0% found this document useful (0 votes)
2 views

Computer_Security_Chapter1

The document provides an overview of key concepts in computer security, emphasizing the CIA Triad: confidentiality, integrity, and availability. It discusses threats, vulnerabilities, controls, and risk management, along with goals such as authentication and accountability. Additionally, it outlines strategies for prevention, detection, and recovery from security incidents, supported by examples and scenarios.

Uploaded by

kechohaile
Copyright
© © All Rights Reserved
Available Formats
Download as PPTX, PDF, TXT or read online on Scribd
0% found this document useful (0 votes)
2 views

Computer_Security_Chapter1

The document provides an overview of key concepts in computer security, emphasizing the CIA Triad: confidentiality, integrity, and availability. It discusses threats, vulnerabilities, controls, and risk management, along with goals such as authentication and accountability. Additionally, it outlines strategies for prevention, detection, and recovery from security incidents, supported by examples and scenarios.

Uploaded by

kechohaile
Copyright
© © All Rights Reserved
Available Formats
Download as PPTX, PDF, TXT or read online on Scribd
You are on page 1/ 11

Chapter 1 - Overview of Key Concepts

Introduction to Computer Security

03/05/2025 1
Basic Concepts of Computer Security
• Computer security refers to the protection of computer
systems, networks, and data from unauthorized access,
theft, damage, or disruption.
• It involves ensuring the confidentiality, integrity, and
availability of information, often referred to as the CIA
Triad.
– Confidentiality: Ensuring that sensitive information is
accessible only to authorized individuals.
• Example: A company encrypts its employee records so that
only HR personnel can access them.
– Integrity: Ensuring that data is accurate and unaltered.
• Example: A bank uses checksums to verify that transaction
data has not been tampered with during transmission.
03/05/2025 2
– Availability: Ensuring that systems and data are accessible
when needed.
• Example: A cloud service provider ensures 99.9% uptime so
that users can access their data at any time.

03/05/2025 3
Threats, Vulnerabilities, Controls, and Risk
• Threats: Potential dangers that could harm a system or
data.
– Threats can be intentional (e.g., hackers) or unintentional
(e.g., natural disasters).
– Example:
• A hacker attempting to steal credit card information from an
online store. (Intentional)
• Unintentional threats often arise from human error, lack of
training, or oversight, natural disaster, software bug etc.
• Vulnerabilities: Weaknesses in a system that can be
exploited by threats.
– Example: A software application with unpatched security
flaws.
03/05/2025 4
• Controls: Measures put in place to reduce the risk of
threats exploiting vulnerabilities.
– Example: Installing antivirus software to detect and
remove malware.
• Risk: The likelihood of a threat exploiting a vulnerability
and the potential impact of such an event.
– Example: If a company's database has weak passwords
(vulnerability) and is targeted by hackers (threat), the risk
of a data breach is high.

03/05/2025 5
Goals of Computer Security
• The primary goals of computer security are to ensure
the CIA Triad (Confidentiality, Integrity, Availability).
• Additional goals include:
– Authentication: Verifying the identity of users or systems.
• Example: Using a username and password to log into an
email account.
– Non-repudiation: Ensuring that a user cannot deny having
performed an action.
• Example: Digital signatures on contracts ensure that the
signer cannot later deny signing.
– Accountability: Tracking user actions to hold them
responsible.
• Example: Logging user activity on a server to monitor for
03/05/2025 6
suspicious behavior.
Security Attacks
• A security attack is any action taken to compromise the
security of a system.
• Attacks can be classified as passive or active.
– Passive Attacks: Involve eavesdropping or monitoring
without altering the system.
• Example: A hacker intercepts and reads unencrypted emails.
– Active Attacks: Involve altering or disrupting the system.
• Example: A Distributed Denial of Service (DDoS) attack
overwhelms a website with traffic, making it unavailable to
users.

03/05/2025 7
Security Policies, Services, and Mechanisms
• Security Policies: A set of rules and procedures that
define how an organization protects its systems and data.
– Example: A company policy requires employees to change
their passwords every 90 days.
• Security Services: Tools or processes that enforce
security policies.
– Example: Encryption services protect sensitive data during
transmission.
• Security Mechanisms: Specific techniques or
technologies used to implement security services.
– Example: Using AES (Advanced Encryption Standard) to
encrypt data.
03/05/2025 8
Prevention, Detection, and Recovery
• These are the three main strategies for managing security
incidents.
– Prevention: Measures taken to stop security incidents
before they occur.
• Example: Installing a firewall to block unauthorized access
to a network.
– Detection: Identifying security incidents as they happen or
after they occur.
• Example: Using an Intrusion Detection System (IDS) to
monitor network traffic for suspicious activity.
– Recovery: Restoring systems and data after a security
incident.
• Example: Restoring data from backups after a ransomware
03/05/2025 attack. 9
• Examples and Scenarios
– Scenario for Prevention: A company uses multi-factor
authentication (MFA) to prevent unauthorized access to its
systems.
– Scenario for Detection: An IDS alerts the IT team when it
detects unusual login attempts from a foreign IP address.
– Scenario for Recovery: After a malware attack, a
company restores its systems using backups and patches
the vulnerability that was exploited.

03/05/2025 10
Discussion Questions
1. Why is the CIA triad important?
2. What is the difference between a threat and a
vulnerability?
3. How do security mechanisms help prevent security
breaches?

03/05/2025 11

You might also like