SlideShare a Scribd company logo

Class4 Security

Download as PPT, PDF
R
RMS

The document discusses information system security and defines key concepts. It outlines four main causes of security disasters: accidents, errors, abuses, and miscellaneous risks. It also identifies five indicators used to assess security: availability, truthfulness, confidentiality, non-repudiation, and traceability of operations. Finally, it examines common web scenarios and the aspects of security they involve, such as authentication, authorization, integrity, and confidentiality.

TechnologyNews & Politics
1 of 17
Download to read offline
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
INTRODUCTION TO INFORMATION SYSTEMS SUPdeCO - PCM - English Track October 2008 Computer-Based Information Systems Security PROF. DIANA MANGALAGIU MANAGEMENT AND STRATEGY DEPARTMENT
Concept of security «  The security of an information system is its non-vulnerability to accidents or deliberate attacks, that is the impossibility that those attacks have any serious impacts on the state and the operation of the system » J. P. Magnier
Why security is a hot topic Security threats have highly increased in the last 10 years, with virtually no aspect of life left untouched, leaving opportunities to impersonate, modify, delete, or simply make mistakes and wreak havoc …. Financial transactions e.g. credit card details Sensitive information e.g. exam papers Downloaded programs, including applets
General definitions Un sinistre Causes of vulnerability Immediate and long-term effects An attack or a natural disaster Disaster : Source: P. Reix
S ecurity guidelines : To handle security, it should be assessed using indicators including: 1 – Availability of information and functionalities 2 – Truthfulness of information 3 – Confidentiality of information 4 – Non-repudiation of communications 5 – Traceability of operations Potential causes of the disaster make it essential to keep watch over the vulnerability of the system and thus over the risks it runs. General definitions
Causes of disasters Category 1 – ACCIDENTS : Material risks - Breakdowns and failures of core hardware and software Category 2 – ERRORS: Errors of information input, transmission and use Operating errors Errors of software design and development Category 3 – ABUSES : - Theft, material abuse Fraud, immaterial abuse Misappropriation of goods Fraudulent statements - Software hacking Category 4 – MISCELLANEOUS RISKS: Strike - Departure of specialized staff
Security planning Policies for security 1 – Material resource security 2 – Software security 3 – Application security 4 – General security steps 5 – Insurance The idea that security is entirely handled by hardware and software related procedures is a dangerous utopia as it must come with organizational thinking as well as awareness and training of individuals.
Four cornerstones of security & trust authentication integrity & non- authorisation confidentiality repudiation
Authentication The identities of all parties involved in an operation should be verified (including code sources) authentication
Integrity Ensure that information has not been tampered with authentication integrity
Non-repudiation Cannot deny that one is the sender of the info and/or that it has been received authentication integrity & non- repudiation
Confidentiality Only intended recipient can make sense of message or stored information authentication integrity & non- confidentiality repudiation
Authorisation Is the user allowed to perform these operations? authentication integrity & non- authorisation confidentiality repudiation
Security tradeoffs With unlimited resources, most forms of security can be broken Cost of breaking should outweigh reward Need to consider end-to-end security A system is only as secure as its weakest part E.g. encryption with a private key is usually good, but the weakness is often the storage of the private key
Common web scenarios and their security aspects Scenario 1: online banking Authentication: is this a valid user? Authorisation: does this user have permission to access account information? Confidentiality : is account information secure from attack? … but must still be easy to use
Scenario 2: Downloading code Authentication : does the code come from a trusted source? Integrity : has the code been tampered with before or during downloading? Authorisation : does the code have permission to carry out certain operations?
Scenario 3: online credit card transactions Authentication : does the credit card belong to the customer? Is the merchant valid? Is the merchant bank valid? Integrity : have any details been altered en route? Non-repudiation : can any of the parties deny that any aspects of the transaction took place? Confidentiality : should the merchant have access to credit card details? Should the bank have access to purchase details?

More Related Content

PDF
Securign siem for small business
Rajul Sthapak
 
PPTX
Cyber Security
Maryam Hidayatallah CPFA,MIPA,MA,CICA
 
PPTX
Threat Modelling And Threat Response
Vivek Jindaniya
 
PDF
Cybersecurity: How to Protect Your Firm from a Cyber Attack
Shawn Tuma
 
PPSX
Mobile security
Eng Hasan Shamroukh CISCO Exams Author
 
PPTX
Cyber security
TaimoorArshad5
 
PPTX
Cia security model
Imran Ahmed
 
PDF
Cybersecurity Myths for Small and Medium-Sized Businesses
Seqrite
 
Securign siem for small business
Rajul Sthapak
 
Cyber Security
Maryam Hidayatallah CPFA,MIPA,MA,CICA
 
Threat Modelling And Threat Response
Vivek Jindaniya
 
Cybersecurity: How to Protect Your Firm from a Cyber Attack
Shawn Tuma
 
Mobile security
Eng Hasan Shamroukh CISCO Exams Author
 
Cyber security
TaimoorArshad5
 
Cia security model
Imran Ahmed
 
Cybersecurity Myths for Small and Medium-Sized Businesses
Seqrite
 

What's hot (20)

PPT
E-Commerce Security
Syed Maniruzzaman Pabel
 
PPTX
Cybersecurity
A. Shamel
 
PPTX
Protection from hacking attacks
Sugirtha Jasmine M
 
PPTX
Cyber security
Eduonix
 
PPTX
Information security
AlaaMahmoud108
 
PPT
2 Security And Internet Security
Ana Meskovska
 
PPTX
Information Security Awareness
SnapComms
 
PDF
DRC -- Cybersecurity concepts2015
T. J. Saotome
 
PPT
Iss lecture 1
Ali Habeeb
 
PPT
SYSTEM SECURITY - Chapter 1 introduction
Afna Crcs
 
PPT
HIPAA, Privacy, Security, and Good Business
Stephen Cobb
 
PPTX
DC970 Presents: Defense in Depth
IceQUICK
 
PPTX
Unified Threat Management Vs Next-Gen Firewall: What's the difference?
Seqrite
 
PDF
Security Attacks in Stand-Alone Computer and Cloud Computing: An Analysis
dadkhah077
 
PDF
Whitepaper next generation_patient_safety_bertine_mc_kenna.01
Ronan Martin
 
PPTX
презентация1
sagidullaa01
 
PDF
4. Mitigating a Cyber Attack
isc2-hellenic
 
PDF
Cybersecurity Interview Questions and Answers | CyberSecurity Interview Tips ...
Edureka!
 
PPTX
What is network security and Types
Vikram Khanna
 
PDF
Chapter 4 vulnerability threat and attack
newbie2019
 
E-Commerce Security
Syed Maniruzzaman Pabel
 
Cybersecurity
A. Shamel
 
Protection from hacking attacks
Sugirtha Jasmine M
 
Cyber security
Eduonix
 
Information security
AlaaMahmoud108
 
2 Security And Internet Security
Ana Meskovska
 
Information Security Awareness
SnapComms
 
DRC -- Cybersecurity concepts2015
T. J. Saotome
 
Iss lecture 1
Ali Habeeb
 
SYSTEM SECURITY - Chapter 1 introduction
Afna Crcs
 
HIPAA, Privacy, Security, and Good Business
Stephen Cobb
 
DC970 Presents: Defense in Depth
IceQUICK
 
Unified Threat Management Vs Next-Gen Firewall: What's the difference?
Seqrite
 
Security Attacks in Stand-Alone Computer and Cloud Computing: An Analysis
dadkhah077
 
Whitepaper next generation_patient_safety_bertine_mc_kenna.01
Ronan Martin
 
презентация1
sagidullaa01
 
4. Mitigating a Cyber Attack
isc2-hellenic
 
Cybersecurity Interview Questions and Answers | CyberSecurity Interview Tips ...
Edureka!
 
What is network security and Types
Vikram Khanna
 
Chapter 4 vulnerability threat and attack
newbie2019
 
Ad

Viewers also liked (20)

PPTX
Hula hoops
Carolyne Thornton
 
ODP
Presentacion house
Pakitalero
 
PDF
Revolução Digital Pós NRF 2016
Ricardo Kubo
 
ODS
9.1º Notas
Básicas ou Secundárias
 
PPTX
Intranet homepage competition
Deloitte Australia
 
PPT
Visiting Places
tsisves
 
PDF
Marketology Social Media Masterclass presentation
Loredana Baranga BA MCIM Chartered Marketer
 
PPTX
110118 Presentasion Proposal Thesis Print
Reggy Lu
 
PDF
Social Media Recruiting Israel 2011
iTalent
 
PDF
מציאות ברשת
iTalent
 
PDF
Wo ist Pluto?
VS zennerstraße 1
 
PPTX
Mie presentation
hajerMohammed
 
PPT
2136
Joel Acosta
 
PPTX
Intranets2012: Aligning your intranet to your business
Deloitte Australia
 
PPT
Francia 2013
IES David Vázquez
 
PPT
Intelligens ház
kleila83
 
KEY
dddddddddddddddd
sbavaro
 
PPTX
Citadel Career Center - Leading the way
Page Tisdale
 
PPTX
Uranium!!!!
emorylarkin1995
 
PPT
A New Entrepreneurship - A Backwards Approach
Loopshot
 
Hula hoops
Carolyne Thornton
 
Presentacion house
Pakitalero
 
Revolução Digital Pós NRF 2016
Ricardo Kubo
 
9.1º Notas
Básicas ou Secundárias
 
Intranet homepage competition
Deloitte Australia
 
Visiting Places
tsisves
 
Marketology Social Media Masterclass presentation
Loredana Baranga BA MCIM Chartered Marketer
 
110118 Presentasion Proposal Thesis Print
Reggy Lu
 
Social Media Recruiting Israel 2011
iTalent
 
מציאות ברשת
iTalent
 
Wo ist Pluto?
VS zennerstraße 1
 
Mie presentation
hajerMohammed
 
2136
Joel Acosta
 
Intranets2012: Aligning your intranet to your business
Deloitte Australia
 
Francia 2013
IES David Vázquez
 
Intelligens ház
kleila83
 
dddddddddddddddd
sbavaro
 
Citadel Career Center - Leading the way
Page Tisdale
 
Uranium!!!!
emorylarkin1995
 
A New Entrepreneurship - A Backwards Approach
Loopshot
 
Ad

Similar to Class4 Security (20)

PPT
Information Technology Security Basics
Mohan Jadhav
 
PDF
The Hacker Playbook: How to Think like a Cybercriminal to Reduce Risk
BeyondTrust
 
PDF
Management Information Systems
msd11
 
PPT
information security management
Gurpreetkaur838
 
PDF
Your Skill Boost Masterclass Online Safety and Cybersecurity Tips
Excellence Foundation for South Sudan
 
PDF
Cybersecurity Roadmap Development for Executives
Krist Davood - Principal - CIO
 
PDF
New Age Red Teaming - Enterprise Infilteration
Shritam Bhowmick
 
PPTX
Cyber Frontline - Level 2 - Module 1.pptx
trevor501353
 
PPTX
introduction of ethical hacking. (ppt)
Scode Network Institute
 
PPTX
introduction of ethical hacking. ppt
Scode Network Institute
 
PPT
Principles of information security Chapter 1 (1).ppt
EstherBaguma
 
PPT
Chapter 1 (1) (1).pptghtrtt76utrurtutrut
ugpgcs22
 
PDF
Safeguarding Your Business: Understanding, Preventing, and Responding to Data...
CyberPro Magazine
 
PPTX
Security for e commerce
Mohsin Ahmad
 
PPTX
Introduction to Computer Security
Kamal Acharya
 
PPT
Security Manager - Slides - Module 1 Powerpoint Presentation
trevor501353
 
PPT
Security Manager - Slides - Module 1 Powerpoint Presentation
trevor501353
 
PPT
Security Manager - Slides - Module 1 Powerpoint Presentation
trevor501353
 
PPTX
cyber security awareness------------.pptx
sagarraj219758
 
PDF
Understanding Endpoint Security: A Guide For Everyone
AKGVG & ASSOCIATES Chartered Accountants
 
Information Technology Security Basics
Mohan Jadhav
 
The Hacker Playbook: How to Think like a Cybercriminal to Reduce Risk
BeyondTrust
 
Management Information Systems
msd11
 
information security management
Gurpreetkaur838
 
Your Skill Boost Masterclass Online Safety and Cybersecurity Tips
Excellence Foundation for South Sudan
 
Cybersecurity Roadmap Development for Executives
Krist Davood - Principal - CIO
 
New Age Red Teaming - Enterprise Infilteration
Shritam Bhowmick
 
Cyber Frontline - Level 2 - Module 1.pptx
trevor501353
 
introduction of ethical hacking. (ppt)
Scode Network Institute
 
introduction of ethical hacking. ppt
Scode Network Institute
 
Principles of information security Chapter 1 (1).ppt
EstherBaguma
 
Chapter 1 (1) (1).pptghtrtt76utrurtutrut
ugpgcs22
 
Safeguarding Your Business: Understanding, Preventing, and Responding to Data...
CyberPro Magazine
 
Security for e commerce
Mohsin Ahmad
 
Introduction to Computer Security
Kamal Acharya
 
Security Manager - Slides - Module 1 Powerpoint Presentation
trevor501353
 
Security Manager - Slides - Module 1 Powerpoint Presentation
trevor501353
 
Security Manager - Slides - Module 1 Powerpoint Presentation
trevor501353
 
cyber security awareness------------.pptx
sagarraj219758
 
Understanding Endpoint Security: A Guide For Everyone
AKGVG & ASSOCIATES Chartered Accountants
 

More from RMS (20)

PPT
2008 Rms Cross Cultural Management
RMS
 
PPT
2008 Rms Cross Cultural Management
RMS
 
PPTX
Amphi Creativite Entrepreneuriale Oct Dec 2006 Sans Photos
RMS
 
PPTX
Life Track
RMS
 
PPT
Personality Pcm
RMS
 
PPT
Ob
RMS
 
PPT
Perception Pcm P1
RMS
 
PPT
Intro I Mba Pcm
RMS
 
PPT
The Jim Davis Case
RMS
 
PPT
Perception Pcm P2
RMS
 
PPT
Foundations Of Leadership Pcm
RMS
 
PPT
Class3 Edi Ppt
RMS
 
PPT
Class2 Business Software
RMS
 
PPT
Class1 Intro Is
RMS
 
PPT
Pcm Mngt Acctg Budgetary Control
RMS
 
PPT
Pcm Mngt Acctg Conclusion
RMS
 
PPT
04 Marketing Concurrence
RMS
 
PPT
05 Marketing Diagnostic Interne ChaîNe Valeur
RMS
 
PPTX
06 StratéGies GéNéRiques
RMS
 
PPT
03 Marketing Marché
RMS
 
2008 Rms Cross Cultural Management
RMS
 
2008 Rms Cross Cultural Management
RMS
 
Amphi Creativite Entrepreneuriale Oct Dec 2006 Sans Photos
RMS
 
Life Track
RMS
 
Personality Pcm
RMS
 
Ob
RMS
 
Perception Pcm P1
RMS
 
Intro I Mba Pcm
RMS
 
The Jim Davis Case
RMS
 
Perception Pcm P2
RMS
 
Foundations Of Leadership Pcm
RMS
 
Class3 Edi Ppt
RMS
 
Class2 Business Software
RMS
 
Class1 Intro Is
RMS
 
Pcm Mngt Acctg Budgetary Control
RMS
 
Pcm Mngt Acctg Conclusion
RMS
 
04 Marketing Concurrence
RMS
 
05 Marketing Diagnostic Interne ChaîNe Valeur
RMS
 
06 StratéGies GéNéRiques
RMS
 
03 Marketing Marché
RMS
 

Recently uploaded (20)

PPTX
ACSFv1EN-58255 AWS Academy Cloud Security Foundations.pptx
23bcla24
 
PDF
Reach Out and Touch Someone: Haptics and Empathic Computing
Mark Billinghurst
 
DOCX
The AUB Centre for AI in Media Proposal.docx
GAONE9
 
PDF
Review of recent advances in non-invasive hemoglobin estimation
IAESIJAI
 
PDF
Optimiser vos workloads AI/ML sur Amazon EC2 et AWS Graviton
Julien SIMON
 
PDF
Chapter 3 Spatial Domain Image Processing.pdf
Getnet Tigabie Askale -(GM)
 
PPTX
MYSQL Presentation for SQL database connectivity
Swati270511
 
PDF
Peak of Data & AI Encore- AI for Metadata and Smarter Workflows
Safe Software
 
PPTX
KOM of Painting work and Equipment Insulation REV00 update 25-dec.pptx
muhammadmuneebnaeem7
 
PDF
Approach and Philosophy of On baking technology
30anthuong17
 
PPTX
Big Data Technologies - Introduction.pptx
kuthubussaman1
 
PPTX
Programs and apps: productivity, graphics, security and other tools
4mqw9zch22
 
PDF
Build a system with the filesystem maintained by OSTree @ COSCUP 2025
Jian-Hong Pan
 
PDF
Spectral efficient network and resource selection model in 5G networks
IAESIJAI
 
PDF
Machine learning based COVID-19 study performance prediction
IAESIJAI
 
PPTX
Understanding_Digital_Forensics_Presentation.pptx
ImranKhan423233
 
PDF
Per capita expenditure prediction using model stacking based on satellite ima...
IAESIJAI
 
PPTX
Effective Security Operations Center (SOC) A Modern, Strategic, and Threat-In...
ReZa AdineH
 
PDF
Empathic Computing: Creating Shared Understanding
Mark Billinghurst
 
PDF
cuic standard and advanced reporting.pdf
SimoneTitaniumTomase
 
ACSFv1EN-58255 AWS Academy Cloud Security Foundations.pptx
23bcla24
 
Reach Out and Touch Someone: Haptics and Empathic Computing
Mark Billinghurst
 
The AUB Centre for AI in Media Proposal.docx
GAONE9
 
Review of recent advances in non-invasive hemoglobin estimation
IAESIJAI
 
Optimiser vos workloads AI/ML sur Amazon EC2 et AWS Graviton
Julien SIMON
 
Chapter 3 Spatial Domain Image Processing.pdf
Getnet Tigabie Askale -(GM)
 
MYSQL Presentation for SQL database connectivity
Swati270511
 
Peak of Data & AI Encore- AI for Metadata and Smarter Workflows
Safe Software
 
KOM of Painting work and Equipment Insulation REV00 update 25-dec.pptx
muhammadmuneebnaeem7
 
Approach and Philosophy of On baking technology
30anthuong17
 
Big Data Technologies - Introduction.pptx
kuthubussaman1
 
Programs and apps: productivity, graphics, security and other tools
4mqw9zch22
 
Build a system with the filesystem maintained by OSTree @ COSCUP 2025
Jian-Hong Pan
 
Spectral efficient network and resource selection model in 5G networks
IAESIJAI
 
Machine learning based COVID-19 study performance prediction
IAESIJAI
 
Understanding_Digital_Forensics_Presentation.pptx
ImranKhan423233
 
Per capita expenditure prediction using model stacking based on satellite ima...
IAESIJAI
 
Effective Security Operations Center (SOC) A Modern, Strategic, and Threat-In...
ReZa AdineH
 
Empathic Computing: Creating Shared Understanding
Mark Billinghurst
 
cuic standard and advanced reporting.pdf
SimoneTitaniumTomase
 

Class4 Security

  • 1. INTRODUCTION TO INFORMATION SYSTEMS SUPdeCO - PCM - English Track October 2008 Computer-Based Information Systems Security PROF. DIANA MANGALAGIU MANAGEMENT AND STRATEGY DEPARTMENT
  • 2. Concept of security «  The security of an information system is its non-vulnerability to accidents or deliberate attacks, that is the impossibility that those attacks have any serious impacts on the state and the operation of the system » J. P. Magnier
  • 3. Why security is a hot topic Security threats have highly increased in the last 10 years, with virtually no aspect of life left untouched, leaving opportunities to impersonate, modify, delete, or simply make mistakes and wreak havoc …. Financial transactions e.g. credit card details Sensitive information e.g. exam papers Downloaded programs, including applets
  • 4. General definitions Un sinistre Causes of vulnerability Immediate and long-term effects An attack or a natural disaster Disaster : Source: P. Reix
  • 5. S ecurity guidelines : To handle security, it should be assessed using indicators including: 1 – Availability of information and functionalities 2 – Truthfulness of information 3 – Confidentiality of information 4 – Non-repudiation of communications 5 – Traceability of operations Potential causes of the disaster make it essential to keep watch over the vulnerability of the system and thus over the risks it runs. General definitions
  • 6. Causes of disasters Category 1 – ACCIDENTS : Material risks - Breakdowns and failures of core hardware and software Category 2 – ERRORS: Errors of information input, transmission and use Operating errors Errors of software design and development Category 3 – ABUSES : - Theft, material abuse Fraud, immaterial abuse Misappropriation of goods Fraudulent statements - Software hacking Category 4 – MISCELLANEOUS RISKS: Strike - Departure of specialized staff
  • 7. Security planning Policies for security 1 – Material resource security 2 – Software security 3 – Application security 4 – General security steps 5 – Insurance The idea that security is entirely handled by hardware and software related procedures is a dangerous utopia as it must come with organizational thinking as well as awareness and training of individuals.
  • 8. Four cornerstones of security & trust authentication integrity & non- authorisation confidentiality repudiation
  • 9. Authentication The identities of all parties involved in an operation should be verified (including code sources) authentication
  • 10. Integrity Ensure that information has not been tampered with authentication integrity
  • 11. Non-repudiation Cannot deny that one is the sender of the info and/or that it has been received authentication integrity & non- repudiation
  • 12. Confidentiality Only intended recipient can make sense of message or stored information authentication integrity & non- confidentiality repudiation
  • 13. Authorisation Is the user allowed to perform these operations? authentication integrity & non- authorisation confidentiality repudiation
  • 14. Security tradeoffs With unlimited resources, most forms of security can be broken Cost of breaking should outweigh reward Need to consider end-to-end security A system is only as secure as its weakest part E.g. encryption with a private key is usually good, but the weakness is often the storage of the private key
  • 15. Common web scenarios and their security aspects Scenario 1: online banking Authentication: is this a valid user? Authorisation: does this user have permission to access account information? Confidentiality : is account information secure from attack? … but must still be easy to use
  • 16. Scenario 2: Downloading code Authentication : does the code come from a trusted source? Integrity : has the code been tampered with before or during downloading? Authorisation : does the code have permission to carry out certain operations?
  • 17. Scenario 3: online credit card transactions Authentication : does the credit card belong to the customer? Is the merchant valid? Is the merchant bank valid? Integrity : have any details been altered en route? Non-repudiation : can any of the parties deny that any aspects of the transaction took place? Confidentiality : should the merchant have access to credit card details? Should the bank have access to purchase details?

Editor's Notes

  • #7: Bouygues Télécom : Sa panne informatique du 17/11/2004 lui coûte 16 millions d’Euros SNCF : 1000 terminaux paralysés en juillet 2004 Selon Microsoft , 2,4 milliards d’heures de travail dans les entreprises ce qui équivaut en France à 20€ de l’heure X 15 millions de personnes = 1,8 milliards d’euros de perte