Information SecurityAcknowledgmentsPowerPoint PresentationOutlineTerminologyWhat is secure?Why Worry?Three Common FailuresThe ChallengeHow do we get there?Understanding SecurityPsychological AcceptabilityPatchesSource of ProblemsQuality as a Market ProblemWhat can we do?Security PlanningPlanning Your Security NeedsCritical Concerns for Various Industries?Risk AssessmentRisk Assessment Step 1: Identify AssetsRisk Assessment Step 2: Identify ThreatsBroad Categories of ThreatsInterruptionInterceptionModificationMore ModificationFabricationRisk Assessment Step 3: Quantify ThreatsSecurity GoalsVulnerabilitiesThreats to HardwareThreats to SoftwareThreats to DataSlide 35Slide 36Other threatened entitiesPeople InvolvedMethods of DefenseMethods of Defense (cont’d)Effectiveness of ControlsCost Benefit AnalysisCreating PolicyThe Role of PolicyPolicy ExampleStandardsExample: Standard for BackupsGuidelinesKeys to Developing PolicyGoals for Security PoliciesHow to Attain the Goals?Security Policy ContentResponse PolicyFour Easy Steps to a More Secure ComputerThreat CategoriesAttack MethodsSecurity Services - 1Security Services - 2Slide 59User Anxiety & PerceptionsInternet Privacy PoliciesTRUSTeCSE870: Advanced Software Engineering: Security IntroRRRInformation SecurityAn IntroductionCSE870: Advanced Software Engineering: Security IntroRRRAcknowledgments•Annie Anton•Charles Pfleeger•E. SpaffordCSE870: Advanced Software Engineering: Security IntroRRRCSE870: Advanced Software Engineering: Security IntroRRROutline•Terminology•Brief Introduction•Security Planning•Creating a SecurityPolicy•Threats, Attacks &Services•Internet Privacy PoliciesCSE870: Advanced Software Engineering: Security IntroRRRTerminology•“A computer is secure if you can depend on it and its software to behave as you expect.”•‘Trust describes our level of confidence that a computer system will behave as expected.’[Garfinkel & Spafford]CSE870: Advanced Software Engineering: Security IntroRRRWhat is secure?•Does not disclose information•Does not allow unauthorized access•Does not allow unauthorized change•Maintains QoS despite input and load•Preserves audit, authenticity, control•No surprises![Spafford]CSE870: Advanced Software Engineering: Security IntroRRRWhy Worry?•Information has value–when combined–when altered–when disclosed•Resource use has value–unauthorized use–denial of service•Damage to reputation–damage to your personal reputation–damage to your group–damage to your company•Your system is not alone–other machines on the network–shared resources and files–indirect liability[Spafford]CSE870: Advanced Software Engineering: Security IntroRRRThree Common Failures•Organization has no formal policy. Thus, personnel cannot consistently make necessary decisions.•Organization has no reasonable response plans for violations, incidents, and disasters.•Plans don’t work when needed because they haven’t been regularly tested, updated, and rehearsed. (E.g., failure of operational security)[Spafford]CSE870: Advanced Software Engineering: Security IntroRRRThe Challenge•Without assurance that our systems will stay secure, we endanger our economies, our privacy, our personal safety and privacy, and our social institutions.[Spafford]CSE870: Advanced Software Engineering: Security IntroRRRHow do we get there?•Understand the needs of the users–Narrow focus better than broad•Understand basic tenets of security–Paucity of programs and experts•Capture requirements for design and validation•Design with care using good tools and methods•Validate & Verify[Spafford]CSE870: Advanced Software Engineering: Security IntroRRRUnderstanding Security•Good security means–Limiting what happens–Limiting who can make it happen–Limiting how it happens–Limiting who can change the system•Users don’t tolerate limits unless there is a paradigm shift–E.g., Palm computers[Spafford]CSE870: Advanced Software Engineering: Security IntroRRRPsychological Acceptability•Easy to use–Should be as easy to use as to not use•False alarms should be avoided•Frequent changes and updates are bad•Should not require great expertise to get correct…Doesn’t match user population[Spafford]CSE870: Advanced Software Engineering: Security IntroRRRPatches•Fixes for flaws that require an expert to install are not a good fix.•Fixes that break something else are not a good fix.•Frequent fixes may be ignored.•Goal should be design, not patch[Spafford]CSE870: Advanced Software Engineering: Security IntroRRRSource of ProblemsSource:Securityfocus.comAbout 30% are buffer overflows or unchecked dataOver 90% are coding/design flaws.[Spafford]CSE870: Advanced Software Engineering: Security IntroRRRQuality as a Market Problem•Good software engineers and security designers are scarce•Productivity of coders varies:–Top 10% are at least 10x more productive than average coder. –Organizations should invest inraising skill level.•That takes time and money, so there is a disincentive to improving quality[Spafford]CSE870: Advanced Software Engineering: Security IntroRRRWhat can we do?•Understand that there is no “average user”•Understand balance between features and security•Employ better testing•Manage complexity and change•Build in security from the start•Understand policy differences.[Spafford]CSE870: Advanced Software Engineering: Security IntroRRRSecurity Planning•Security needs planning•Risk assessment•Cost-benefit analysis•Creating policies to reflect your needs•Implementation•Audit and incident response[Garfinkel & Spafford]CSE870: Advanced Software Engineering: Security IntroRRRPlanning Your Security Needs•Confidentiality•Data Integrity•Availability•Consistency•Control•Audit[Garfinkel & Spafford]CSE870: Advanced Software Engineering: Security IntroRRRCritical Concerns for Various Industries?•Banking environment?•National defense-related system that processes classified information?•University?•E-Commerce?CSE870: Advanced Software Engineering: Security IntroRRRRisk Assessment•Three questions to answer:–What am I trying to protect?–What do I need to protect against?–How much time, effort and money am I willing to expend to obtain adequate protection?•Three key steps:–Identify assets–Identify threats–Calculate risks[Garfinkel & Spafford]CSE870: Advanced Software Engineering: Security IntroRRRRisk
View Full Document
Unlocking...