MODULE |
THE SECURITY
PROBLEM IN
COMPUTING
ers and smart
coer)
SRE en
Pe oe!CHARACTERISITICS OF
COMPUTER INTRUSION
HUWAG MAGING BIKTIMA NG FIXERS AT ONLINE SCAMMERS!
‘SOCIAL SECURITY SYSTEM
HINDI MO RIN DAPAT
ICAY SA IBA ANG
When you test your computer systems, one of your jobs is LS
ROS Re CRs a
COR Le ue ue
See ss ee Ca
SOR ACen oe ac mae ee eae
PONCE eed
Lem ee keeTHREATS, VULNERABILITIES, AND CONTROLS
rs De Mou ea Rete Scie au
Pte eC
rN ee CR Se
De eR re Ce ee eR ea
TUN On eae CT
DOU ee sce Coa ee Oe aC
Eos
We use Pee eee on ee UE ae cee
procedure, or technique that removes or reduces a vulnerability.
Threats, Vulnerabilities And Controls
eet eens Perera ee
How do we address these problems? We use a eesONL era h ee Nel RCO RL
SOc ii eae ce
view any threat as being one of four kinds:
eae
ey
modification,
EO
ATHREAT is blocked by CONTROL of a VULNERABILITY
(CEPTION - means that some unauthorized party has gained access to an asset. The
be a person, a program, ar a computing system. Examples of this type of
eS eee ee ee eee
DO ea te eee ae ee eee
CMU oaPeete yee) Le ye RMON CLA
2, INTERRUPTION - gn esset of the system becomes lost, unavailable, or unusable.
Re See co te eC eee ce acs
data file, or malfunction of an operating system file manager so that it cannot find a
pete as
PN ere Reo LOM ATU TTA
3. If an unauthorized party not only accesses but
a eTany DEMIR Te-S-1OUT Re-1-] ee @)D) eNO)A THREAT is blocked by CONTROL of a VULNERABILITY
4. Finally, an unauthorized party might create a FABRICATION of counterfeit objects
CO ee a se RC ne etd
communication system or add records to an existing database. Sometimes the:
CD ce Re eC TTC
Cea eo aR
A THREAT is blocked by CONTROL of a VULNERABILITY
ee ee et Ce eT
Cee ee a ee eC ue a aC
dlosely at a system’s vulnerabilities and how we can use them to set security goalsVulnerability
Dee cae RL ee aCe Ween
Ce em MLL AE AA el Rue et aed
instance, computer administrators have the ability to change the permission on any file
Or esc ee Sea On
3 IMPORTANT ASPECTS OF ANY COMPUTER RELATED
SAIS
1. Integrity
Pe NeTIEL sia
3. Confidentialitypani 1als4
Ter eR eo Ue SON IR cor
Poe CRE Cc oe a
FR a esac RAR UN MT
Den ee eC Cr eee ra cad
ways * modified only by authorized people * modified only by authorized
ere eee ea ieee uae Lee
2. Availability
Pee eae eee eRe te Reem eee
assurance that your system and data can be accessed by authenticated users whenever
they're needed. Similar to confidentiality and integrity, availability also holds great value
Availability is typically associated with reliability and system uptime, which can be
ce eee Re cece
downtime, and human error, or malicious issues like cyberattacks and insider threats. If
the network goes down unexpectedly, users will not be able to access essential data and
Se eC Re SM eee ee eee ee Ee
See ete ec Re Rea i
uptime and business continuity.3. Confidentiality
You may find the notion of confidentiality to be straightforward:
CAG a Cun Ee See cece
eT eae RUC ey sat Cesc Ure Rae
Tee eee CR CRC COM Ts Seclare|
Coen eC ee RUN RecN eos)
those of preserving confidentiality in the real world.en cece ER Reo ee Oa Teen Cocoa ie
-curily week points.
It is sometimes easier to consider vulnerabilties as they apply to all three
Deere ie ic eC Cease
roy i Poecaies
3'TYPES OF VULNERABILITI
HARDWARE VULNERABILITIES
Petey
SOFTWARE VULNERABILITIES
eed
Se
See
DATA VULNERABILITIES
eo erran
ere