Welcome to Scribd, the world's digital library. Read, publish, and share books and documents. See more
Download
Standard view
Full view
of .
Look up keyword
Like this
30Activity
0 of .
Results for:
No results containing your search query
P. 1
Data Security

Data Security

Ratings: (0)|Views: 344|Likes:
Published by baselkhateeb
Data Security, Syrian Virtual University
Data Security, Syrian Virtual University

More info:

Published by: baselkhateeb on Nov 19, 2009
Copyright:Attribution Non-commercial

Availability:

Read on Scribd mobile: iPhone, iPad and Android.
download as PDF, TXT or read online from Scribd
See more
See less

11/12/2014

pdf

text

original

 
Universal Knowledge Solutions S.A.L.- 1 -
CCCooonnnttteeennntttdddeeessscccrrriiippptttiiiooonnn
 
DDDaaatttaaaSSSeeecccuuurrriiitttyyy 
Part 1
Information System Security & Security Policy
Keywords:
Security, Security Policy, Security Incident, Security Audit, Prevention, Detection, Recovery.
Summary:
Each member of the community must be responsible for the security and protection of electronicinformation resources over which he or she has control.Resources to be protected include networks, computers, software, and data. The physical and logicalintegrity of these resources must be protected against threats such as unauthorized intrusions, maliciousmisuse, or inadvertent compromise. Activities outsourced to off-campus entities must comply with thesame security requirements as in-house activities.However, security policy must be fixed and maintained with the collaboration of managers,administrative officials and users.
Objectives:
Upon completion of this part, the student will be able to understand:
 
What is information security?
 
The definition of information security and the factors to consider when maintaining security
 
Why is security design necessary?
 
The objective of security design and security requirements should be established.
 
Definition of security policy and advantages/disadvantages of having a security policy.
 
General outline of security policy.
 
Considerations when writing security policy.
 
What factors should be considered when writing a security policy.
 
Universal Knowledge Solutions S.A.L.- 2 -
Computer related crimes
 
August 1995
o
 
A 24 years old student accessed
CitiBank's
computer system and illegally transferred2.8 million US dollars to his bank account.
 
March 1999
o
 
 Mellissa,
a computer virus attached to Microsoft Words, spread through the use of emails.
 
February 2000
o
 
Denial of Service attacks caused major websites such as
Yahoo.com, Microsoft.com,ebay.com, cnn.com, amazon.com
to go offline.
 
March 2000
o
 
Two 18 years olds hacked into Internet shopping websites, stole 26,000 credit card data,and shopped up to an amount of 3 million US dollars, using the stolen credit cardinformation.
 
January 2003
o
 
Computer virus (or worms)
Slammer 
(2003.1) and
 Blaster 
spread through the Internetattacking the security holes on the servers and client PCs.
Computer related crimes
020004000600080001000012000140001600018000200001988 1990 1992 1994 1996 1998 2000
 
CERT is a center of internet security expertise, located at the Software Engineering Institute, afederally funded research and development center operated by Carnegie Mellon University.
 
Universal Knowledge Solutions S.A.L.- 3 -The center studies internet security vulnerabilities, research long-term changes in networked systems,and develop information and training to help you improve security.We in the slide the numbers of security incident in the united states reported to the CERT between1988 and 2000.
What Does Security Means?
Security in a broad senseSecurity in a broad sense
 
Security in a broad senseSecurity in a broad sense
 
Information System Security
 
Information System Security includes 3 Main Concepts:
 
Confidentiality:
o
 
Confidentiality is related to the READ Action
o
 
It concerns part of the system and not necessary all the system
 
Integrity:
o
 
Integrity is related to the WRITE & MODIFY Actions
o
 
It means that the current version is identical to a referential one
 
Availability
o
 
Availability is related to the EXECUTE Action
o
 
It’s very difficult to implement it since DOS (Deny Of Service) attacks are easier than otherattacks.
o
 
Actually computer systems try to reach 99.999% of availability.

Activity (30)

You've already reviewed this. Edit your review.
1 thousand reads
1 hundred reads
Himanshu liked this
nur syahidatul liked this
BoOnga Giacinta liked this
allan237 liked this

You're Reading a Free Preview

Download
scribd
/*********** DO NOT ALTER ANYTHING BELOW THIS LINE ! ************/ var s_code=s.t();if(s_code)document.write(s_code)//-->