SlideShare una empresa de Scribd logo

Isys20261 lecture 01

Descargar como PPT, PDF
Wiliam Ferraciolli
Wiliam Ferraciolli
1 de 11
Computer Security Management (ISYS20261) Lecture 1 - Introduction Module Leader: Dr Xiaoqi Ma School of Science and Technology
Module information • Lectures: ERD171 (Dr Xiaoqi Ma) • Seminars: ABK010 • Module webpage: NOW • Course book: Dhillon, G. (2006) Principles of Information Systems Security: Texts and Cases, Wiley, ISBN: 0471450561. Computer Security Management Page 2
Module information (cont.) • Assessment: – Coursework (50%) Seminar presentation and related report on a new security technology or process change – Exam (50%) Examination of knowledge of variety of strategies, processes, laws, and ethical dilemmas, and their related value to specific cases. • Please note: seminars start next week! Computer Security Management Page 3
Module overview • Threats and Risk Management – Develop awareness of threats, such as denial of service and modification attacks, and of hacker motivation and techniques. – Apply risk management (assessment and control) to address the threats to enable business continuity management. • Security Strategy and Management – Defining information security and the security systems life cycle and the computer security function within an organisation. – Developing IT security strategy, governance and policy to enable audits and compliance. – Cost Justification of security decisions • Ethics & law in computer security – Credentials of Information Security Professionals – Key laws including current case law, and how organisations should develop policies to address them. Computer Security Management Page 4
Management • In order to be able to manage something: – Need to be able to measure this something! • In order to be able to measure something: – Need to know what this something actually is! • So: what is ‘computer security’? Computer Security Management Page 5
Information security requirements • Confidentiality – Protecting sensitive information from unauthorised disclosure or intelligible interception • Integrity – Safeguarding the accuracy and completeness of information (and software) • Availability – Ensuring that information (and vital services) are available to users when required • Authentication – Ensuring that information is from the source it claims to be from • Non repudiation – Prevents an entity from denying having performed a particular action related to data Computer Security Management Page 6
Computer security: protection of information related assets • Data • Hardware – Computer – Network infrastructure • Software – System software – Application software • Intangible assets – Reputation of organisation – Goodwill of customers • etc Computer Security Management Page 7
Some definitions • Harm – Something happens to an asset that we do not want to happen • Threat – Possible source of harm • Attack – Threatening event (instance of a threat) • Attacker – Someone or something that mounts a threat • Vulnerability – Weakness in the system (asset) that makes an attack more likely to successes • Risk – Possibility that a threat will affect the business or organisation Computer Security Management Page 8
Security risks and management Risk Analysis Asset Vulnerability Threat Risk Management Risk Security Measures Computer Security Management Page 9
Aspects of computer security • Host security – Access control, viruses, worms and Trojan horses, intrusion detection, trusted computing • Network security – Protocols, cryptography, Web security, public key infrastructure, utility computing • People and physical security – Attackers, social engineering, biometrics, tamper resistance, human centred security • Security risk management – Risk analysis and management, 3rd generation methods: security by design • Computer forensics – Identify, preserve, analyze and present digital evidence Computer Security Management Page 10
Summary • Computer security • Security risk and management • Aspects of computer security Computer Security Management Page 11

Recomendados

Information security
Information security Information security
Information security razendar79
 
Information Security
Information Security Information Security
Information Security Alok Katiyar
 
Introduction to information security - by Ivan Nganda
Introduction to information security - by Ivan NgandaIntroduction to information security - by Ivan Nganda
Introduction to information security - by Ivan NgandaSee You Rise Holdings
 
CISSP Certification- Security Engineering-part1
CISSP Certification- Security Engineering-part1CISSP Certification- Security Engineering-part1
CISSP Certification- Security Engineering-part1Hamed Moghaddam
 
Information security
Information securityInformation security
Information securityLusungu Mkandawire CISA,CISM,CGEIT,CPF,PRINCE2
 
Introduction to information security
Introduction to information securityIntroduction to information security
Introduction to information securityKATHEESKUMAR S
 
Information Assurance And Security - Chapter 1 - Lesson 1
Information Assurance And Security - Chapter 1 - Lesson 1Information Assurance And Security - Chapter 1 - Lesson 1
Information Assurance And Security - Chapter 1 - Lesson 1MLG College of Learning, Inc
 
Fundamentals of threats and risk management course, cybersecurity
Fundamentals of threats and risk management course, cybersecurityFundamentals of threats and risk management course, cybersecurity
Fundamentals of threats and risk management course, cybersecurityTonex
 

Recomendados

Information security
Information security Information security
Information security razendar79
 
Information Security
Information Security Information Security
Information Security Alok Katiyar
 
Introduction to information security - by Ivan Nganda
Introduction to information security - by Ivan NgandaIntroduction to information security - by Ivan Nganda
Introduction to information security - by Ivan NgandaSee You Rise Holdings
 
CISSP Certification- Security Engineering-part1
CISSP Certification- Security Engineering-part1CISSP Certification- Security Engineering-part1
CISSP Certification- Security Engineering-part1Hamed Moghaddam
 
Information security
Information securityInformation security
Information securityLusungu Mkandawire CISA,CISM,CGEIT,CPF,PRINCE2
 
Introduction to information security
Introduction to information securityIntroduction to information security
Introduction to information securityKATHEESKUMAR S
 
Information Assurance And Security - Chapter 1 - Lesson 1
Information Assurance And Security - Chapter 1 - Lesson 1Information Assurance And Security - Chapter 1 - Lesson 1
Information Assurance And Security - Chapter 1 - Lesson 1MLG College of Learning, Inc
 
Fundamentals of threats and risk management course, cybersecurity
Fundamentals of threats and risk management course, cybersecurityFundamentals of threats and risk management course, cybersecurity
Fundamentals of threats and risk management course, cybersecurityTonex
 
Introduction to Information Security
Introduction to Information SecurityIntroduction to Information Security
Introduction to Information SecurityDr. Loganathan R
 
Security Awareness and Training
Security Awareness and TrainingSecurity Awareness and Training
Security Awareness and TrainingPriyank Hada
 
Information security challenges in today’s banking environment
Information security challenges in today’s banking environmentInformation security challenges in today’s banking environment
Information security challenges in today’s banking environmentEvan Francen
 
Ofer Cohen - areas of expertise
Ofer Cohen - areas of expertiseOfer Cohen - areas of expertise
Ofer Cohen - areas of expertiseOfer JRL Cohen
 
CISSP Certification-Asset Security
CISSP Certification-Asset SecurityCISSP Certification-Asset Security
CISSP Certification-Asset SecurityHamed Moghaddam
 
Lesson 1 - Introduction
Lesson 1 - Introduction Lesson 1 - Introduction
Lesson 1 - Introduction MLG College of Learning, Inc
 
introduction to information security
introduction to information security introduction to information security
introduction to information security ahmed sami
 
Infromation securiity
Infromation securiityInfromation securiity
Infromation securiityAamir Sohail
 
ISO 27001 2013 Introduction Study Case IGN Mantra, 2nd Day, 3rd Session.
ISO 27001 2013 Introduction Study Case IGN Mantra, 2nd Day, 3rd Session.ISO 27001 2013 Introduction Study Case IGN Mantra, 2nd Day, 3rd Session.
ISO 27001 2013 Introduction Study Case IGN Mantra, 2nd Day, 3rd Session.IGN MANTRA
 
Lesson 2
Lesson 2Lesson 2
Lesson 2MLG College of Learning, Inc
 
Lesson 1- Risk Managment
Lesson 1- Risk ManagmentLesson 1- Risk Managment
Lesson 1- Risk ManagmentMLG College of Learning, Inc
 
Lesson 1
Lesson 1Lesson 1
Lesson 1MLG College of Learning, Inc
 
Information Assurance And Security - Chapter 1 - Lesson 2
Information Assurance And Security - Chapter 1 - Lesson 2Information Assurance And Security - Chapter 1 - Lesson 2
Information Assurance And Security - Chapter 1 - Lesson 2MLG College of Learning, Inc
 
Lecture1 intro to cs
Lecture1 intro to csLecture1 intro to cs
Lecture1 intro to csDoneisha McKenzie
 
Lesson 2- Information Asset Valuation
Lesson 2- Information Asset ValuationLesson 2- Information Asset Valuation
Lesson 2- Information Asset ValuationMLG College of Learning, Inc
 
International Journal of Engineering Research and Development
International Journal of Engineering Research and DevelopmentInternational Journal of Engineering Research and Development
International Journal of Engineering Research and DevelopmentIJERD Editor
 
Cervone uof t - nist framework (1)
Cervone uof t - nist framework (1)Cervone uof t - nist framework (1)
Cervone uof t - nist framework (1)Stephen Abram
 
Lesson 4
Lesson 4Lesson 4
Lesson 4MLG College of Learning, Inc
 
Information security and other issues
Information security and other issuesInformation security and other issues
Information security and other issuesHaseeb Ahmed Awan
 
Introduction to information security
Introduction to information securityIntroduction to information security
Introduction to information securityDhani Ahmad
 
Unit 1&2.pdf
Unit 1&2.pdfUnit 1&2.pdf
Unit 1&2.pdfNdheh
 
1678784047-mid_sem-2.pdf
1678784047-mid_sem-2.pdf1678784047-mid_sem-2.pdf
1678784047-mid_sem-2.pdfRimurutempest594985
 

Más contenido relacionado

La actualidad más candente

Introduction to Information Security
Introduction to Information SecurityIntroduction to Information Security
Introduction to Information SecurityDr. Loganathan R
 
Security Awareness and Training
Security Awareness and TrainingSecurity Awareness and Training
Security Awareness and TrainingPriyank Hada
 
Information security challenges in today’s banking environment
Information security challenges in today’s banking environmentInformation security challenges in today’s banking environment
Information security challenges in today’s banking environmentEvan Francen
 
Ofer Cohen - areas of expertise
Ofer Cohen - areas of expertiseOfer Cohen - areas of expertise
Ofer Cohen - areas of expertiseOfer JRL Cohen
 
CISSP Certification-Asset Security
CISSP Certification-Asset SecurityCISSP Certification-Asset Security
CISSP Certification-Asset SecurityHamed Moghaddam
 
introduction to information security
introduction to information security introduction to information security
introduction to information security ahmed sami
 
Infromation securiity
Infromation securiityInfromation securiity
Infromation securiityAamir Sohail
 
ISO 27001 2013 Introduction Study Case IGN Mantra, 2nd Day, 3rd Session.
ISO 27001 2013 Introduction Study Case IGN Mantra, 2nd Day, 3rd Session.ISO 27001 2013 Introduction Study Case IGN Mantra, 2nd Day, 3rd Session.
ISO 27001 2013 Introduction Study Case IGN Mantra, 2nd Day, 3rd Session.IGN MANTRA
 
Information Assurance And Security - Chapter 1 - Lesson 2
Information Assurance And Security - Chapter 1 - Lesson 2Information Assurance And Security - Chapter 1 - Lesson 2
Information Assurance And Security - Chapter 1 - Lesson 2MLG College of Learning, Inc
 
International Journal of Engineering Research and Development
International Journal of Engineering Research and DevelopmentInternational Journal of Engineering Research and Development
International Journal of Engineering Research and DevelopmentIJERD Editor
 
Cervone uof t - nist framework (1)
Cervone uof t - nist framework (1)Cervone uof t - nist framework (1)
Cervone uof t - nist framework (1)Stephen Abram
 
Information security and other issues
Information security and other issuesInformation security and other issues
Information security and other issuesHaseeb Ahmed Awan
 
Introduction to information security
Introduction to information securityIntroduction to information security
Introduction to information securityDhani Ahmad
 

La actualidad más candente (20)

Introduction to Information Security
Introduction to Information SecurityIntroduction to Information Security
Introduction to Information Security
 
Security Awareness and Training
Security Awareness and TrainingSecurity Awareness and Training
Security Awareness and Training
 
Information security challenges in today’s banking environment
Information security challenges in today’s banking environmentInformation security challenges in today’s banking environment
Information security challenges in today’s banking environment
 
Ofer Cohen - areas of expertise
Ofer Cohen - areas of expertiseOfer Cohen - areas of expertise
Ofer Cohen - areas of expertise
 
CISSP Certification-Asset Security
CISSP Certification-Asset SecurityCISSP Certification-Asset Security
CISSP Certification-Asset Security
 
Lesson 1 - Introduction
Lesson 1 - Introduction Lesson 1 - Introduction
Lesson 1 - Introduction
 
introduction to information security
introduction to information security introduction to information security
introduction to information security
 
Infromation securiity
Infromation securiityInfromation securiity
Infromation securiity
 
ISO 27001 2013 Introduction Study Case IGN Mantra, 2nd Day, 3rd Session.
ISO 27001 2013 Introduction Study Case IGN Mantra, 2nd Day, 3rd Session.ISO 27001 2013 Introduction Study Case IGN Mantra, 2nd Day, 3rd Session.
ISO 27001 2013 Introduction Study Case IGN Mantra, 2nd Day, 3rd Session.
 
Lesson 2
Lesson 2Lesson 2
Lesson 2
 
Lesson 1- Risk Managment
Lesson 1- Risk ManagmentLesson 1- Risk Managment
Lesson 1- Risk Managment
 
Lesson 1
Lesson 1Lesson 1
Lesson 1
 
Information Assurance And Security - Chapter 1 - Lesson 2
Information Assurance And Security - Chapter 1 - Lesson 2Information Assurance And Security - Chapter 1 - Lesson 2
Information Assurance And Security - Chapter 1 - Lesson 2
 
Lecture1 intro to cs
Lecture1 intro to csLecture1 intro to cs
Lecture1 intro to cs
 
Lesson 2- Information Asset Valuation
Lesson 2- Information Asset ValuationLesson 2- Information Asset Valuation
Lesson 2- Information Asset Valuation
 
International Journal of Engineering Research and Development
International Journal of Engineering Research and DevelopmentInternational Journal of Engineering Research and Development
International Journal of Engineering Research and Development
 
Cervone uof t - nist framework (1)
Cervone uof t - nist framework (1)Cervone uof t - nist framework (1)
Cervone uof t - nist framework (1)
 
Lesson 4
Lesson 4Lesson 4
Lesson 4
 
Information security and other issues
Information security and other issuesInformation security and other issues
Information security and other issues
 
Introduction to information security
Introduction to information securityIntroduction to information security
Introduction to information security
 

Similar a Isys20261 lecture 01

Unit 1&2.pdf
Unit 1&2.pdfUnit 1&2.pdf
Unit 1&2.pdfNdheh
 
1 info sec+risk-mgmt
1 info sec+risk-mgmt1 info sec+risk-mgmt
1 info sec+risk-mgmtmadunix
 
Introduction to Cybersecurity.pdf
Introduction to Cybersecurity.pdfIntroduction to Cybersecurity.pdf
Introduction to Cybersecurity.pdfssuserf98dd4
 
MIS: Information Security Management
MIS: Information Security ManagementMIS: Information Security Management
MIS: Information Security ManagementJonathan Coleman
 
chapter 1. Introduction to Information Security
chapter 1. Introduction to Information Security chapter 1. Introduction to Information Security
chapter 1. Introduction to Information Security elmuhammadmuhammad
 
information security management
information security managementinformation security management
information security managementGurpreetkaur838
 
Security architecture principles isys 0575general att
Security architecture principles isys 0575general attSecurity architecture principles isys 0575general att
Security architecture principles isys 0575general attSHIVA101531
 
Cyber-Security-Unit-1.pptx
Cyber-Security-Unit-1.pptxCyber-Security-Unit-1.pptx
Cyber-Security-Unit-1.pptxTikdiPatel
 
cissp-course content.pdf & cissp description
cissp-course content.pdf & cissp descriptioncissp-course content.pdf & cissp description
cissp-course content.pdf & cissp descriptionInfosec train
 
CISSP _Course _Description and course overview
CISSP _Course _Description and course overviewCISSP _Course _Description and course overview
CISSP _Course _Description and course overviewpriyanshamadhwal2
 
1_Introduction to security.pptx
1_Introduction to security.pptx1_Introduction to security.pptx
1_Introduction to security.pptxdiaa46
 
Technology Issues and Cybersecurity Strategies
Technology Issues and Cybersecurity StrategiesTechnology Issues and Cybersecurity Strategies
Technology Issues and Cybersecurity StrategiesJack Pringle
 

Similar a Isys20261 lecture 01 (20)

Unit 1&2.pdf
Unit 1&2.pdfUnit 1&2.pdf
Unit 1&2.pdf
 
1678784047-mid_sem-2.pdf
1678784047-mid_sem-2.pdf1678784047-mid_sem-2.pdf
1678784047-mid_sem-2.pdf
 
1 info sec+risk-mgmt
1 info sec+risk-mgmt1 info sec+risk-mgmt
1 info sec+risk-mgmt
 
Introduction to Cybersecurity.pdf
Introduction to Cybersecurity.pdfIntroduction to Cybersecurity.pdf
Introduction to Cybersecurity.pdf
 
MIS: Information Security Management
MIS: Information Security ManagementMIS: Information Security Management
MIS: Information Security Management
 
Intro to Security
Intro to SecurityIntro to Security
Intro to Security
 
chapter 1. Introduction to Information Security
chapter 1. Introduction to Information Security chapter 1. Introduction to Information Security
chapter 1. Introduction to Information Security
 
information security management
information security managementinformation security management
information security management
 
Ns lecture5: Introduction to Computer, Information, and Network Security.
Ns lecture5: Introduction to Computer, Information, and Network Security.Ns lecture5: Introduction to Computer, Information, and Network Security.
Ns lecture5: Introduction to Computer, Information, and Network Security.
 
Security architecture principles isys 0575general att
Security architecture principles isys 0575general attSecurity architecture principles isys 0575general att
Security architecture principles isys 0575general att
 
Isys20261 lecture 02
Isys20261 lecture 02Isys20261 lecture 02
Isys20261 lecture 02
 
Cyber-Security-Unit-1.pptx
Cyber-Security-Unit-1.pptxCyber-Security-Unit-1.pptx
Cyber-Security-Unit-1.pptx
 
Lecture 1-2.pdf
Lecture 1-2.pdfLecture 1-2.pdf
Lecture 1-2.pdf
 
ISAA PPt
ISAA PPtISAA PPt
ISAA PPt
 
cissp-course content.pdf & cissp description
cissp-course content.pdf & cissp descriptioncissp-course content.pdf & cissp description
cissp-course content.pdf & cissp description
 
CISSP _Course _Description and course overview
CISSP _Course _Description and course overviewCISSP _Course _Description and course overview
CISSP _Course _Description and course overview
 
002.itsecurity bcp v1
002.itsecurity bcp v1002.itsecurity bcp v1
002.itsecurity bcp v1
 
internet security and cyber lawUnit1
internet security and cyber lawUnit1internet security and cyber lawUnit1
internet security and cyber lawUnit1
 
1_Introduction to security.pptx
1_Introduction to security.pptx1_Introduction to security.pptx
1_Introduction to security.pptx
 
Technology Issues and Cybersecurity Strategies
Technology Issues and Cybersecurity StrategiesTechnology Issues and Cybersecurity Strategies
Technology Issues and Cybersecurity Strategies
 

Más de Wiliam Ferraciolli

Lecture 12 monitoring the network
Lecture 12 monitoring the networkLecture 12 monitoring the network
Lecture 12 monitoring the networkWiliam Ferraciolli
 
Lecture 11 managing the network
Lecture 11 managing the networkLecture 11 managing the network
Lecture 11 managing the networkWiliam Ferraciolli
 
Lecture 10 the user experience
Lecture 10 the user experienceLecture 10 the user experience
Lecture 10 the user experienceWiliam Ferraciolli
 
Lecture 10 the user experience (1)
Lecture 10 the user experience (1)Lecture 10 the user experience (1)
Lecture 10 the user experience (1)Wiliam Ferraciolli
 
Lecture 7 naming and structuring objects
Lecture 7 naming and structuring objectsLecture 7 naming and structuring objects
Lecture 7 naming and structuring objectsWiliam Ferraciolli
 
Lecture 5&6 corporate architecture
Lecture 5&6 corporate architectureLecture 5&6 corporate architecture
Lecture 5&6 corporate architectureWiliam Ferraciolli
 
Lecture 3 more on servers and services
Lecture 3 more on servers and servicesLecture 3 more on servers and services
Lecture 3 more on servers and servicesWiliam Ferraciolli
 
Lecture 2 servers and services
Lecture 2 servers and servicesLecture 2 servers and services
Lecture 2 servers and servicesWiliam Ferraciolli
 
Lecture 13, 14 & 15 c# cmd let programming and scripting
Lecture 13, 14 & 15 c# cmd let programming and scriptingLecture 13, 14 & 15 c# cmd let programming and scripting
Lecture 13, 14 & 15 c# cmd let programming and scriptingWiliam Ferraciolli
 

Más de Wiliam Ferraciolli (20)

Lecture 12 monitoring the network
Lecture 12 monitoring the networkLecture 12 monitoring the network
Lecture 12 monitoring the network
 
Lecture 11 managing the network
Lecture 11 managing the networkLecture 11 managing the network
Lecture 11 managing the network
 
Lecture 10 the user experience
Lecture 10 the user experienceLecture 10 the user experience
Lecture 10 the user experience
 
Lecture 10 the user experience (1)
Lecture 10 the user experience (1)Lecture 10 the user experience (1)
Lecture 10 the user experience (1)
 
Lecture 9 further permissions
Lecture 9 further permissionsLecture 9 further permissions
Lecture 9 further permissions
 
Lecture 8 permissions
Lecture 8 permissionsLecture 8 permissions
Lecture 8 permissions
 
Lecture 7 naming and structuring objects
Lecture 7 naming and structuring objectsLecture 7 naming and structuring objects
Lecture 7 naming and structuring objects
 
Lecture 5&6 corporate architecture
Lecture 5&6 corporate architectureLecture 5&6 corporate architecture
Lecture 5&6 corporate architecture
 
Lecture 4 client workstations
Lecture 4 client workstationsLecture 4 client workstations
Lecture 4 client workstations
 
Lecture 3 more on servers and services
Lecture 3 more on servers and servicesLecture 3 more on servers and services
Lecture 3 more on servers and services
 
Lecture 2 servers and services
Lecture 2 servers and servicesLecture 2 servers and services
Lecture 2 servers and services
 
Lecture 1 introduction
Lecture 1 introductionLecture 1 introduction
Lecture 1 introduction
 
Lecture 13, 14 & 15 c# cmd let programming and scripting
Lecture 13, 14 & 15 c# cmd let programming and scriptingLecture 13, 14 & 15 c# cmd let programming and scripting
Lecture 13, 14 & 15 c# cmd let programming and scripting
 
Isys20261 lecture 14
Isys20261 lecture 14Isys20261 lecture 14
Isys20261 lecture 14
 
Isys20261 lecture 12
Isys20261 lecture 12Isys20261 lecture 12
Isys20261 lecture 12
 
Isys20261 lecture 11
Isys20261 lecture 11Isys20261 lecture 11
Isys20261 lecture 11
 
Isys20261 lecture 10
Isys20261 lecture 10Isys20261 lecture 10
Isys20261 lecture 10
 
Isys20261 lecture 09
Isys20261 lecture 09Isys20261 lecture 09
Isys20261 lecture 09
 
Isys20261 lecture 08
Isys20261 lecture 08Isys20261 lecture 08
Isys20261 lecture 08
 
Isys20261 lecture 07
Isys20261 lecture 07Isys20261 lecture 07
Isys20261 lecture 07
 

Isys20261 lecture 01

  • 1. Computer Security Management (ISYS20261) Lecture 1 - Introduction Module Leader: Dr Xiaoqi Ma School of Science and Technology
  • 2. Module information • Lectures: ERD171 (Dr Xiaoqi Ma) • Seminars: ABK010 • Module webpage: NOW • Course book: Dhillon, G. (2006) Principles of Information Systems Security: Texts and Cases, Wiley, ISBN: 0471450561. Computer Security Management Page 2
  • 3. Module information (cont.) • Assessment: – Coursework (50%) Seminar presentation and related report on a new security technology or process change – Exam (50%) Examination of knowledge of variety of strategies, processes, laws, and ethical dilemmas, and their related value to specific cases. • Please note: seminars start next week! Computer Security Management Page 3
  • 4. Module overview • Threats and Risk Management – Develop awareness of threats, such as denial of service and modification attacks, and of hacker motivation and techniques. – Apply risk management (assessment and control) to address the threats to enable business continuity management. • Security Strategy and Management – Defining information security and the security systems life cycle and the computer security function within an organisation. – Developing IT security strategy, governance and policy to enable audits and compliance. – Cost Justification of security decisions • Ethics & law in computer security – Credentials of Information Security Professionals – Key laws including current case law, and how organisations should develop policies to address them. Computer Security Management Page 4
  • 5. Management • In order to be able to manage something: – Need to be able to measure this something! • In order to be able to measure something: – Need to know what this something actually is! • So: what is ‘computer security’? Computer Security Management Page 5
  • 6. Information security requirements • Confidentiality – Protecting sensitive information from unauthorised disclosure or intelligible interception • Integrity – Safeguarding the accuracy and completeness of information (and software) • Availability – Ensuring that information (and vital services) are available to users when required • Authentication – Ensuring that information is from the source it claims to be from • Non repudiation – Prevents an entity from denying having performed a particular action related to data Computer Security Management Page 6
  • 7. Computer security: protection of information related assets • Data • Hardware – Computer – Network infrastructure • Software – System software – Application software • Intangible assets – Reputation of organisation – Goodwill of customers • etc Computer Security Management Page 7
  • 8. Some definitions • Harm – Something happens to an asset that we do not want to happen • Threat – Possible source of harm • Attack – Threatening event (instance of a threat) • Attacker – Someone or something that mounts a threat • Vulnerability – Weakness in the system (asset) that makes an attack more likely to successes • Risk – Possibility that a threat will affect the business or organisation Computer Security Management Page 8
  • 9. Security risks and management Risk Analysis Asset Vulnerability Threat Risk Management Risk Security Measures Computer Security Management Page 9
  • 10. Aspects of computer security • Host security – Access control, viruses, worms and Trojan horses, intrusion detection, trusted computing • Network security – Protocols, cryptography, Web security, public key infrastructure, utility computing • People and physical security – Attackers, social engineering, biometrics, tamper resistance, human centred security • Security risk management – Risk analysis and management, 3rd generation methods: security by design • Computer forensics – Identify, preserve, analyze and present digital evidence Computer Security Management Page 10
  • 11. Summary • Computer security • Security risk and management • Aspects of computer security Computer Security Management Page 11