Add to collection(s) Add to saved
  1. Engineering & Technology
  2. Computer Science
  3. Computer Networks

Computer and Information Security

advertisement 
Introduction
Computer Security
Summary
Computer and Information Security
Lecture 1
Simen Hagen
Introduction
university-logo
Simen Hagen
Security
Introduction
Computer Security
Summary
Course Description
Curriculum
Course Work
Course Description
This course builds on
Operating Systems
Network and System Administration 1
Lectures and all class assignments will be in English
10 ECTS
No final exam
Folder assessment (mappevurdering)
university-logo
Simen Hagen
Security
Introduction
Computer Security
Summary
Course Description
Curriculum
Course Work
The lectures
Lectures
Time: Wednesday, 08:30 - 10:15
Location: P35-PI257
Problem Classes (Øvingstimer)
Time: Tuesday, 12:30 - 14:15
Location: P35-PI257
university-logo
Simen Hagen
Security
Introduction
Computer Security
Summary
Course Description
Curriculum
Course Work
Curriculum
Required Reading
This book is the
curriculum:
Computer Security,
Dieter Gollmann
All references, if not
otherwise specified,
will be to this book
university-logo
Simen Hagen
Security
Introduction
Computer Security
Summary
Course Description
Curriculum
Course Work
Curriculum
Required Reading, option 1
This book is the
curriculum:
Introduction to
Computer Security,
Matt Bishop
This book covers the
curriculum, and is a
good book, but is a
bit more detailed.
university-logo
Simen Hagen
Security
Introduction
Computer Security
Summary
Course Description
Curriculum
Course Work
Curriculum
Required Reading, option 2
Computer Security:
Art and Science,
Matt Bishop
This book can be
used in stead of the
other Bishop book
It has even more
information than the
Bishiop book on the
previous slide
university-logo
Simen Hagen
Security
Introduction
Computer Security
Summary
Course Description
Curriculum
Course Work
Curriculum
Required Reading, option 3
Network Security
Essentials:
Applications and
Standards, William
Stallings
Have not been able
to review it properly
Seems to have
potential. Can be
used in place of the
others.
university-logo
Simen Hagen
Security
Introduction
Computer Security
Summary
Course Description
Curriculum
Course Work
Curriculum
Optional Reading
Other books worth reading:
Secrets and Lies, Bruce Schneier
The Code Book, Simon Singh
The art of intrusion, Kevin Mitnick
The art of deception, Kevin Mitnick
university-logo
Simen Hagen
Security
Introduction
Computer Security
Summary
Course Description
Curriculum
Course Work
My expectations
Course: 10 ECTS
Work week: 40 hours
Your work load: 13 hours 20 minutes every week
university-logo
Simen Hagen
Security
Introduction
Computer Security
Summary
Course Description
Curriculum
Course Work
Handing in Work
When writing an answer, do not copy.
This means that you may not copy from:
The Internet
From Co-students
Work previously handed in by former students
Any other source, including, but not limited to
Books
Magazines
Papers
university-logo
Simen Hagen
Security
Introduction
Computer Security
Summary
Course Description
Curriculum
Course Work
Handing in Work
Legal ways to copy
Definition (Quote)
“Repeat or copy out,
typically with an indication
that one is not the original
author or speaker.”
You may “copy” others work if you
are
Definition (Paraphrase)
Quoting (or Citing)
“Express the meaning of the
writer using different words.”
Paraphrasing
Rephrase
Definition (Rephrasing)
But only do this on short sections.
Simen Hagen
Security
“Express in an alternative
way, especially with the
purpose of changing the university-logo
detail or perspective of the
original idea.”
Introduction
Computer Security
Summary
Course Description
Curriculum
Course Work
Handing in Work
Do it, and to it well
Discuss with fellow students.
Research your questions.
Do the work by yourself.
Do not just copy from others.
Think for your self.
university-logo
Simen Hagen
Security
Introduction
Computer Security
Summary
Threats to the system
Security
Policy
Computers and Security
Security is security, whether it is on a computer or not.
The principles are general.
We want to protect our assets.
So what is valuable to us?
Money
Information
Freedom of speech
...
university-logo
Simen Hagen
Security
Introduction
Computer Security
Summary
Threats to the system
Security
Policy
Risk and Certainty
There is alway an element of risk.
What level of risk can we accept?
We want to protect our property or interest.
Restrict or grant access.
Who can we trust?
university-logo
Simen Hagen
Security
Introduction
Computer Security
Summary
Threats to the system
Security
Policy
Risk and Certainty
Criteria for measuring computer security:
Confidentiality/Privacy The ability to keep things
private/confidential.
Trust Can we trust this data?
Authenticity Are we talking with whom we think we
are talking?
Integrity Is the system compromised/altered?
Non-repudiation It should not be possible to deny having
done an action.
university-logo
Simen Hagen
Security
Introduction
Computer Security
Summary
Threats to the system
Security
Policy
Threats to the system
Physical Threats
The environment that the computer is a part of can be
dangerous.
Weather
Rain
Lightning
Natural Disasters
Flood
Earthquake
Hurricane
Power failures
etc. . .
university-logo
Simen Hagen
Security
Introduction
Computer Security
Summary
Threats to the system
Security
Policy
Threats to the system
Human Threats
Humans can be dangerous to computer systems.
Stealing
Trickery
Bribery
Hacking
Spying
Sabotage
Accident
etc. . .
university-logo
Simen Hagen
Security
Introduction
Computer Security
Summary
Threats to the system
Security
Policy
Threats to the system
Software threats
Computers can be a threat to other computers.
Malicious software is a huge problem.
Virus
Trojan Horses
Logic Bombs
Denial of Service (DOS) attack
university-logo
Simen Hagen
Security
Introduction
Computer Security
Summary
Threats to the system
Security
Policy
Threats to the system
What are the risks?
As mentioned, there are many threats to the system.
So what do we stand to lose?
We might lose
the control of the system
the ability to use the system
privacy (e.g. private or sensitive information)
data (deleted files)
face/reputation
money
university-logo
Simen Hagen
Security
Introduction
Computer Security
Summary
Threats to the system
Security
Policy
Goals of security
Prevention
Detection
Recovery
university-logo
Simen Hagen
Security
Introduction
Computer Security
Summary
Threats to the system
Security
Policy
Security Mantra
Security Mantra #1
Every problem in security boils down to a question of trust.
Who or what do we trust?
university-logo
Simen Hagen
Security
Introduction
Computer Security
Summary
Threats to the system
Security
Policy
So what do we trust?
Predictability
We trust things that are predictable.
We believe we are secure if we trust.
university-logo
Simen Hagen
Security
Introduction
Computer Security
Summary
Threats to the system
Security
Policy
Security Mantra
Security Mantra #2
Security is a property of systems.
Security should be designed or built into the system from the
start.
university-logo
Simen Hagen
Security
Introduction
Computer Security
Summary
Threats to the system
Security
Policy
Where do we need security?
User Interface
Functionality
Algorithms/Methods
System calls
Hardware
Communication
Implicit trust relationships
university-logo
Simen Hagen
Security
Introduction
Computer Security
Summary
Threats to the system
Security
Policy
What can we do to be secure?
Failure
All systems fail. We have to make sure that they fail predictably.
Main theme
What can we do to ensure predictability?
university-logo
Simen Hagen
Security
Introduction
Computer Security
Summary
Threats to the system
Security
Policy
What can we do to be secure?
Create protocols
Limit functionality
Standardise
Behaviour
Interface
Communication
university-logo
Simen Hagen
Security
Introduction
Computer Security
Summary
Threats to the system
Security
Policy
Policy
Definition (From Merriam-Webster Online)
a : a definite course or method of action selected from among
alternatives and in light of given conditions to guide and
determine present and future decisions b : a high-level overall
plan embracing the general goals and acceptable procedures
especially of a governmental body
Definition (From Wikipedia)
A policy is a plan of action for tackling issues.
university-logo
Simen Hagen
Security
Introduction
Computer Security
Summary
Threats to the system
Security
Policy
Security policy
Definition (Policy)
A security policy is a statement of what is, and what is not,
allowed.
university-logo
Simen Hagen
Security
Introduction
Computer Security
Summary
Threats to the system
Security
Policy
Policy
There are several challenges with making policies:
We have to state what we value.
We do not always agree on what is valuable.
Security is often inconvenient.
Management is necessary (assign and control of
privileges).
university-logo
Simen Hagen
Security
Introduction
Computer Security
Summary
Final thoughts
Do you trust the information in this course?
Do you trust the identity and authenticity of the source?
Can you verify that I am who I say I am?
Do I have a hidden agenda?
How much proof is enough?
university-logo
Simen Hagen
Security
Introduction
Computer Security
Summary
Contact Information
Simen Hagen
mailto:simen.hagen@iu.hio.no
http://www.iu.hio.no/~simenhag
Lu Xing
mailto:Lu.Xing@stud.iu.hio.no
university-logo
Simen Hagen
Security
Related documents
kornél mundruczó le meraviglie (“the wonders”) alice rohrwacher
kornél mundruczó le meraviglie (“the wonders”) alice rohrwacher
Business Plan Scope Sheet - Cleveland Clinic Academy
Business Plan Scope Sheet - Cleveland Clinic Academy
How Cities Work - Urban Systems Collaborative
How Cities Work - Urban Systems Collaborative
SWOT-Analysis-Worksheet
SWOT-Analysis-Worksheet
The concept of Human Security
The concept of Human Security
MGMT 490 Firm Strategic Analysis 2007
MGMT 490 Firm Strategic Analysis 2007
A. Go through your course outline which is online. B. Choose a topic
A. Go through your course outline which is online. B. Choose a topic
Download
advertisement