150 likes | 205 Views
This informative guide covers computer security components, threats, policies, the role of trust, assurance, operational and human issues. It explains confidentiality, integrity, availability, threat classes, policies, security goals, mechanisms, trust, and types of mechanisms. The text discusses prevention, detection, recovery, and the importance of human factors in security. Readers will learn about policies, mechanisms, and operational considerations in ensuring data and system security.
E N D
Information Security Newroz N. Abdulrazaq Science College- Department of Computer Science & I.T. newroz.abudlrazaq@su.edu.kurd Mobile: 07504052680 Salahaddin University- Erbil
Chapter 1: Introduction • Components of computer security • Threats هەڕەشە • Policies and mechanisms(میکانزم و پلان) • The role of trust (رۆڵێ متمانە پێبوون) • Assurance (دڵنیایی) • Operational Issues • Human Issues Salahaddin University- Erbil
Basic Components • Confidentiality (پاراستنی نهێنی) • Keeping data and resources hidden • Integrity (کاملبوون) • Data integrity (integrity) • Origin integrity (authentication) • Availability (بەردەستبوون) • Enabling access to data and resources Salahaddin University- Erbil
Classes of Threats • Disclosure درکاندنی نهێنی • Snooping چاوگێڕان بە دزییەوە • Deception گومڕاکردن • Modification, spoofing, repudiation of origin, denial of receipt • Disruption (شلەژان) • Modification • Usurpation (زۆرداری) • Modification, spoofing, delay, denial of service Salahaddin University- Erbil
Policies and Mechanisms • Policy says what is, and is not, allowed • This defines “security” for the site/system/etc. • Mechanisms enforce policies • Composition of policies • If policies conflict, discrepancies may create security vulnerabilities Salahaddin University- Erbil
Goals of Security • Prevention • Prevent attackers from violating security policy • Detection • Detect attackers’ violation of security policy • Recovery • Stop attack, assess and repair damage • Continue to function correctly even if attack succeeds Salahaddin University- Erbil
Trust and Assumptions • Underlie all aspects of security • Policies • Unambiguously partition system states • Correctly capture security requirements • Mechanisms • Assumed to enforce policy • Support mechanisms work correctly Salahaddin University- Erbil
Types of Mechanisms secure broad precise set of reachable states set of secure states Salahaddin University- Erbil
Types of Mechanisms Secure پارێزراو جۆرێکی پارێزراوە.. بەڵام سیستەم (کۆمپیوتەر) ناتوانێت بگاتە هەندێک شوێن لە بارە پارێزراوەکە. جۆرێکی دروست و ووردە.. سیستەم (کۆمپیوتەر) دەتوانێت بگاتە هەموو شوێنێکی بارە پارێزراوەکە. Precise دروست-وورد Broad فراوان- بەربڵاو جۆرێکی ناپارێزراوە.. شوێنی ناپارێزراو بەردەستە بۆ سیستەم Salahaddin University- Erbil
Assurance • Specification • Requirements analysis • Statement of desired functionality • Design • How system will meet specification • Implementation • Programs/systems that carry out design Salahaddin University- Erbil
Operational Issues • Cost-Benefit Analysis • Is it cheaper to prevent or recover? • Risk Analysis • Should we protect something? • How much should we protect this thing? • Laws and Customs • Are desired security measures illegal? • Will people do them? Salahaddin University- Erbil
Human Issues • Organizational Problems • Power and responsibility • Financial benefits • People problems • Outsiders and insiders • Social engineering Salahaddin University- Erbil
Tying Together Threats Policy Specification Design Implementation Operation Salahaddin University- Erbil
Key Points • Policy defines security, and mechanisms enforce security • Confidentiality • Integrity • Availability • Trust and knowing assumptions • Importance of assurance • The human factor Salahaddin University- Erbil
Reference 1. Matt Bishop, Introduction to Computer Science, Addison Wesley professional, 2004 2. William Stalling, Cryptography and Network Security: Principles and Practice, Pearson , 7th Edition, 2017 Salahaddin University- Erbil