Scribd Logo
Upload

Welcome to Scribd!

  • CIS326 Lecture 1

    Uploaded by

    Wormziez McDownloads
    3 views12 pages

    Copyright

    © © All Rights Reserved

    Available Formats

    PPT, PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document

    Copyright:

    © All Rights Reserved
    Download as PPT, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    3 views12 pages

    CIS326 Lecture 1

    Uploaded by

    Wormziez McDownloads

    Copyright:

    © All Rights Reserved
    Download as PPT, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 12

    University of London

    BSc Computing and


    Information Systems
    CIS326 Computer Security

    CIS 326 - Computer Security


    Introduction

    This half-unit serves as an introduction to some aspects of computer


    security.

    The study guide will introduce you to some important techniques of


    computer security, including:
    • Access control
    • Encryption
    • Authentication
    • Key Management

    The overall intention of this half-unit is that you become familiar with the
    need for security in computer systems and know about particular
    techniques which are in current use for solving them.

    The guide will also help you understand not only what these techniques
    can do but how they do it.

    CIS 326 - Computer Security


    Course Content

    The material in the study guide covers the following security


    topics:
    • Passwords and identification
    • Access controls
    • Symmetric encryption
    • Asymmetric encryption (public key)
    • Confidentiality
    • Authentication
    • Integrity
    • Non-repudiation
    • Hash functions
    • Key Management
    • Key Escrow
    • Security for electronic mail

    CIS 326 - Computer Security


    Method of Assessment
    You will be assessed by one examination lasting 2
    hours and 15 minutes at the end of the academic
    year.

    The exam consists of five (5) questions;


    candidates have to answer any three (3) of the
    five (5) questions. The examination is worth 80%
    of the final mark for this subject

    You are also expected to complete two (2) course


    work assignments, each are worth 10% of your
    final mark

    CIS 326 - Computer Security


    Contact Info
    Email address: christian.rodriguez@tstt.net.tt

    CIS 326 - Computer Security


    Security
    In the broadest sense security is about the
    protection of assets. The 3 main aspects
    to security are:
    1.Prevention
    • Detection
    • Reaction
    • Identify assets, and know their value
    • Therefore risk analysis and risk
    management forms part of any
    comprehensive information security
    strategy
    CIS 326 - Computer Security
    Computer Security
    An attempt to derive a definition of what
    Computer Security is, we shall examine how
    information assets can be compromised.

    • Information can be stolen – but you still


    have it
    • Confidential information may be copied and
    sold – but the theft might not be detected
    • The criminal may be on the other side of the
    world

    CIS 326 - Computer Security


    Computer Security
    Hence Computer Security can be defined
    as:
    “The prevention and detection of
    unauthorised actions by users of a
    computer system” .

    In order to prevent and detect unauthorised


    actions by its users a good security system
    must provide the following:
    • Confidentiality
    • Integrity
    • Availability
    CIS 326 - Computer Security
    Design Considerations
    A number of questions need to be considered when
    designing a computer system such as:
    • Does the system focus on the data, operations or
    users of the system?
    • What level should the security system operate from?
    • Should the security system be simple or
    sophisticated?
    • In a distributed system should the security be
    centralised or spread?
    • How do you secure the levels below the level of the
    security system?

    CIS 326 - Computer Security


    Data vs Information
    The distinction between data and information is subtle, but is also the root
    cause of some of the more difficult problems in security.

    Computer security involves controlling access to information and resources.


    However, controlling access to information can sometimes be quite elusive
    and is therefore replaced by the more straightforward goal of controlling
    access to data.

    Data represents information. Information is the subjective interpretation of data

    Gollman defines data as: “Physical phenomena chosen by convention to


    represent certain aspects of our conceptual and real world. The meaning we
    assign to data are called information. Data is used to transmit and store
    information and to derive new information by manipulating the data according
    to formal rules.”

    CIS 326 - Computer Security


    Data vs Information
    If there is a close link between information and corresponding
    data, the same approach may be used to control access and
    produce successful results.

    However, this is not always the case. Controls used to protect


    data may leak information over a covert channel.

    Gollman defines a covert channel as, “an information flow that is


    not controlled by a security mechanism.”

    E.g. inference problem in statistical databases.

    CIS 326 - Computer Security


    Security Systems
    Security Models
    A security model is a means of formally expressing the rules of the security
    policy. The model should:

    • Be easy to understand
    • Be without ambiguity
    • Be possible to implement
    • Reflect the policies of the organisation

    It should be noted that a security model is not a ‘one size fits all’ solution.
    Different systems require models as we shall see in Chapter 3.

    CIS 326 - Computer Security

    You might also like