SECURITY N COMPUTING FIETH EDITION Chapter 1: Introduction From Security in Computing, Fifth Edition, by Charles P Pfleeger, et al. (ISBN: 9780134085043) Copyright 2015 by Pearson Education, Inc. All rights reserved
SECURITY IN COMPUTING, FIFTH EDITION Chapter 1: Introduction From Security in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: 9780134085043). Copyright 2015 by Pearson Education, Inc. All rights reserved. 1
2 Objectives for Chapter 1 Define computer security as well as basic computer security terms Introduce the c--A Triad Introduce basic access control terminology Explain basic threats, vulnerabilities, and attacks Show how controls map to threats From Security in Computing, Fifth Edition, by Charles P Pfleeger, et al. (ISBN: 9780134085043) Copyright 2015 by Pearson Education, Inc. All rights reserved
Objectives for Chapter 1 • Define computer security as well as basic computer security terms • Introduce the C-I-A Triad • Introduce basic access control terminology • Explain basic threats, vulnerabilities, and attacks • Show how controls map to threats From Security in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: 9780134085043). Copyright 2015 by Pearson Education, Inc. All rights reserved. 2
3 What Is Computer Security? The protection of the assets of a computer system Hardware Software Data From Security in Computing, Fifth Edition, by Charles P Pfleeger, et al. (ISBN: 9780134085043) Copyright 2015 by Pearson Education, Inc. All rights reserved
What Is Computer Security? •The protection of the assets of a computer system • Hardware • Software • Data From Security in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: 9780134085043). Copyright 2015 by Pearson Education, Inc. All rights reserved. 3
Assets Hardware Software Data Computer Operating system Documents Devices(disk Utilities(antivirus) Photos drives, memory, Commercial Music videos printer applications(word Email Network gear processing, photo Class projects editing) Individual applications From Security in Computing, Fifth Edition, by Charles P Pfleeger, et al. (ISBN: 9780134085043) Copyright 2015 by Pearson Education, Inc. All rights reserved
Assets From Security in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: 9780134085043). Copyright 2015 by Pearson Education, Inc. All rights reserved. 4
5 Values of assets Off the shelf casI sily replaceable Hardware Software Data Computer Operating system · Documents Devices(disk Utilities(antivirus) Photos drives, memory, Commercial Music videos printer) applications(word Email Network gear processing, photo ° Class projects editing · Individua applications Unique; irreplaceable From Security in Computing, Fifth Edition, by Charles P Pfleeger, et al. (ISBN: 9780134085043) Copyright 2015 by Pearson Education, Inc. All rights reserved
Values of Assets From Security in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: 9780134085043). Copyright 2015 by Pearson Education, Inc. All rights reserved. 5
6 Basic Terms Vulnerability o Threat ● Attack Countermeasure or control From Security in Computing, Fifth Edition, by Charles P Pfleeger, et al. (ISBN: 9780134085043) Copyright 2015 by Pearson Education, Inc. All rights reserved
Basic Terms •Vulnerability •Threat •Attack •Countermeasure or control From Security in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: 9780134085043). Copyright 2015 by Pearson Education, Inc. All rights reserved. 6
7 Threat and Vulnerability From Security in Computing, Fifth Edition, by Charles P Pfleeger, et al. (ISBN: 9780134085043) Copyright 2015 by Pearson Education, Inc. All rights reserved
Threat and Vulnerability From Security in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: 9780134085043). Copyright 2015 by Pearson Education, Inc. All rights reserved. 7
8 C--A Triad Confidentiality Integrity Availability Sometimes two other desirable characteristics Authentication Nonrepudiation From Security in Computing, Fifth Edition, by Charles P Pfleeger, et al. (ISBN: 9780134085043) Copyright 2015 by Pearson Education, Inc. All rights reserved
C-I-A Triad • Confidentiality • Integrity • Availability • Sometimes two other desirable characteristics: • Authentication • Nonrepudiation From Security in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: 9780134085043). Copyright 2015 by Pearson Education, Inc. All rights reserved. 8
9 Access Control Who+ what How= Yes/No pje Mode of access ( what) Subject (how) (who) From Security in Computing, Fifth Edition, by Charles P Pfleeger, et al. (ISBN: 9780134085043) Copyright 2015 by Pearson Education, Inc. All rights reserved
Access Control From Security in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: 9780134085043). Copyright 2015 by Pearson Education, Inc. All rights reserved. 9
Types of Threats Threats Natural Human causcs causes Examples: Fire Benign Malicious power failure intent intent Exampl uman crror Ra andom Directed Example: malicious code on a general Impersonation web site From Security in Computing, Fifth Edition, by Charles P Pfleeger, et al. (ISBN: 9780134085043) Copyright 2015 by Pearson Education, Inc. All rights reserved
Types of Threats From Security in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: 9780134085043). Copyright 2015 by Pearson Education, Inc. All rights reserved. 10