Uploaded byprofgufran
PPT, PDF20 views

Confidentiality Integrity Availability PPT.ppt

CIA Threats

Embed presentation

Download to read offline
1 A.3) Controls: Hardware Controls  Hardware devices to provide higher degree of security  Locks and cables (for notebooks)  Smart cards, dongles, hadware keys, ...  ...
2 A.4) Controls: Policies and Procedures  Policy vs. Procedure  Policy: What is/what is not allowed  Procedure: How you enforce policy  Advantages of policy/procedure controls:  Can replace hardware/software controls  Can be least expensive  Be careful to consider all costs  E.g. help desk costs often ignored for for passwords (=> look cheap but migh be expensive)
3  Policy - must consider:  Alignment with users’ legal and ethical standards  Probability of use (e.g. due to inconvenience) Inconvenient: 200 character password, change password every week (Can be) good: biometrics replacing passwords  Periodic reviews  As people and systems, as well as their goals, change
4 A.5) Controls: Physical Controls  Walls, locks  Guards, security cameras  Backup copies and archives  Cables an locks (e.g., for notebooks)  Natural and man-made disaster protection  Fire, flood, and earthquake protection  Accident and terrorism protection  ...
5 B) Effectiveness of Controls  Awareness of problem  People convined of the need for these controls  Likelihood of use  Too complex/intrusive security tools are often disabled  Overlapping controls  >1 control for a given vulnerability  To provide layered defense – the next layer compensates for a failure of the previous layer  Periodic reviews  A given control usually becomess less effective with time  Need to replace ineffective/inefficient controls with better ones
6 8. Principles of Computer Security [Pfleeger and Pfleeger]  Principle of Easiest Penetration (p.5) An intruder must be expected to use any available means of penetration. The penetration may not necessarily be by the most obvious means, nor is it necessarily the one against which the most solid defense has been installed.  Principle of Adequate Protection (p.16) Computer items must be protected to a degree consistent with their value and only until they lose their value. [modified by LL]
7  Principle of Effectiveness (p.26) Controls must be used—and used properly—to be effective. They must be efficient, easy to use, and appropriate.  Principle of Weakest Link (p.27) Security can be no stronger than its weakest link. Whether it is the power supply that powers the firewall or the operating system under the security application or the human, who plans, implements, and administers controls, a failure of any control can lead to a security failure.
End of Section 1: Introduction

More Related Content

PPTX
Security and management
byArtiSolanki5
 
PPT
dumil kuandu intheu vantharne some times it takes the kindaung of the going i...
byThiyagaRajan583837
 
PPT
ch0001 computer systems security and principles and practices
bystephen972973
 
PDF
Fundamental Concepts of Data Security _Security Controls
bySibtainHaider13
 
PPT
Cap 1 - Visao Geral Cibersegurança em Computacao
byrodolfovillaca1
 
PPTX
1. Introduction to Information Security.pptx
bynoura53269
 
PPTX
security introduction and overview lecture1 .pptx
bynagwaAboElenein
 
PPTX
Security Environment, Design Principles Of Security
byankitashah871482
 
Security and management
byArtiSolanki5
 
dumil kuandu intheu vantharne some times it takes the kindaung of the going i...
byThiyagaRajan583837
 
ch0001 computer systems security and principles and practices
bystephen972973
 
Fundamental Concepts of Data Security _Security Controls
bySibtainHaider13
 
Cap 1 - Visao Geral Cibersegurança em Computacao
byrodolfovillaca1
 
1. Introduction to Information Security.pptx
bynoura53269
 
security introduction and overview lecture1 .pptx
bynagwaAboElenein
 
Security Environment, Design Principles Of Security
byankitashah871482
 

Similar to Confidentiality Integrity Availability PPT.ppt

PPTX
securityandprotection Design Principles Of Security
byankitashah871482
 
PPTX
Controls used in managing data to ensure Data Security
bySibtainHaider13
 
DOCX
report on network security fundamentals
byJassika
 
PPTX
Introduction to Computer Security
byKamal Acharya
 
PPTX
Funda mental of information CHAPTER TWO.pptx
byjamsibro140
 
PPT
08 -Securing Information Systems at workplace.ppt
byRoshni814224
 
PPT
Securing Management Information Systems.ppt
byRoshni814224
 
PDF
Chapter 1 - Introduction.pdf
byEthioDotNetDeveloper
 
PPT
chapter 1 security.ppt
bygirmawodajo
 
PPT
basic-security-concepts-what-is-security48.ppt
byPawachMetharattanara
 
PDF
Dieter_Gollmann_Wiley_Computer_Security.pdf
by238Tanisha
 
PPTX
informations_security_presentations.pptx
byFAKHARZAMANPROUD
 
PPTX
Module1 PP5t3g5g5yg5ygh5tgh5g56gh5g5gT.pptx
byThanushB1
 
PPT
Overview
byphanleson
 
PDF
Basic security concepts_chapter_1_6perpage
bynakomuri
 
PDF
Fundamentals of-information-security
bymadunix
 
PPTX
02-overview.pptx
byEmanAzam
 
PPTX
unit-1-is1.pptx
bysorabhsingh17
 
PDF
Mis presentation by suraj vaidya
bySuraj Vaidya
 
DOCX
11What is Security 1.1 Introduction The central role of co.docx
bymoggdede
 
securityandprotection Design Principles Of Security
byankitashah871482
 
Controls used in managing data to ensure Data Security
bySibtainHaider13
 
report on network security fundamentals
byJassika
 
Introduction to Computer Security
byKamal Acharya
 
Funda mental of information CHAPTER TWO.pptx
byjamsibro140
 
08 -Securing Information Systems at workplace.ppt
byRoshni814224
 
Securing Management Information Systems.ppt
byRoshni814224
 
Chapter 1 - Introduction.pdf
byEthioDotNetDeveloper
 
chapter 1 security.ppt
bygirmawodajo
 
basic-security-concepts-what-is-security48.ppt
byPawachMetharattanara
 
Dieter_Gollmann_Wiley_Computer_Security.pdf
by238Tanisha
 
informations_security_presentations.pptx
byFAKHARZAMANPROUD
 
Module1 PP5t3g5g5yg5ygh5tgh5g56gh5g5gT.pptx
byThanushB1
 
Overview
byphanleson
 
Basic security concepts_chapter_1_6perpage
bynakomuri
 
Fundamentals of-information-security
bymadunix
 
02-overview.pptx
byEmanAzam
 
unit-1-is1.pptx
bysorabhsingh17
 
Mis presentation by suraj vaidya
bySuraj Vaidya
 
11What is Security 1.1 Introduction The central role of co.docx
bymoggdede
 

More from profgufran

PPT
Introduction_to_AdvanceExcel_FA12 - Copy.ppt
byprofgufran
 
PPT
Types of Threats in Local, shared, national.ppt
byprofgufran
 
PPT
Threats in cyber security Local, shared, national.ppt
byprofgufran
 
PPT
Confidentialiy, Integrity, Availability.ppt
byprofgufran
 
PPT
Cyber Security in computer forensics.ppt
byprofgufran
 
PPTX
Action Elements in artifical Intelligence.pptx
byprofgufran
 
PPTX
Planning ans Acting in nondeterminitics.pptx
byprofgufran
 
DOCX
Project Cover Page Introduction SPM.docx
byprofgufran
 
PPT
Introduction to Machine Learning Process.ppt
byprofgufran
 
PPT
Supply chain management Coordination.ppt
byprofgufran
 
PPT
BullWhip effect in Supply Chain Management.ppt
byprofgufran
 
PPT
Supply chain management Processessss.ppt
byprofgufran
 
PPT
Supply chain management introduction.ppt
byprofgufran
 
PPT
Markov Learning Techniques and Tools.ppt
byprofgufran
 
PPT
Reinforcement Learning Tools and Techniques.ppt
byprofgufran
 
PPT
Wavelet Transformation techniques and tools.ppt
byprofgufran
 
PPT
Data Reduction tools and techniquess.ppt
byprofgufran
 
PPT
Coefficient and Correlation techniques.ppt
byprofgufran
 
PPT
Data Preprocessing in Data Analytics.ppt
byprofgufran
 
PPTX
New Computer Network Practical 02 SYBSCit.pptx
byprofgufran
 
Introduction_to_AdvanceExcel_FA12 - Copy.ppt
byprofgufran
 
Types of Threats in Local, shared, national.ppt
byprofgufran
 
Threats in cyber security Local, shared, national.ppt
byprofgufran
 
Confidentialiy, Integrity, Availability.ppt
byprofgufran
 
Cyber Security in computer forensics.ppt
byprofgufran
 
Action Elements in artifical Intelligence.pptx
byprofgufran
 
Planning ans Acting in nondeterminitics.pptx
byprofgufran
 
Project Cover Page Introduction SPM.docx
byprofgufran
 
Introduction to Machine Learning Process.ppt
byprofgufran
 
Supply chain management Coordination.ppt
byprofgufran
 
BullWhip effect in Supply Chain Management.ppt
byprofgufran
 
Supply chain management Processessss.ppt
byprofgufran
 
Supply chain management introduction.ppt
byprofgufran
 
Markov Learning Techniques and Tools.ppt
byprofgufran
 
Reinforcement Learning Tools and Techniques.ppt
byprofgufran
 
Wavelet Transformation techniques and tools.ppt
byprofgufran
 
Data Reduction tools and techniquess.ppt
byprofgufran
 
Coefficient and Correlation techniques.ppt
byprofgufran
 
Data Preprocessing in Data Analytics.ppt
byprofgufran
 
New Computer Network Practical 02 SYBSCit.pptx
byprofgufran
 

Recently uploaded

PDF
How the EU Ecolabel's Record Growth Creates ESG Opportunities for CRE
byWastify AI
 
PPTX
API Gateway Architecture - Technical Report 2026
byPowersoft2026
 
DOCX
Mathematical reviewer gor mmw in theofern
byyeojlevantinojesalva
 
PPTX
CRM for the Insurance Industry Lessons for Insurance CIOs and Digital Leaders...
byKerry Millar
 
PPTX
Spacecraft Guidance Quick Research Guide by Arthur Morgan
byArthur Morgan
 
PDF
Computer Science Conferences 2026 | Research by SAI Conference
byHealth Conference 2026
 
PDF
Ethical AI applied to publishing: Presenting wâsikan kisewâtisiwin, an AI too...
byBookNet Canada
 
PPTX
AI Meets DBA Transforming Database Administration with Intelligence
byGeoPITS Global Pvt Ltd
 
PPTX
Mastering SQL Server Replication: Types, Setup & Troubleshooting
byGeoPITS Global Pvt Ltd
 
PDF
Deploying Windows Clients & Managing Identities
byVICTOR MAESTRE RAMIREZ
 
PDF
5G Explained! A High Level Overview [Introduction]
byLuciano Motta
 
PDF
10 Best AI Tools for Fashion Brands in 2026
bymockitseo
 
PDF
Enterprise Data Services_ A Development Guide with Use Cases, Trends and Impl...
by2601harsh23
 
PDF
apidays Australia 2025 | The Strategic Role of APIs in Digital Transformation
byapidays
 
PPTX
Understanding-Search-Algorithms_09-12-25.pptx
byshaikmahammedtauheed
 
PDF
Why Are Cloud Migration Services Essential for Modern Business Growth?
byGeoPITS Global Pvt Ltd
 
PPTX
Advance Computer Architecture Lecture 4.pptx
byBottshikanBottshikan
 
PDF
MINDCTI Revenue Release Quarter 3 2025 - Financial Presentation
byMIND CTI
 
PDF
B2SMB SaaS Philosophy Lab: Simplicity vs Options
byAnton Shulke
 
PPTX
Code Like Bro -A guide for better Coding
byMadan Panthi
 
How the EU Ecolabel's Record Growth Creates ESG Opportunities for CRE
byWastify AI
 
API Gateway Architecture - Technical Report 2026
byPowersoft2026
 
Mathematical reviewer gor mmw in theofern
byyeojlevantinojesalva
 
CRM for the Insurance Industry Lessons for Insurance CIOs and Digital Leaders...
byKerry Millar
 
Spacecraft Guidance Quick Research Guide by Arthur Morgan
byArthur Morgan
 
Computer Science Conferences 2026 | Research by SAI Conference
byHealth Conference 2026
 
Ethical AI applied to publishing: Presenting wâsikan kisewâtisiwin, an AI too...
byBookNet Canada
 
AI Meets DBA Transforming Database Administration with Intelligence
byGeoPITS Global Pvt Ltd
 
Mastering SQL Server Replication: Types, Setup & Troubleshooting
byGeoPITS Global Pvt Ltd
 
Deploying Windows Clients & Managing Identities
byVICTOR MAESTRE RAMIREZ
 
5G Explained! A High Level Overview [Introduction]
byLuciano Motta
 
10 Best AI Tools for Fashion Brands in 2026
bymockitseo
 
Enterprise Data Services_ A Development Guide with Use Cases, Trends and Impl...
by2601harsh23
 
apidays Australia 2025 | The Strategic Role of APIs in Digital Transformation
byapidays
 
Understanding-Search-Algorithms_09-12-25.pptx
byshaikmahammedtauheed
 
Why Are Cloud Migration Services Essential for Modern Business Growth?
byGeoPITS Global Pvt Ltd
 
Advance Computer Architecture Lecture 4.pptx
byBottshikanBottshikan
 
MINDCTI Revenue Release Quarter 3 2025 - Financial Presentation
byMIND CTI
 
B2SMB SaaS Philosophy Lab: Simplicity vs Options
byAnton Shulke
 
Code Like Bro -A guide for better Coding
byMadan Panthi
 

Confidentiality Integrity Availability PPT.ppt

  • 1.
    1 A.3) Controls: Hardware Controls Hardware devices to provide higher degree of security  Locks and cables (for notebooks)  Smart cards, dongles, hadware keys, ...  ...
  • 2.
    2 A.4) Controls: Policiesand Procedures  Policy vs. Procedure  Policy: What is/what is not allowed  Procedure: How you enforce policy  Advantages of policy/procedure controls:  Can replace hardware/software controls  Can be least expensive  Be careful to consider all costs  E.g. help desk costs often ignored for for passwords (=> look cheap but migh be expensive)
  • 3.
    3  Policy -must consider:  Alignment with users’ legal and ethical standards  Probability of use (e.g. due to inconvenience) Inconvenient: 200 character password, change password every week (Can be) good: biometrics replacing passwords  Periodic reviews  As people and systems, as well as their goals, change
  • 4.
    4 A.5) Controls: PhysicalControls  Walls, locks  Guards, security cameras  Backup copies and archives  Cables an locks (e.g., for notebooks)  Natural and man-made disaster protection  Fire, flood, and earthquake protection  Accident and terrorism protection  ...
  • 5.
    5 B) Effectiveness ofControls  Awareness of problem  People convined of the need for these controls  Likelihood of use  Too complex/intrusive security tools are often disabled  Overlapping controls  >1 control for a given vulnerability  To provide layered defense – the next layer compensates for a failure of the previous layer  Periodic reviews  A given control usually becomess less effective with time  Need to replace ineffective/inefficient controls with better ones
  • 6.
    6 8. Principles ofComputer Security [Pfleeger and Pfleeger]  Principle of Easiest Penetration (p.5) An intruder must be expected to use any available means of penetration. The penetration may not necessarily be by the most obvious means, nor is it necessarily the one against which the most solid defense has been installed.  Principle of Adequate Protection (p.16) Computer items must be protected to a degree consistent with their value and only until they lose their value. [modified by LL]
  • 7.
    7  Principle ofEffectiveness (p.26) Controls must be used—and used properly—to be effective. They must be efficient, easy to use, and appropriate.  Principle of Weakest Link (p.27) Security can be no stronger than its weakest link. Whether it is the power supply that powers the firewall or the operating system under the security application or the human, who plans, implements, and administers controls, a failure of any control can lead to a security failure.
  • 8.
    End of Section1: Introduction