Professional Documents
Culture Documents
CFS 105 Digital Security Chapter 1 Introduction
CFS 105 Digital Security Chapter 1 Introduction
CFS 105 Digital Security Chapter 1 Introduction
SECURITY IN
COMPUTING,
FIFTH EDITION
Chapter 1: Introduction
From Security in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: 9780134085043). Copyright 2015 by Pearson Education, Inc. All rights reserved.
2
From Security in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: 9780134085043). Copyright 2015 by Pearson Education, Inc. All rights reserved.
3
From Security in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: 9780134085043). Copyright 2015 by Pearson Education, Inc. All rights reserved.
4
Assets
Values of Assets
From Security in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: 9780134085043). Copyright 2015 by Pearson Education, Inc. All rights reserved.
6
Basic Terms
Vulnerability
Threat
Attack
Countermeasure or control
From Security in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: 9780134085043). Copyright 2015 by Pearson Education, Inc. All rights reserved.
7
From Security in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: 9780134085043). Copyright 2015 by Pearson Education, Inc. All rights reserved.
8
C-I-A Triad
Confidentiality
Integrity
Availability
Sometimes two other desirable characteristics:
Authentication
Nonrepudiation
From Security in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: 9780134085043). Copyright 2015 by Pearson Education, Inc. All rights reserved.
9
Access Control
Policy:
Who What How Yes/No
Object
Mode of access (what)
Subject (how)
(who)
From Security in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: 9780134085043). Copyright 2015 by Pearson Education, Inc. All rights reserved.
10
Types of Threats
Threats
Natural Human
causes causes
Examples: Fire,
Benign Malicious
power failure
intent intent
Example:
Human error
Random Directed
From Security in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: 9780134085043). Copyright 2015 by Pearson Education, Inc. All rights reserved.
11
From Security in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: 9780134085043). Copyright 2015 by Pearson Education, Inc. All rights reserved.
12
Types of Attackers
Terrorist
Criminal-
Hacker
for-hire
Loosely
Individual connected
group
Organized
crime member
From Security in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: 9780134085043). Copyright 2015 by Pearson Education, Inc. All rights reserved.
13
Types of Harm
Interception Interruption
Modification Fabrication
From Security in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: 9780134085043). Copyright 2015 by Pearson Education, Inc. All rights reserved.
14
MethodOpportunity--Motive
Opportunity
Motive
Method
From Security in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: 9780134085043). Copyright 2015 by Pearson Education, Inc. All rights reserved.
15
Controls/Countermeasures
Kind of Threat
Physical
Procedural
Confidentiality
Technical
Protects
Integrity
Availability
From Security in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: 9780134085043). Copyright 2015 by Pearson Education, Inc. All rights reserved.
16
From Security in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: 9780134085043). Copyright 2015 by Pearson Education, Inc. All rights reserved.
17
Summary
Vulnerabilities are weaknesses in a system; threats
exploit those weaknesses; controls protect those
weaknesses from exploitation
Confidentiality, integrity, and availability are the three
basic security primitives
Different attackers pose different kinds of threats based
on their capabilities and motivations
Different controls address different threats; controls come
in many flavors and can exist at various points in the
system
From Security in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: 9780134085043). Copyright 2015 by Pearson Education, Inc. All rights reserved.