Cyber Security

Fundamentals
John Hale
The University of Tulsa
Cyber Security
Fundamentals
What Is Cyber Security?
Evolving labels
Computer Security (1960s)
Information Security (1990s)
Information Assurance (2000s)
Cyber Security (2010s)
Cyber security - The protection of elements
in cyber space from cyber attack
Cyber space – a domain of digital information
infrastructures (Internet, telecom, LANs,
computers, embedded systems)
Copyright John Hale 3
 Risks in Cyber Space (1970)

Copyright John Hale 4

From “Security Controls for Computer Systems,” 1970, Rand Corporation
Risks in Cyber Space (2018)

Copyright John Hale 5

From “IoT Security Threat Map,” 2018, Beecham Research
What Are You Protecting?

From Security in Computing, Fifth Edition, by Charles P. Pfleeger, et al.

Copyright John Hale 6

 From Security in Computing, Fifth Edition, by Charles P. Pfleeger, et al.

Basic Terms
Threat
Vulnerability
Control

Vulnerability – Weakness in a system

Threat – Origin of potential for harm
Attack – Activation of a threat on a target’s
vulnerability
Countermeasure or control – a means to
address threats
Risk – The product of likelihood and impact
of an adverse event
Copyright John Hale 7
Vulnerabilities are Everywhere
Vulnerabilities can be found anywhere in an
information system
Network, OS, Applications, Hardware

Vulnerabilities can be introduced at any point

in the SDLC
Requirements, Architecture, Design,
Implementation
Copyright John Hale 8
Types of Threats

From Security in Computing, Fifth Edition, by Charles P. Pfleeger, et al.

Copyright John Hale 9

Threats as Types of Harm
Interception – unauthorized acquisition of data
or a service
Interruption – preventing access to data or a
service
Modification – unauthorized alteration of data
Fabrication – manufacture of data

What are the opposing security properties?

Copyright John Hale 10