Security Basics

The basic or goal or components of computer security includes: Confidentiality, Integrity, and availability the “CIA”
of security
• Confidentiality
• Integrity
• Availability
• Accountability
• Non-Repudiation
• Reliability
• Authentication
• Authorization
• Confidentiality
• It is used to ensure that only the individuals who have the authority
can be able to view a piece of information. Unauthorized individuals
cannot be able to view data for which they are not entitled to.
• Confidentiality is a set of rules that limits access to information,
integrity is the assurance that the information is trustworthy and
accurate, and availability is a guarantee of ready access to the
information by authorized people.
• INTEGRITY:
Integrity is related with the generation & modification of data. Only the authorized individuals can be able to create or
change or delete the data.

• ACCOUNTABILITY:
• Every individual who is working with an information system should have specific responsibilities for information
assurance. The task for which an individuals is responsible are part of the overall information security plan.
• Accountability is the traceability of actions performed on a system to a specific system entity like users.

• Availability
• This is used to ensure that the data or the system is available for use when the authorized users want to access it.
• Availability is assurance in the timely and reliable access to data services for authorized users. It ensures that
information or resources are available when required.
• AUTHENTICATION:
• Authentication is the process of determining the identity of user or other entity. User authentication is
performed during the log on the process when user submits a username and password.
• Confirming the identity of a person, tracing the origins of an artifact, ensuring that a product is what it's
packaging and labeling claims to be, or assuring that a computer program is a trusted one. It establishes proof of
identities
(a)Something –you- know: The most common authentication mechanism is to provide a user ID and password
should not be shared with anybody else, only you should know your password.
(b)Something –you- have: This method involves the use of something that only valid users should have like lock
and key .only those individuals with the correct key can be able to open the key.
(c) Something- about- you: This method involves something that is unique about you like finger print ,DNA
samples .
• NON REPUDIATION:
• It is used to ensure that only the individuals who have the authority can be able to view a piece of information.
Unauthorized individuals cannot be able to view data for which they are not entitled to.
• RELIABILITY:
• It refers to the ability of a computer related hardware or software component to consistently perform
accordingly to its specification & produces intended result.
• AUTHORIZATION:
• Authorization is a process of verifying that a known person has the authority to perform a certain operation.
Authorization cannot occur without authentication.
• The process of determining that a requester is allowed to receive a service or perform an operation.
• Risk and Threat Analysis
• Risk is an incident or attack that can cause damage to system.
• An attack against a system can be done by sequences of actions,
exploiting weak point until attackers goal is not achieved,
• The process of risk analysis will refer to assets ,vulnerabilities and
threads .it is calculated as;
• Define following terms:
• Assets: Assets is any thing which has some value. In computer world assets is
Data, devices, hardware software, information etc. valuation of asset is more
challenging because assets like hardware can be valued according to their
financial replacement cost whereas other assets like data and information is more
difficult because data is laked then it is a indirect loss.
• Vulnerability: it is weakness in the system.it will accidentally or intentionally
damage the asset.
• Vulnerability Scanner provides a systematic & automatic way of identifying system
vulnerabilities. It can be rated according to their impact (level of criticality).
• Threats: Threats is an action taken by attacker who try to exploit vulnerabilities to
damage assets .
• Counter measures:
• A countermeasure is an action, process, device, or system that can
prevent, or mitigate the effects of, threats to a computer, server or
network.
• Risk analysis tool usually come with knowledge base of counter
measure s for the threats they can identfiy.