Lesson 10

Computer Security
What Is Computer Security?
• Computer security is a protection of the assets in a computer or
computer system.
• There are many types of assets:
• Hardware
• Software
• Data/ information
• Networks
• People

2
 What Is Cyber Security?
• Cyber security is a concept to protection of internet-connected assets such as
hardware, software, servers, mobile devices, Networks and data.

• It's also known as information security (IS) or electronic information security

(EIS).

It can be divided into a few common categories.

• Network security
• Application security
• Information security
• Operational security

3
What Is Cyber Security?
• Network security- the practice of securing a computer network from
attackers.
• Application security- keeping software and devices free of threats.
• Information security- protects the privacy of data, when storage and in
transportation.
• Operational security- the processes for handling and protecting data
assets.

4
The security Cube
The Principles of Security
• The security cube identifies the goals to protect the cyber world.
• These three principles are:
• Availability
• Confidentiality
• Integrity

5
Principles of security ACI
There are three key objectives that can heart of computer security:

1. Availability: computer assets can access by only authorized users.

2. Confidentiality: Assets are viewed by only authorized parties.

This term covers two related concepts:
Data confidentiality
Privacy

3. Integrity: Assets can modified by only authorized parties.

This term covers two related concepts:
Data integrity
System integrity 6
Examples of Threats for Availability
• Hardware - Devices are taken out or disabled, denying access to users.

• Software - Programs are deleted.

• Data - Files are deleted.

• Communication - Messages are destroyed or deleted.

Communication lines or networks are unavailable.

7
Ensure availability
Organizations can ensure their availability by implementing the
following:

• Equipment regular maintenance

• OS and system updates
• Take and test backups
• Plan for disasters
• Implement new technologies
• Monitor unusual activity

8
Confidentiality
• Data confidentiality
The confidential data is not available for unauthorized
parties.

• Privacy
The system performs, system controls and data store are not
allowed to unauthorized parties.

9
Examples of Threats for Confidentiality
Hardware - An unencrypted CD/ DVD or USB device are stolen.

Software – the software or files copy by unauthorized users.

Data – data in your system read by unauthorized users.

Communication – your messages read by unauthorized users.

10
Ensure Confidentiality
Defines a number of protection systems that prevent unauthorized
access to a computer, network, or other data resources.

The concepts of AAA involve three security services:

• Authentication - verifies the identity of a user

• Authorization - determine which resources users can access,
• Accounting - keeps track of what users do, including what they
access,

11
Integrity
• Data integrity-
The confidential data and programs are not able to changed by
unauthorized parties.

• System integrity-
The system performs and its intended function are not able to
changed by unauthorized parties.

12
Examples of Threats for Integrity
• Hardware – the devices is replace or removed.

• Software - A working program is modified by unauthorized users.

• Data - Existing data/information are modified.

• Communication- the messages are modified, delayed or duplicated.

13
Ensure the Integrity
Methods for ensure data integrity

• checks data Validation and Verification.

• checks data reliability.
• Data Backups and Redundancy.
• Allocate Access Controls and Permissions.
• Data Encryption.
• Regular Monitoring

14
Category of harm (attack)
The harms can be categorized as follows:

• Disclosure
A program or Process access by unauthorized.

• Deception
A program or Process change by unauthorized.
The receiver get false data and believing it as true.

• Disruption
A program or Process that interrupts or avoids the correct operation of
system or functions.
15
Disclosure
• Unauthorized party access your computer asset. The outside party can be a
person, a program, or another computing system .

• The primary goal of disclosure attacks is to obtain and exploit information

that is not meant to be publicly accessible.

16
Deception
A program or event change by unauthorized.
The receiver get false data and believing it as true data.

The deception attacks is to

manipulate victims into making
security mistakes or illuminating
confidential information

17
Disruption
A program or event that interrupts or avoids the correct operation of
system or functions.
• Physically damage to the system hardware or software.
• Unauthorized access a system and modify some of its functions.
• Disabling communication links or moving communication control
information.

18
What Is Access Control?
• The process which resources or services are allowed or denied on a
computer system.

• There are four standard access control models

• Discretionary Access Control (DAC)

• Mandatory Access Control (MAC)
• Role-Based Access Control (RBAC)
• Attribute-Based Access Control (ABAC)

19
Access Control Terminology
Discretionary Access Control (DAC): Resource owners set access
permissions.

20
Access Control Terminology

Mandatory Access Control (MAC): Access is determined by a system-

enforced policy.

21
Access Control Terminology
Role-Based Access Control
(RBAC):
Access is based on user roles
within an organization.

22
Access Control Terminology

Attribute-Based Access Control

(ABAC):
Access is based on attributes and
contextual factors.

23
Access Control Method
There are a number of access controls methods that are used to control
the physical entry and exit of people.

• Password based
• Biometrics
• Smart cards
• Wireless enabled key cards
• Access logs
• Locks and Keys

24
Physical security implementation
Elements of physical security

• Restricted Areas
• CCTV
• Locks
• Access Control
• Barriers
• Security Services
• Intrusion Detection Systems

25
Thanks!