3. Computer Security
What
is it?
◦ Computer Security is the science of managing
malicious intent and behaviour that involves
information and communication technology.
◦ Malicious Behaviour includes
Fraud/Theft – Unauthorised access to $$ (credit
card, goods, services etc.)
Vandalism – Causing damage for personal reasons
Terrorism
4. Espionage – Stealing information to gain
competitive advantage
Sabotage – Causing damage to gain competitive
advantage
Spam – unsolicited marketing wasting
time/resources
5. Where
is computer security a concern?
◦ In the business environment: Cash flow,
competitive advantage, commercial image,
reputation
◦ In the military environment: Access to
weapons, communication secrecy
◦ In the medical environment: Patient records,
equipment safety, treatment info.
◦ In the household: Burglar alarms, utility bills
6. Principles of Computer Security
The
top aspects of computer security are the
preservation of:
◦ Confidentiality: Ensuring that ONLY authorized
persons can access the information
◦ Integrity: safeguarding the accuracy of
information by ensuring that ONLY authorized
persons are able to modify the information
◦ Availability: Ensuring that if you are an
authorized person, information should be
accessible to you whenever required.
7.
8. Assets, Threats, Vulnerabilities,
Risks, Countermeasures
What
are they?
◦ Asset: A useful or valuable thing. May include
hardware, software, documentation, data,
communications, environment and people.
◦ Threat: Intention to inflict injury or damage.
Potential to cause loss or harm. May include
users, terrorist, hackers, criminals, motivated
groups, acts of God
9. Vulnerability: Is a weakness that might be
exploited to cause loss or harm. May include
the ability to be exposed, stolen, lost, deleted,
contain s/ware bugs
Risk: Is a potential problem that a system or its
user may experience. An asset is usually at risk
when a threat exploits its vulnerabilities.
10. Countermeasure: Procedures / Processess
put in place to reduce or mitigate or
control a risk. Countermeasures seek to
do the following:
Reduce the threat
Reduce the vulnerability
Reduce the impact
Detect a hostile event
Recover from an event
11. A risk management model is used to manage
threats
Assets
Vulnerabilities
Risk
Countermeasures
Aftercare
Threats
12. Risk Assessment
A risk matrix is used to evaluate the threat and
countermeasure.
High Expectancy
Control & Contain
Prevention
Low
Impact
High
Impact
Live with
Contingency
Plan or
Insurance
Low Expectancy