overview of information security
play

Overview of Information Security Lecture By Dr Richard Boateng , - PowerPoint PPT Presentation

Feb 09, 2024 •464 likes •745 views

Overview of Information Security Lecture By Dr Richard Boateng , UGBS, Ghana Email: richard@pearlrichards.org Original Slides by Elisa Bertino CERIAS and CS &ECE Departments, Purdue University Pag. 1 Purdue University and UGBS Elisa

  1. Overview of Information Security Lecture By Dr Richard Boateng , UGBS, Ghana Email: richard@pearlrichards.org Original Slides by Elisa Bertino CERIAS and CS &ECE Departments, Purdue University Pag. 1 Purdue University and UGBS Elisa Bertino and Richard Boateng

  2. Outline • Information Security: basic concepts • Privacy: basic concepts and comparison with security Pag. 2 Purdue University Elisa Bertino and Richard Boateng

  3. Information Security: Basic Concepts Pag. 3 Purdue University Elisa Bertino and Richard Boateng

  4. Information Security • A state of being free from – unauthorized use of the system and its resources, – misuse of the system and its resources, and – disturbance of the system's operations • The field of study about techniques for achieving and maintaining such a secure state Pag. 4 Purdue University Elisa Bertino and Richard Boateng

  5. Information Protection - Why? • Information are an important strategic and operational asset for any organization • Damages and misuses of information affect not only a single user or an application; they may have disastrous consequences on the entire organization • Additionally, the advent of the Internet as well as networking capabilities has made the access to information much easier Pag. 5 Purdue University Elisa Bertino and Richard Boateng

  6. Information Security: Main Requirements Information Confidentiality Integrity Security Availability Pag. 6 Purdue University Elisa Bertino and Richard Boateng

  7. Information Security: Examples • Consider a payroll database in a corporation , it must be ensured that: – salaries of individual employees are not disclosed to arbitrary users of the database – salaries are modified by only those individuals that are properly authorized – paychecks are printed on time at the end of each pay period Pag. 7 Purdue University Elisa Bertino and Richard Boateng

  8. Information Security: Examples • In a military environment, it is important that: – the target of a missile is not given to an unauthorized user – the target is not arbitrarily modified – the missile is launched when it is fired Pag. 8 Purdue University Elisa Bertino and Richard Boateng

  9. Information Security - main requirements • Confidentiality - it refers to information protection from unauthorized read operations – the term privacy is often used when data to be protected refer to individuals • Integrity - it refers to information protection from modifications; it involves several goals: – Assuring the integrity of information with respect to the original information (relevant especially in web environment) – often referred to as authenticity – Protecting information from unauthorized modifications – Protecting information from incorrect modifications – referred to as semantic integrity • Availability - it ensures that access to information is not denied to authorized subjects Pag. 9 Purdue University Elisa Bertino and Richard Boateng

  10. Information Security – additional requirements • Information Quality – it is not considered traditionally as part of information security but it is very relevant • Completeness – it refers to ensure that subjects receive all information they are entitled to access, according to the stated security policies Pag. 10 Purdue University Elisa Bertino and Richard Boateng

  11. Possible Targets of Security Threats • Information: Unauthorized Access to the Information Stored in the System • Control: Executing Unauthorized Control of the System or Its Component(s) • Functionality / Performance / Availability: Disabling or Degrading the functionality, Performance or Availability of the System Pag. 11 Purdue University Elisa Bertino and Richard Boateng

  12. Classes of Threats • Disclosure – Snooping, Trojan Horses • Deception and Social Engineering – Modification, spoofing, repudiation of origin, denial of receipt • Disruption – Modification • Usurpation – Modification, spoofing, delay, denial of service Pag. 12 Purdue University Elisa Bertino and Richard Boateng

  13. Possible Source(s) of Threats • Inside the System • Outside the System • Interface to the System (including communication channels) Pag. 13 Purdue University Elisa Bertino and Richard Boateng

  14. Information Security: A Complete Solution • It consists of: – first defining a security policy – then choosing some mechanism to enforce the policy – finally providing assurance that both the mechanism and the policy are sound SECURITY LIFE-CYCLE Pag. 14 Purdue University Elisa Bertino and Richard Boateng

  15. Policies and Mechanisms • Policy says what is, and is not, allowed – This defines “security” for the information • Mechanisms enforce policies • Composition of policies – If policies conflict, discrepancies may create security vulnerabilities Pag. 15 Purdue University Elisa Bertino and Richard Boateng

  16. Approaches to Information Security 1. Prevention of Threats → Policies • Attempt to design a system so that it's perfectly secure 2. Exclusion of Unknown Entities → Identification and Authentication • Attempt to distinguish well-known entities from suspicious entities 3. Hiding Important Information → Cryptography • Attempt to make critical information incomprehensible Theoretically, except one-time pad, there is no encryption scheme perfectly secure. 4. Detection of Potential Threats → Monitoring, Auditing, Detection, and Confinement • Attempt to identify violation of security policies or possible trials of intrusion to a system Pag. 16 Purdue University Elisa Bertino and Richard Boateng

  17. Encryption • In cryptography, encryption is the process of transforming information (referred to as plaintext) using an algorithm (called cipher) to make it unreadable to anyone except those possessing special information, usually referred to as a key . • The result of the process is encrypted information (in cryptography, referred to as ciphertext). Pag. 17 Purdue University Elisa Bertino and Richard Boateng

  18. Information Security – Mechanisms • Confidentiality is enforced by the access control mechanism • Integrity is enforced by the access control mechanism and by the semantic integrity constraints • Availability is enforced by the recovery mechanism and by detection techniques for DoS attacks – an example of which is query flood Pag. 18 Purdue University Elisa Bertino and Richard Boateng

  19. Information Security – How? Additional mechanisms • User authentication - to verify the identity of subjects wishing to access the information • Information authentication - to ensure information authenticity - it is supported by signature mechanisms • Encryption - to protect information when being transmitted across systems and when being stored on secondary storage • Intrusion detection – to protect against impersonation of legitimate users and also against insider threats Pag. 19 Purdue University Elisa Bertino and Richard Boateng

  20. Information Security – How? • Information must be protected at various levels: – The operating system – The network – The data management system – Physical protection is also important Pag. 20 Purdue University Elisa Bertino and Richard Boateng

  21. Data vs Information – which is important? • Computer security is about controlling access to information and resources • Controlling access to information can sometimes be quite elusive and it is often replaced by the more straightforward goal of controlling access to data • The distinction between data and information is subtle but it is also the root of some of the more difficult problems in computer security • Data represents information. Information is the (subjective) interpretation of data Pag. 21 Purdue University Elisa Bertino and Richard Boateng

  22. Inference - Example Name Sex Programme Units Grade Ave Alma F MBA 8 63 Bill M CS 15 58 Carol F CS 16 70 Don M MIS 22 75 Errol M CS 8 66 Flora F MIS 16 81 Gala F MBA 23 68 Homer M CS 7 50 Igor M MIS 21 70 Pag. 22 Purdue University Elisa Bertino and Richard Boateng

  23. Assurance Assurance is a measure of how well the system meets its requirements; more informally, how much you can trust the system to do what it is supposed to do. It does not say what the system is to do; rather, it only covers how well the system does it. • Specification – Requirements analysis – Statement of desired functionality • Design – How system will meet specification • Implementation – Programs/systems that carry out design Pag. 23 Purdue University Elisa Bertino and Richard Boateng

  24. Case Studies Pag. 24 Purdue University Elisa Bertino and Richard Boateng

  25. Management and Legal Issues • Cost-Benefit Analysis – Is it more cost-effective to prevent or recover? • Risk Analysis – Should we protect some information? – How much should we protect this information? • Laws and Customs – Are desired security measures illegal? – Will people adopt them? Pag. 25 Purdue University Elisa Bertino and Richard Boateng

  26. Human Factor Issues • Organizational Problems – Power and responsibility – Financial benefits • People problems – Outsiders and insiders – Social engineering Pag. 26 Purdue University Elisa Bertino and Richard Boateng

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Information Security Officer (ISO) Appointment Overview Bob Auton VITA - Centralized Information

Information Security Officer (ISO) Appointment Overview Bob Auton VITA - Centralized Information

Information Security Officer (ISO) Appointment Overview Bob Auton VITA - Centralized Information Security Services Mark Martens Security Risk Management Analyst 1 Areas for Review Commonwealth ISO Certification IT Security

832 views • 40 slides
Security 101 Definition of Information Security Information security is the protection of

Security 101 Definition of Information Security Information security is the protection of

Computing Services Information Security Office Security 101 Definition of Information Security Information security is the protection of information and systems from unauthorized access, disclosure, modification, destruction or disruption. The

469 views • 22 slides
AFIIA 2017 Cyber Attack Demonstration Overview of Information Security Information Security

AFIIA 2017 Cyber Attack Demonstration Overview of Information Security Information Security

5/30/2017 Presentation Outline Cyber Security - Safeguarding your IT Environment Cyber Attack Demonstration Overview of Information Security Situational Analysis of Current Attacks Wednesday, May 17, 2017 @ AFIIA Conference, 2017

498 views • 5 slides
TLS Security - Where Do We Stand? Kenny Paterson Information Security Group 1 Outline TLS

TLS Security - Where Do We Stand? Kenny Paterson Information Security Group 1 Outline TLS

TLS Security - Where Do We Stand? Kenny Paterson Information Security Group 1 Outline TLS overview TLS attacks and proofs Lucky 13 TLS Record Protocol and RC4 Discussion 2 TLS Overview SSL = Secure Sockets Layer.

1.37k views • 101 slides
HIPAA Security Rule Overview Jennings Aske, JD, CISSP, CIPP/US VP Chief Information Security

HIPAA Security Rule Overview Jennings Aske, JD, CISSP, CIPP/US VP Chief Information Security

HIPAA Security Rule Overview Jennings Aske, JD, CISSP, CIPP/US VP Chief Information Security Officer NewYork-Presbyterian Hospital The Use of Electronic Technology in Healthcare Over the past decade the health care industry began to rely

256 views • 14 slides
S-BGP: A Very Quick Overview Dr. Stephen Kent Chief Scientist - Information Security BGP

S-BGP: A Very Quick Overview Dr. Stephen Kent Chief Scientist - Information Security BGP

S-BGP: A Very Quick Overview Dr. Stephen Kent Chief Scientist - Information Security BGP Security Goals Need to have realistic goals for BGP security: We cant make any AS do anything! Traffic flow is dictated by forwarding tables,

309 views • 13 slides
So You Want to Be an Information Security Officer? Presented by: Art Bakke Information Security

So You Want to Be an Information Security Officer? Presented by: Art Bakke Information Security

So You Want to Be an Information Security Officer? Presented by: Art Bakke Information Security Officer Background Personal Starion Bank Arts Goals Highlight the typical responsibilities of an Information Security Officer from

778 views • 22 slides
Special Publication 800-171 Protecting Controlled Unclassified Information in Nonfederal

Special Publication 800-171 Protecting Controlled Unclassified Information in Nonfederal

Special Publication 800-171 Protecting Controlled Unclassified Information in Nonfederal Information Systems and Organizations Patricia Toth NIST MEP MEP Overview What is Information Security? Cyber- Personnel security Security

587 views • 29 slides
INFORMATION SECURITY AWARENESS Information Security Education & Awareness Team C-DAC

INFORMATION SECURITY AWARENESS Information Security Education & Awareness Team C-DAC

Leading a Secured Digital Life. INFORMATION SECURITY AWARENESS Information Security Education & Awareness Team C-DAC Hyderabad keeping yourself and your family safe in a tech driven world Ministry of Electronics & Information

510 views • 11 slides
11/15/2012 Storage of Classified Information DoD Information Security Program 1 Information

11/15/2012 Storage of Classified Information DoD Information Security Program 1 Information

11/15/2012 Storage of Classified Information DoD Information Security Program 1 Information Security Webinar Storage of Classified Information Host: Treva Alexander, SAPPC Information Security Course Manager, DSS - CDSE Gained experience in

329 views • 14 slides
Security Overview Security Goals The Attack Space Security Mechanisms

Security Overview Security Goals The Attack Space Security Mechanisms

CSCE Intro to Computer Systems Security Security Overview Security Goals The Attack Space Security Mechanisms Introduction to Cryptography Authentication Authorization Confidentiality Case Studies Security

472 views • 20 slides
Computer and Information Security Fall 2019 Endpoint security Tyler Bletsch Duke University

Computer and Information Security Fall 2019 Endpoint security Tyler Bletsch Duke University

ECE590 Computer and Information Security Fall 2019 Endpoint security Tyler Bletsch Duke University Overview How do you configure endpoints for better security? 1. Updates 2. Correct settings 3. Reduce attack surface 4. Limit privilege 5.

477 views • 19 slides
The Zen of Information Security Joshua Hill March 1 st , 1999 The Goals of Information Security

The Zen of Information Security Joshua Hill March 1 st , 1999 The Goals of Information Security

The Zen of Information Security Joshua Hill March 1 st , 1999 The Goals of Information Security Aside from Fame, Fortune and the Pursuit of Members of the Appropriate Sex What is Information Security? 1. Information Integrity Persistence

543 views • 11 slides
INFORMATION SECURITY AWARENESS Information Security Education & Awareness Team C-DAC

INFORMATION SECURITY AWARENESS Information Security Education & Awareness Team C-DAC

Leading a Secured Digital Life. INFORMATION SECURITY AWARENESS Information Security Education & Awareness Team C-DAC Hyderabad keeping yourself and your family safe in a tech driven world Toll Free No : 1800 425 6235 Ministry of

460 views • 8 slides
INFORMATION SECURITY AWARENESS Information Security Education & Awareness Team C-DAC

INFORMATION SECURITY AWARENESS Information Security Education & Awareness Team C-DAC

Leading a Secured Digital Life. INFORMATION SECURITY AWARENESS Information Security Education & Awareness Team C-DAC Hyderabad keeping yourself and your family safe in a tech driven world Toll Free No : 1800 425 6235 Ministry of

291 views • 10 slides
INFORMATION SECURITY AWARENESS Information Security Education & Awareness Team C-DAC

INFORMATION SECURITY AWARENESS Information Security Education & Awareness Team C-DAC

Leading a Secured Digital Life. INFORMATION SECURITY AWARENESS Information Security Education & Awareness Team C-DAC Hyderabad keeping yourself and your family safe in a tech driven world Free No : 1 1800 0 425 6 6235 Toll F

264 views • 24 slides
Elisa Portaluri Elisa Portaluri ADONI, 10-12 Aprile 2017 How to study the far Universe BY using

Elisa Portaluri Elisa Portaluri ADONI, 10-12 Aprile 2017 How to study the far Universe BY using

Elisa Portaluri Elisa Portaluri ADONI, 10-12 Aprile 2017 How to study the far Universe BY using only How to study the far Universe BY using only and a 40- m telescope the stars the stars and a m telescope Recipe How to study the far

803 views • 26 slides
Diamonds: A quants best friend Jim Gatheral (joint work with Elisa Al` os and Rado s

Diamonds: A quants best friend Jim Gatheral (joint work with Elisa Al` os and Rado s

Decomposition Trees and forests Exponentiation Rough Heston Diamonds: A quants best friend Jim Gatheral (joint work with Elisa Al` os and Rado s Radoi ci c) Workshop on Finance, Insurance, Probability and Statistics Kings

711 views • 54 slides
Saliency Prof. Xavier Gir, Prof. Kevin McGuinness Student: Junting Pan Elisa Sayrol Saliency

Saliency Prof. Xavier Gir, Prof. Kevin McGuinness Student: Junting Pan Elisa Sayrol Saliency

Day 3 Lecture 12 Saliency Prof. Xavier Gir, Prof. Kevin McGuinness Student: Junting Pan Elisa Sayrol Saliency 2 Saliency W hat have you seen ? 3 Saliency Lighthouse 4 Saliency Lighthouse House 5 Saliency Lighthouse House Rocks 6

452 views • 18 slides
Gravitational wave signatures of exotic compact objects Elisa Maggio Sapienza University of Rome

Gravitational wave signatures of exotic compact objects Elisa Maggio Sapienza University of Rome

Cortona Young 27-29 May 2020 Gravitational wave signatures of exotic compact objects Elisa Maggio Sapienza University of Rome Outline Gravitational waves as probes of strong gravity Exotic compact objects Ergoregion

246 views • 22 slides
Di Dialog Syste tems an and Visu Visual l Dia ialo log Sayyed Nezhadi CSC2539 Feb 2017

Di Dialog Syste tems an and Visu Visual l Dia ialo log Sayyed Nezhadi CSC2539 Feb 2017

Di Dialog Syste tems an and Visu Visual l Dia ialo log Sayyed Nezhadi CSC2539 Feb 2017 What is a Dialog System? A dialog system is a machine (computer system) with the goal of conversing with human with a logical structure. Voice

386 views • 38 slides
High energy neutrinos as cosmic messengers: AMANDA & IceCube one branch

High energy neutrinos as cosmic messengers: AMANDA & IceCube one branch

Elisa Resconi (for the AMANDA/IceCube collaboration) DESY-Zeuthen High energy neutrinos as cosmic messengers: AMANDA & IceCube one branch http://amanda.uci.edu http://icecube.wisc.edu Elisa.Resconi@ifh.de 1 GRB SN explosion

307 views • 16 slides
OMG Ontology PSIG Position Paper OMG Ontology PSIG Position Paper Elisa Kendall S andpiper S

OMG Ontology PSIG Position Paper OMG Ontology PSIG Position Paper Elisa Kendall S andpiper S

OMG Ontology PSIG Position Paper OMG Ontology PSIG Position Paper Elisa Kendall S andpiper S oftware Roy Bell Raytheon Company Roger Burkhart John Deere & Company Manfred Koethe 88 S olutions Hugues Vincent - Thales

181 views • 7 slides
Dear all, As many of you will know, we recently ran a Wellbeing survey of departmental staff,

Dear all, As many of you will know, we recently ran a Wellbeing survey of departmental staff,

Dear all, As many of you will know, we recently ran a Wellbeing survey of departmental staff, initiated and organised by Elisa Galliano. The data are now in and collated, and attached is a digest of the returns. The full spreadsheets of data

453 views • 5 slides

More recommend