 Software with problems

 metric confusion caused NASAs 125 million Mars

orbiter loss

 Virtually all of information security is implemented

in software

 protection of information from theft,

corruption, or natural disaster, while allowing
the information to remain accessible and
productive to its intended users.
 Computer Security - generic name for the
collection of tools designed to protect.
 Network Security - measures to protect data
during their transmission.
 Internet Security - measures to protect data
during their transmission over a collection of
interconnected networks.
 Data/ Information
 Resources
 Valuable
 Vulnerable
 Vulnerability is a weakness in the security
system
◦ Ex :does not verify a user before data access.
  A set of circumstances that has the potential
to cause loss or harm.

 Any possible action that compromise the

security of information.
 Human initiated
• Hacking
 Computer Initiated
• Virus
 Natural disasters
• Flood
• Lightening
• Fire
 Reasons
• Human Errors.
• SW design flats.
• SW Failures.
Security threats
 Interception
• An interception means that some unauthorized
party has gained access to an asset.
(person, program, or a computing system.)

 Ex:
• Illicit copying of program or data
• Network wiretapping
 Interruption
◦ Asset of the system becomes lost, unavailable, or
unusable.

 Ex:
◦ malicious destruction of a hardware device
◦ Erasure of a program or data file
◦ malfunction of an operating system (can’t find a
disk file.)
 Modification
◦ unauthorized party not only accesses but also
alter the asset

 Ex:
◦ Change the values in a database
◦ Alter a program to performs deferent
computation
◦ modify data being transmitted electronically.
 Fabrication
◦ The intruder may insert transactions or data to a
network communication system.
◦ Add records to an existing database.
 Human
 Another System

 Security Attack – Definition

 A deliberate attempt (especially in the sense
of a method or technique) to avoid security
services and violate the security policy of a
system.
 Attacker must have

◦ Method:
 How : Skill, knowledge, tools

◦ Opportunity :
 When : suitable time for attack

◦ Motive :
 Why : Reason for the attack
 Passive Attack
◦ Attempts to learn or make use of information from
the system
◦ Does not affect system resources
 Release the content
 Traffic analysis
 Active Attack
◦ Attempts to alter system resources or affect their
operation.
◦ Denial of service
◦ Modification of content
Protective measures against attacks

Security Control - Definition

An action, device, procedure, or technique that
removes or reduces a vulnerability.

A threat is blocked by control of a vulnerability.

Figure 1-4 Vulnerabilities of Computing Systems.
Security Concepts

Confidentiality, Integrity, and Availability.

Security Concepts
 Confidentiality
o Illegitimate users may not able to access or modify data
o Disclosure of information to unauthorized individuals or
systems.

 Availability
o legitimate users may able to access or modify data
o Present of information when it is needed

 Integrity
o Accuracy of data
Security of Data.
Figure 1-6 Multiple Controls.
 Computer Crime
◦ Any crime involving a computer

 Hackers
◦ Access computer systems non maliciously

 Crackers
◦ Access computer systems maliciously