1 / 15

Fundamental Concepts of Information Security at Salahaddin University-Erbil

This informative guide covers computer security components, threats, policies, the role of trust, assurance, operational and human issues. It explains confidentiality, integrity, availability, threat classes, policies, security goals, mechanisms, trust, and types of mechanisms. The text discusses prevention, detection, recovery, and the importance of human factors in security. Readers will learn about policies, mechanisms, and operational considerations in ensuring data and system security.

schmidtl
Download Presentation

Fundamental Concepts of Information Security at Salahaddin University-Erbil

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Information Security Newroz N. Abdulrazaq Science College- Department of Computer Science & I.T. newroz.abudlrazaq@su.edu.kurd Mobile: 07504052680 Salahaddin University- Erbil

  2. Chapter 1: Introduction • Components of computer security • Threats هەڕەشە • Policies and mechanisms(میکانزم و پلان) • The role of trust (رۆڵێ متمانە پێبوون) • Assurance (دڵنیایی) • Operational Issues • Human Issues Salahaddin University- Erbil

  3. Basic Components • Confidentiality (پاراستنی نهێنی) • Keeping data and resources hidden • Integrity (کاملبوون) • Data integrity (integrity) • Origin integrity (authentication) • Availability (بەردەستبوون) • Enabling access to data and resources Salahaddin University- Erbil

  4. Classes of Threats • Disclosure درکاندنی نهێنی • Snooping چاوگێڕان بە دزییەوە • Deception گومڕاکردن • Modification, spoofing, repudiation of origin, denial of receipt • Disruption (شلەژان) • Modification • Usurpation (زۆرداری) • Modification, spoofing, delay, denial of service Salahaddin University- Erbil

  5. Policies and Mechanisms • Policy says what is, and is not, allowed • This defines “security” for the site/system/etc. • Mechanisms enforce policies • Composition of policies • If policies conflict, discrepancies may create security vulnerabilities Salahaddin University- Erbil

  6. Goals of Security • Prevention • Prevent attackers from violating security policy • Detection • Detect attackers’ violation of security policy • Recovery • Stop attack, assess and repair damage • Continue to function correctly even if attack succeeds Salahaddin University- Erbil

  7. Trust and Assumptions • Underlie all aspects of security • Policies • Unambiguously partition system states • Correctly capture security requirements • Mechanisms • Assumed to enforce policy • Support mechanisms work correctly Salahaddin University- Erbil

  8. Types of Mechanisms secure broad precise set of reachable states set of secure states Salahaddin University- Erbil

  9. Types of Mechanisms Secure پارێزراو جۆرێکی پارێزراوە.. بەڵام سیستەم (کۆمپیوتەر) ناتوانێت بگاتە هەندێک شوێن لە بارە پارێزراوەکە. جۆرێکی دروست و ووردە.. سیستەم (کۆمپیوتەر) دەتوانێت بگاتە هەموو شوێنێکی بارە پارێزراوەکە. Precise دروست-وورد Broad فراوان- بەربڵاو جۆرێکی ناپارێزراوە.. شوێنی ناپارێزراو بەردەستە بۆ سیستەم Salahaddin University- Erbil

  10. Assurance • Specification • Requirements analysis • Statement of desired functionality • Design • How system will meet specification • Implementation • Programs/systems that carry out design Salahaddin University- Erbil

  11. Operational Issues • Cost-Benefit Analysis • Is it cheaper to prevent or recover? • Risk Analysis • Should we protect something? • How much should we protect this thing? • Laws and Customs • Are desired security measures illegal? • Will people do them? Salahaddin University- Erbil

  12. Human Issues • Organizational Problems • Power and responsibility • Financial benefits • People problems • Outsiders and insiders • Social engineering Salahaddin University- Erbil

  13. Tying Together Threats Policy Specification Design Implementation Operation Salahaddin University- Erbil

  14. Key Points • Policy defines security, and mechanisms enforce security • Confidentiality • Integrity • Availability • Trust and knowing assumptions • Importance of assurance • The human factor Salahaddin University- Erbil

  15. Reference 1. Matt Bishop, Introduction to Computer Science, Addison Wesley professional, 2004 2. William Stalling, Cryptography and Network Security: Principles and Practice, Pearson , 7th Edition, 2017 Salahaddin University- Erbil

More Related