SlideShare una empresa de Scribd logo

System security

Descargar como PPTX, PDF
S
sommerville-videos

Accompanies video on my YouTube channel on system security

TecnologíaNoticias y política
1 de 18
System security System security, 2013 Slide 1
Security • The security of a system is a system property that reflects the system’s ability to protect itself from accidental or deliberate external attack. System security, 2013 Slide 2
Principal dependability properties System security, 2013 Slide 3
• Security is essential as most systems are networked so that external access to the system through the Internet is possible. • Security is a pre-condition for availability, reliability and safety. System security, 2013 Slide 4
Damage from insecurity • Denial of service – The system is forced into a state where normal services are unavailable or where service provision is significantly degraded System security, 2013 Slide 5
• Corruption of programs or data – The programs or data in the system may be modified in an unauthorised way System security, 2013 Slide 6
• Disclosure of confidential information – Information that is managed by the system may be exposed to people who are not authorised to read or use that information System security, 2013 Slide 7
• Asset – Something, such as a computer system, that needs to be protected – Example: The records of patients receiving treatment in a hospital System security, 2013 Slide 8
• Exposure – Possible loss or harm that could result from a security failure – Potential financial loss from future patients who do not seek treatment because they do not trust the clinic to maintain their data. Financial loss from legal action by patients. Loss of reputation. System security, 2013 Slide 9
• Vulnerability – A weakness in a system that may be exploited to cause loss or harm – A weak password system which makes it easy for users to set guessable passwords System security, 2013 Slide 10
• Attack – An exploitation of a system’s vulnerability that is a deliberate attempt to cause some damage – An impersonation of an authorized user to gain access to records system System security, 2013 Slide 11
• Threat – A system vulnerability that is subjected to an attack. – An unauthorized user will gain access to the system by guessing the credentials (login name and password) of an authorized user. System security, 2013 Slide 12
• Control – A protective measure that reduces a system’s vulnerability. – A password checking system that disallows user passwords that are proper names or words that are normally included in a dictionary. System security, 2013 Slide 13
Security assurance • Vulnerability avoidance – The system is designed so that vulnerabilities do not occur. For example, if there is no external network connection then external attack is impossible System security, 2013 Slide 14
• Attack detection and elimination – The system is designed so that attacks on vulnerabilities are detected and neutralised before they result in an exposure. For example, virus checkers find and remove viruses before they infect a system System security, 2013 Slide 15
• Exposure limitation and recovery – The system is designed so that the adverse consequences of a successful attack are minimised. For example, a backup policy allows damaged information to be restored System security, 2013 Slide 16
Summary • Security is a system property that reflects the system’s ability to protect itself from malicious use • A system has to be secure if we are to be confident in its dependability • Damage includes – Denial of service – Loss or corruption of data – Disclosure of confidential information System security, 2013 Slide 17
Summary • Security can be maintained through strategies such as – Vulnerability avoidance – Attack detection and elimination – Exposure limitation and recovery System security, 2013 Slide 18

Recomendados

System Security-Chapter 1
System Security-Chapter 1System Security-Chapter 1
System Security-Chapter 1
Vamsee Krishna Kiran
 
Operating System Security
Operating System SecurityOperating System Security
Operating System Security
Ramesh Upadhaya
 
Protection and security
Protection and securityProtection and security
Protection and security
mbadhi
 
system Security
system Security system Security
system Security
Gaurav Mishra
 
System security
System securitySystem security
System security
invertis university
 
Operating system security
Operating system securityOperating system security
Operating system security
Ramesh Ogania
 
Basic concepts in computer security
Basic concepts in computer securityBasic concepts in computer security
Basic concepts in computer security
Arzath Areeff
 
Introduction to Information Security
Introduction to Information Security Introduction to Information Security
Introduction to Information Security
Shreedevi Tharanidharan
 

Recomendados

System Security-Chapter 1
System Security-Chapter 1System Security-Chapter 1
System Security-Chapter 1
Vamsee Krishna Kiran
 
Operating System Security
Operating System SecurityOperating System Security
Operating System Security
Ramesh Upadhaya
 
Protection and security
Protection and securityProtection and security
Protection and security
mbadhi
 
system Security
system Security system Security
system Security
Gaurav Mishra
 
System security
System securitySystem security
System security
invertis university
 
Operating system security
Operating system securityOperating system security
Operating system security
Ramesh Ogania
 
Basic concepts in computer security
Basic concepts in computer securityBasic concepts in computer security
Basic concepts in computer security
Arzath Areeff
 
Introduction to Information Security
Introduction to Information Security Introduction to Information Security
Introduction to Information Security
Shreedevi Tharanidharan
 
The CIA triad.pptx
The CIA triad.pptxThe CIA triad.pptx
The CIA triad.pptx
GulnurAzat
 
Computer security overview
Computer security overviewComputer security overview
Computer security overview
CAS
 
Access Controls
Access ControlsAccess Controls
Access Controls
primeteacher32
 
Types of Threat Actors and Attack Vectors
Types of Threat Actors and Attack VectorsTypes of Threat Actors and Attack Vectors
Types of Threat Actors and Attack Vectors
LearningwithRayYT
 
Introduction to information security
Introduction to information securityIntroduction to information security
Introduction to information security
jayashri kolekar
 
Computer security concepts
Computer security conceptsComputer security concepts
Computer security concepts
G Prachi
 
Operating system security
Operating system securityOperating system security
Operating system security
Sarmad Makhdoom
 
Cia security model
Cia security modelCia security model
Cia security model
Imran Ahmed
 
Data security and Integrity
Data security and IntegrityData security and Integrity
Data security and Integrity
Zaid Shabbir
 
Security threats
Security threatsSecurity threats
Security threats
Qamar Farooq
 
Types of attacks
Types of attacksTypes of attacks
Types of attacks
Vivek Gandhi
 
Access Control Presentation
Access Control PresentationAccess Control Presentation
Access Control Presentation
Wajahat Rajab
 
Network security
Network securityNetwork security
Network security
Simranpreet Singh
 
Network security (vulnerabilities, threats, and attacks)
Network security (vulnerabilities, threats, and attacks)Network security (vulnerabilities, threats, and attacks)
Network security (vulnerabilities, threats, and attacks)
Fabiha Shahzad
 
Information security
Information securityInformation security
Information security
Lusungu Mkandawire CISA,CISM,CGEIT,CPF,PRINCE2
 
Intrusion detection
Intrusion detectionIntrusion detection
Intrusion detection
CAS
 
Network Security Fundamentals
Network Security FundamentalsNetwork Security Fundamentals
Network Security Fundamentals
Rahmat Suhatman
 
Introduction to Network Security
Introduction to Network SecurityIntroduction to Network Security
Introduction to Network Security
John Ely Masculino
 
Communication security
Communication securityCommunication security
Communication security
Sotheavy Nhoung
 
INFORMATION SECURITY
INFORMATION SECURITYINFORMATION SECURITY
INFORMATION SECURITY
Ahmed Moussa
 
Cyber crime presentation By Vaibhav Gaur
Cyber crime presentation By Vaibhav GaurCyber crime presentation By Vaibhav Gaur
Cyber crime presentation By Vaibhav Gaur
Vaibhav's Group
 
Indentify Theft Slide Show
Indentify Theft Slide ShowIndentify Theft Slide Show
Indentify Theft Slide Show
robinlgray
 

Más contenido relacionado

La actualidad más candente

Operating system security
Operating system securityOperating system security
Operating system security
Sarmad Makhdoom
 
Access Control Presentation
Access Control PresentationAccess Control Presentation
Access Control Presentation
Wajahat Rajab
 
Introduction to Network Security
Introduction to Network SecurityIntroduction to Network Security
Introduction to Network Security
John Ely Masculino
 

La actualidad más candente (20)

The CIA triad.pptx
The CIA triad.pptxThe CIA triad.pptx
The CIA triad.pptx
 
Computer security overview
Computer security overviewComputer security overview
Computer security overview
 
Access Controls
Access ControlsAccess Controls
Access Controls
 
Types of Threat Actors and Attack Vectors
Types of Threat Actors and Attack VectorsTypes of Threat Actors and Attack Vectors
Types of Threat Actors and Attack Vectors
 
Introduction to information security
Introduction to information securityIntroduction to information security
Introduction to information security
 
Computer security concepts
Computer security conceptsComputer security concepts
Computer security concepts
 
Operating system security
Operating system securityOperating system security
Operating system security
 
Cia security model
Cia security modelCia security model
Cia security model
 
Data security and Integrity
Data security and IntegrityData security and Integrity
Data security and Integrity
 
Security threats
Security threatsSecurity threats
Security threats
 
Types of attacks
Types of attacksTypes of attacks
Types of attacks
 
Access Control Presentation
Access Control PresentationAccess Control Presentation
Access Control Presentation
 
Network security
Network securityNetwork security
Network security
 
Network security (vulnerabilities, threats, and attacks)
Network security (vulnerabilities, threats, and attacks)Network security (vulnerabilities, threats, and attacks)
Network security (vulnerabilities, threats, and attacks)
 
Information security
Information securityInformation security
Information security
 
Intrusion detection
Intrusion detectionIntrusion detection
Intrusion detection
 
Network Security Fundamentals
Network Security FundamentalsNetwork Security Fundamentals
Network Security Fundamentals
 
Introduction to Network Security
Introduction to Network SecurityIntroduction to Network Security
Introduction to Network Security
 
Communication security
Communication securityCommunication security
Communication security
 
INFORMATION SECURITY
INFORMATION SECURITYINFORMATION SECURITY
INFORMATION SECURITY
 

Destacado

Identity Theft Presentation
Identity Theft PresentationIdentity Theft Presentation
Identity Theft Presentation
Randall Chesnutt
 
Data Privacy and Protection Presentation
Data Privacy and Protection PresentationData Privacy and Protection Presentation
Data Privacy and Protection Presentation
mlw32785
 
Safety & security
Safety & securitySafety & security
Safety & security
Rohit Mohan
 
central air conditioning system
central air conditioning systemcentral air conditioning system
central air conditioning system
UiTM Shah Alam
 
Air Conditioning System
Air Conditioning SystemAir Conditioning System
Air Conditioning System
Sumit Ranjan
 

Destacado (20)

Cyber crime presentation By Vaibhav Gaur
Cyber crime presentation By Vaibhav GaurCyber crime presentation By Vaibhav Gaur
Cyber crime presentation By Vaibhav Gaur
 
Indentify Theft Slide Show
Indentify Theft Slide ShowIndentify Theft Slide Show
Indentify Theft Slide Show
 
Software Security
Software SecuritySoftware Security
Software Security
 
what is data security full ppt
what is data security full pptwhat is data security full ppt
what is data security full ppt
 
Introduction to Data Protection and Information Security
Introduction to Data Protection and Information SecurityIntroduction to Data Protection and Information Security
Introduction to Data Protection and Information Security
 
Identity Theft Presentation
Identity Theft PresentationIdentity Theft Presentation
Identity Theft Presentation
 
Data Privacy and Protection Presentation
Data Privacy and Protection PresentationData Privacy and Protection Presentation
Data Privacy and Protection Presentation
 
Fire fighting
Fire fightingFire fighting
Fire fighting
 
Electronic security system
Electronic security systemElectronic security system
Electronic security system
 
Bms for security systems
Bms for security systemsBms for security systems
Bms for security systems
 
Safety & security
Safety & securitySafety & security
Safety & security
 
Fire fighting
Fire fightingFire fighting
Fire fighting
 
Fire fighting active system
Fire fighting active systemFire fighting active system
Fire fighting active system
 
Fire fighting passive system
Fire fighting passive systemFire fighting passive system
Fire fighting passive system
 
Safety and security for buildings
Safety and security for buildingsSafety and security for buildings
Safety and security for buildings
 
Types of air conditioning systems
Types of air conditioning systemsTypes of air conditioning systems
Types of air conditioning systems
 
central air conditioning system
central air conditioning systemcentral air conditioning system
central air conditioning system
 
Fire Fighting System
Fire Fighting SystemFire Fighting System
Fire Fighting System
 
Air Conditioning System
Air Conditioning SystemAir Conditioning System
Air Conditioning System
 
Air conditioning-system ppt
Air conditioning-system pptAir conditioning-system ppt
Air conditioning-system ppt
 

Similar a System security

Security ConceptsDr. Y. ChuCIS3360 Security in Computing.docx
Security ConceptsDr. Y. ChuCIS3360 Security in Computing.docxSecurity ConceptsDr. Y. ChuCIS3360 Security in Computing.docx
Security ConceptsDr. Y. ChuCIS3360 Security in Computing.docx
bagotjesusa
 

Similar a System security (20)

System safety
System safetySystem safety
System safety
 
OPERATING SYSTEM SECURITY
OPERATING SYSTEM SECURITYOPERATING SYSTEM SECURITY
OPERATING SYSTEM SECURITY
 
CH01-CompSec4e.pptx
CH01-CompSec4e.pptxCH01-CompSec4e.pptx
CH01-CompSec4e.pptx
 
Ch13 - Security Engineering
Ch13 - Security EngineeringCh13 - Security Engineering
Ch13 - Security Engineering
 
Cybersecurity 5 improving cybersecurity
Cybersecurity 5 improving cybersecurityCybersecurity 5 improving cybersecurity
Cybersecurity 5 improving cybersecurity
 
Cybersecurity 5 improving cybersecurity
Cybersecurity 5 improving cybersecurityCybersecurity 5 improving cybersecurity
Cybersecurity 5 improving cybersecurity
 
Network Security Topic 1 intro
Network Security Topic 1 introNetwork Security Topic 1 intro
Network Security Topic 1 intro
 
Ch13 security engineering
Ch13 security engineeringCh13 security engineering
Ch13 security engineering
 
Isys20261 lecture 02
Isys20261 lecture 02Isys20261 lecture 02
Isys20261 lecture 02
 
Security ConceptsDr. Y. ChuCIS3360 Security in Computing.docx
Security ConceptsDr. Y. ChuCIS3360 Security in Computing.docxSecurity ConceptsDr. Y. ChuCIS3360 Security in Computing.docx
Security ConceptsDr. Y. ChuCIS3360 Security in Computing.docx
 
S.Karthika,II-M.sc(Computer Science),Bon Secours college for women,thanjavur
S.Karthika,II-M.sc(Computer Science),Bon Secours college for women,thanjavurS.Karthika,II-M.sc(Computer Science),Bon Secours college for women,thanjavur
S.Karthika,II-M.sc(Computer Science),Bon Secours college for women,thanjavur
 
Database security
Database securityDatabase security
Database security
 
Module -5 Security.pdf
Module -5 Security.pdfModule -5 Security.pdf
Module -5 Security.pdf
 
Data information and security unit 1.pdf
Data information and security unit 1.pdfData information and security unit 1.pdf
Data information and security unit 1.pdf
 
Security in network computing
Security in network computingSecurity in network computing
Security in network computing
 
Securing information system
Securing information systemSecuring information system
Securing information system
 
Chapter- I introduction
Chapter- I introductionChapter- I introduction
Chapter- I introduction
 
Chapter-I introduction
Chapter-I introductionChapter-I introduction
Chapter-I introduction
 
The 5 Layers of Security Testing by Alan Koch
The 5 Layers of Security Testing by Alan KochThe 5 Layers of Security Testing by Alan Koch
The 5 Layers of Security Testing by Alan Koch
 
The 5 Layers of Security Testing by Alan Koch
The 5 Layers of Security Testing by Alan KochThe 5 Layers of Security Testing by Alan Koch
The 5 Layers of Security Testing by Alan Koch
 

Más de sommerville-videos

System of systems classification
System of systems classificationSystem of systems classification
System of systems classification
sommerville-videos
 

Más de sommerville-videos (20)

Architectural patterns for real-time systems
Architectural patterns for real-time systemsArchitectural patterns for real-time systems
Architectural patterns for real-time systems
 
Introduction to real time software systems script
Introduction to real time software systems scriptIntroduction to real time software systems script
Introduction to real time software systems script
 
System of systems classification
System of systems classificationSystem of systems classification
System of systems classification
 
Reuse landscape
Reuse landscapeReuse landscape
Reuse landscape
 
Introduction to systems of systems
Introduction to systems of systemsIntroduction to systems of systems
Introduction to systems of systems
 
Scaling agile
Scaling agileScaling agile
Scaling agile
 
Agile methods for large systems
Agile methods for large systemsAgile methods for large systems
Agile methods for large systems
 
User stories
User storiesUser stories
User stories
 
Agile and plan based development processes
Agile and plan based development processesAgile and plan based development processes
Agile and plan based development processes
 
Fundamental software engineering activities
Fundamental software engineering activitiesFundamental software engineering activities
Fundamental software engineering activities
 
Introducing Software Engineering
Introducing Software EngineeringIntroducing Software Engineering
Introducing Software Engineering
 
Why se script
Why se scriptWhy se script
Why se script
 
Ariane 5 launcher failure
Ariane 5 launcher failure Ariane 5 launcher failure
Ariane 5 launcher failure
 
Airbus Flight Control System
Airbus Flight Control SystemAirbus Flight Control System
Airbus Flight Control System
 
Warsaw airbus accident
Warsaw airbus accidentWarsaw airbus accident
Warsaw airbus accident
 
Stakeholders, viewpoints and concerns
Stakeholders, viewpoints and concernsStakeholders, viewpoints and concerns
Stakeholders, viewpoints and concerns
 
Requirements engineering processes
Requirements engineering processesRequirements engineering processes
Requirements engineering processes
 
Requirements engineering challenges
Requirements engineering challengesRequirements engineering challenges
Requirements engineering challenges
 
Intro to requirements eng.
Intro to requirements eng.Intro to requirements eng.
Intro to requirements eng.
 
Emergent properties
Emergent propertiesEmergent properties
Emergent properties
 

Último

IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI Solutions
Enterprise Knowledge
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Igalia
 
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
Earley Information Science
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...
Enterprise Knowledge
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
Safe Software
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
Delhi Call girls
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Service
giselly40
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Miguel Araújo
 

Último (20)

GenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdfGenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdf
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI Solutions
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Script
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
 
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...
 
Tech Trends Report 2024 Future Today Institute.pdf
Tech Trends Report 2024 Future Today Institute.pdfTech Trends Report 2024 Future Today Institute.pdf
Tech Trends Report 2024 Future Today Institute.pdf
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdf
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Service
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
 

System security

  • 2. Security • The security of a system is a system property that reflects the system’s ability to protect itself from accidental or deliberate external attack. System security, 2013 Slide 2
  • 4. • Security is essential as most systems are networked so that external access to the system through the Internet is possible. • Security is a pre-condition for availability, reliability and safety. System security, 2013 Slide 4
  • 5. Damage from insecurity • Denial of service – The system is forced into a state where normal services are unavailable or where service provision is significantly degraded System security, 2013 Slide 5
  • 6. • Corruption of programs or data – The programs or data in the system may be modified in an unauthorised way System security, 2013 Slide 6
  • 7. • Disclosure of confidential information – Information that is managed by the system may be exposed to people who are not authorised to read or use that information System security, 2013 Slide 7
  • 8. • Asset – Something, such as a computer system, that needs to be protected – Example: The records of patients receiving treatment in a hospital System security, 2013 Slide 8
  • 9. • Exposure – Possible loss or harm that could result from a security failure – Potential financial loss from future patients who do not seek treatment because they do not trust the clinic to maintain their data. Financial loss from legal action by patients. Loss of reputation. System security, 2013 Slide 9
  • 10. • Vulnerability – A weakness in a system that may be exploited to cause loss or harm – A weak password system which makes it easy for users to set guessable passwords System security, 2013 Slide 10
  • 11. • Attack – An exploitation of a system’s vulnerability that is a deliberate attempt to cause some damage – An impersonation of an authorized user to gain access to records system System security, 2013 Slide 11
  • 12. • Threat – A system vulnerability that is subjected to an attack. – An unauthorized user will gain access to the system by guessing the credentials (login name and password) of an authorized user. System security, 2013 Slide 12
  • 13. • Control – A protective measure that reduces a system’s vulnerability. – A password checking system that disallows user passwords that are proper names or words that are normally included in a dictionary. System security, 2013 Slide 13
  • 14. Security assurance • Vulnerability avoidance – The system is designed so that vulnerabilities do not occur. For example, if there is no external network connection then external attack is impossible System security, 2013 Slide 14
  • 15. • Attack detection and elimination – The system is designed so that attacks on vulnerabilities are detected and neutralised before they result in an exposure. For example, virus checkers find and remove viruses before they infect a system System security, 2013 Slide 15
  • 16. • Exposure limitation and recovery – The system is designed so that the adverse consequences of a successful attack are minimised. For example, a backup policy allows damaged information to be restored System security, 2013 Slide 16
  • 17. Summary • Security is a system property that reflects the system’s ability to protect itself from malicious use • A system has to be secure if we are to be confident in its dependability • Damage includes – Denial of service – Loss or corruption of data – Disclosure of confidential information System security, 2013 Slide 17
  • 18. Summary • Security can be maintained through strategies such as – Vulnerability avoidance – Attack detection and elimination – Exposure limitation and recovery System security, 2013 Slide 18