Isys20261 lecture 01


Published on

  • Be the first to comment

  • Be the first to like this

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide

Isys20261 lecture 01

  1. 1. Computer Security Management(ISYS20261)Lecture 1 - Introduction Module Leader: Dr Xiaoqi Ma School of Science and Technology
  2. 2. Module information• Lectures: ERD171 (Dr Xiaoqi Ma)• Seminars: ABK010• Module webpage: NOW• Course book: Dhillon, G. (2006) Principles of Information Systems Security: Texts and Cases, Wiley, ISBN: 0471450561.Computer Security ManagementPage 2
  3. 3. Module information (cont.)• Assessment: – Coursework (50%) Seminar presentation and related report on a new security technology or process change – Exam (50%) Examination of knowledge of variety of strategies, processes, laws, and ethical dilemmas, and their related value to specific cases.• Please note: seminars start next week!Computer Security ManagementPage 3
  4. 4. Module overview• Threats and Risk Management – Develop awareness of threats, such as denial of service and modification attacks, and of hacker motivation and techniques. – Apply risk management (assessment and control) to address the threats to enable business continuity management.• Security Strategy and Management – Defining information security and the security systems life cycle and the computer security function within an organisation. – Developing IT security strategy, governance and policy to enable audits and compliance. – Cost Justification of security decisions• Ethics & law in computer security – Credentials of Information Security Professionals – Key laws including current case law, and how organisations should develop policies to address them.Computer Security ManagementPage 4
  5. 5. Management• In order to be able to manage something: – Need to be able to measure this something!• In order to be able to measure something: – Need to know what this something actually is!• So: what is ‘computer security’?Computer Security ManagementPage 5
  6. 6. Information security requirements• Confidentiality – Protecting sensitive information from unauthorised disclosure or intelligible interception• Integrity – Safeguarding the accuracy and completeness of information (and software)• Availability – Ensuring that information (and vital services) are available to users when required• Authentication – Ensuring that information is from the source it claims to be from• Non repudiation – Prevents an entity from denying having performed a particular action related to dataComputer Security ManagementPage 6
  7. 7. Computer security: protection of informationrelated assets• Data• Hardware – Computer – Network infrastructure• Software – System software – Application software• Intangible assets – Reputation of organisation – Goodwill of customers• etcComputer Security ManagementPage 7
  8. 8. Some definitions• Harm – Something happens to an asset that we do not want to happen• Threat – Possible source of harm• Attack – Threatening event (instance of a threat)• Attacker – Someone or something that mounts a threat• Vulnerability – Weakness in the system (asset) that makes an attack more likely to successes• Risk – Possibility that a threat will affect the business or organisationComputer Security ManagementPage 8
  9. 9. Security risks and management Risk Analysis Asset Vulnerability Threat Risk Management Risk Security MeasuresComputer Security ManagementPage 9
  10. 10. Aspects of computer security• Host security – Access control, viruses, worms and Trojan horses, intrusion detection, trusted computing• Network security – Protocols, cryptography, Web security, public key infrastructure, utility computing• People and physical security – Attackers, social engineering, biometrics, tamper resistance, human centred security• Security risk management – Risk analysis and management, 3rd generation methods: security by design• Computer forensics – Identify, preserve, analyze and present digital evidenceComputer Security ManagementPage 10
  11. 11. Summary• Computer security• Security risk and management• Aspects of computer securityComputer Security ManagementPage 11