Unformatted text preview:

Slide 1OutlineCyber SecurityC. I.A.Ten Major Modules of Cyber SecurityInformation Security and Risk ManagementAccess ControlSecurity Architecture and DesignPhysical and Environmental SecurityTelecommunications and Network SecurityCryptographyLegal Regulation and Compliance InvestigationApplications SecurityOperations SecurityInformation Governance and Risk ManagementSecurity Management, Administration and GovernanceSlide 17Slide 18Policies, Standards, Guidelines and ProceduresSlide 20Information ClassificationSlide 22Slide 23Slide 24Roles and ResponsibilitiesRisk Management and AnalysisRisk Managementg and AnalysisSlide 28Slide 29Security Best PracticesSlide 31Computer Architecture ComponentsOperating SystemsSystem ArchitectureSecurity ArchitectureTrusted Computing BaseReference Monitor and Security KernelSecurity ModelsBell and LaPadulaSecure System Evaluation: TCSECCertification and AccreditationSome Security ThreatsSlide 43Access Control OverviewSlide 45Identification, Authentication, AuthorizationSlide 47Slide 48Single Sign-OnSingle Sign-on KerberosKerberosSlide 52Kerberos: DrawbacksAccess Control TechniquesFalse Match RateIntrusion Detection SystemThreats to Access ControlCrypographyDefinitionsGoals of CryptographyProcessKey ClusteringSymmetric Key CryptographyPublic Key CryptographySteganographySlide 66What is Network SecuritySlide 68Network ForensicOSI ModelDr. Bhavani ThuraisinghamIntroduction to Major Modules in Cyber SecurityAugust 31, 2011Lecture #313-201/14/19 10:34 Outline0What is Cyber Security?0What is C. I. A.?0Ten Major Modules of Cyber Security13-301/14/19 10:34 Cyber Security0Security traditionally has been about CIA (Confidentiality, Integrity, Availability)0Security now also includes areas like Trustworthiness, Quality, Privacy0Dependability includes Security, Reliability and Fault Tolerance0Initially the term used was Computer Security (Compusec); it then evolved into Infosec – Information security – to include data and networks – now with web its called Cyber Security13-401/14/19 10:34 C. I.A.0Confidentiality: Preventing from unauthorized disclosure0Integrity: Preventing from unauthorized modification0Availability: Preventing denial of service13-501/14/19 10:34 Ten Major Modules of Cyber Security0Information Security and Risk Management 0Access Control0Security Architecture and Design0Cryptography0Network Security0Applications Security (aka Data and Applications Security)0Legal Regulations, Compliance and Investigations (aka Digital Forensics)0Physical and Environmental Security0Business Continuity Planning0Operations Security0Not included: Hardware security; Performance Analysis, Ethical Hacking and Penetration Testing, - - -13-601/14/19 10:34 Information Security and Risk Management0Security Management0Security Administration0Organizational Security Model0Information Risk Management0Risk Analysis0Policies, Standards, Guidelines, Procedures0Information Classification0Layers of Responsibility0Security Awareness Training13-701/14/19 10:34 Access Control0Security Principles0Identification, Authentication, Authorization, Accountability0Access Control Models0Access Control techniques0Access Control Administration0Access Control Methods0Access Control Types0Accountability0Access Control practices0Access Control Monitoring0Threats to Access Control13-801/14/19 10:34 Security Architecture and Design0Computer Architecture0Systems Architecture0Security Models0Security Modes of Operation0Systems Evaluation Methods0Open vs. Closed Systems0Enterprise Architecture0Security Threats13-901/14/19 10:34 Physical and Environmental Security0What is Physical Security0Planning Process0Protecting assets0Internal Support Systems0Perimeter Security0Other aspects13-1001/14/19 10:34 Telecommunications and Network Security0Open Systems Interconnection Reference Model0TCP/IP0Types of Transmission0LAN Networking0Routing Protocols0Networking Devices0Networking services and protocols0Intranets and Extranets0Metropolitan Area networks0Remote access0Wireless technologies0Rootkits13-1101/14/19 10:34 Cryptography0History, Definitions and Concepts0Types of Ciphers0Methods of Encryption0Type of Asymmetric Systems0Message Integrity0PKI0Key Management0Link / End-to-end Encryption0Email standards0Internet security0Attacks13-1201/14/19 10:34 Legal Regulation and Compliance Investigation0Cyber law and Cyber crime0Intellectual property law0Privacy0Liability and Ramifications0Digital Forensics and Investigations0Ethics13-1301/14/19 10:34 Applications Security0Database Security0Software and applications security issues0Secure systems development0Application development and security0Object-oriented systems and security0Distributed computing and security0Expert systems and security0Web security0Mobile code0Patch management13-1401/14/19 10:34 Operations Security0Role of the Operations Department0Administrative Management0Assurance Levels0Configuration management0Media Controls0Data Leakage0Network and Resource Availability0Mainframes0Email Security0Vulnerability testing13-1501/14/19 10:34 Information Governance and Risk Management0Security Management, Administration and Governance0Policies, Standards, Guidelines, Procedures0Information Classification0Roles and Responsibilities0Risk Management and Analysis0Best Practices13-1601/14/19 10:34 Security Management, Administration and Governance0Information security (ISec) describes activities that relate to the protection of information and information infrastructure assets against the risks of loss, misuse, disclosure or damage. Information security management (ISM) describes controls that an organization needs to implement to ensure that it is sensibly managing these risks.0The risks to these assets can be calculated by analysis of the following issues:0Threats to your assets. These are unwanted events that could cause the deliberate or accidental loss, damage or misuse of the assets0Vulnerabilities. How susceptible your assets are to attack0Impact. The magnitude of the potential loss or the seriousness of the event.13-1701/14/19 10:34 Security Management, Administration and Governance0Standards that are available to assist organizations implement the appropriate programs and controls to mitigate these risks are for example BS7799/ISO 17799, Information Technology Infrastructure Library and COBIT.0Information Security Governance, Information Security Governance or ISG, is a subset


View Full Document

UTD CS 6V81 - Lecture Notes

Documents in this Course
Botnets

Botnets

33 pages

Privacy

Privacy

27 pages

Privacy

Privacy

27 pages

Load more
Download Lecture Notes
Our administrator received your request to download this document. We will send you the file to your email shortly.
Loading Unlocking...
Login

Join to view Lecture Notes and access 3M+ class-specific study document.

or
We will never post anything without your permission.
Don't have an account?
Sign Up

Join to view Lecture Notes 2 2 and access 3M+ class-specific study document.

or

By creating an account you agree to our Privacy Policy and Terms Of Use

Already a member?