1 / 11

Computer and Network Security Lecture 1 Richard Newman

Computer and Network Security Lecture 1 Richard Newman. 2.Why/How 3.From whom4.How5.Costs and Losses 6. Risk Safety. Computer and Network Security Lecture 1 Richard Newman. Assets - Valuables , liability, ability to function / competeExposures -

liz
Download Presentation

Computer and Network Security Lecture 1 Richard Newman

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

    1. Computer and Network Security Lecture 1 Richard Newman Security Protection against unauthorized access 1.What H/W, S/W, Data H/W CPU cycles RAM / EPROM Disk space I/O S/W File system Programs Operating system, Utilities, application Data Configuration files Password files log files ...

    2. Computer and Network Security Lecture 1 Richard Newman 2.Why/How 3.From whom 4.How 5.Costs and Losses 6. Risk Safety

    3. Computer and Network Security Lecture 1 Richard Newman Assets - Valuables , liability, ability to function / compete Exposures - Forms of losses Vulnerability - Weakness that could lead to a loss Attack - Attempt to exploit a vulnerability Threat - Source of attack/circumstance by which loss may occur Control - Means of reducing vulnerability (Physical, Procedural, Logical) Cost - Up front and ongoing overhead to implement controls in terms of $, time, space, convenience

    4. Computer and Network Security Lecture 1 Richard Newman Goals Confidentiality (Who can read it ? ) Right accessibility(read, view, print, know of existence) by authorized party. Integrity (Who can write it ? - Consistency / accuracy) Modify assets in authorized ways only by authorized party. Availability (How readily the asset may be accessed - How/when/where ...) Assets accessible to authorized parties without disruption Secondary Goals Reliability Safety Non-repudiation

    5. Computer and Network Security Lecture 1 Richard Newman Principle of easiest penetration An intruder must be expected to use any available means of penetration. Exposures 1. Interception A B 2. Modification A B 3. Interruption A B 4. Fabrication A B (may include spoofing)

More Related