Lesson 10
Lesson 10
Computer Security
What Is Computer Security?
• Computer security is a protection of the assets in a computer or
computer system.
• There are many types of assets:
• Hardware
• Software
• Data/ information
• Networks
• People
2
What Is Cyber Security?
• Cyber security is a concept to protection of internet-connected assets such as
hardware, software, servers, mobile devices, Networks and data.
3
What Is Cyber Security?
• Network security- the practice of securing a computer network from
attackers.
• Application security- keeping software and devices free of threats.
• Information security- protects the privacy of data, when storage and in
transportation.
• Operational security- the processes for handling and protecting data
assets.
4
The security Cube
The Principles of Security
• The security cube identifies the goals to protect the cyber world.
• These three principles are:
• Availability
• Confidentiality
• Integrity
5
Principles of security ACI
There are three key objectives that can heart of computer security:
7
Ensure availability
Organizations can ensure their availability by implementing the
following:
8
Confidentiality
• Data confidentiality
The confidential data is not available for unauthorized
parties.
• Privacy
The system performs, system controls and data store are not
allowed to unauthorized parties.
9
Examples of Threats for Confidentiality
Hardware - An unencrypted CD/ DVD or USB device are stolen.
10
Ensure Confidentiality
Defines a number of protection systems that prevent unauthorized
access to a computer, network, or other data resources.
11
Integrity
• Data integrity-
The confidential data and programs are not able to changed by
unauthorized parties.
• System integrity-
The system performs and its intended function are not able to
changed by unauthorized parties.
12
Examples of Threats for Integrity
• Hardware – the devices is replace or removed.
13
Ensure the Integrity
Methods for ensure data integrity
14
Category of harm (attack)
The harms can be categorized as follows:
• Disclosure
A program or Process access by unauthorized.
• Deception
A program or Process change by unauthorized.
The receiver get false data and believing it as true.
• Disruption
A program or Process that interrupts or avoids the correct operation of
system or functions.
15
Disclosure
• Unauthorized party access your computer asset. The outside party can be a
person, a program, or another computing system .
16
Deception
A program or event change by unauthorized.
The receiver get false data and believing it as true data.
17
Disruption
A program or event that interrupts or avoids the correct operation of
system or functions.
• Physically damage to the system hardware or software.
• Unauthorized access a system and modify some of its functions.
• Disabling communication links or moving communication control
information.
18
What Is Access Control?
• The process which resources or services are allowed or denied on a
computer system.
19
Access Control Terminology
Discretionary Access Control (DAC): Resource owners set access
permissions.
20
Access Control Terminology
21
Access Control Terminology
Role-Based Access Control
(RBAC):
Access is based on user roles
within an organization.
22
Access Control Terminology
23
Access Control Method
There are a number of access controls methods that are used to control
the physical entry and exit of people.
• Password based
• Biometrics
• Smart cards
• Wireless enabled key cards
• Access logs
• Locks and Keys
24
Physical security implementation
Elements of physical security
• Restricted Areas
• CCTV
• Locks
• Access Control
• Barriers
• Security Services
• Intrusion Detection Systems
25
Thanks!