SlideShare a Scribd company logo

Chapter 3 security principals

N
newbie2019

This document discusses several key concepts in information system security: Authentication involves verifying the identity of a user or system, usually through passwords, ID cards, or biometrics. Authorization determines what resources a user can access after authentication. Privacy/confidentiality ensures sensitive personal data and messages are kept secret through encryption. Integrity keeps information from being altered without authorization. Availability ensures security services and data remain accessible. Non-repudiation prevents denied participation in online transactions. Auditing records network activity and communications for security monitoring through system logging.

Education
1 of 14
Download to read offline
1
2
3
4
5
6
7
8
9
10
11
12
13
14
INFORMATION SYSTEM SECURITY Jupriyadi, S.Kom. M.T. jupriyadi@teknokrat.ac.id Bandarlampung, Juli 2021 Chapter 3
Security Principals Authentication Authorization or Access Control Privacy / Confidentiality Integrity Availability Non-repudiation Auditing
Authentication Stating that the data or information used or provided by the user is the person's original Countermeasure: Using Digital signature
Authentication  Authentication is used by a server when the server needs to know exactly who is accessing their information or site.  Authentication is used by a client when the client needs to know that the server is system it claims to be.  In authentication, the user or computer has to prove its identity to the server or client.  Usually, authentication by a server entails the use of a user name and password. Other ways to authenticate can be through cards, retina scans, voice recognition, and fingerprints.  Authentication by a client usually involves the server giving a certificate to the client in which a trusted third party.  Authentication does not determine what tasks the individual can do or what files the individual can see. Authentication merely identifies and verifies who the person or system is.
Three Schemes Authentication • Password Something you know • ID Card Something you have • Finger Prints Something you are
Authorization or Access Control Setting who can do what, or from where to where. Can use the mechanisms of user / password or other mechanism Example: ACL on Proxy Server
Authorization or Access Control  Authorization is a process by which a server determines if the client has permission to use a resource or access a file.  Authorization is usually coupled with authentication so that the server has some concept of who the client is that is requesting access.  The type of authentication required for authorization may vary; passwords may be required in some cases but not in others.  In some cases, there is no authorization; any user may be use a resource or access a file simply by asking for it. Most of the web pages on the Internet require no authentication or authorization.
Privacy/Confidentiality Security of personal data, messages or other sensitive information Countermeasure: Using encryption
Integrity Information or messages that are kept unchanged or changed.
Availability The availability of information security services. Countermeasure : Firewall and router filtering, backup and redundancy, IDS and IPS
Non-repudiation Keeping that if it is done online transactions or activities, it can not be disclaimed
Auditing The existence of the file records data communications that occur on the network for auditing purposes such as identifying attacks on the network or server Implementation : Using System Logging
Basic Terminology  Threats  natural threats  unintentional threats  intentional threats  Vulnerabilities  weakness in the design  Configuration  implementation  Risk  Attacks
What's Next ?

More Related Content

PDF
C02
newbie2019
 
PDF
Addressing Insider Threat using "Where You Are" as Fourth Factor Authentication
Peter Choi
 
PPT
Security and information assurance
bdemchak
 
PPTX
PACE-IT, Security+ 6.3: Introduction to Public Key Infrastructure (part 1)
Pace IT at Edmonds Community College
 
PDF
Chapter 4 vulnerability threat and attack
newbie2019
 
PDF
Ethical hacking and social engineering
Sweta Kumari Barnwal
 
PDF
55994241 cissp-cram
bsnl007
 
PDF
Fundamentals of information systems security ( pdf drive ) chapter 1
newbie2019
 
C02
newbie2019
 
Addressing Insider Threat using "Where You Are" as Fourth Factor Authentication
Peter Choi
 
Security and information assurance
bdemchak
 
PACE-IT, Security+ 6.3: Introduction to Public Key Infrastructure (part 1)
Pace IT at Edmonds Community College
 
Chapter 4 vulnerability threat and attack
newbie2019
 
Ethical hacking and social engineering
Sweta Kumari Barnwal
 
55994241 cissp-cram
bsnl007
 
Fundamentals of information systems security ( pdf drive ) chapter 1
newbie2019
 

What's hot (20)

PPTX
Architecting for Security Resilience
Joel Aleburu
 
PDF
E commerce Security
Wisnu Dewobroto
 
PPTX
Data base security and injection
A. Shamel
 
DOCX
VAPT- A Service on Eucalyptus Cloud
Swapna Shetye
 
PDF
Ch19 E Commerce Security
phanleson
 
PDF
Chapter 2 konsep dasar keamanan
newbie2019
 
PDF
Chapter 15 incident handling
newbie2019
 
PPTX
PACE-IT, Security+ 6.2: Cryptographic Methods (part 2)
Pace IT at Edmonds Community College
 
PPTX
Security and management
ArtiSolanki5
 
PDF
Two-factor authentication- A sample writing _Zaman
Asad Zaman
 
PPTX
Data and Message Security
Nrapesh Shah
 
PPTX
Threat Modeling - Writing Secure Code
Caleb Jenkins
 
PPTX
information security(authentication application, Authentication and Access Co...
Zara Nawaz
 
PPTX
PACE-IT, Security+ 4.1: Application Security Controls and Techniques
Pace IT at Edmonds Community College
 
PPT
E business security
Sameer Sharma
 
PPT
Security in e-commerce
SensePost
 
PPTX
5 Security Tips to Protect Your Login Credentials and More
Community IT Innovators
 
PPTX
PACE-IT, Security+3.5: Types of Application Attacks (part 2)
Pace IT at Edmonds Community College
 
PDF
Honey Pot Intrusion Detection System
International Journal of Engineering Inventions www.ijeijournal.com
 
PDF
Combating Phishing Attacks
Rapid7
 
Architecting for Security Resilience
Joel Aleburu
 
E commerce Security
Wisnu Dewobroto
 
Data base security and injection
A. Shamel
 
VAPT- A Service on Eucalyptus Cloud
Swapna Shetye
 
Ch19 E Commerce Security
phanleson
 
Chapter 2 konsep dasar keamanan
newbie2019
 
Chapter 15 incident handling
newbie2019
 
PACE-IT, Security+ 6.2: Cryptographic Methods (part 2)
Pace IT at Edmonds Community College
 
Security and management
ArtiSolanki5
 
Two-factor authentication- A sample writing _Zaman
Asad Zaman
 
Data and Message Security
Nrapesh Shah
 
Threat Modeling - Writing Secure Code
Caleb Jenkins
 
information security(authentication application, Authentication and Access Co...
Zara Nawaz
 
PACE-IT, Security+ 4.1: Application Security Controls and Techniques
Pace IT at Edmonds Community College
 
E business security
Sameer Sharma
 
Security in e-commerce
SensePost
 
5 Security Tips to Protect Your Login Credentials and More
Community IT Innovators
 
PACE-IT, Security+3.5: Types of Application Attacks (part 2)
Pace IT at Edmonds Community College
 
Honey Pot Intrusion Detection System
International Journal of Engineering Inventions www.ijeijournal.com
 
Combating Phishing Attacks
Rapid7
 
Ad

Similar to Chapter 3 security principals (20)

PDF
network security.pdf
KIYALIBAN1
 
PDF
CyberSecurity101.pdf
DhananjaySingh23178
 
PDF
information security introduction for campus students.pdf
hailegebrielgeta6
 
PPT
Technical seminar on Security
STS
 
PPTX
2 security concepts
LimenihMuluneh1
 
PPT
educational content,educational content,educational content,
Olajide Kuku
 
PDF
information security (security fundamental)
purwantosimamora1
 
PDF
What is Authentication vs Authorization Difference? | INTROSERV
SaqifKhan3
 
PDF
Basic security concepts_chapter_1_6perpage
nakomuri
 
PPT
1 security goals
drewz lin
 
PPTX
Access control
Mohibullah Saail
 
PPT
InfoSecConcepts.ppt
MobileAntitheft
 
PPTX
Computer Security Primer - Eric Vanderburg - JURINNOV
Eric Vanderburg
 
PPT
Lecture 01- What is Information Security.ppt
shahadd2021
 
PPTX
Security Architectures and Models.pptx
RushikeshChikane2
 
PPTX
Computer Literacy Chapter_1_Unit1_2022.ppt
LwandoMatilose
 
PPTX
Health information security 2 : Basic concepts
Dr. Lasantha Ranwala
 
PPTX
informations_security_presentations.pptx
FAKHARZAMANPROUD
 
PPTX
Information Security
UmangThakkar26
 
PPTX
Information Security
Alok Katiyar
 
network security.pdf
KIYALIBAN1
 
CyberSecurity101.pdf
DhananjaySingh23178
 
information security introduction for campus students.pdf
hailegebrielgeta6
 
Technical seminar on Security
STS
 
2 security concepts
LimenihMuluneh1
 
educational content,educational content,educational content,
Olajide Kuku
 
information security (security fundamental)
purwantosimamora1
 
What is Authentication vs Authorization Difference? | INTROSERV
SaqifKhan3
 
Basic security concepts_chapter_1_6perpage
nakomuri
 
1 security goals
drewz lin
 
Access control
Mohibullah Saail
 
InfoSecConcepts.ppt
MobileAntitheft
 
Computer Security Primer - Eric Vanderburg - JURINNOV
Eric Vanderburg
 
Lecture 01- What is Information Security.ppt
shahadd2021
 
Security Architectures and Models.pptx
RushikeshChikane2
 
Computer Literacy Chapter_1_Unit1_2022.ppt
LwandoMatilose
 
Health information security 2 : Basic concepts
Dr. Lasantha Ranwala
 
informations_security_presentations.pptx
FAKHARZAMANPROUD
 
Information Security
UmangThakkar26
 
Information Security
Alok Katiyar
 
Ad

More from newbie2019 (20)

PDF
Digital forensic principles and procedure
newbie2019
 
PDF
Fundamental digital forensik
newbie2019
 
PDF
Pendahuluan it forensik
newbie2019
 
PDF
Chapter 14 sql injection
newbie2019
 
PDF
Chapter 13 web security
newbie2019
 
PDF
NIST Framework for Information System
newbie2019
 
PDF
Nist.sp.800 37r2
newbie2019
 
PDF
Chapter 12 iso 27001 awareness
newbie2019
 
PDF
Chapter 10 security standart
newbie2019
 
PDF
Chapter 8 cryptography lanjutan
newbie2019
 
PDF
Pertemuan 7 cryptography
newbie2019
 
PDF
Chapter 6 information hiding (steganography)
newbie2019
 
PDF
Vulnerability threat and attack
newbie2019
 
PDF
Chapter 1 introduction
newbie2019
 
PDF
CCNA RSE Routing concept
newbie2019
 
PPT
Chapter 1 introduction
newbie2019
 
PPTX
Sca nv6 instructorppt_chapter2
newbie2019
 
PPTX
Ccna rse chp9 nat fo i_pv4
newbie2019
 
PDF
ether channel_hsrp
newbie2019
 
PDF
Ccna rse chp7 Access Control List (ACL)
newbie2019
 
Digital forensic principles and procedure
newbie2019
 
Fundamental digital forensik
newbie2019
 
Pendahuluan it forensik
newbie2019
 
Chapter 14 sql injection
newbie2019
 
Chapter 13 web security
newbie2019
 
NIST Framework for Information System
newbie2019
 
Nist.sp.800 37r2
newbie2019
 
Chapter 12 iso 27001 awareness
newbie2019
 
Chapter 10 security standart
newbie2019
 
Chapter 8 cryptography lanjutan
newbie2019
 
Pertemuan 7 cryptography
newbie2019
 
Chapter 6 information hiding (steganography)
newbie2019
 
Vulnerability threat and attack
newbie2019
 
Chapter 1 introduction
newbie2019
 
CCNA RSE Routing concept
newbie2019
 
Chapter 1 introduction
newbie2019
 
Sca nv6 instructorppt_chapter2
newbie2019
 
Ccna rse chp9 nat fo i_pv4
newbie2019
 
ether channel_hsrp
newbie2019
 
Ccna rse chp7 Access Control List (ACL)
newbie2019
 

Recently uploaded (20)

PDF
2.FourierTransform-ShortQuestionswithAnswers.pdf
Raji Murugan
 
PPTX
school management -TNTEU- B.Ed., Semester II Unit 1.pptx
NihumathunnisaH
 
PPTX
Orientation - ARALprogram of Deped to the Parents.pptx
JeromeTamayoSantiago1
 
PDF
Anesthesia in Laparoscopic Surgery in India
mohitsuren827
 
PDF
grade 11-chemistry_fetena_net_5883.pdf teacher guide for all student
banteamlakmebratu738
 
PDF
Complications of Minimal Access Surgery at WLH
mohitsuren827
 
PDF
LNK 2025 (2).pdf MWEHEHEHEHEHEHEHEHEHEHE
NielDestora
 
PDF
Yogi Goddess Pres Conference Studio Updates
LDMMia Reiki Lectures
 
PPTX
History, Philosophy and sociology of education (1).pptx
tmdth1
 
PDF
A GUIDE TO GENETICS FOR UNDERGRADUATE MEDICAL STUDENTS
DrBincy A. S
 
PDF
OBE - B.A.(HON'S) IN INTERIOR ARCHITECTURE -Ar.MOHIUDDIN.pdf
ArchitectAFMMohiuddi
 
PDF
Weekly quiz Compilation Jan -July 25.pdf
Nitin Suresh
 
PPTX
UNIT III MENTAL HEALTH NURSING ASSESSMENT
Sonali Gupta
 
PPTX
Introduction-to-Literarature-and-Literary-Studies-week-Prelim-coverage.pptx
EricaRamos80
 
PDF
Paper A Mock Exam 9_ Attempt review.pdf.
SameeraNaveed2
 
PDF
Practical Manual AGRO-233 Principles and Practices of Natural Farming
MilindKhedekar2
 
DOC
Soft-furnishing-By-Architect-A.F.M.Mohiuddin-Akhand.doc
ArchitectAFMMohiuddi
 
PDF
Trump Administration's workforce development strategy
Mebane Rash
 
PPTX
1st Inaugural Professorial Lecture held on 19th February 2020 (Governance and...
kawisojames10
 
PPTX
PPT- ENG7_QUARTER1_LESSON1_WEEK1. IMAGERY -DESCRIPTIONS pptx.pptx
KMDee
 
2.FourierTransform-ShortQuestionswithAnswers.pdf
Raji Murugan
 
school management -TNTEU- B.Ed., Semester II Unit 1.pptx
NihumathunnisaH
 
Orientation - ARALprogram of Deped to the Parents.pptx
JeromeTamayoSantiago1
 
Anesthesia in Laparoscopic Surgery in India
mohitsuren827
 
grade 11-chemistry_fetena_net_5883.pdf teacher guide for all student
banteamlakmebratu738
 
Complications of Minimal Access Surgery at WLH
mohitsuren827
 
LNK 2025 (2).pdf MWEHEHEHEHEHEHEHEHEHEHE
NielDestora
 
Yogi Goddess Pres Conference Studio Updates
LDMMia Reiki Lectures
 
History, Philosophy and sociology of education (1).pptx
tmdth1
 
A GUIDE TO GENETICS FOR UNDERGRADUATE MEDICAL STUDENTS
DrBincy A. S
 
OBE - B.A.(HON'S) IN INTERIOR ARCHITECTURE -Ar.MOHIUDDIN.pdf
ArchitectAFMMohiuddi
 
Weekly quiz Compilation Jan -July 25.pdf
Nitin Suresh
 
UNIT III MENTAL HEALTH NURSING ASSESSMENT
Sonali Gupta
 
Introduction-to-Literarature-and-Literary-Studies-week-Prelim-coverage.pptx
EricaRamos80
 
Paper A Mock Exam 9_ Attempt review.pdf.
SameeraNaveed2
 
Practical Manual AGRO-233 Principles and Practices of Natural Farming
MilindKhedekar2
 
Soft-furnishing-By-Architect-A.F.M.Mohiuddin-Akhand.doc
ArchitectAFMMohiuddi
 
Trump Administration's workforce development strategy
Mebane Rash
 
1st Inaugural Professorial Lecture held on 19th February 2020 (Governance and...
kawisojames10
 
PPT- ENG7_QUARTER1_LESSON1_WEEK1. IMAGERY -DESCRIPTIONS pptx.pptx
KMDee
 

Chapter 3 security principals

  • 1. INFORMATION SYSTEM SECURITY Jupriyadi, S.Kom. M.T. jupriyadi@teknokrat.ac.id Bandarlampung, Juli 2021 Chapter 3
  • 2. Security Principals Authentication Authorization or Access Control Privacy / Confidentiality Integrity Availability Non-repudiation Auditing
  • 3. Authentication Stating that the data or information used or provided by the user is the person's original Countermeasure: Using Digital signature
  • 4. Authentication  Authentication is used by a server when the server needs to know exactly who is accessing their information or site.  Authentication is used by a client when the client needs to know that the server is system it claims to be.  In authentication, the user or computer has to prove its identity to the server or client.  Usually, authentication by a server entails the use of a user name and password. Other ways to authenticate can be through cards, retina scans, voice recognition, and fingerprints.  Authentication by a client usually involves the server giving a certificate to the client in which a trusted third party.  Authentication does not determine what tasks the individual can do or what files the individual can see. Authentication merely identifies and verifies who the person or system is.
  • 5. Three Schemes Authentication • Password Something you know • ID Card Something you have • Finger Prints Something you are
  • 6. Authorization or Access Control Setting who can do what, or from where to where. Can use the mechanisms of user / password or other mechanism Example: ACL on Proxy Server
  • 7. Authorization or Access Control  Authorization is a process by which a server determines if the client has permission to use a resource or access a file.  Authorization is usually coupled with authentication so that the server has some concept of who the client is that is requesting access.  The type of authentication required for authorization may vary; passwords may be required in some cases but not in others.  In some cases, there is no authorization; any user may be use a resource or access a file simply by asking for it. Most of the web pages on the Internet require no authentication or authorization.
  • 8. Privacy/Confidentiality Security of personal data, messages or other sensitive information Countermeasure: Using encryption
  • 9. Integrity Information or messages that are kept unchanged or changed.
  • 10. Availability The availability of information security services. Countermeasure : Firewall and router filtering, backup and redundancy, IDS and IPS
  • 11. Non-repudiation Keeping that if it is done online transactions or activities, it can not be disclaimed
  • 12. Auditing The existence of the file records data communications that occur on the network for auditing purposes such as identifying attacks on the network or server Implementation : Using System Logging
  • 13. Basic Terminology  Threats  natural threats  unintentional threats  intentional threats  Vulnerabilities  weakness in the design  Configuration  implementation  Risk  Attacks