This document provides an overview of various topics in information security. It discusses what security is and its key properties: confidentiality, integrity, and availability. The document then covers security as it relates to applications and operating systems, web security, network security, and computer security. For each topic, it outlines the main problem, relevant content areas, example projects, and implications for IT professionals in terms of security measures, routines, and tools.

1. Hamza KareemHamza Kareem

2. What is Security
Properties of SecurityProperties of Security
Major Topics in Security
Next Page

3. What is security?What is security?
In information technology, security is the protection of
information assets through the use of technology, processes,
and training.
Security is about
Honest user (e.g., David, Jenny, Greg, …)
Dishonest Attacker
How the Attacker
Disrupts honest David’s use of the system (Integrity, Availability)
Learns information intended for David only (Confidentiality)
Information Technology Professionals must protect users from
these attackers.
Next Page

4. Properties of SecurityProperties of Security
Confidentiality
Information about system or its users cannot be learned by an
attacker
Integrity
The system continues to operate properly, only reaching states
that would occur if there were no attacker
Availability
Actions by an attacker do not prevent users from having access
to use of the system
Next Page

5. Application and OSApplication and OS
SecuritySecurity
Main Problem
OS Attacker Controls malicious files and applications
Content
Vulnerabilities: control hijacking attacks, fuzzing
Prevention: System design, robust coding, isolation
Project
Buffer overflow project
Next Page

6. Application security is the use of software, hardware, and
procedural methods to protect applications from external
threats.
Implications for the IT Professional:
Security measures built into applications
Sound application security routine
Use of hardware or software firewalls
Return to Home Additional Reading i

7. Web SecurityWeb Security
Main Problem
Web Attacker sets up malicious site visited by victim; no
control of network
Content
Browser policies, session mgmt, user authentication
HTTPS and web application security
Project
Web site attack and defenses project
Next Page

8. Web SecurityWeb Security
Web security is the separation or control of threats from
assets within or maintained by web-based services to protect
the integrity of the service, the confidentiality of the
communication, and the availability of the application.
Implications for the IT professional:
Security measures built into the applications
Sound application security routine
Use of hardware or software firewalls
Security measures built into the web service

9. Network SecurityNetwork Security
Main Problem:
Network Attacker: Intercepts and controls network
communication
Content:
Protocol designs, vulnerabilities, prevention
Malware, botnets, DDoS, network security testing
Project:
Network traceroute and packet filtering project
Next Page

10. Network VulnerabilityNetwork Vulnerability
PointsPoints
Return to Home Additional Reading i

11. Network SecurityNetwork Security
Network security is the protection of a computer network
and its services from unauthorized modification, destruction,
or disclosure.
Implications for IT professionals:
Security measures built into the network hardware and design
Control the flow to data in a network
Sound application security routine
Use of hardware or software firewalls
Security measures built into the web service

12. Computer SecurityComputer Security
Main Idea
Hacker gains controls of a computer, installs malicious files,
applications and access computer files.
Content
Cryptography (user perspective)
digital rights management
Project
Seminar
Next Page

13. Computer SecurityComputer Security
Computer security is the process of preventing and detecting
unauthorized use of your computer. The content of a computer is
vulnerable to few risks unless the computer is connected to other
computers on a network
Implications for IT professionals:
Use of applications such as antivirus, and firewalls
Security settings on local machines
Use of software firewalls
Create boot disks and backup data on a regular basis

14. Gmail : hamzakareem61@gmail.com
Facebook : Hamza kareem