Scribd
Upload
38 views13 pages

Lec 4

Uploaded by

mawda131199
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
38 views13 pages

Lec 4

Uploaded by

mawda131199
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 13

Cyber security

Lec 4
Objectives

• Describe the challenges of securing information


• Define information security and explain why it is
important
• Identify the types of attackers that are common
today
• List the basic steps of an attack
• Describe the five basic principles of defense
Information Security Terminology

• Asset
– Something that has a value
• Threat
– Actions or events that have potential to cause harm
• Threat agent
– Person or element with power to carry out a threat
Information Security Terminology
(cont’d.)
• Vulnerability
– Flaw or weakness
• Threat agent can bypass security
• Risk
– Likelihood that threat agent will exploit vulnerability
– Cannot be eliminated entirely
• Cost would be too high
• Take too long to implement
– Some degree of risk must be assumed
Information Security Terminology
(cont’d.)

Table 1-4 Information technology assets


Information Security Terminology
(cont’d.)

Figure 1-4 Information security components analogy


© Cengage Learning 2012
Information Security Terminology
(cont’d.)
Information Security Terminology
(cont’d.)
• Options to deal with risk
– Accept
• Realize there is a chance of loss
– Diminish
• Take precautions
• Most information security risks should be diminished
– Transfer
• Example: purchasing insurance
Understanding the Importance of
Information Security
• Preventing data theft
– Security often associated with theft prevention
– Business data theft
• Proprietary information
– Individual data theft
• Credit card numbers
Understanding the Importance of
Information Security (cont’d.)
• Thwarting identity theft
– Using another’s personal information in
unauthorized manner
• Usually for financial gain
– Example:
• Steal person’s SSN
– Create new credit card account
– Charge purchases
– Leave unpaid
Understanding the Importance of
Information Security (cont’d.)
• Avoiding legal consequences
– Laws protecting electronic data privacy
– Businesses that fail to protect data they posses may
face serious penalties
• The Health Insurance Portability and Accountability
Act of 1996 (HIPAA)
• All banks must comply with PCI DSS standard
(SAMA regulation).
Understanding the Importance of
Information Security (cont’d.)
• Maintaining productivity
– Post-attack clean up diverts resources
• Time and money

Table 1-6 Cost of attacks


Understanding the Importance of
Information Security (cont’d.)
• Foiling cyberterrorism
– Premeditated, politically motivated attacks
– Target: information, computer systems, data
– Designed to:
• Cause panic
• Provoke violence
• Result in financial catastrophe
– Potential cyberterrorism targets
• Banking, military, energy (power plants) ,
transportation (air traffic control centers), water
systems

You might also like