1111 CYS

Cyber Security Foundations

Lecture #1
Introduction to
Computer Security –Part 2
Topics:

✓ Facets of the security problem of computer systems.

✓ Meaning of security.
✓ Vulnerabilities of computer security.
✓ Importance of computer security.
✓ Goals of system security.
✓ Security domains.
 Trace the history of security industry.

Identify the main goals of computer

security
Objectives
Appreciate the need for security in
today’s hostile world

Identify the main Security Domains

 Meaning of Security

Definition of Security
It refers to the protection of computing assets and computer network
communication assets against:
1- abuse,
2- unauthorized use,
3- unavailability through intentional or unintentional actions,
4- protection against undesired information disclosure, alteration, or
misinformation.
 Meaning of Security

Fields of Computer Systems Security

Computer systems security covers a lot of territory:
1- locking the computer room and the machine,
2- protecting login accounts with passwords,
3- using file protection to keep data from being destroyed,
4- encrypting network communications lines, and
5- using special shields to keep electromagnetic emanations from leaking
out of the computer.
 Meaning of Security
Interchangeable Terms
• The terms information or data security, computer systems security,
network security and cyber security are used interchangeably.
• However, there are some subtle differences between them.
Data may be disclosed, abused, modified or damaged.

Intrusion may be performed

Data Message transaction

SW

OS

HW

Stand alone computer Internet

message may be intercepted, modified or fabricated.

Hardware may be destructed
Malware may infect the system.
 Meaning of Security
Interchangeable Terms
• The differences lie in the approach to the subject, the methodologies
used and the areas of concentration.

Information or data security Computer system security

❖ It means protecting information and
information systems from unauthorized
access, use, disclosure, disruption,
modification, perusal, inspection,
recording or destruction.
❖ It is concerned with the confidentiality,
integrity and availability of data.
❖ It can focus on ensuring the availability
and correct operation of a computer
system without concern for the
information stored or processed.
❖ It is the generic name for tools
designed to protect the processed and
stored data and to thwart hackers.
 Meaning of Security
Interchangeable Terms
• The differences lie in the approach to the subject, the methodologies
used and the areas of concentration.

Cyber security
❖ In connection with the Internet, the
Network security
term Cyber security is often used.
❖ It is the generic name for the
❖ It is the generic name for the
collection of tools designed to protect
collection of tools designed to protect
data during their transmission.
the resources of a private network
from users of other networks.

Cyber security refers to the body of technologies, processes, and practices designed to
protect networks, devices, programs, and data from attack, damage, or unauthorized access.
 Meaning of Security
Methods of providing security

System Data System

access control System design
access control administration

1- System access control

• It refers to the process of ensuring that unauthorized users don't get into the system,
and forcing authorized users to be security-conscious.
• For example, changing their passwords on a regular basis.
• The system also protects password data and keeps track of who's doing what in the
system, especially if what they're doing is security-related such as logging in, trying
to open a file, using special privileges.
 Meaning of Security
Methods of providing security

System Data System

access control System design
access control administration

2- Data access control

• It implies monitoring who can access what data, and for what purpose.
• The system might support discretionary access controls to determine whether other
people can read or change the respective data.
• The system might also support mandatory access controls.
• This allows the system to determine access rules based on the security levels of the
people, the files, and the other objects in the system.
 Meaning of Security
Methods of providing security

System Data System

access control System design
access control administration

3- System and security administration

• This imposes performing the offline procedures that make or break a secure system
by clearly delineating system administrator responsibilities, by training users
appropriately, and by monitoring users to make sure that security policies are
observed.
• This also involves more global security management by figuring out what security
threats face the system and the cost to protect against them.
 Meaning of Security
Methods of providing security

System Data System

access control System design
access control administration

4- System design
• This can be accomplished by taking advantage of basic hardware and software
security characteristics.
• For example, using a system architecture that is able to segment memory, thus
isolating privileged processes from non-privileged processes.
Define the cyber security
term?
End of Lecture 1 Part 2