Information Security: MIM737

Department of Information and

Marketing Sciences
Midlands State University
 Administration
● Lectures, assignments and tests worth 30%
● Final examination November, three hours
worth 70%
 Assignments
1) Assignment 1: demonstrate the man in the
middle attack(MITM) by use of ettercap
(provide video and report with screenshots.
100 marks)

(DUE 15 JUNE 2022)

 Information Security
• Information Systems?

• Information Security?
 Overview of Information Security
• Confidentiality
• Integrity
• Availability.
 Need for Information Security
• Organizational costs of data loss
• Incorrect decision making
• Computer abuse
• Value of computer hardware, software and
personnel
• High costs of computer error
• Privacy
• Controlled evolution of computer use
 Classes of Controls
Below are some of the major classes of controls)
• authenticity
• accuracy – validation checks, overflow checks,
financial controls
• completenes – validation, record sequence #s
 Classes of Controls
• Redundancy – to ensure a data item is
processed only once
• Privacy – encryption, passwords, inference
• Audit Trails – two types i.e. accounting and
operations audit trail.
• Existence – attempt to ensure the ongoing
availability of all system resources
 Classes of Controls
• Asset safeguarding – ensure that resources
within a system are protected from
destruction or corruption
• Effectiveness – to ensure that systems achieve
their goals e.g. Post audits
• Efficiency controls – to ensure a system uses
minimum resources to achieve its goals e.g
logs of resource consumption, perfomance
monitoring using h/w and s/w monitors
Challenges to Information Security
• Mechanisms used to meet security
requirements can be quite complex and may
require subtle reasoning to understand.
• Need to always consider potential security
attacks to develop particular security
mechanism or algorithm.
• Need to consider all various aspects of a
security threat to come up with elaborate
security mechanisms.
Challenges to Information Security
• Need to decide correct positioning of
designed security mechanisms in terms of
both physical placement (points in a network)
and logical sense (layer/s of an architecture).
• Involvement of more than one particular
algorithm or protocol in security mechanisms
and need for participants to possess some
secret information which, in turn, raises issues
relating to creation, distribution and
protection of the secret information.
Challenges to Information Security
• View of computer and network security as
battle of wits between perpetrator (trying to
find loopholes) and security
designer/administrator (trying to loopholes),
where attacker has advantage that s/he only
needs to find a single weakness, while
designer needs to find and eliminate all
weaknesses to achieve perfect security.
• Natural tendency by users and system
managers to perceive little benefit from
Challenges to Information Security
• Tendency to consider incorporation of security
as an afterthought, after design is complete
rather than being considered as an integral
part of the design process.
• Tendency by users, and even security
administrators, to view strong security as an
impediment to efficient and user-friendly
operation of an information system or use of
information.