Scribd Logo
Upload

Welcome to Scribd!

  • CFS 105 Digital Security Chapter 1 Introduction

    Uploaded by

    Katherine
    159 views17 pages
    Power Points for Chapter 1 Introduction

    Copyright

    © © All Rights Reserved

    Available Formats

    PPTX, PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    Power Points for Chapter 1 Introduction

    Copyright:

    © All Rights Reserved
    Download as PPTX, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    159 views17 pages

    CFS 105 Digital Security Chapter 1 Introduction

    Uploaded by

    Katherine
    Power Points for Chapter 1 Introduction

    Copyright:

    © All Rights Reserved
    Download as PPTX, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 17

    1

    SECURITY IN
    COMPUTING,
    FIFTH EDITION
    Chapter 1: Introduction

    From Security in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: 9780134085043). Copyright 2015 by Pearson Education, Inc. All rights reserved.
    2

    Objectives for Chapter 1


    Define computer security as well as basic computer
    security terms
    Introduce the C-I-A Triad
    Introduce basic access control terminology
    Explain basic threats, vulnerabilities, and attacks
    Show how controls map to threats

    From Security in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: 9780134085043). Copyright 2015 by Pearson Education, Inc. All rights reserved.
    3

    What Is Computer Security?


    The protection of the assets of a computer
    system
    Hardware
    Software
    Data

    From Security in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: 9780134085043). Copyright 2015 by Pearson Education, Inc. All rights reserved.
    4

    Assets

    Hardware: Software: Data:


    Computer Operating system Documents
    Devices (disk Utilities (antivirus) Photos
    drives, memory, Commercial Music, videos
    printer) applications (word Email
    Network gear processing, photo Class projects
    editing)
    Individual applications
    From Security in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: 9780134085043). Copyright 2015 by Pearson Education, Inc. All rights reserved.
    5

    Values of Assets

    Off the shelf;


    easily replaceable

    Hardware: Software: Data:


    Computer Operating system Documents
    Devices (disk Utilities (antivirus) Photos
    drives, memory, Commercial Music, videos
    printer) applications (word Email
    Network gear processing, photo Class projects
    editing)
    Individual
    Unique; irreplaceable
    applications

    From Security in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: 9780134085043). Copyright 2015 by Pearson Education, Inc. All rights reserved.
    6

    Basic Terms
    Vulnerability
    Threat
    Attack
    Countermeasure or control

    From Security in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: 9780134085043). Copyright 2015 by Pearson Education, Inc. All rights reserved.
    7

    Threat and Vulnerability

    From Security in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: 9780134085043). Copyright 2015 by Pearson Education, Inc. All rights reserved.
    8

    C-I-A Triad
    Confidentiality
    Integrity
    Availability
    Sometimes two other desirable characteristics:
    Authentication
    Nonrepudiation

    From Security in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: 9780134085043). Copyright 2015 by Pearson Education, Inc. All rights reserved.
    9

    Access Control
    Policy:
    Who What How Yes/No

    Object
    Mode of access (what)
    Subject (how)
    (who)

    From Security in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: 9780134085043). Copyright 2015 by Pearson Education, Inc. All rights reserved.
    10

    Types of Threats
    Threats

    Natural Human
    causes causes

    Examples: Fire,
    Benign Malicious
    power failure
    intent intent

    Example:
    Human error

    Random Directed

    Example: Malicious Example:


    code on a general Impersonation
    web site

    From Security in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: 9780134085043). Copyright 2015 by Pearson Education, Inc. All rights reserved.
    11

    Advanced Persistent Threat (APT)


    Organized
    Directed
    Well financed
    Patient
    Silent

    From Security in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: 9780134085043). Copyright 2015 by Pearson Education, Inc. All rights reserved.
    12

    Types of Attackers
    Terrorist

    Criminal-
    Hacker
    for-hire

    Loosely
    Individual connected
    group

    Organized
    crime member

    From Security in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: 9780134085043). Copyright 2015 by Pearson Education, Inc. All rights reserved.
    13

    Types of Harm

    Interception Interruption

    Modification Fabrication

    From Security in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: 9780134085043). Copyright 2015 by Pearson Education, Inc. All rights reserved.
    14

    MethodOpportunity--Motive
    Opportunity

    Motive

    Method

    From Security in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: 9780134085043). Copyright 2015 by Pearson Education, Inc. All rights reserved.
    15

    Controls/Countermeasures
    Kind of Threat

    Physical
    Procedural
    Confidentiality

    Technical
    Protects
    Integrity

    Availability

    From Security in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: 9780134085043). Copyright 2015 by Pearson Education, Inc. All rights reserved.
    16

    Different Types of Controls

    From Security in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: 9780134085043). Copyright 2015 by Pearson Education, Inc. All rights reserved.
    17

    Summary
    Vulnerabilities are weaknesses in a system; threats
    exploit those weaknesses; controls protect those
    weaknesses from exploitation
    Confidentiality, integrity, and availability are the three
    basic security primitives
    Different attackers pose different kinds of threats based
    on their capabilities and motivations
    Different controls address different threats; controls come
    in many flavors and can exist at various points in the
    system

    From Security in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: 9780134085043). Copyright 2015 by Pearson Education, Inc. All rights reserved.

    You might also like