Foundations of Computer Security



Similar documents
Introduction to Security

White Paper THE FOUR ATTACK VECTORS TO PREVENT OR DETECT RETAILER BREACHES. By James Christiansen, VP, Information Risk Management

Who Drives Cybersecurity in Your Business? Milan Patel, K2 Intelligence. AIBA Quarterly Meeting September 10, 2015

WRITTEN TESTIMONY OF

SECURING YOUR SMALL BUSINESS. Principles of information security and risk management

APWG. (n.d.). Unifying the global response to cybecrime. Retrieved from

Application Security in the Software Development Lifecycle

Defensible Strategy To. Cyber Incident Response

KASPERSKY SECURITY INTELLIGENCE SERVICES. EXPERT SERVICES.

COSC 472 Network Security

Cyber Essentials Scheme

Spyware. Michael Glenn Technology Management 2004 Qwest Communications International Inc.

WHITE PAPER. Understanding How File Size Affects Malware Detection

資 通 安 全 產 品 研 發 與 驗 證 (I) ICT Security Overview. Prof.. Albert B. Jeng ( 鄭 博 仁 教 授 ) 景 文 科 技 大 學 資 訊 工 程 系

I N T E L L I G E N C E A S S E S S M E N T

Testimony of PETER J. BESHAR. Executive Vice President and General Counsel. Marsh & McLennan Companies

September 20, 2013 Senior IT Examiner Gene Lilienthal

Universities and Schools Under Cyber-Attack: How to Protect Your Institution of Excellence

Protecting critical infrastructure from Cyber-attack

NATIONAL CYBER SECURITY AWARENESS MONTH

ICTN Enterprise Database Security Issues and Solutions

SPEAR PHISHING UNDERSTANDING THE THREAT

Introduction to Computer Security

Middle Class Economics: Cybersecurity Updated August 7, 2015

Remote Access Securing Your Employees Out of the Office

U. S. Attorney Office Northern District of Texas March 2013

A number of factors contribute to the diminished regard for security:

THE PERFECT STORM WEATHERING CYBER THREATS IN THE HEALTHCARE INDUSTRY

The Information Security Problem

What s Wrong with Information Security Today? You are looking in the wrong places for the wrong things.

SECURITY ANALYSIS OF CLOUD COMPUTING

White paper. Phishing, Vishing and Smishing: Old Threats Present New Risks

Malware, Phishing, and Cybercrime Dangerous Threats Facing the SMB State of Cybercrime

BLACKJACKING: SECURITY THREATS TO BLACKBERRY DEVICES, PDAS, AND CELL PHONES IN THE ENTERPRISE

future data and infrastructure

Don t Fall Victim to Cybercrime:

External Penetration Assessment and Database Access Review

Modern Cyber Threats. how yesterday s mind set gets in the way of securing tomorrow s critical infrastructure. Axel Wirth

NEW JERSEY STATE POLICE EXAMPLES OF CRIMINAL INTENT

Passing PCI Compliance How to Address the Application Security Mandates

Inspection of Encrypted HTTPS Traffic

The Importance of Cybersecurity Monitoring for Utilities

ALERT LOGIC FOR HIPAA COMPLIANCE

CYBER SECURITY INFORMATION SHARING & COLLABORATION

SecurityMetrics Vision whitepaper

Cyber Threats Insights from history and current operations. Prepared by Cognitio May 5, 2015

FERPA: Data & Transport Security Best Practices

Evaluating DMARC Effectiveness for the Financial Services Industry

CYBER SECURITY AND RISK MANAGEMENT. An Executive level responsibility

Threat Modeling. Frank Piessens ) KATHOLIEKE UNIVERSITEIT LEUVEN

Threats and Attacks. Modifications by Prof. Dong Xuan and Adam C. Champion. Principles of Information Security, 5th Edition 1

E-commerce. business. technology. society. Kenneth C. Laudon Carol Guercio Traver. Second Edition. Copyright 2007 Pearson Education, Inc.

The Key to Secure Online Financial Transactions

3 Marketing Security Risks. How to combat the threats to the security of your Marketing Database

SOMEBODY'S WATCHING YOU! Maritime Cyber Security White Paper. Safeguarding data through increased awareness

WHITE PAPER. The Need for Wireless Intrusion Prevention in Retail Networks

ITSC Training Courses Student IT Competence Programme SIIS1 Information Security

JOINT EXPLANATORY STATEMENT TO ACCOMPANY THE CYBERSECURITY ACT OF 2015

Network Security and the Small Business

Cybersecurity for the C-Level

Protecting Against Application DDoS Attacks with BIG-IP ASM: A Three-Step Solution

Combatting the Biggest Cyber Threats to the Financial Services Industry. A White Paper Presented by: Lockheed Martin Corporation

NETWORK PENETRATION TESTS FOR EHR MANAGEMENT SOLUTIONS PROVIDER

Nuclear Security Requires Cyber Security

Beyond the Hype: Advanced Persistent Threats

Protecting Your Network Against Risky SSL Traffic ABSTRACT

Reducing Application Vulnerabilities by Security Engineering

Gladiator NetTeller Enterprise Security Monitoring Online Fraud Detection INFORMATION SECURITY & RISK MANAGEMENT

Cyber security Time for a new paradigm. Stéphane Hurtaud Partner Information & Technology Risk Deloitte

Cyber Security in Taiwan's Government Institutions: From APT To. Investigation Policies

Introduction to Runtime Application Self Protection (RASP) Making Applications Self Protecting, Self Diagnosing and Self Testing

Computer Security. Principles and Practice. Second Edition. Amp Kumar Bhattacharjee. Lawrie Brown. Mick Bauer. William Stailings

INDUSTRY OVERVIEW: FINANCIAL

Managing Web Security in an Increasingly Challenging Threat Landscape

ENISA s Study on the Evolving Threat Landscape. European Network and Information Security Agency

STATEMENT OF JOSEPH M. DEMAREST, JR. ASSISTANT DIRECTOR CYBER DIVISION FEDERAL BUREAU OF INVESTIGATION

1. Any requesting personal information, or asking you to verify an account, is usually a scam... even if it looks authentic.

CYBER SECURITY GUIDANCE

Security A to Z the most important terms

Testimony of. Before the United States House of Representatives Committee on Oversight and Government Reform And the Committee on Homeland Security

Machine-to-Machine Exchange of Cyber Threat Information: a Key to Mature Cyber Defense

Security Practices for Online Collaboration and Social Media

Transcription:

Foundations of Computer Security Lecture 1: Dr. Bill Young Department of Computer Sciences University of Texas at Austin Lecture 1: 1

Course Topics Topics we will cover include: What is computer security? Why is computer security important? Why is security difficult? Security policies Elementary information theory Elementary cryptography Cryptographic protocols Availability System evaluation and certification. Lecture 1: 2

What Does Security Mean? The term security is used in a variety of contexts. What s the common thread? Personal security Corporate security Personnel security Energy security Homeland security Operational security Communications security Network security System security Lecture 1: 3

What Does Security Mean? In the most general terms, security seems to mean something like protection of assets against threats. What assets? What kinds of threats? What does protection mean? Does the nature of protection vary depending on the threat? Lecture 1: 4

Security on a Personal Level Suppose you re visiting an online retailer, and need to enter personal information. What protections do you want? From what threats? Authentication (protection from phishing) Authorization Privacy of your data Integrity of your data Availability Non-repudiation What else? Lecture 1: 5

Security on an Institutional Level Consider the following scenarios: 1 A large corporation s computer systems are penetrated and data on thousands of customers is stolen. 2 A student hacks into university registrar s system and changes his grade in several classes he has taken. 3 An online retailer s website is overwhelmed by malicious traffic, making it unavailable for legitimate customer purchases. Does this suggest why it s hard to define security in the context of digital systems? Lecture 1: 6

Why are Attacks Becoming More Prevalent? Increased connectivity Many valuable assets online Low threshhold to access Sophisticated attack tools and strategies available Others? Lecture 1: 7

Some Sobering Facts There were over 1 million new unique malware samples discovered in each of the past two quarters. Unlike the worms and mass-mailers of the past, many of these were extremely targeted to particular industries, companies and even users. (www.insecureaboutsecurity.com, 10/19/2009) Once PCs are infected they tend to stay infected. The median length of infection is 300 days. (www.insecureaboutsecurity.com, 10/19/2009) Lecture 1: 8

Some Sobering Facts A recent study of 32,000 Websites found that nearly 97% of sites carry a severe vulnerability. Web Application Security Consortium, Sept 2008 NSA found that inappropriate or incorrect software security configurations (most often caused by configuration errors at the local base level) were responsible for 80 percent of Air Force vulnerabilities. CSIS report on Securing Cyberspace for the 44th Presidency, Dec. 2008, p. 55. Lecture 1: 9

Why Should We Care? A dozen determined computer programmers can, if they find a vulnerability to exploit, threaten the United States global logistics network, steal its operational plans, blind its intelligence capabilities or hinder its ability to deliver weapons on target. William J. Lynn, U.S. Deputy Secy of Defense, Foreign Affairs (2010) A top FBI official warned today that many cyber-adversaries of the U.S. have the ability to access virtually any computer system, posing a risk that s so great it could challenge our country s very existence. Computerworld, March 24, 2010 Lecture 1: 10

Educate Yourself Educating yourself about computer security can: enhance your own protection; contribute to security in your workplace; enhance the quality and safety of interpersonal and business transactions; improve overall security in cyberspace. Next lecture: Why Security is Hard. Lecture 1: 11

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information