Add to collection(s) Add to saved
  1. Engineering & Technology
  2. Computer Science
  3. Information Security
Uploaded by Idan Matonda

Computer security

advertisement 
Computer Security
Computer security deals with computer-related
resources that are subject to a variety of threats
and for which various measures are taken to
protect those resources.
The protection afforded to an automated
information system in order to attain the
applicable objectives of preserving the integrity,
availability, and confidentiality of information
system resources includes hardware, software,
firmware,information/data
and
telecommunications.
There are three key objectives that are at the
heart of computer security
1. Confidentiality: Preserving authorized restrictions on
information access and disclosure, including means for
protecting personal privacy and proprietary information. A
loss of confidentiality is the unauthorized disclosure of
information
Confidentiality covers two related concepts:
— Data confidentiality:1 Assures that private or confidential
information is not made available or disclosed to
unauthorized individuals.
— Privacy: Assures that individuals control or influence what
information related to them may be collected and stored
and by whom and to whom that information may be
disclosed.
2.Integrity: Guarding against improper information
modification or destruction, including ensuring information
nonrepudiation and authenticity. A loss of integrity is the
unauthorized modification or destruction of information
Integrity covers two related concepts
— Data integrity: Assures that information and programs are
changed only in a specified and authorized manner.
— System integrity: Assures that a system performs its
intended function in an unimpaired manner, free from
deliberate or inadvertent unauthorized manipulation of the
system
3. Availability: Ensuring timely and reliable access to and use
of information. A loss of availability is the disruption of
access to or use of information or an information system.
Availability assures that systems work promptly and service
is not denied to authorized users
These three concepts form what is often
referred to as the CIA triad. The three
concepts embody the fundamental security
objectives for both data and for information
and computing services.
Although the use of the CIA triad to define
security objectives is well established, some in
the security field feel that additional concepts are
needed to present a complete picture. Two of the
most commonly mentioned are as follows:
Authenticity: The property of being genuine and
being able to be verified and trusted; confidence
in the validity of a transmission, a message, or
message originator. This means verifying that
users are who they say they are and that each
input arriving at the system came from a trusted
source.
• Accountability: The security goal that generates
the requirement for actions of an entity to be
traced uniquely to that entity. This supports
nonrepudiation, deterrence, fault isolation,
intrusion detection and prevention, and
after-action recovery and legal action. Because
truly secure systems are not yet an achievable
goal, we must be able to trace a security breach
to a responsible party. Systems must keep records
of their activities to permit later forensic analysis
to trace security breaches or to aid in transaction
disputes.
It is also imperative to understand the
relationships of the following three
components in Computer Security:
• Threat
• Vulnerability
• Risk
Though these technical terms are used
interchangeably, they are distinct terms with
different meanings and implications. Let’s take
a look.
Threat
• A threat refers to a new or newly discovered
incident that has the potential to harm a system
or your company overall. There are three main
types of threats:
• Natural threats, such as floods, hurricanes, or
tornadoes
• Unintentional threats, like an employee
mistakenly accessing the wrong information
• Intentional threats, such as malicious software
(malware) e.g viruses, spyware, adware or the
actions of a disgruntled employee.
Vulnerability
• Vulnerability refers to a known weakness of an
asset (resource) that can be exploited by one or
more attackers. In other words, it is a known
issue that allows an attack to succeed.
• For example, when a team member resigns and
you forget to disable their access to external
accounts, change logins, or remove their names
from company credit cards, this leaves your
business open to both intentional and
unintentional
threats.
However,
most
vulnerabilities are exploited by automated
attackers and not a human typing on the other
side of the network.
Risk
• Risk is defined as the potential for loss or
damage when a threat exploits a vulnerability.
Examples of risk include:
-Financial losses
-Loss of privacy
-Damage to your reputation Rep
-Legal implications
-Even loss of life
Practice Questions
•
What is Computer Security
•
•
Describe the CIA trade concept in Computer Security.
Distinguish between a Computer security Threat and a security risk.
Write notes on the following computer security terms:
Encryption
Malware
Spyware
Adware
Virus
Phishing
Firewall
• Describe any three mechanisms that can be used to prevent unauthorised access
to computers on a network
Related documents
quizlet-ch1
quizlet-ch1
Information assurrance
Information assurrance
A. Explain the nature of marketing plans. B. Explain the role of
A. Explain the nature of marketing plans. B. Explain the role of
Computer Security: Principles and Practice, 1/e
Computer Security: Principles and Practice, 1/e
Chapter-1-Test-CS2
Chapter-1-Test-CS2
ch1 security test-bank
ch1 security test-bank
lec1IS
lec1IS
CS205 - Information Security Handouts
CS205 - Information Security Handouts
Download
advertisement