Introduction to Cyber Security - Auckland · 2020. 7. 30. · INTRODUCTION TO CYBER SECURITY...
25
Muhammad Rizwan Asghar July 30, 2020 INTRODUCTION TO CYBER SECURITY Lecture 2b COMPSCI 316 Cyber Security
Transcript of Introduction to Cyber Security - Auckland · 2020. 7. 30. · INTRODUCTION TO CYBER SECURITY...
Slide title
In CAPITALS
50 pt
Slide subtitle
32 pt
Muhammad Rizwan Asghar
July 30, 2020
INTRODUCTION TO
CYBER SECURITY
Lecture 2b
COMPSCI 316
Cyber Security
Top right
corner for
field
customer or
partner logotypes.
See Best practice
for example.
Slide title
40 pt
Slide subtitle
24 pt
Text
24 pt
5
20 pt
2
FOCUS OF THIS LECTURE
Understand computer security
Understand network security
Next, we can build on these two to understand
cyber security
Top right
corner for
field
customer or
partner logotypes.
See Best practice
for example.
Slide title
40 pt
Slide subtitle
24 pt
Text
24 pt
5
20 pt
3
WHAT IS COMPUTER SECURITY?
“Measures and controls that ensure
confidentiality, integrity, and availability of the
information processed and stored by a computer”
Source: National Institute of Standards and Technology (NIST)
Top right
corner for
field
customer or
partner logotypes.
See Best practice
for example.
Slide title
40 pt
Slide subtitle
24 pt
Text
24 pt
5
20 pt
4
THE CIA TRIAD
The CIA triad is formed by three terms:
– Confidentiality (C)
– Integrity (I)
– Availability (A)Confidentiality
Integrity Availability
Top right
corner for
field
customer or
partner logotypes.
See Best practice
for example.
Slide title
40 pt
Slide subtitle
24 pt
Text
24 pt
5
20 pt
5
CONFIDENTIALITY
This term covers two related concepts
– Data confidentiality
– Privacy
Top right
corner for
field
customer or
partner logotypes.
See Best practice
for example.
Slide title
40 pt
Slide subtitle
24 pt
Text
24 pt
5
20 pt
6
DATA CONFIDENTIALITY
Assures that private or confidential
information is not made available or disclosed
to unauthorised individuals
Example
– Student grade information
Top right
corner for
field
customer or
partner logotypes.
See Best practice
for example.
Slide title
40 pt
Slide subtitle
24 pt
Text
24 pt
5
20 pt
7
PRIVACY
Assures that individuals control or influence
what information related to them may be
collected, stored, and shared
Example
– Data generated by smart home devices
Top right
corner for
field
customer or
partner logotypes.
See Best practice
for example.
Slide title
40 pt
Slide subtitle
24 pt
Text
24 pt
5
20 pt
8
INTEGRITY
This term also covers two related concepts
– Data integrity
– System integrity
Top right
corner for
field
customer or
partner logotypes.
See Best practice
for example.
Slide title
40 pt
Slide subtitle
24 pt
Text
24 pt
5
20 pt
9
DATA INTEGRITY
Assures that information and programs are
changed only in a specified and authorised
manner
Example
– Patient’s allergy information stored in a database
by a nurse or doctor
Top right
corner for
field
customer or
partner logotypes.
See Best practice
for example.
Slide title
40 pt
Slide subtitle
24 pt
Text
24 pt
5
20 pt
10
SYSTEM INTEGRITY
Assures that a system performs its intended
function, free from deliberate or inadvertent
unauthorised manipulation of the system
Example
– A compromised machine or a hacked website
Top right
corner for
field
customer or
partner logotypes.
See Best practice
for example.
Slide title
40 pt
Slide subtitle
24 pt
Text
24 pt
5
20 pt
11
AVAILABILITY
Assures that systems work promptly and
services are not denied to authorised users
Example
– A system under Denial of Service (DoS)
Top right
corner for
field
customer or
partner logotypes.
See Best practice
for example.
Slide title
40 pt
Slide subtitle
24 pt
Text
24 pt
5
20 pt
12
SECURITY TERMS
Adversary or attacker
Attack
Countermeasure
Risk
Security policy
System resource or asset
Threat
Vulnerability
Top right
corner for
field
customer or
partner logotypes.
See Best practice
for example.
Slide title
40 pt
Slide subtitle
24 pt
Text
24 pt
5
20 pt
13
ADVERSARY OR ATTACKER
An entity that attacks, or is a threat to, a
system
It could be an individual, agencies, or states
Example
– Hackers
– Governments
Top right
corner for
field
customer or
partner logotypes.
See Best practice
for example.
Slide title
40 pt
Slide subtitle
24 pt
Text
24 pt
5
20 pt
14
HACKER
Black hat hacker
– An individual who attempts to gain unauthorised
access or entry into a system
White hat hacker
– An individual who helps or works with
organisations to strengthen the security of a
system
Top right
corner for
field
customer or
partner logotypes.
See Best practice
for example.
Slide title
40 pt
Slide subtitle
24 pt
Text
24 pt
5
20 pt
15
ATTACK
An action that compromises security of the
system
– E.g., Stuxnet
Inside attack
– Initiated by an entity (i.e., an insider) inside the
security perimeter
Outside attack
– Initiated from outside the perimeter (i.e., an
outsider), by an unauthorised entity
Top right
corner for
field
customer or
partner logotypes.
See Best practice
for example.
Slide title
40 pt
Slide subtitle
24 pt
Text
24 pt
5
20 pt
16
COUNTERMEASURE AND RISK
Countermeasure
– An action, device, procedure, or technique that
reduces a threat, a vulnerability, or an attack by
discovering, eliminating or preventing it
Risk
– The probability that a threat will exploit a
vulnerability with a particular harmful result
Top right
corner for
field
customer or
partner logotypes.
See Best practice
for example.
Slide title
40 pt
Slide subtitle
24 pt
Text
24 pt
5
20 pt
17
SECURITY POLICY
A set of security rules and practices
Specify or regulate how a system or
organisation provides security services
The goal is to protect sensitive and critical
system resources
Top right
corner for
field
customer or
partner logotypes.
See Best practice
for example.
Slide title
40 pt
Slide subtitle
24 pt
Text
24 pt
5
20 pt
18
SYSTEM RESOURCE OR ASSET
Data contained in an information system
A service provided by a system
A system capability
– Processing power
– Communication bandwidth
Top right
corner for
field
customer or
partner logotypes.
See Best practice
for example.
Slide title
40 pt
Slide subtitle
24 pt
Text
24 pt
5
20 pt
19
THREAT AND VULNERABILITY
Threat
– A potential for violation of security
– Could breach security and cause harm
– A possible danger that might exploit a
vulnerability
Vulnerability
– A flaw or weakness in a system’s design,
implementation, or operation and management
that could be exploited
Top right
corner for
field
customer or
partner logotypes.
See Best practice
for example.
Slide title
40 pt
Slide subtitle
24 pt
Text
24 pt
5
20 pt
20
LOSS OF SECURITY
A loss of confidentiality is the unauthorised
disclosure of information
A loss of integrity is the unauthorised
modification or destruction of information
A loss of availability is the disruption of
access to or use of information or services
Top right
corner for
field
customer or
partner logotypes.
See Best practice
for example.
Slide title
40 pt
Slide subtitle
24 pt
Text
24 pt
5
20 pt
21
LEVELS OF IMPACT DUE TO
LOSS OF SECURITY
Low
– Minor damage or harm
– Minor loss
Medium
– Serious adverse effect
– Significant damage or loss
High
– Severe or catastrophic adverse effect
– Major damage or loss
Top right
corner for
field
customer or
partner logotypes.
See Best practice
for example.
Slide title
40 pt
Slide subtitle
24 pt
Text
24 pt
5
20 pt
22
SCENARIOS WITH LOSS OF SECURITY
Confidentiality
– Low impact
– Medium impact
– High impact
Integrity
– Low impact
– Medium impact
– High impact
Availability
– Low impact
– Medium impact
– High impact
Top right
corner for
field
customer or
partner logotypes.
See Best practice
for example.
Slide title
40 pt
Slide subtitle
24 pt
Text
24 pt
5
20 pt
23
SAMPLE QUESTION
The CIA triad of information security includes:
a) Correctness, Information, and Assurance
b) Confidentiality, Integrity, and Authentication
c) Confidentiality, Integrity, and Authorisation
d) Confidentiality, Integrity, and Availability
e) Correctness, Information, and Authorisation
Answer: d
Top right
corner for
field
customer or
partner logotypes.
See Best practice
for example.
Slide title
40 pt
Slide subtitle
24 pt
Text
24 pt
5
20 pt
24
TO BE CONTINUED
See the next lecture
Top right
corner for
field
customer or
partner logotypes.
See Best practice
for example.
Slide title
40 pt
Slide subtitle
24 pt
Text
24 pt
5
20 pt
25
Questions?
Thanks for your attention!
