Presentation is loading. Please wait.

Presentation is loading. Please wait.

IT 221: Introduction to Information Security Principles Lecture 1: Introduction to IT Security For Educational Purposes Only Revised: August 28, 2002.

Published by Modified over 8 years ago

Similar presentations

Presentation on theme: "IT 221: Introduction to Information Security Principles Lecture 1: Introduction to IT Security For Educational Purposes Only Revised: August 28, 2002."— Presentation transcript:

1 IT 221: Introduction to Information Security Principles Lecture 1: Introduction to IT Security For Educational Purposes Only Revised: August 28, 2002

2 1 August 28, 2002 IT 221: Introduction to Information Security Priciples For Educational Purposes Only Chapter 1: Working Definitions of Security IT Security Principles Three Aspects of Security Types of Security Services Types of Security Threats Goals of Security Types of Security Attacks Model for Network Security Model for Network Access Security Chapter Outline

3 2 August 28, 2002 IT 221: Introduction to Information Security Priciples For Educational Purposes Only Information Security Defined: “The generic name for the collection of tools designed to protect data and to thwart [break-ins]”. [4] Working Definitions of Security

4 3 August 28, 2002 IT 221: Introduction to Information Security Priciples For Educational Purposes Only IT Security Principles Principle of Easiest Penetration: “An intruder must be expected to use any available means of penetration. This is not the most obvious means, nor is it the one against which the most solid defense has been installed.” (Pflegger) Principle of Adequate Protection: “Computer Items must be protected only until they lose their value. They must be protected to a degree consistent with their value.” (Pflegger)

5 4 August 28, 2002 IT 221: Introduction to Information Security Priciples For Educational Purposes Only Security Services fall into one of the following categories: Security Attack: Any Attack that compromises the security of information owned by an organization. Security Mechanism: A mechanism that is designed to detect, prevent or recover from a security attack. Security Service: A service that enhances the security of [information] systems and the information transfers of an organization. The services are intended to counter security attacks, and they make use of one or more security mechanisms to provide the service. Three Aspects of Security

6 5 August 28, 2002 IT 221: Introduction to Information Security Priciples For Educational Purposes Only Security Services fall into one of the following categories: Confidentiality: Ensures that the info in a system and transmitted info are accessible only for reading by authorized parties. (Data Privacy) Integrity: Ensures that only authorized parties are able to modify computer systems assets and transmitted information. (Data has not been altered) Authentication: Ensures that the origin of a message or electronic doc is correctly identified, with an assurance that the identity is not false. (Who created or sent the data) Types of Security Services

7 6 August 28, 2002 IT 221: Introduction to Information Security Priciples For Educational Purposes Only (a) Normal Flow (b) Interruption: An asset of a system becomes unavailable or unusable. [3] (c) Interception: Some unauthorized party which has gained access to an asset. [3] (d) Modification: Some unauthorized party not only gains access to, but also tampers with, an asset. [3] (e) Fabrication: Some unauthorized party fabricates objects on a system. [3] Types of Security Threats

8 7 August 28, 2002 IT 221: Introduction to Information Security Priciples For Educational Purposes Only Goals of Security Integrity Confidentiality Availability

9 8 August 28, 2002 IT 221: Introduction to Information Security Priciples For Educational Purposes Only Passive Threats: Release of Message Contents Traffic Analysis Active Threats: Masquerade Replay Modification of Mess. Contents Denial of Service Types of Security Attacks

10 9 August 28, 2002 IT 221: Introduction to Information Security Priciples For Educational Purposes Only Model for Network Security (1) A message is transferred from one party (Principal) to another. (2) A logical information channel is established between the two Principals by the cooperative use of some protocol, e.g. TCP/IP. (3) Goal is to provide the secure transmission of information from Opponents. (4) A trusted third-party may be needed for secure transmissions.

11 10 August 28, 2002 IT 221: Introduction to Information Security Priciples For Educational Purposes Only Model for Network Access Security (1) Gatekeeper functions include Password-based login authentications. (2) Various internal controls that monitor activity and analyze stored information in an attempt to detect the presence of unwanted intruders.

12 11 August 28, 2002 IT 221: Introduction to Information Security Priciples For Educational Purposes Only [1] Denning, Dorothy E. Cryptography and Data Security, Addison-Wesley, 1983. [2] Ghosh, Anup. E-Commerce Security, Weak Links, Best Defenses, Wiley Computer Publishing, 1998. [3] Pfleeger, Charles. Security In Computing, Prentice Hall, 1997. [4] Stallings, William. Cryptography and Network Security, Prentice Hall, 1999. Resources

Download ppt "IT 221: Introduction to Information Security Principles Lecture 1: Introduction to IT Security For Educational Purposes Only Revised: August 28, 2002."

Similar presentations

Network Security Chapter 1 - Introduction.

Network Security Chapter 1 - Introduction.
Advanced Networks and Computer Security Curt Carver & Jeff Humphries © 1999 Texas A&M University.

Advanced Networks and Computer Security Curt Carver & Jeff Humphries © 1999 Texas A&M University.
Cryptography and Network Security 2 nd Edition by William Stallings Note: Lecture slides by Lawrie Brown and Henric Johnson, Modified by Andrew Yang.

Cryptography and Network Security 2 nd Edition by William Stallings Note: Lecture slides by Lawrie Brown and Henric Johnson, Modified by Andrew Yang.
Cryptography and Network Security Chapter 1

Cryptography and Network Security Chapter 1
Lecture 1: Overview modified from slides of Lawrie Brown.

Lecture 1: Overview modified from slides of Lawrie Brown.
EEC 688/788 Secure and Dependable Computing Lecture 2 Wenbing Zhao Department of Electrical and Computer Engineering Cleveland State University

EEC 688/788 Secure and Dependable Computing Lecture 2 Wenbing Zhao Department of Electrical and Computer Engineering Cleveland State University
Chapter 1 – Introduction

Chapter 1 – Introduction
1 Cryptography and Network Security Third Edition by William Stallings Lecturer: Dr. Saleem Al_Zoubi.

1 Cryptography and Network Security Third Edition by William Stallings Lecturer: Dr. Saleem Al_Zoubi.
Chapter 1 – Introduction The art of war teaches us to rely not on the likelihood of the enemy's not coming, but on our own readiness to receive him; not.

Chapter 1 – Introduction The art of war teaches us to rely not on the likelihood of the enemy's not coming, but on our own readiness to receive him; not.
Computer and Information Security Jen-Chang Liu, 2004

Computer and Information Security Jen-Chang Liu, 2004
Applied Cryptography for Network Security

Applied Cryptography for Network Security
Cryptography and Network Security Chapter 1. Chapter 1 – Introduction The art of war teaches us to rely not on the likelihood of the enemy's not coming,

Cryptography and Network Security Chapter 1. Chapter 1 – Introduction The art of war teaches us to rely not on the likelihood of the enemy's not coming,
“Network Security” Introduction. My Introduction Obaid Ullah Owais Khan Obaid Ullah Owais Khan B.E (I.T) – Hamdard University(2003), Karachi B.E (I.T)

“Network Security” Introduction. My Introduction Obaid Ullah Owais Khan Obaid Ullah Owais Khan B.E (I.T) – Hamdard University(2003), Karachi B.E (I.T)
Introduction (Pendahuluan)  Information Security.

Introduction (Pendahuluan)  Information Security.
Cryptography and Network Security Third Edition by William Stallings Lecture slides by Lawrie Brown.

Cryptography and Network Security Third Edition by William Stallings Lecture slides by Lawrie Brown.
Cryptography and Network Security Chapter 1 Fourth Edition by William Stallings Lecture slides by Lawrie Brown.

Cryptography and Network Security Chapter 1 Fourth Edition by William Stallings Lecture slides by Lawrie Brown.
CPSC 6126 Computer Security Information Assurance.

CPSC 6126 Computer Security Information Assurance.
Review security basic concepts IT 352 : Lecture 2- part1 Najwa AlGhamdi, MSc – 2012 /1433.

Review security basic concepts IT 352 : Lecture 2- part1 Najwa AlGhamdi, MSc – 2012 /1433.
1 Cryptography and Network Security Fourth Edition by William Stallings Lecture slides by Lawrie Brown Changed by: Somesh Jha [Lecture 1]

1 Cryptography and Network Security Fourth Edition by William Stallings Lecture slides by Lawrie Brown Changed by: Somesh Jha [Lecture 1]
Dr. Lo’ai Tawalbeh 2007 INCS 741: Cryptography Chapter 1:Introduction Dr. Lo’ai Tawalbeh New York Institute of Technology (NYIT) Jordan’s Campus - 2007.

Dr. Lo’ai Tawalbeh 2007 INCS 741: Cryptography Chapter 1:Introduction Dr. Lo’ai Tawalbeh New York Institute of Technology (NYIT) Jordan’s Campus

Similar presentations

Ads by Google