Computer Security- An Introduction-
T.A 2013/2014
Wake Up Call!
• Malware hijacks your email, sends death threats. Found in Japan (Oct 2012)
• Standford University Recent Network Hack May Cost Them Millions.– Its network had been hacked for the 2nd time in three months. (August
2013)
• Three Georgia Tech Hackers have disclosed how to hack iPhones and iPad with malwer in under sixty seconds using a “malicious charger”. (August 2013).
“If you know your enemy and know your self, you need not fear the result of a hundred battles”
(art of war by Sun Tzu)
Why Computer Security?• If your personnel do not know or understand how to maintain
confidentiality of information, • or how to secure it appropriately, not only do you risk having one of
your most valuable business assets (information) mishandled, inappropriately used, or obtained by unauthorized persons, • but you also risk being in non-compliance of a growing number of
laws and regulations that require certain types of information security and privacy awareness and training activities. • You also risk damaging another valuable asset, corporate
reputation.
(Rebecca Herold, "Managing an Information Security and Privacy Awareness and Training Program" 2005)
Definition
NIST Computer security handbook : Computer security : the protection afforded
to an automated information system in order to attain the application of preserving the integrity, availability, and confidentiality of incoming system resources (includes hardware, software, firmware, information/data, and telecommunications)
Key Security Concepts
Secure System
Aspect of Computer Security• Confidentiality– The protection of data from unauthorized disclosure.
• Availability– protects a system to ensure its availability
• Integrity– The assurance that data received are exactly as sent
by an authorized entity (i.e., contain no modification, insertion, deletion, or replay).
Aspect of Computer Security
• Authentication– The assurance that the communicating entity is the one
that it claims to be
• Access control– The prevention of unauthorized use of a resource
• Non-repudiation– Provides protection against denial by one of the entities
involved in a communication of having participated in all or part of the communication.
The Scope of Computer Security
Computer Security Challenges1. not simple2. must consider potential attacks (on mechanisms)3. procedures used counter-intuitive4. involve algorithms and secret info5. must decide where to deploy mechanisms6. battle of wits between attacker / admin7. not perceived (appreciated) on benefit until fails8. requires regular monitoring9. too often an after-thought10. regarded as impediment to using system
The Threat• Interruption• Interception• Modification• Fabrication
The Damage
Implementation of Security Technology
Security Taxonomy
The Strategy
• Policy : what is the security scheme supposed to do?– Value from protected asset– System Vulnerability– Potential treat
• Implementation : How does it to do?– Preventing– Detection– Responding– Recovery
• Assurance and evaluation : Does it really work?
Summary• security concepts• Terminology• The threat• The damage• security taxonomy• security strategy
end
Top Related