1

Introduction
Computers and digital devices are becoming integral to

conducting business.

Which also makes them a target of attack.

Devices needs to be secured.

Networks that computers and devices use should also

be secured.
Mohammad ALNimrat 01/23/2025
 2

Security
In a perfect world, we wouldn’t need
Data
security.
But since we don’t live in that fantasy Application

world… Host

Threats to security
Network
 Security talks about “hardening” systems
and resources
 Making it harder to hack
Hmmm, now why does this diagram
 If it’s too much of a hassle, then only small look so familiar?
percentage will even try…
، ‫إذا كان األمر ينطوي على الكثير من المتاعب‬
‫فستحاول نسبة صغيرة فقط‬
There
 Mohammad is
ALNimrat no perfect security 01/23/2025
 3

Computer Security
 Protection afforded to an automated information system in order
to attain the applicable objectives of preserving the integrity,
availability and confidentiality of information system
resources (including hardware, software, firmware,
information/data, and telecommunications)

 Computer security imposes requirements on computers that are

different from most system requirements because they often take
the form of constraints on what computers are not supposed to
Mohammad ALNimrat 01/23/2025
 4

Computer Security
 This makes computer security particularly challenging because
it is hard enough just to make applications do everything
they are designed to do correctly.
 Furthermore, negative requirements are deceptively
complicated to satisfy and require exhaustive testing to verify,
which is impractical for most computer programs.
 For this reason, computer security is often a more technical
and mathematical field than some other computer science
fields.
 Negative requirements: what the systems should not
do.
Mohammad ALNimrat 01/23/2025
 5

Typical approaches to improving computer

security can include the following:
 Physically limit access to computers to only those who will not
compromise security.

 Hardware mechanisms that impose rules on computer programs, thus

avoiding depending on computer programs for computer security.

 Operating system mechanisms that impose rules on programs to

avoid trusting computer programs.

 Programming strategies to make computer programs dependable and

resist subversion.
Mohammad ALNimrat 01/23/2025
 6

Cybersecurity
• Cyber Security is the process and techniques involved in protecting
sensitive data, computer systems, networks and software applications from
cyber attacks.
• Information Security is the protection of information and information systems from
unauthorized access, use, disclosure, disruption, modification or destruction in
order to provide confidentiality, integrity and availability. (more on these later)|
• Cybersecurity is a challenging job that requires attention to detail at the
same time as it demands a higher-level awareness of what’s going on.
• However, like many tasks that seem complex at first glance, Cybersecurity can be
Mohammad ALNimrat 01/23/2025
broken down in to basic steps / procedures that can simplify the process.
 7

Mohammad ALNimrat 01/23/2025

 8

Cybersecurity challenges

4. Security mechanisms may involve complex algorithms and secret

info
 Complex systems are complex to implement and maintain
 If it’s secret, not everyone knows about it and protecting it might be
harder because of it

5. Must decide where & how to best deploy security mechanisms /

procedures
 Wrong place and you’ve left a “door” open or you’re protecting the
wrong thing(s)

Mohammad ALNimrat 01/23/2025

Mohammad ALNimrat 01/23/2025 9

CIA Triad Elements & The

Cube
 10

Securaity Balancing Act

• In this day and age of “customer satisfaction”.
 Security is considered to be a balancing act between:
• Security Concerns
• Functionality
• Ease of Use

 One of the main reasons organizations may have security issues is

that:
• As you increase security, you decrease functionality
• As you increase ease of use, functionality can increase but security can
suffers
• Functionality is what keeps companies in business, but it impedes security
Mohammad ALNimrat 01/23/2025
 11

Example
 Add fingerprint scan for our information system, for
more protection, beside the existence Password login.
 This will lead to increase the Security.
• A lot of users will find out that it become harder to
use it and at the same time.
• Because of False Positive cases, it will become less
functional.
• False Positive is a case where a registered authenticated
users has been denied access to the system.

Mohammad ALNimrat 01/23/2025

 12

The CIA Triad

 CIA helps to define what you are trying to protect
using 3 elements
• Confidentiality
• Integrity
• Availability
• Also High-Availability

All 3 elements are important, but there is usually one that’s

more important
•
Mohammad ALNimrat 01/23/2025
 13

Confidentiality, Integrity, Availability

(CIA)
 CIA helps to define what you are trying to protect using 3
elements:

 Confidentiality:
 Safeguards information from being accessed by individuals without the
proper clearance, access level, and need to know.
 Keeping sensitive information private.

 Encryption services can protect your data at rest or in transit and prevent
unauthorized access to protected data.
Mohammad ALNimrat 01/23/2025
 14

Confidentiality, Integrity, Availability

(CIA)
 Integrity:

 Results from the protection of unauthorized modification or destruction

of information.
• Is the consistency of data, networks, and systems.

• This includes mitigation and proactive measures to restrict unapproved

changes, while also having the ability to recover data that has been lost or
compromised.

Mohammad ALNimrat 01/23/2025

 15

Confidentiality, Integrity, Availability

(CIA)
 Availability: Information services are accessible when they are needed.

 Authentication means a security measure that establishes the validity

of a transmission, message, or originator, or a means of verifying an
individual's authorization to receive specific categories of information.
 refers to authorized users that can freely access the systems,
networks, and data needed to perform their daily tasks.
 Resolving hardware and software conflicts, along with regular
maintenance is crucial to keep systems up and available.
Mohammad ALNimrat 01/23/2025
 16

The CIA triad

• All 3 elements are important, but there is
usually one that’s more important than the rest
for a given situation or implementation.

• The balancing act involves moving the target

within the triangle
• N.B.: CIA2 adds Accountability to the
equation
• There is now talk of adding
Accountability and Authenticity as well

Mohammad ALNimrat 01/23/2025

 17

The CIA triad

• Confidentiality: Who is authorized to use data?
• Integrity: Is data „good?”
• Availability: Can access data whenever need it?
Confidentiality

C I Information
Security
S

A
Integrity Availability

Mohammad ALNimrat 01/23/2025

 18

Sensitive Data
 Sensitive data is confidential information that must be kept safe and
out of reach from all outsiders unless they have permission to access it.
 Access to sensitive data should be limited through sufficient data
security and information security practices designed to prevent data
leaks and data breaches.
 Types of sensitive information include:
 Personnel
 Financial
 Payroll
 Medical
 Privacy Act information.
Mohammad ALNimrat 01/23/2025
 19

The Hacker’s Triad

• Hackers have created their own version of the triad called the
DAD

• Disclosure
• Attempts to defeat confidentiality
• Alteration
• Attempts to defeat integrity
• Destruction
• Attempts to defeat availability
•
The security conundrum:
• If I don’t protect it, they can get to it.
• But if it is well protected, it might identify something worth
getting at by virtue of it being protected!
Mohammad ALNimrat 01/23/2025
The CIA
Triad