1 / 22

TERMS & DEFINITIONS IN COMPUTER SECURITY CRH503

TERMS & DEFINITIONS IN COMPUTER SECURITY CRH503. Jacky Hartnett 2011. Topics. Terms and Definitions Computer security definitions What can be lost? Interception, modification, fabrication, interruption Privacy versus Confidentiality. Topics. Terms and Definitions

arthurgreen
Télécharger la présentation

TERMS & DEFINITIONS IN COMPUTER SECURITY CRH503

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. TERMS & DEFINITIONS IN COMPUTER SECURITYCRH503 Jacky Hartnett 2011

  2. Topics • Terms and Definitions • Computer security definitions • What can be lost? • Interception, modification, fabrication, interruption • Privacy versus Confidentiality

  3. Topics • Terms and Definitions • Computer security definitions • What can be lost? • Interception, modification, fabrication, interruption • Privacy versus Confidentiality

  4. References • Chapter 1 of the book by Pfleeger

  5. Term and Definitionsfor attacks • Vulnerability • weak point in system (computer and manual) • try to find and protect these (penetration testing) • Threat • circumstances or people that possibly might cause harm to the system (always changing) • Loss • undesired (costly) end result of a threat materialising

  6. Terms and Definitionsfor prevention • Risk • quantified measure of what could lose • Exposure • assessment of likelihood of sustaining a particular loss • Protection • safeguards against loss • countermeasures

  7. Terms and Definitionsfor evaluation of security • Weakest link • system will be attacked where weakest • system is only as strong as its weakest link • A great photo that illustrates the "weakest link" principle: • http://www.syslog.com/~jwilson/pics-i-like/kurios119.jpg

  8. Terms and Definitionsfor evaluation of security • Weakest link • system will be attacked where weakest • Cost-effectiveness • level of protection versus cost of countermeasures • Timeliness • length of time protection has to last • affects strength of CIA protection used

  9. Terms and Definitionsfor evaluation of security • More on Timeliness • Integrity protection • Network data while it travels through the network ~ 180 seconds • A contract for perhaps 20 years • Confidentiality protection • ‘Attack a dawn’ - a secret until dawn • “X has HIV’ - confidential for always

  10. Terms and Definitionsfor a successful attack • Method • Must have way to exploit vulnerability • Opportunity • Ability to circumvent normal controls so can use method • Motive • Some kind of benefit to perpetrator • Not necessarily monetary gain

  11. Topics • Terms and Definitions • Computer security definitions • What can be lost? • Interception, modification, fabrication, interruption • Privacy versus Confidentiality

  12. What can be lost?interception C “assets of a computing system are accessible only by authorised parties”Pfleeger p5 • unauthorised viewing of data • data residing on system • data in transit (interception) • data as hard copy • data as backup • how can you tell?

  13. What can be lost?modification and fabrication I ‘Every piece of data is as the last authorized modifier left it’Schneier, p122 • data is altered, invented (fabricated) or re-used • on system • as backup • in transit • as hard copy

  14. What can be lost?interruptions A ‘an attacker can’t prevent legitimate users from having reasonable access to their systems’Schneier, p122 • can’t use system when need to • software failure • hardware failure • denial of service • systematic attack • The motivation landscape for these has changed recently with a new class of attacker – Nation States being added to the list

  15. Topics • Terms and Definitions • Computer security definitions • What can be lost? • Interception, modification, fabrication, interruption • Privacy versus Confidentiality

  16. Privacy versus Confidentiality • Privacy • idea that you can control what is known about you even if it is publicly available • eg name and address • phone book, electoral roll • presence on list • links to other data

  17. Privacy versus Confidentiality • Profiling • use of personal data aggregated to reveal information previously considered private • Credit cards, Loyalty schemes • can work out from shopping habits about • personal tastes -> • Targeted advertising • clothing sizes of family -> • composition, age and gender of family

  18. Privacy versus Confidentiality • Profiling based on • Personally Identifiable Information PII • Personally Identified Data PID • Uses private information • No access to confidential information • Read the ‘Cuckoo’s Egg to understand military concept of sensitive information that when aggregated can lead to confidential info being deduced • Protection • Privacy legislation

  19. Privacy versus Confidentiality • Confidentiality • idea that some things should be known only to a few people • secrets (eg Coca Cola recipe) • pejorative data (reflects badly upon) • surprises (company results) • Roger Clarke • http://www.anu.edu.au/people/Roger.Clarke/

  20. Privacy versus Confidentiality- why care? • Needs of business • risk analysis, security policy (later lectures) • Government Regulation • Australian Information Privacy Principles • National Privacy Principles • Legal ‘duty of care’

  21. Summary • As with all subjects certain words have a specific meaning in the Computer Security Domain • The concepts contained n these definitions can help with setting security goals • Terms for the motivations and means of attacking information systems have also been discussed

More Related