Slide 1

Major TopicsClick on a topic (above) to view contentAdditional Readingi5OverviewWhat is Security

Properties of Security

Major Topics in Security

Next PageWhat is security?In information technology, security is the protection of information assets through the use of technology, processes, and training.Security is aboutHonest user (e.g., David, Jenny, Greg, )Dishonest AttackerHow the Attacker Disrupts honest Davids use of the system (Integrity, Availability)Learns information intended for David only (Confidentiality)Information Technology Professionals must protect users from these attackers.

Next PageProperties of SecurityConfidentialityInformation about system or its users cannot be learned by an attacker

IntegrityThe system continues to operate properly, only reaching states that would occur if there were no attacker

AvailabilityActions by an attacker do not prevent users from having access to use of the systemNext PageOperating system vulnerabilities

Next PageApplication and OS SecurityApplication security is the use of software, hardware, and procedural methods to protect applications from external threats.

Implications for the IT Professional:Security measures built into applications Sound application security routineUse of hardware or software firewallsReturn to HomeAdditional ReadingiWeb SecurityMain ProblemWeb Attacker sets up malicious site visited by victim; no control of network

ContentBrowser policies, session mgmt, user authenticationHTTPS and web application security

ProjectWeb site attack and defenses project

Next PageWeb vs. System vulnerabilitiesReturn to HomeAdditional Readingi

Web SecurityWeb security is the separation or control of threats from assets within or maintained by web-based services to protect the integrity of the service, the confidentiality of the communication, and the availability of the application.

Implications for the IT professional:Security measures built into the applicationsSound application security routineUse of hardware or software firewallsSecurity measures built into the web service

Network Vulnerability PointsReturn to HomeAdditional Readingi

Network SecurityNetwork security is the protection of a computer network and its services from unauthorized modification, destruction, or disclosure.

Implications for IT professionals:Security measures built into the network hardware and designControl the flow to data in a networkSound application security routineUse of hardware or software firewallsSecurity measures built into the web service

Symantec Documented Vulnerability StatsReturn to HomeAdditional Readingi

Computer SecurityComputer security is the process of preventing and detecting unauthorized use of your computer. The content of a computer is vulnerable to few risks unless the computer is connected to other computers on a network

Implications for IT professionals:Use of applications such as antivirus, and firewallsSecurity settings on local machinesUse of software firewallsCreate boot disks and backup data on a regular basis