MODULE | THE SECURITY PROBLEM IN COMPUTING ers and smart coer) SRE en Pe oe!CHARACTERISITICS OF COMPUTER INTRUSION HUWAG MAGING BIKTIMA NG FIXERS AT ONLINE SCAMMERS! ‘SOCIAL SECURITY SYSTEM HINDI MO RIN DAPAT ICAY SA IBA ANG When you test your computer systems, one of your jobs is LS ROS Re CRs a COR Le ue ue See ss ee Ca SOR ACen oe ac mae ee eae PONCE eed Lem ee keeTHREATS, VULNERABILITIES, AND CONTROLS rs De Mou ea Rete Scie au Pte eC rN ee CR Se De eR re Ce ee eR ea TUN On eae CT DOU ee sce Coa ee Oe aC Eos We use Pee eee on ee UE ae cee procedure, or technique that removes or reduces a vulnerability. Threats, Vulnerabilities And Controls eet eens Perera ee How do we address these problems? We use a eesONL era h ee Nel RCO RL SOc ii eae ce view any threat as being one of four kinds: eae ey modification, EO ATHREAT is blocked by CONTROL of a VULNERABILITY (CEPTION - means that some unauthorized party has gained access to an asset. The be a person, a program, ar a computing system. Examples of this type of eS eee ee ee eee DO ea te eee ae ee eee CMU oaPeete yee) Le ye RMON CLA 2, INTERRUPTION - gn esset of the system becomes lost, unavailable, or unusable. Re See co te eC eee ce acs data file, or malfunction of an operating system file manager so that it cannot find a pete as PN ere Reo LOM ATU TTA 3. If an unauthorized party not only accesses but a eTany DEMIR Te-S-1OUT Re-1-] ee @)D) eNO)A THREAT is blocked by CONTROL of a VULNERABILITY 4. Finally, an unauthorized party might create a FABRICATION of counterfeit objects CO ee a se RC ne etd communication system or add records to an existing database. Sometimes the: CD ce Re eC TTC Cea eo aR A THREAT is blocked by CONTROL of a VULNERABILITY ee ee et Ce eT Cee ee a ee eC ue a aC dlosely at a system’s vulnerabilities and how we can use them to set security goalsVulnerability Dee cae RL ee aCe Ween Ce em MLL AE AA el Rue et aed instance, computer administrators have the ability to change the permission on any file Or esc ee Sea On 3 IMPORTANT ASPECTS OF ANY COMPUTER RELATED SAIS 1. Integrity Pe NeTIEL sia 3. Confidentialitypani 1als4 Ter eR eo Ue SON IR cor Poe CRE Cc oe a FR a esac RAR UN MT Den ee eC Cr eee ra cad ways * modified only by authorized people * modified only by authorized ere eee ea ieee uae Lee 2. Availability Pee eae eee eRe te Reem eee assurance that your system and data can be accessed by authenticated users whenever they're needed. Similar to confidentiality and integrity, availability also holds great value Availability is typically associated with reliability and system uptime, which can be ce eee Re cece downtime, and human error, or malicious issues like cyberattacks and insider threats. If the network goes down unexpectedly, users will not be able to access essential data and Se eC Re SM eee ee eee ee Ee See ete ec Re Rea i uptime and business continuity.3. Confidentiality You may find the notion of confidentiality to be straightforward: CAG a Cun Ee See cece eT eae RUC ey sat Cesc Ure Rae Tee eee CR CRC COM Ts Seclare| Coen eC ee RUN RecN eos) those of preserving confidentiality in the real world.en cece ER Reo ee Oa Teen Cocoa ie -curily week points. It is sometimes easier to consider vulnerabilties as they apply to all three Deere ie ic eC Cease roy i Poecaies 3'TYPES OF VULNERABILITI HARDWARE VULNERABILITIES Petey SOFTWARE VULNERABILITIES eed Se See DATA VULNERABILITIES eo erran ere