1 / 14

University of Palestine

University of Palestine. Information Security Principles ITGD 2202 Ms. Eman Alajrami 2 nd Semester 2008-2009. Course Textbook s. [1] Matt Bishop, “Introduction to computer security”,2004.

ursa-deleon
Télécharger la présentation

University of Palestine

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. University of Palestine Information Security Principles ITGD 2202 Ms. Eman Alajrami 2nd Semester 2008-2009

  2. Course Textbooks • [1] Matt Bishop, “Introduction to computer security”,2004. • [2] William Stallings, “Cryptography and Network Security Principles and Practices, Fourth Edition” , 2005 • Lecture slides by Eman Alajrami

  3. Chapter 1 – Part1

  4. Introduction • Information Security requirements have changed in recent times • traditionally provided by physical and administrative mechanisms • computer use requires automated tools to protect files and other stored information • use of networks and communications links requires measures to protect data during transmission

  5. Definitions • Computer Security - generic name for the collection of tools designed to protect data and to thwart hackers • Network Security - measures to protect data during their transmission • Internet Security - measures to protect data during their transmission over a collection of interconnected networks

  6. Basic Components of Security • Confidentiality • Keeping data and resources hidden • Integrity • Data integrity (integrity) • Origin integrity (authentication) • Availability • Enabling access to data and resources Confidentiality Integrity Availability

  7. Classes of Threats • Disclosure • Snoopingالتطفل • Deception الخداع • Modification, spoofing, repudiation of origin, denial of receipt • Disruption تشويش • Modification • Usurpation • Modification, spoofing, delay, denial of service

  8. Policies and Mechanisms • Policy says what is, and is not, allowed • This defines “security” for the site/system/etc. • Mechanisms enforce policies • Composition of policies • If policies conflict, discrepancies may create security vulnerabilities

  9. Goals of Security • Prevention • Prevent attackers from violating security policy • Detection • Detect attackers’ violation of security policy • Recovery • Stop attack, assess and repair damage • Continue to function correctly even if attack succeeds

  10. Trust and Assumptions • Underlie all aspects of security • Policies • Unambiguously partition system states • Correctly capture security requirements • Mechanisms • Assumed to enforce policy • Support mechanisms work correctly

  11. Assurance • Specification • Requirements analysis • Statement of desired functionality • Design • How system will meet specification • Implementation • Programs/systems that carry out design

  12. Operational Issues • Cost-Benefit Analysis • Is it cheaper to prevent or recover? • Risk Analysis • Should we protect something? • How much should we protect this thing? • Laws and Customs • Are desired security measures illegal? • Will people do them?

  13. Human Issues • Organizational Problems • Power and responsibility • Financial benefits • People problems • Outsiders and insiders • Social engineering

  14. Tying Together Threats Policy Specification Design Implementation Operation

More Related