Week 02 - Information Security - Information Security Concept.pdf
Document Details
Uploaded by RicherPrehistoricArt1837
Loyalist College
2024
Tags
Full Transcript
Module Code: CIT114 Module Name: Information Security WEEK 02 Title: Information Security Concept Date: Saturday, July 27, 2024 Overview Information Security Concepts More about CIA Triad Information System Model Information Security Concepts and Relationships...
Module Code: CIT114 Module Name: Information Security WEEK 02 Title: Information Security Concept Date: Saturday, July 27, 2024 Overview Information Security Concepts More about CIA Triad Information System Model Information Security Concepts and Relationships Threats, Attacks, and Assets Saturday, July 27, 2024 2024 © SLTC Research University 3 Information Security Concepts Definition of Computer Security The NIST (National Institute of Standards and Technology) Computer Security Handbook [NIST95] defines the term computer security as follows; Computer Security: The protection afforded to an automated information system in order to attain the applicable objectives of preserving the integrity, availability, and confidentiality of information system resources (includes hardware, software, firmware, information/data, and telecommunications). Saturday, July 27, 2024 2023 © SLTC Research University 4 CIA Triad Confidentiality Data Confidentiality Privacy Integrity Data Integrity System Integrity Availability To Complete the Picture… Image Source: https://wizardcyber.com/wp-content/uploads/2022/04/CIA-2-1000x883-1.jpg Authenticity Accountability Saturday, July 27, 2024 2024 © SLTC Research University 5 Authenticity Authenticity ensures data, messages, or identities are genuine and accurate It confirms the information originated from a trusted source Authenticity prevents data or message tampering during transmission Authentication mechanisms; Digital signatures Certificates establish authenticity Saturday, July 27, 2024 2024 © SLTC Research University 6 Accountability Accountability attributes actions and responsibilities to specific individuals or entities It enables traceability and helps in investigating security incidents Accountability acts as a deterrent against malicious activities and misuse of privileges It is often required for regulatory compliance It assists in auditing activities and ensuring adherence to security policies Establish accountability; User authentication Access controls Audit logs Saturday, July 27, 2024 2024 © SLTC Research University 7 Challenges of Information Security Security Complexity: It's not as simple as it seems; security requirements have simple names, but the solutions can be quite tricky Sneaky Attacks: We need to consider sneaky ways attackers might exploit weaknesses in our security Unusual Procedures: Security measures can be complex and not always obvious, making them hard to understand at first Choosing Where to Use Security: Figuring out where and how to use security measures can be confusing More than Just Algorithms: Security needs secret information and can get complicated with communication protocols Saturday, July 27, 2024 2024 © SLTC Research University 8 Challenges of Information Security A Battle of Wits: It's a constant challenge to stay ahead of attackers who are trying to find weak spots Realizing the Importance: People often underestimate security until something bad happens Always Watching: Security needs regular monitoring, which can be tough in our busy world Building Security In: Security should be part of the planning process, not an afterthought Balancing Security and Usability: Some think strong security can make things harder to use, but finding the right balance is essential Saturday, July 27, 2024 2024 © SLTC Research University 9 Model for Information Security Assets of a computer system Hardware Software Data Comm. Facilities & Links Computer Systems Operating Systems Files LAN/WAN Links Data Processing System Utilities Data Bases Switches Data Storage Applications Security Related Data Routers Communication Devices Saturday, July 27, 2024 2024 © SLTC Research University 10 Model for Information Security Information Security Terminology Adversary (Threat Agent) Attack Countermeasure Risk Security Policy System Resource (Asset) Threat Vulnerabilities Saturday, July 27, 2024 2024 © SLTC Research University 11 Security Concepts and Relationships Wants to protect Wants to reduce Establishes Owners Regulate Reduce Countermeasures (Security Mechanisms) Security Exploit Policies Vulnerability to Poses Leads to Increase Risks Threats to Computer System Threat Agent (Asset) Wants to abuse and/or may damage Saturday, July 27, 2024 2024 © SLTC Research University 12 Threats and Threats Actions (Attacks) Threat Consequence Disruption Exposure Incapacitation Interception Corruption Inference Obstruction Intrusion Usurpation Deception Misappropriation Masquerade Misuse Falsification Repudiation Saturday, July 27, 2024 2024 © SLTC Research University 13 Threats Actions (Attacks) Types of Attacks Active Attacks Passive Attacks Classification of Attacks based on the Origin of Attacks Inside Attacks Outside Attacks Saturday, July 27, 2024 2024 © SLTC Research University 14 Weekly Activity 01 Consider an automated teller machine (ATM) in which users provide a personal identification number (PIN) and a card for account access. Give examples of Confidentiality, Integrity, and Availability requirements associated with the system. Saturday, July 27, 2024 2024 © SLTC Research University 15 Summary Authenticity and Accountability more power up the CIA Triad Security concepts and relationships provide a brief overview of establishing security in an information system model Relationship between Threats and Attacks Saturday, July 27, 2024 2024 © SLTC Research University 16 Thank You Saturday, July 27, 2024 2024 © SLTC Research University 17