1-CH1_Introduction.pdf
Transcript
College of Computer Science Information Systems Department Information & Computer Security (352ISM) 2024 Introduction ◼ What Is Computer Security? ◼ Vulnerabilities ◼ Threats ◼ Attacks & Harm ◼ Controls (Protection) ◼ Computer security is...
College of Computer Science Information Systems Department Information & Computer Security (352ISM) 2024 Introduction ◼ What Is Computer Security? ◼ Vulnerabilities ◼ Threats ◼ Attacks & Harm ◼ Controls (Protection) ◼ Computer security is the protection of all Computer assets (the items you value) or computer system. ◼ Computer systems including hardware, software, and data have value and deserve security protection. Vulnerabilities – Threats – Attacks – and Controls ❑A vulnerability: is a weakness in the system, for example, in procedures, design, or implementation, that might be exploited to cause loss or harm. Threats A threat to a computing system is a set of circumstances that has the potential to cause loss or harm. We can consider potential harm to assets in two ways: - First, we can look at what bad things can happen to assets. - Second, we can look at who or what can cause or allow those bad things to happen. Threats Threats What is an Insider? An insider is any person who has or had authorized access to or knowledge of an organization’s resources, including personnel, facilities, information, equipment, networks, and systems. Insider Threats: is the potential for an insider to use their authorized access or understanding of an organization to harm that organization. Threats An advanced persistent threat (APT): is a stealthy threat actor, typically a state-sponsored group (or non-sponsored groups), which gains unauthorized access to a computer network and remains undetected for an extended period for specific goals. Threats Data disclosure threat: refers to the unauthorised release or sharing of sensitive information with unintended parties, often due to human error or improper handling. This might involve unintentional actions, such as sending an email containing sensitive data to the wrong recipient or mistakenly publishing confidential information on a public platform. Threats An alteration threat: is a cyber threat focused on unauthorized and malicious changes to information or systems. Sabotage threat: describes actions to harm an organization's physical or virtual infrastructure, including noncompliance with maintenance or IT procedures, physically damaging facilities, or deleting code to prevent regular operations. Harms o The negative consequence of an actualized threat is harm. Attackers A human who exploits a vulnerability perpetrates an attack on the system. An attack can also be launched by another system. A malicious attacker must have three things to ensure success: method, opportunity, and motive. Deny any one of these things the attack will fail. Security goals: ✓ Confidentiality: the ability of a system to ensure that an asset is viewed only by authorized parties. ✓Integrity: the ability of a system to ensure that an asset is modified only by authorized parties. ✓Availability: the ability of a system to ensure that an asset can be used by any authorized parties. ----------------------------------------- make your computer valuable to you. Confidentiality ✓ Only authorized people or systems can access protected data. Integrity ✓ Only authorized people or systems can Modify protected data. For example, if we say that we have preserved the integrity of an item, we may mean that the item is: precise accurate unmodified modified only in acceptable ways modified only by authorized people modified only by authorized processes consistent & internally consistent meaningful and usable Availability Computer security seeks to prevent unauthorized viewing (confidentiality) or modification (integrity) of data while preserving access (availability). Controls We use a control or a countermeasure as protection to prevent threats from exercising vulnerabilities. A threat can be blocked by controlling of a vulnerability. We can deal with harm in several ways: Prevent it, by blocking the attack or closing the vulnerability. Deter it, by making the attack harder but not impossible. Deflect it, by making another target more attractive. Mitigate it, by making its impact less severe. Detect it, either as it happens or some time after the fact. Recover from its effects. Controls We use a control or a countermeasure as protection to prevent threats from exercising vulnerabilities. A threat can be blocked by controlling of a vulnerability. We can deal with harm in several ways: Prevent it, by blocking the attack or closing the vulnerability. Deter it, by making the attack harder but not impossible. Deflect it, by making another target more attractive. Mitigate it, by making its impact less severe. Detect it, either as it happens or some time after the fact. Recover from its effects. Types of Control: Physicalcontrols: stop or block an attack by using something tangible too. fences – locks – (human) guards – sprinklers - fire extinguishers Procedural or administrative controls use a command or agreement that requires or advises people how to act; – laws, regulations – policies, procedures, guidelines – copyrights, patents – contracts, agreements Technical controls counter threats with technology (hardware or software), including – passwords – program or operating system access controls – network protocols – firewalls, intrusion detection systems – encryption – network traffic flow regulators. countermeasures It can be effective to use overlapping controls or defense in depth: more than one control or more than one class of control to achieve protection.
