wee

1. Information Security: INFO433
Felex Madzikanda
Department of Information and Marketin
g Sciences
Midlands State University
madzikandaf@staff.msu.ac.zw
0774810683

2. Administration
 Lectures, assignments and tests worth 30%
 Final examination November, three hours wort
h 70%

3. Assignments
1) Assignment 1: demonstrate the man in the m
iddle attack(MITM) by use of ettercap (provid
e video and report with screenshots. 30 mark
s)
2) Assignment 2: using favourable language imp
lement a program that encrypts and decrypts
data. (provide executable. 30 marks)

4. Information Security
• Information Systems?
• Information Security?

5. Overview of Information Security

6. Need for Information Security
• Organizational costs of data loss
• Incorrect decision making
• Computer abuse
• Value of computer hardware, software and pe
rsonnel
• High costs of computer error
• Privacy
• Controlled evolution of computer use

7. Classes of Controls
Below are some of the major classes of controls)
• authenticity
• accuracy – validation checks, overflow checks,
financial controls
• completenes – validation, record sequence #s

8. Classes of Controls
• Redundancy – to ensure a data item is process
ed only once
• Privacy – encryption, passwords, inference
• Audit Trails – two types i.e. accounting and op
erations audit trail.
• Existence – attempt to ensure the ongoing ava
ilability of all system resources

9. Classes of Controls
• Asset safeguarding – ensure that resources wit
hin a system are protected from destruction or
corruption
• Effectiveness – to ensure that systems achieve
their goals e.g. Post audits
• Efficiency controls – to ensure a system uses m
inimum resources to achieve its goals e.g logs
of resource consumption, perfomance monito
ring using h/w and s/w monitors

10. Challenges to Information Security
• Mechanisms used to meet security requireme
nts can be quite complex and may require sub
tle reasoning to understand.
• Need to always consider potential security att
acks to develop particular security mechanism
or algorithm.
• Need to consider all various aspects of a securi
ty threat to come up with elaborate security m
echanisms.

11. Challenges to Information Security
• Need to decide correct positioning of designe
d security mechanisms in terms of both physic
al placement (points in a network) and logical
sense (layer/s of an architecture).
• Involvement of more than one particular algor
ithm or protocol in security mechanisms and n
eed for participants to possess some secret inf
ormation which, in turn, raises issues relating t
o creation, distribution and protection of the s
ecret information.

12. Challenges to Information Security
• View of computer and network security as bat
tle of wits between perpetrator (trying to find
loopholes) and security designer/administrato
r (trying to loopholes), where attacker has adv
antage that s/he only needs to find a single we
akness, while designer needs to find and elimi
nate all weaknesses to achieve perfect securit
y.
• Natural tendency by users and system manage
rs to perceive little benefit from security invest

13. Challenges to Information Security
• Tendency to consider incorporation of security
as an afterthought, after design is complete ra
ther than being considered as an integral part
of the design process.
• Tendency by users, and even security administ
rators, to view strong security as an impedime
nt to efficient and user-friendly operation of a
n information system or use of information.