements engineering processes
Requirements engineering processesRequirements engineering processes
Requirements engineering processes
 
Requirements engineering challenges
Requirements engineering challengesRequirements engineering challenges
Requirements engineering challenges
 
Intro to requirements eng.
Intro to requirements eng.Intro to requirements eng.
Intro to requirements eng.
 
Emergent properties
Emergent propertiesEmergent properties
Emergent properties
 

Dernier

CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Service
giselly40
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men
Delhi Call girls
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Drew Madelung
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
Enterprise Knowledge
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men
Delhi Call girls
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?
Igalia
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slide
vu2urc
 

Dernier (20)

What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?
 
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024
 
A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Service
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf
 
Advantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your BusinessAdvantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your Business
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Script
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt Robison
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreter
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slide
 

System security

  • 2. Security • The security of a system is a system property that reflects the system’s ability to protect itself from accidental or deliberate external attack. System security, 2013 Slide 2
  • 4. • Security is essential as most systems are networked so that external access to the system through the Internet is possible. • Security is a pre-condition for availability, reliability and safety. System security, 2013 Slide 4
  • 5. Damage from insecurity • Denial of service – The system is forced into a state where normal services are unavailable or where service provision is significantly degraded System security, 2013 Slide 5
  • 6. • Corruption of programs or data – The programs or data in the system may be modified in an unauthorised way System security, 2013 Slide 6
  • 7. • Disclosure of confidential information – Information that is managed by the system may be exposed to people who are not authorised to read or use that information System security, 2013 Slide 7
  • 8. • Asset – Something, such as a computer system, that needs to be protected – Example: The records of patients receiving treatment in a hospital System security, 2013 Slide 8
  • 9. • Exposure – Possible loss or harm that could result from a security failure – Potential financial loss from future patients who do not seek treatment because they do not trust the clinic to maintain their data. Financial loss from legal action by patients. Loss of reputation. System security, 2013 Slide 9
  • 10. • Vulnerability – A weakness in a system that may be exploited to cause loss or harm – A weak password system which makes it easy for users to set guessable passwords System security, 2013 Slide 10
  • 11. • Attack – An exploitation of a system’s vulnerability that is a deliberate attempt to cause some damage – An impersonation of an authorized user to gain access to records system System security, 2013 Slide 11
  • 12. • Threat – A system vulnerability that is subjected to an attack. – An unauthorized user will gain access to the system by guessing the credentials (login name and password) of an authorized user. System security, 2013 Slide 12
  • 13. • Control – A protective measure that reduces a system’s vulnerability. – A password checking system that disallows user passwords that are proper names or words that are normally included in a dictionary. System security, 2013 Slide 13
  • 14. Security assurance • Vulnerability avoidance – The system is designed so that vulnerabilities do not occur. For example, if there is no external network connection then external attack is impossible System security, 2013 Slide 14
  • 15. • Attack detection and elimination – The system is designed so that attacks on vulnerabilities are detected and neutralised before they result in an exposure. For example, virus checkers find and remove viruses before they infect a system System security, 2013 Slide 15
  • 16. • Exposure limitation and recovery – The system is designed so that the adverse consequences of a successful attack are minimised. For example, a backup policy allows damaged information to be restored System security, 2013 Slide 16
  • 17. Summary • Security is a system property that reflects the system’s ability to protect itself from malicious use • A system has to be secure if we are to be confident in its dependability • Damage includes – Denial of service – Loss or corruption of data – Disclosure of confidential information System security, 2013 Slide 17
  • 18. Summary • Security can be maintained through strategies such as – Vulnerability avoidance – Attack detection and elimination – Exposure limitation and recovery System security, 2013 Slide 18