SlideShare a Scribd company logo
INFORMATION SYSTEM
SECURITY
Jupriyadi, S.Kom. M.T.
jupriyadi@teknokrat.ac.id
Bandarlampung, Juli 2021
Chapter 3
Security Principals
Authentication
Authorization or Access Control
Privacy / Confidentiality
Integrity
Availability
Non-repudiation
Auditing
Authentication
Stating that the data or information used or provided
by the user is the person's original
Countermeasure: Using Digital signature
Authentication
 Authentication is used by a server when the server needs to know exactly who
is accessing their information or site.
 Authentication is used by a client when the client needs to know that the
server is system it claims to be.
 In authentication, the user or computer has to prove its identity to the server or
client.
 Usually, authentication by a server entails the use of a user name and
password. Other ways to authenticate can be through cards, retina scans,
voice recognition, and fingerprints.
 Authentication by a client usually involves the server giving a certificate to the
client in which a trusted third party.
 Authentication does not determine what tasks the individual can do or what
files the individual can see. Authentication merely identifies and verifies who
the person or system is.
Three Schemes Authentication
• Password
Something
you know
• ID Card
Something
you have
• Finger Prints
Something
you are
Authorization or Access
Control
Setting who can do what, or from where to where. Can use
the mechanisms of user / password or other mechanism
Example:
ACL on Proxy Server
Authorization or Access
Control
 Authorization is a process by which a server determines if the client has
permission to use a resource or access a file.
 Authorization is usually coupled with authentication so that the server has
some concept of who the client is that is requesting access.
 The type of authentication required for authorization may vary; passwords may
be required in some cases but not in others.
 In some cases, there is no authorization; any user may be use a resource or
access a file simply by asking for it. Most of the web pages on the Internet
require no authentication or authorization.
Privacy/Confidentiality
Security of personal data, messages or other
sensitive information
Countermeasure: Using encryption
Integrity
Information or messages that are kept unchanged or
changed.
Availability
The availability of information security services.
Countermeasure : Firewall and router
filtering, backup and redundancy, IDS and IPS
Non-repudiation
Keeping that if it is done online transactions or
activities, it can not be disclaimed
Auditing
The existence of the file records data communications that
occur on the network for auditing purposes such as identifying
attacks on the network or server
Implementation : Using System Logging
Basic Terminology
 Threats
 natural threats
 unintentional threats
 intentional threats
 Vulnerabilities
 weakness in the design
 Configuration
 implementation
 Risk
 Attacks
What's Next ?

More Related Content

What's hot

Architecting for Security Resilience
Architecting for Security ResilienceArchitecting for Security Resilience
Architecting for Security Resilience
Joel Aleburu
 
E commerce Security
E commerce Security E commerce Security
E commerce Security
Wisnu Dewobroto
 
Data base security and injection
Data base security and injectionData base security and injection
Data base security and injection
A. Shamel
 
VAPT- A Service on Eucalyptus Cloud
VAPT- A Service on Eucalyptus CloudVAPT- A Service on Eucalyptus Cloud
VAPT- A Service on Eucalyptus Cloud
Swapna Shetye
 
Ch19 E Commerce Security
Ch19 E Commerce SecurityCh19 E Commerce Security
Ch19 E Commerce Security
phanleson
 
Chapter 2 konsep dasar keamanan
Chapter 2 konsep dasar keamananChapter 2 konsep dasar keamanan
Chapter 2 konsep dasar keamanan
newbie2019
 
Chapter 15 incident handling
Chapter 15 incident handlingChapter 15 incident handling
Chapter 15 incident handling
newbie2019
 
PACE-IT, Security+ 6.2: Cryptographic Methods (part 2)
PACE-IT, Security+ 6.2: Cryptographic Methods (part 2)PACE-IT, Security+ 6.2: Cryptographic Methods (part 2)
PACE-IT, Security+ 6.2: Cryptographic Methods (part 2)
Pace IT at Edmonds Community College
 
Security and management
Security and managementSecurity and management
Security and management
ArtiSolanki5
 
Two-factor authentication- A sample writing _Zaman
Two-factor authentication- A sample writing _ZamanTwo-factor authentication- A sample writing _Zaman
Two-factor authentication- A sample writing _Zaman
Asad Zaman
 
Data and Message Security
Data and Message SecurityData and Message Security
Data and Message Security
Nrapesh Shah
 
Threat Modeling - Writing Secure Code
Threat Modeling - Writing Secure CodeThreat Modeling - Writing Secure Code
Threat Modeling - Writing Secure Code
Caleb Jenkins
 
information security(authentication application, Authentication and Access Co...
information security(authentication application, Authentication and Access Co...information security(authentication application, Authentication and Access Co...
information security(authentication application, Authentication and Access Co...
Zara Nawaz
 
PACE-IT, Security+ 4.1: Application Security Controls and Techniques
PACE-IT, Security+ 4.1: Application Security Controls and TechniquesPACE-IT, Security+ 4.1: Application Security Controls and Techniques
PACE-IT, Security+ 4.1: Application Security Controls and Techniques
Pace IT at Edmonds Community College
 
E business security
E business securityE business security
E business security
Sameer Sharma
 
Security in e-commerce
Security in e-commerceSecurity in e-commerce
Security in e-commerce
SensePost
 
5 Security Tips to Protect Your Login Credentials and More
5 Security Tips to Protect Your Login Credentials and More5 Security Tips to Protect Your Login Credentials and More
5 Security Tips to Protect Your Login Credentials and More
Community IT Innovators
 
PACE-IT, Security+3.5: Types of Application Attacks (part 2)
PACE-IT, Security+3.5: Types of Application Attacks (part 2)PACE-IT, Security+3.5: Types of Application Attacks (part 2)
PACE-IT, Security+3.5: Types of Application Attacks (part 2)
Pace IT at Edmonds Community College
 
Honey Pot Intrusion Detection System
Honey Pot Intrusion Detection SystemHoney Pot Intrusion Detection System
Combating Phishing Attacks
Combating Phishing AttacksCombating Phishing Attacks
Combating Phishing Attacks
Rapid7
 

What's hot (20)

Architecting for Security Resilience
Architecting for Security ResilienceArchitecting for Security Resilience
Architecting for Security Resilience
 
E commerce Security
E commerce Security E commerce Security
E commerce Security
 
Data base security and injection
Data base security and injectionData base security and injection
Data base security and injection
 
VAPT- A Service on Eucalyptus Cloud
VAPT- A Service on Eucalyptus CloudVAPT- A Service on Eucalyptus Cloud
VAPT- A Service on Eucalyptus Cloud
 
Ch19 E Commerce Security
Ch19 E Commerce SecurityCh19 E Commerce Security
Ch19 E Commerce Security
 
Chapter 2 konsep dasar keamanan
Chapter 2 konsep dasar keamananChapter 2 konsep dasar keamanan
Chapter 2 konsep dasar keamanan
 
Chapter 15 incident handling
Chapter 15 incident handlingChapter 15 incident handling
Chapter 15 incident handling
 
PACE-IT, Security+ 6.2: Cryptographic Methods (part 2)
PACE-IT, Security+ 6.2: Cryptographic Methods (part 2)PACE-IT, Security+ 6.2: Cryptographic Methods (part 2)
PACE-IT, Security+ 6.2: Cryptographic Methods (part 2)
 
Security and management
Security and managementSecurity and management
Security and management
 
Two-factor authentication- A sample writing _Zaman
Two-factor authentication- A sample writing _ZamanTwo-factor authentication- A sample writing _Zaman
Two-factor authentication- A sample writing _Zaman
 
Data and Message Security
Data and Message SecurityData and Message Security
Data and Message Security
 
Threat Modeling - Writing Secure Code
Threat Modeling - Writing Secure CodeThreat Modeling - Writing Secure Code
Threat Modeling - Writing Secure Code
 
information security(authentication application, Authentication and Access Co...
information security(authentication application, Authentication and Access Co...information security(authentication application, Authentication and Access Co...
information security(authentication application, Authentication and Access Co...
 
PACE-IT, Security+ 4.1: Application Security Controls and Techniques
PACE-IT, Security+ 4.1: Application Security Controls and TechniquesPACE-IT, Security+ 4.1: Application Security Controls and Techniques
PACE-IT, Security+ 4.1: Application Security Controls and Techniques
 
E business security
E business securityE business security
E business security
 
Security in e-commerce
Security in e-commerceSecurity in e-commerce
Security in e-commerce
 
5 Security Tips to Protect Your Login Credentials and More
5 Security Tips to Protect Your Login Credentials and More5 Security Tips to Protect Your Login Credentials and More
5 Security Tips to Protect Your Login Credentials and More
 
PACE-IT, Security+3.5: Types of Application Attacks (part 2)
PACE-IT, Security+3.5: Types of Application Attacks (part 2)PACE-IT, Security+3.5: Types of Application Attacks (part 2)
PACE-IT, Security+3.5: Types of Application Attacks (part 2)
 
Honey Pot Intrusion Detection System
Honey Pot Intrusion Detection SystemHoney Pot Intrusion Detection System
Honey Pot Intrusion Detection System
 
Combating Phishing Attacks
Combating Phishing AttacksCombating Phishing Attacks
Combating Phishing Attacks
 

Similar to Chapter 3 security principals

Security
SecuritySecurity
CompTIA Security+ Module1: Security fundamentals
CompTIA Security+ Module1: Security fundamentalsCompTIA Security+ Module1: Security fundamentals
CompTIA Security+ Module1: Security fundamentals
Ganbayar Sukhbaatar
 
Web Programming - 12 Authentication and Authorization
Web Programming - 12 Authentication and AuthorizationWeb Programming - 12 Authentication and Authorization
Web Programming - 12 Authentication and Authorization
AndiNurkholis1
 
Chapter006
Chapter006Chapter006
Chapter006
Jeanie Delos Arcos
 
Broken Authentication and Authorization(1).pptx
Broken Authentication and Authorization(1).pptxBroken Authentication and Authorization(1).pptx
Broken Authentication and Authorization(1).pptx
Manahari Darshika Pemarathna
 
Eds user authenticationuser authentication methods
Eds user authenticationuser authentication methodsEds user authenticationuser authentication methods
Eds user authenticationuser authentication methods
lapao2014
 
put the following into another words Authentication is the process of.docx
put the following into another words Authentication is the process of.docxput the following into another words Authentication is the process of.docx
put the following into another words Authentication is the process of.docx
LukeQVdGrantg
 
Cryptography and authentication
Cryptography and authenticationCryptography and authentication
Cryptography and authentication
mbadhi
 
SCWCD : Secure web : CHAP : 7
SCWCD : Secure web : CHAP : 7SCWCD : Secure web : CHAP : 7
SCWCD : Secure web : CHAP : 7
Ben Abdallah Helmi
 
SCWCD : Secure web
SCWCD : Secure webSCWCD : Secure web
SCWCD : Secure web
Ben Abdallah Helmi
 
Exploring the Seven Key Attributes of Security Testing.pdf
Exploring the Seven Key Attributes of Security Testing.pdfExploring the Seven Key Attributes of Security Testing.pdf
Exploring the Seven Key Attributes of Security Testing.pdf
AmeliaJonas2
 
Introduction to information security
Introduction to information securityIntroduction to information security
Introduction to information security
jayashri kolekar
 
Class paper final
Class paper finalClass paper final
Class paper final
Anusha Manchala
 
IT security : a five-legged sheep
IT security : a five-legged sheepIT security : a five-legged sheep
IT security : a five-legged sheep
ITrust - Cybersecurity as a Service
 
The CIA Triad - Assurance on Information Security
The CIA Triad - Assurance on Information SecurityThe CIA Triad - Assurance on Information Security
The CIA Triad - Assurance on Information Security
Bharath Rao
 
Internet Banking
Internet BankingInternet Banking
Internet Banking
guestf9788dc7
 
CS-1,2.pdf
CS-1,2.pdfCS-1,2.pdf
CS-1,2.pdf
techuniverso01
 
The three chain links of radius security
The three chain links of radius securityThe three chain links of radius security
The three chain links of radius security
Grafic.guru
 
DS-NIZKP: A ZKP-based Strong Authentication using Digital Signature for Distr...
DS-NIZKP: A ZKP-based Strong Authentication using Digital Signature for Distr...DS-NIZKP: A ZKP-based Strong Authentication using Digital Signature for Distr...
DS-NIZKP: A ZKP-based Strong Authentication using Digital Signature for Distr...
IJCSIS Research Publications
 
cyber secuirty.pptx
cyber secuirty.pptxcyber secuirty.pptx
cyber secuirty.pptx
Godwin585235
 

Similar to Chapter 3 security principals (20)

Security
SecuritySecurity
Security
 
CompTIA Security+ Module1: Security fundamentals
CompTIA Security+ Module1: Security fundamentalsCompTIA Security+ Module1: Security fundamentals
CompTIA Security+ Module1: Security fundamentals
 
Web Programming - 12 Authentication and Authorization
Web Programming - 12 Authentication and AuthorizationWeb Programming - 12 Authentication and Authorization
Web Programming - 12 Authentication and Authorization
 
Chapter006
Chapter006Chapter006
Chapter006
 
Broken Authentication and Authorization(1).pptx
Broken Authentication and Authorization(1).pptxBroken Authentication and Authorization(1).pptx
Broken Authentication and Authorization(1).pptx
 
Eds user authenticationuser authentication methods
Eds user authenticationuser authentication methodsEds user authenticationuser authentication methods
Eds user authenticationuser authentication methods
 
put the following into another words Authentication is the process of.docx
put the following into another words Authentication is the process of.docxput the following into another words Authentication is the process of.docx
put the following into another words Authentication is the process of.docx
 
Cryptography and authentication
Cryptography and authenticationCryptography and authentication
Cryptography and authentication
 
SCWCD : Secure web : CHAP : 7
SCWCD : Secure web : CHAP : 7SCWCD : Secure web : CHAP : 7
SCWCD : Secure web : CHAP : 7
 
SCWCD : Secure web
SCWCD : Secure webSCWCD : Secure web
SCWCD : Secure web
 
Exploring the Seven Key Attributes of Security Testing.pdf
Exploring the Seven Key Attributes of Security Testing.pdfExploring the Seven Key Attributes of Security Testing.pdf
Exploring the Seven Key Attributes of Security Testing.pdf
 
Introduction to information security
Introduction to information securityIntroduction to information security
Introduction to information security
 
Class paper final
Class paper finalClass paper final
Class paper final
 
IT security : a five-legged sheep
IT security : a five-legged sheepIT security : a five-legged sheep
IT security : a five-legged sheep
 
The CIA Triad - Assurance on Information Security
The CIA Triad - Assurance on Information SecurityThe CIA Triad - Assurance on Information Security
The CIA Triad - Assurance on Information Security
 
Internet Banking
Internet BankingInternet Banking
Internet Banking
 
CS-1,2.pdf
CS-1,2.pdfCS-1,2.pdf
CS-1,2.pdf
 
The three chain links of radius security
The three chain links of radius securityThe three chain links of radius security
The three chain links of radius security
 
DS-NIZKP: A ZKP-based Strong Authentication using Digital Signature for Distr...
DS-NIZKP: A ZKP-based Strong Authentication using Digital Signature for Distr...DS-NIZKP: A ZKP-based Strong Authentication using Digital Signature for Distr...
DS-NIZKP: A ZKP-based Strong Authentication using Digital Signature for Distr...
 
cyber secuirty.pptx
cyber secuirty.pptxcyber secuirty.pptx
cyber secuirty.pptx
 

More from newbie2019

Digital forensic principles and procedure
Digital forensic principles and procedureDigital forensic principles and procedure
Digital forensic principles and procedure
newbie2019
 
Fundamental digital forensik
Fundamental digital forensikFundamental digital forensik
Fundamental digital forensik
newbie2019
 
Pendahuluan it forensik
Pendahuluan it forensikPendahuluan it forensik
Pendahuluan it forensik
newbie2019
 
Chapter 14 sql injection
Chapter 14 sql injectionChapter 14 sql injection
Chapter 14 sql injection
newbie2019
 
Chapter 13 web security
Chapter 13 web securityChapter 13 web security
Chapter 13 web security
newbie2019
 
NIST Framework for Information System
NIST Framework for Information SystemNIST Framework for Information System
NIST Framework for Information System
newbie2019
 
Nist.sp.800 37r2
Nist.sp.800 37r2Nist.sp.800 37r2
Nist.sp.800 37r2
newbie2019
 
Iso iec 27000_2018
Iso iec 27000_2018Iso iec 27000_2018
Iso iec 27000_2018
newbie2019
 
Chapter 12 iso 27001 awareness
Chapter 12 iso 27001 awarenessChapter 12 iso 27001 awareness
Chapter 12 iso 27001 awareness
newbie2019
 
Chapter 10 security standart
Chapter 10 security standartChapter 10 security standart
Chapter 10 security standart
newbie2019
 
Chapter 8 cryptography lanjutan
Chapter 8 cryptography lanjutanChapter 8 cryptography lanjutan
Chapter 8 cryptography lanjutan
newbie2019
 
Pertemuan 7 cryptography
Pertemuan 7  cryptographyPertemuan 7  cryptography
Pertemuan 7 cryptography
newbie2019
 
Chapter 6 information hiding (steganography)
Chapter 6 information hiding (steganography)Chapter 6 information hiding (steganography)
Chapter 6 information hiding (steganography)
newbie2019
 
Vulnerability threat and attack
Vulnerability threat and attackVulnerability threat and attack
Vulnerability threat and attack
newbie2019
 
Chapter 1 introduction
Chapter 1 introductionChapter 1 introduction
Chapter 1 introduction
newbie2019
 
CCNA RSE Routing concept
CCNA RSE Routing conceptCCNA RSE Routing concept
CCNA RSE Routing concept
newbie2019
 
Chapter 1 introduction
Chapter 1 introductionChapter 1 introduction
Chapter 1 introduction
newbie2019
 
Sca nv6 instructorppt_chapter2
Sca nv6 instructorppt_chapter2Sca nv6 instructorppt_chapter2
Sca nv6 instructorppt_chapter2
newbie2019
 
Ccna rse chp9 nat fo i_pv4
Ccna rse chp9 nat fo i_pv4Ccna rse chp9 nat fo i_pv4
Ccna rse chp9 nat fo i_pv4
newbie2019
 
ether channel_hsrp
ether channel_hsrpether channel_hsrp
ether channel_hsrp
newbie2019
 

More from newbie2019 (20)

Digital forensic principles and procedure
Digital forensic principles and procedureDigital forensic principles and procedure
Digital forensic principles and procedure
 
Fundamental digital forensik
Fundamental digital forensikFundamental digital forensik
Fundamental digital forensik
 
Pendahuluan it forensik
Pendahuluan it forensikPendahuluan it forensik
Pendahuluan it forensik
 
Chapter 14 sql injection
Chapter 14 sql injectionChapter 14 sql injection
Chapter 14 sql injection
 
Chapter 13 web security
Chapter 13 web securityChapter 13 web security
Chapter 13 web security
 
NIST Framework for Information System
NIST Framework for Information SystemNIST Framework for Information System
NIST Framework for Information System
 
Nist.sp.800 37r2
Nist.sp.800 37r2Nist.sp.800 37r2
Nist.sp.800 37r2
 
Iso iec 27000_2018
Iso iec 27000_2018Iso iec 27000_2018
Iso iec 27000_2018
 
Chapter 12 iso 27001 awareness
Chapter 12 iso 27001 awarenessChapter 12 iso 27001 awareness
Chapter 12 iso 27001 awareness
 
Chapter 10 security standart
Chapter 10 security standartChapter 10 security standart
Chapter 10 security standart
 
Chapter 8 cryptography lanjutan
Chapter 8 cryptography lanjutanChapter 8 cryptography lanjutan
Chapter 8 cryptography lanjutan
 
Pertemuan 7 cryptography
Pertemuan 7  cryptographyPertemuan 7  cryptography
Pertemuan 7 cryptography
 
Chapter 6 information hiding (steganography)
Chapter 6 information hiding (steganography)Chapter 6 information hiding (steganography)
Chapter 6 information hiding (steganography)
 
Vulnerability threat and attack
Vulnerability threat and attackVulnerability threat and attack
Vulnerability threat and attack
 
Chapter 1 introduction
Chapter 1 introductionChapter 1 introduction
Chapter 1 introduction
 
CCNA RSE Routing concept
CCNA RSE Routing conceptCCNA RSE Routing concept
CCNA RSE Routing concept
 
Chapter 1 introduction
Chapter 1 introductionChapter 1 introduction
Chapter 1 introduction
 
Sca nv6 instructorppt_chapter2
Sca nv6 instructorppt_chapter2Sca nv6 instructorppt_chapter2
Sca nv6 instructorppt_chapter2
 
Ccna rse chp9 nat fo i_pv4
Ccna rse chp9 nat fo i_pv4Ccna rse chp9 nat fo i_pv4
Ccna rse chp9 nat fo i_pv4
 
ether channel_hsrp
ether channel_hsrpether channel_hsrp
ether channel_hsrp
 

Recently uploaded

BÀI TẬP BỔ TRỢ TIẾNG ANH LỚP 9 CẢ NĂM - GLOBAL SUCCESS - NĂM HỌC 2024-2025 - ...
BÀI TẬP BỔ TRỢ TIẾNG ANH LỚP 9 CẢ NĂM - GLOBAL SUCCESS - NĂM HỌC 2024-2025 - ...BÀI TẬP BỔ TRỢ TIẾNG ANH LỚP 9 CẢ NĂM - GLOBAL SUCCESS - NĂM HỌC 2024-2025 - ...
BÀI TẬP BỔ TRỢ TIẾNG ANH LỚP 9 CẢ NĂM - GLOBAL SUCCESS - NĂM HỌC 2024-2025 - ...
Nguyen Thanh Tu Collection
 
LAND USE LAND COVER AND NDVI OF MIRZAPUR DISTRICT, UP
LAND USE LAND COVER AND NDVI OF MIRZAPUR DISTRICT, UPLAND USE LAND COVER AND NDVI OF MIRZAPUR DISTRICT, UP
LAND USE LAND COVER AND NDVI OF MIRZAPUR DISTRICT, UP
RAHUL
 
Main Java[All of the Base Concepts}.docx
Main Java[All of the Base Concepts}.docxMain Java[All of the Base Concepts}.docx
Main Java[All of the Base Concepts}.docx
adhitya5119
 
Your Skill Boost Masterclass: Strategies for Effective Upskilling
Your Skill Boost Masterclass: Strategies for Effective UpskillingYour Skill Boost Masterclass: Strategies for Effective Upskilling
Your Skill Boost Masterclass: Strategies for Effective Upskilling
Excellence Foundation for South Sudan
 
clinical examination of hip joint (1).pdf
clinical examination of hip joint (1).pdfclinical examination of hip joint (1).pdf
clinical examination of hip joint (1).pdf
Priyankaranawat4
 
Natural birth techniques - Mrs.Akanksha Trivedi Rama University
Natural birth techniques - Mrs.Akanksha Trivedi Rama UniversityNatural birth techniques - Mrs.Akanksha Trivedi Rama University
Natural birth techniques - Mrs.Akanksha Trivedi Rama University
Akanksha trivedi rama nursing college kanpur.
 
How to Add Chatter in the odoo 17 ERP Module
How to Add Chatter in the odoo 17 ERP ModuleHow to Add Chatter in the odoo 17 ERP Module
How to Add Chatter in the odoo 17 ERP Module
Celine George
 
The Diamonds of 2023-2024 in the IGRA collection
The Diamonds of 2023-2024 in the IGRA collectionThe Diamonds of 2023-2024 in the IGRA collection
The Diamonds of 2023-2024 in the IGRA collection
Israel Genealogy Research Association
 
The History of Stoke Newington Street Names
The History of Stoke Newington Street NamesThe History of Stoke Newington Street Names
The History of Stoke Newington Street Names
History of Stoke Newington
 
Pengantar Penggunaan Flutter - Dart programming language1.pptx
Pengantar Penggunaan Flutter - Dart programming language1.pptxPengantar Penggunaan Flutter - Dart programming language1.pptx
Pengantar Penggunaan Flutter - Dart programming language1.pptx
Fajar Baskoro
 
Présentationvvvvvvvvvvvvvvvvvvvvvvvvvvvv2.pptx
Présentationvvvvvvvvvvvvvvvvvvvvvvvvvvvv2.pptxPrésentationvvvvvvvvvvvvvvvvvvvvvvvvvvvv2.pptx
Présentationvvvvvvvvvvvvvvvvvvvvvvvvvvvv2.pptx
siemaillard
 
Hindi varnamala | hindi alphabet PPT.pdf
Hindi varnamala | hindi alphabet PPT.pdfHindi varnamala | hindi alphabet PPT.pdf
Hindi varnamala | hindi alphabet PPT.pdf
Dr. Mulla Adam Ali
 
How to deliver Powerpoint Presentations.pptx
How to deliver Powerpoint  Presentations.pptxHow to deliver Powerpoint  Presentations.pptx
How to deliver Powerpoint Presentations.pptx
HajraNaeem15
 
Digital Artefact 1 - Tiny Home Environmental Design
Digital Artefact 1 - Tiny Home Environmental DesignDigital Artefact 1 - Tiny Home Environmental Design
Digital Artefact 1 - Tiny Home Environmental Design
amberjdewit93
 
How to Make a Field Mandatory in Odoo 17
How to Make a Field Mandatory in Odoo 17How to Make a Field Mandatory in Odoo 17
How to Make a Field Mandatory in Odoo 17
Celine George
 
Chapter wise All Notes of First year Basic Civil Engineering.pptx
Chapter wise All Notes of First year Basic Civil Engineering.pptxChapter wise All Notes of First year Basic Civil Engineering.pptx
Chapter wise All Notes of First year Basic Civil Engineering.pptx
Denish Jangid
 
Advanced Java[Extra Concepts, Not Difficult].docx
Advanced Java[Extra Concepts, Not Difficult].docxAdvanced Java[Extra Concepts, Not Difficult].docx
Advanced Java[Extra Concepts, Not Difficult].docx
adhitya5119
 
คำศัพท์ คำพื้นฐานการอ่าน ภาษาอังกฤษ ระดับชั้น ม.1
คำศัพท์ คำพื้นฐานการอ่าน ภาษาอังกฤษ ระดับชั้น ม.1คำศัพท์ คำพื้นฐานการอ่าน ภาษาอังกฤษ ระดับชั้น ม.1
คำศัพท์ คำพื้นฐานการอ่าน ภาษาอังกฤษ ระดับชั้น ม.1
สมใจ จันสุกสี
 
PIMS Job Advertisement 2024.pdf Islamabad
PIMS Job Advertisement 2024.pdf IslamabadPIMS Job Advertisement 2024.pdf Islamabad
PIMS Job Advertisement 2024.pdf Islamabad
AyyanKhan40
 
How to Setup Warehouse & Location in Odoo 17 Inventory
How to Setup Warehouse & Location in Odoo 17 InventoryHow to Setup Warehouse & Location in Odoo 17 Inventory
How to Setup Warehouse & Location in Odoo 17 Inventory
Celine George
 

Recently uploaded (20)

BÀI TẬP BỔ TRỢ TIẾNG ANH LỚP 9 CẢ NĂM - GLOBAL SUCCESS - NĂM HỌC 2024-2025 - ...
BÀI TẬP BỔ TRỢ TIẾNG ANH LỚP 9 CẢ NĂM - GLOBAL SUCCESS - NĂM HỌC 2024-2025 - ...BÀI TẬP BỔ TRỢ TIẾNG ANH LỚP 9 CẢ NĂM - GLOBAL SUCCESS - NĂM HỌC 2024-2025 - ...
BÀI TẬP BỔ TRỢ TIẾNG ANH LỚP 9 CẢ NĂM - GLOBAL SUCCESS - NĂM HỌC 2024-2025 - ...
 
LAND USE LAND COVER AND NDVI OF MIRZAPUR DISTRICT, UP
LAND USE LAND COVER AND NDVI OF MIRZAPUR DISTRICT, UPLAND USE LAND COVER AND NDVI OF MIRZAPUR DISTRICT, UP
LAND USE LAND COVER AND NDVI OF MIRZAPUR DISTRICT, UP
 
Main Java[All of the Base Concepts}.docx
Main Java[All of the Base Concepts}.docxMain Java[All of the Base Concepts}.docx
Main Java[All of the Base Concepts}.docx
 
Your Skill Boost Masterclass: Strategies for Effective Upskilling
Your Skill Boost Masterclass: Strategies for Effective UpskillingYour Skill Boost Masterclass: Strategies for Effective Upskilling
Your Skill Boost Masterclass: Strategies for Effective Upskilling
 
clinical examination of hip joint (1).pdf
clinical examination of hip joint (1).pdfclinical examination of hip joint (1).pdf
clinical examination of hip joint (1).pdf
 
Natural birth techniques - Mrs.Akanksha Trivedi Rama University
Natural birth techniques - Mrs.Akanksha Trivedi Rama UniversityNatural birth techniques - Mrs.Akanksha Trivedi Rama University
Natural birth techniques - Mrs.Akanksha Trivedi Rama University
 
How to Add Chatter in the odoo 17 ERP Module
How to Add Chatter in the odoo 17 ERP ModuleHow to Add Chatter in the odoo 17 ERP Module
How to Add Chatter in the odoo 17 ERP Module
 
The Diamonds of 2023-2024 in the IGRA collection
The Diamonds of 2023-2024 in the IGRA collectionThe Diamonds of 2023-2024 in the IGRA collection
The Diamonds of 2023-2024 in the IGRA collection
 
The History of Stoke Newington Street Names
The History of Stoke Newington Street NamesThe History of Stoke Newington Street Names
The History of Stoke Newington Street Names
 
Pengantar Penggunaan Flutter - Dart programming language1.pptx
Pengantar Penggunaan Flutter - Dart programming language1.pptxPengantar Penggunaan Flutter - Dart programming language1.pptx
Pengantar Penggunaan Flutter - Dart programming language1.pptx
 
Présentationvvvvvvvvvvvvvvvvvvvvvvvvvvvv2.pptx
Présentationvvvvvvvvvvvvvvvvvvvvvvvvvvvv2.pptxPrésentationvvvvvvvvvvvvvvvvvvvvvvvvvvvv2.pptx
Présentationvvvvvvvvvvvvvvvvvvvvvvvvvvvv2.pptx
 
Hindi varnamala | hindi alphabet PPT.pdf
Hindi varnamala | hindi alphabet PPT.pdfHindi varnamala | hindi alphabet PPT.pdf
Hindi varnamala | hindi alphabet PPT.pdf
 
How to deliver Powerpoint Presentations.pptx
How to deliver Powerpoint  Presentations.pptxHow to deliver Powerpoint  Presentations.pptx
How to deliver Powerpoint Presentations.pptx
 
Digital Artefact 1 - Tiny Home Environmental Design
Digital Artefact 1 - Tiny Home Environmental DesignDigital Artefact 1 - Tiny Home Environmental Design
Digital Artefact 1 - Tiny Home Environmental Design
 
How to Make a Field Mandatory in Odoo 17
How to Make a Field Mandatory in Odoo 17How to Make a Field Mandatory in Odoo 17
How to Make a Field Mandatory in Odoo 17
 
Chapter wise All Notes of First year Basic Civil Engineering.pptx
Chapter wise All Notes of First year Basic Civil Engineering.pptxChapter wise All Notes of First year Basic Civil Engineering.pptx
Chapter wise All Notes of First year Basic Civil Engineering.pptx
 
Advanced Java[Extra Concepts, Not Difficult].docx
Advanced Java[Extra Concepts, Not Difficult].docxAdvanced Java[Extra Concepts, Not Difficult].docx
Advanced Java[Extra Concepts, Not Difficult].docx
 
คำศัพท์ คำพื้นฐานการอ่าน ภาษาอังกฤษ ระดับชั้น ม.1
คำศัพท์ คำพื้นฐานการอ่าน ภาษาอังกฤษ ระดับชั้น ม.1คำศัพท์ คำพื้นฐานการอ่าน ภาษาอังกฤษ ระดับชั้น ม.1
คำศัพท์ คำพื้นฐานการอ่าน ภาษาอังกฤษ ระดับชั้น ม.1
 
PIMS Job Advertisement 2024.pdf Islamabad
PIMS Job Advertisement 2024.pdf IslamabadPIMS Job Advertisement 2024.pdf Islamabad
PIMS Job Advertisement 2024.pdf Islamabad
 
How to Setup Warehouse & Location in Odoo 17 Inventory
How to Setup Warehouse & Location in Odoo 17 InventoryHow to Setup Warehouse & Location in Odoo 17 Inventory
How to Setup Warehouse & Location in Odoo 17 Inventory
 

Chapter 3 security principals

  • 1. INFORMATION SYSTEM SECURITY Jupriyadi, S.Kom. M.T. jupriyadi@teknokrat.ac.id Bandarlampung, Juli 2021 Chapter 3
  • 2. Security Principals Authentication Authorization or Access Control Privacy / Confidentiality Integrity Availability Non-repudiation Auditing
  • 3. Authentication Stating that the data or information used or provided by the user is the person's original Countermeasure: Using Digital signature
  • 4. Authentication  Authentication is used by a server when the server needs to know exactly who is accessing their information or site.  Authentication is used by a client when the client needs to know that the server is system it claims to be.  In authentication, the user or computer has to prove its identity to the server or client.  Usually, authentication by a server entails the use of a user name and password. Other ways to authenticate can be through cards, retina scans, voice recognition, and fingerprints.  Authentication by a client usually involves the server giving a certificate to the client in which a trusted third party.  Authentication does not determine what tasks the individual can do or what files the individual can see. Authentication merely identifies and verifies who the person or system is.
  • 5. Three Schemes Authentication • Password Something you know • ID Card Something you have • Finger Prints Something you are
  • 6. Authorization or Access Control Setting who can do what, or from where to where. Can use the mechanisms of user / password or other mechanism Example: ACL on Proxy Server
  • 7. Authorization or Access Control  Authorization is a process by which a server determines if the client has permission to use a resource or access a file.  Authorization is usually coupled with authentication so that the server has some concept of who the client is that is requesting access.  The type of authentication required for authorization may vary; passwords may be required in some cases but not in others.  In some cases, there is no authorization; any user may be use a resource or access a file simply by asking for it. Most of the web pages on the Internet require no authentication or authorization.
  • 8. Privacy/Confidentiality Security of personal data, messages or other sensitive information Countermeasure: Using encryption
  • 9. Integrity Information or messages that are kept unchanged or changed.
  • 10. Availability The availability of information security services. Countermeasure : Firewall and router filtering, backup and redundancy, IDS and IPS
  • 11. Non-repudiation Keeping that if it is done online transactions or activities, it can not be disclaimed
  • 12. Auditing The existence of the file records data communications that occur on the network for auditing purposes such as identifying attacks on the network or server Implementation : Using System Logging
  • 13. Basic Terminology  Threats  natural threats  unintentional threats  intentional threats  Vulnerabilities  weakness in the design  Configuration  implementation  Risk  Attacks