Scribd
Upload
25 views

Part 3

The document discusses different elements of computer security including confidentiality, integrity, and availability. It defines these terms and describes tools that can help ensure each one, such as passwords, encryption, firewalls, and backups to aid confidentiality and integrity. Unauthorized access, hackers, threats, and vulnerabilities are also defined.

Uploaded by

Anthony Gozo
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPTX, PDF, TXT or read online on Scribd
25 views

Part 3

The document discusses different elements of computer security including confidentiality, integrity, and availability. It defines these terms and describes tools that can help ensure each one, such as passwords, encryption, firewalls, and backups to aid confidentiality and integrity. Unauthorized access, hackers, threats, and vulnerabilities are also defined.

Uploaded by

Anthony Gozo
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPTX, PDF, TXT or read online on Scribd
You are on page 1/ 41

INFORMATION ASSURANCE

AND SECURITY
CHRISA MAE TURLA
COMPUTER SECURITY
Different Elements in Computer Security
• Confidentiality
• Integrity
• Availability
WHAT IS CONFIDENTIALITY?
• Confidentiality is the concealment of information or resources. Also,
there is a need to keep information secret from other third parties
that want to have access to it, so just the right people can access it.
WHAT IS INTEGRITY?
• Integrity is the trustworthiness of data in the systems or resources
by the point of view of preventing unauthorized and improper
changes.
• Integrity is composed of two sub-elements – data-integrity, which it
has to do with the content of the data and authentication which has
to do with the origin of the data as such information has values only
if it is correct.
WHAT IS AVAILABILITY?
• Availability refers to the ability to access data of a resource when it
is needed, such as the information has value only if the authorized
people can access at right time. Denying access to data nowadays
has become a common attack. Imagine a downtime of a live server
how costly it can be.
In this chapter, we will discuss about the different
terminology used in Computer Security:
• Unauthorized access − An unauthorized access is when someone
gains access to a server, website, or other sensitive data using
someone else's account details.
• Hacker − Is a Person who tries and exploits a computer system for a
reason which can be money, a social cause, fun etc.
• Threat − Is an action or event that might compromise the security.
• Vulnerability − It is a weakness, a design problem or
implementation error in a system that can lead to an unexpected
and undesirable event regarding security system.
In this chapter, we will discuss about the different
terminology used in Computer Security:
• Attack − Is an assault on the system security that is delivered by a person or
a machine to a system. It violates security.
• Antivirus or Antimalware − Is a software that operates on different OS
which is used to prevent from malicious software.
• Social Engineering − Is a technique that a hacker uses to stole data by a
person for different for purposes by psychological manipulation combined
with social scenes.
• Virus − It is a malicious software that installs on your computer without
your consent for a bad purpose.
• Firewall − It is a software or hardware which is used to filter network traffic
based on rules.
Computer Security
Main Objectives of Computer Security
Confidentiality
• of data (secrecy)
• of persons (privacy)
• access only by authorized parties
Integrity
• data only correctly modified or deleted by authorized parties
• Availability
• correctly accessible in a timely manner
• the failure to meet this goal is called a denial of service
TOOLS FOR COMPUTER
SECURITY
TOOLS FOR COMPUTER SECURITY
Tools for confidentiality Overview
• Authorization - Access policies - access control
• Authentication – identification
• Passwords
Encryption
• Virtual private networking
• Auditing – logging
• Backups
• Checksums
• Antivirus
Tools for Computer Security
Tools for confidentiality Overview
• Disaster recovery planning
• Physical protections
• Anti-theft
• Uninterruptible Power Supply
• Redundancies
• Intrusion-detection systems
• Antivirus software
• Firewall
TOOLS FOR CONFIDENTIALITY
Tools for Confidentiality
Passwords
• Don't share them
• Not even with computer administrators
• Don't write them down
• Don't reuse them among different sites
• Change them often
• Select wise:
• Easy to remember
• Hard to guess (resistant to dictionary attacks)
• Password length
• Large set of characters (caps, lower case, numbers, symbols)
Tools for Confidentiality
Biometric identification
• Finger print
• Voice print
• Iris scan
• Retinal scan

 Convenient
 Relative safe
Tools for Confidentiality
Danger of biometric identification
• You can't change your biometric password once it got leaked
• You can't legally refuse to give it, unlike a password (US fifth
amendment)
Tools for Confidentiality
Tools for Confidentiality
Tools for Confidentiality
WHAT IS CIPHER TEXT?
• Cipher text is what encryption algorithms, or ciphers, transform an
original message into.
Tools for Confidentiality
Tools for Confidentiality
Tools for Confidentiality
Tools for Confidentiality
Tools for Confidentiality
Tools for Confidentiality
Tools for Confidentiality
Public Key Encryption
• The private key can unlock(decrypt)
• What is locked (encrypted) with a public key
Tools for Confidentiality
Tools for Confidentiality
Tools for Confidentiality
Tools for Confidentiality
Tools for Confidentiality
Tools for Confidentiality
Tools for Confidentiality
• Virtual Private Networks
• Extends a private (hospital) network across a public (internet)
encrypted to protect against network sniffing
Tools for Confidentiality
TOOLS FOR INTEGRITY
Tools for Confidentiality
Make Backup
• Example: centralized over network
Tools for Confidentiality
Backups
• Use off-site data protection = vaulting
• e.g. remote backup (compression, encryption!)
• First time and sometimes: full backup
• Most often: only incremental backup
• Use a good data retention scheme
• e.g. 7 daily, 4 weekly, 12 monthly, all yearly backups
• Reflect about your time for full restore
• Test the restore procedure!
• “80% of backups fail to restore”
Tools for Confidentiality
Tools for Confidentiality
END

You might also like

pFad - Phonifier reborn

Pfad - The Proxy pFad of © 2024 Garber Painting. All rights reserved.

Note: This service is not intended for secure transactions such as banking, social media, email, or purchasing. Use at your own risk. We assume no liability whatsoever for broken pages.


Alternative Proxies:

Alternative Proxy

pFad Proxy

pFad v3 Proxy

pFad v4 Proxy