Professional Documents
Culture Documents
Computer Security
MR.Negasi Chere
negasichere1981@gmail.com
Fundamentals of computer security & privacy
2
Computer Security
One way to ascertain the similarities and differences among Computer Security is
by asking what is being secured. For example,
-Information security is securing information from unauthorized access,
modification & deletion
-Application Security is securing an application by building security features to
prevent from Cyber Threats such as SQL injection, DoS attacks, data breaches
and etc.
-Computer Security means securing a standalone machine by keeping it updated
and patched
-Network Security is by securing both the software and hardware technologies
-Cyber security is defined as protecting computer systems, which communicate
over the computer networks
Why is Computer Security Important?
-In this digital era, we all want to keep our computers and our personal information
secure and hence computer security is important to keep our personal information
protected. It is also important to maintain our computer security and its overall
health by preventing viruses and malware which would impact on the system
performance.
• Cyber Security
– Process and practice designed to protect, network, computer,
program and data from attacks, damage and unauthorized
access.
• Keys & Password
– A Credential.
– The network/Computer security key is the password or
pass phrase that you use to authenticate with your
network/ computer.
• Authentication
– The process or action of proving or showing something
to be true, genuine, or valid.
– The process or action of verifying the identity of a user
or process
• Encryption
– The process of converting information or data into a
code, especially to prevent unauthorized access.
• Integrity
– Data integrity is the assurance that digital information is
uncorrupted and can only be accessed or modified by those
authorized to do so.
– Integrity involves maintaining the consistency, accuracy and
trustworthiness of data over its entire lifecycle.
• Access Control
Access control is a security technique that can be used to regulate
who or what can view or use resources in a computing environment.
• Decipher (decrypt) - recovering cipher text from plaintext.
• Cryptography - study of encryption principles/methods.
• Cryptanalysis (code breaking) - the study of principles/
methods of deciphering cipher text without knowing key.
• Cryptology - the field of both cryptography and cryptanalysis.
Asset
Anything that needs to be protected because it has value and
contributes to the successful achievement of the organization’s
objectives
Threat
Any circumstance or event with the potential to cause harm to an
asset and result in harm to organization.
Vulnerability
The weakness in an asset that can e exploited by threat
Risk
Probability of a threat acting upon a vulnerability causing harm
to an asset
Confidentiality, Integrity, and Availability (CIA Triad)
“The Fundamental Objectives of Information Security “
These are the visible and tangible equipment and could comprise of:
•Computer equipment: Mainframe computers, servers, desktops and
notebook computers.
•Communication equipment: Modems, routers, EPABXs and fax
machines.
•Storage media: Magnetic tapes, disks, CDs and DATs.
•Technical equipment: Power supplies, air conditioners.
•Furniture and fixtures
Security Attacks
Security Attacks
Classify Security Attacks as
• Passive attacks - eavesdropping on or monitoring of
transmissions to:
– obtain message contents, or
– monitor traffic flows
26
Computer Security Practices
Some preventive steps you can take include:
• Secure your computer physically by:
– Installing reliable, reputable security and anti-virus software
– Activating your firewall, because a firewall acts as a security guard between the internet
and your local area network
• Stay up-to-date on the latest software and news surrounding your devices and perform
software updates as soon as they become available
• Avoid clicking on email attachments unless you know the source
• Change passwords regularly, using a unique combination of numbers, letters and cases
• Use the internet with caution and ignore pop-ups, drive-by downloads while surfing
• Taking the time to research the basic aspects of computer security and educate yourself on
evolving cyber-threats
• Perform daily full system scans and create a periodic system backup schedule to ensure
your data is retrievable should something happen to your computer.
Review Questions & Problem
• Define computer security.
• Explain about CIA Triad.
• What are different kind of Security Assets?
• What is the difference between passive and active security
threats?
• List and briefly define categories of passive and active network
security attacks.
• Consider an Automated Teller Machine (ATM) in which users
provide a personal identification number (PIN) and a card for
account access. Give examples of confidentiality, integrity, and
availability requirements associated with the system and, in
each case, indicate the degree of importance of the
requirement.
28
Thank You