SlideShare a Scribd company logo

CYB 102 – Fundamentals of Cyber Security 2.pdf

A
Abolarinwa

The document outlines the fundamentals of fault tolerance in cyber security, highlighting its importance in enabling systems to continue functioning despite failures. It discusses key components such as redundancy, diversity, and replication, and the essential aspects of fault-tolerant systems that ensure high availability and business continuity. Additionally, it covers the need for security policies, detailing various types and their components, which promote accountability, efficiency, and protection against cyber threats.

Devices & Hardware
1 of 16
Download to read offline
1
2
3
4
Most read
5
Most read
6
7
Most read
8
9
10
11
12
13
14
15
16
CYB 102 – FUNDAMENTALS OF CYBER SECURITY Lecture Note slides Module 2
Fault Tolerance Definition: is a process that enables an operating system to respond to a failure in hardware or software. This fault-tolerance definition refers to the system’s ability to continue operating despite failures or malfunctions. An operating system that offers a solid definition for faults cannot be disrupted by a single point of failure. It ensures business continuity and the high availability of crucial applications and systems regardless of any failures. How Does Fault Tolerance Work? Fault tolerance can be built into a system to remove the risk of it having a single point of failure. To do so, the system must have no single component that, if it were to stop working effectively, would result in the entire system failing. Fault tolerance is reliant on aspects like Load balancing and fail over, which remove the risk of a single point of failure. It will typically be part of the operating system’s interface, which enables programmers to check the performance of data throughout a transaction. A fault-tolerance process follows two core models:
1. Normal Functioning • This describes a situation when a fault-tolerant system encounters a fault but continues to function as usual. This means the system sees no change in performance metrics like throughput or response time. 2. Graceful Degradation • Other types of fault-tolerant systems will go through graceful degradation of performance when certain faults occur. That means the impact the fault has on the system’s performance is proportionate to the fault severity. In other words, a small fault will only have a small impact on the system’s performance rather than causing the entire system to fail or have major performance issues. Components of a Fault-tolerance System • The key benefit of fault tolerance is to minimize or avoid the risk of systems becoming unavailable due to a component error. This is particularly important in critical systems that are relied on to ensure people’s safety, such as air traffic control, and systems that protect and secure critical data and high-value transactions.
Core Components of Improving Fault Tolerance The core components of improving fault tolerance include: ➢Diversity • If a system’s main electricity supply fails, potentially due to a storm that causes a power outage or affects a power station, it will not be possible to access alternative electricity sources. In this event, fault tolerance can be sourced through diversity, which provides electricity from sources like backup generators that take over when a main power failure occurs. • Some diverse fault-tolerance options result in the backup not having the same level of capacity as the primary source. This may, in some cases, require the system to ensure graceful degradation until the primary power source is restored. ➢Redundancy • Fault-tolerant systems use redundancy to remove the single point of failure. The system is equipped with one or more power supply units (PSUs), which do not need to power the system when the primary PSU functions as normal. In the event the primary PSU fails or suffers a fault, it can be removed from service and replaced by a redundant PSU, which takes over system function and performance. • Alternatively, redundancy can be imposed at a system level, which means an entire alternate computer system is in place in case a failure occurs.
➢Replication • Replication is a more complex approach to achieving fault tolerance. It involves using multiple identical versions of systems and subsystems and ensuring their functions always provide identical results. If the results are not identical, then a democratic procedure is used to identify the faulty system. Alternatively, a procedure can be used to check for a system that shows a different result, which indicates it is faulty. • Replication can either take place at the component level, which involves multiple processors running simultaneously or at the system level, which involves identical computer systems running simultaneously. Elements of Fault-tolerant Systems • Fault-tolerant systems also use backup components, which automatically replace failed components to prevent a loss of service. These backup components include: ❖Hardware Systems • Hardware systems can be backed up by systems that are identical or equivalent to them. A typical example is a server made fault-tolerant by deploying an identical server that runs in parallel to it and mirrors all its operations, such as the redundant array of inexpensive disks (RAID), which combines physical disk components to achieve redundancy and improved performance.
❖Software Systems • Software systems can be made fault-tolerant by backing them up with other software. A common example is backing up a database that contains customer data to ensure it can continuously replicate onto another machine. As a result, in the event that a primary database fails, normal operations will continue because they are automatically replicated and redirected onto the backup database. ❖Power Sources • Power sources can also be made fault-tolerant by using alternative sources to support them. One approach is to run devices on an uninterruptible power supply (UPS). Another is to use backup power generators that ensure storage and hardware, heating, ventilation, and air conditioning (HVAC) continue to operate as normal if the primary power source fails.
Factors To Consider in Fault Tolerance • There are several factors that affect organizations’ decision to implement a fault-tolerant system, including: ❑Cost • The biggest disadvantage of adopting a fault-tolerant approach is the cost of doing so. Organizations must think carefully about the cost elements of a fault-tolerant or highly available system. • Fault-tolerant systems require organizations to have multiple versions of system components to ensure redundancy, extra equipment like backup generators, and additional hardware. These components need regular maintenance and testing. They also take up valuable space in data centers. ❑Quality Degradation • One way around the cost of fault tolerance is to opt for more cost-effective but lower-quality redundant components. This approach can inadvertently increase maintenance and support costs and make the system less reliable. To avoid such a situation, organizations must monitor the performance of individual components and keep an eye on their lifespan in relation to their cost. ❑Testing and Fault-detection Difficulties • Fault tolerance inevitably makes it more difficult to know if components are performing to the expected level because failures do not automatically result in the system going down. As a result, organizations will require additional resources and expenditure to continuously test and monitor their system health for faults.
Application of Fault Tolerance • Fault tolerance specifically refers to the ability of a piece of hardware or software to withstand the failure of a key component. • This can be implemented at the hardware level using redundant power supplies or a Redundant Array of Inexpensive Disk (RAID) hard drive array. Disadvantages of Fault Tolerance • Cost: By far the biggest disadvantage of fault tolerance is that it leads to the building of systems that are far more costly than fault- intolerant systems. • That is because, among other reasons, they usually require multiple versions of the same components to provide redundancy.
Difference between Fault Avoidance and Fault Tolerance • Fault avoidance (a process-oriented concept) seeks to prevent faults from being introduced into the software. • Fault tolerance (a product-oriented concept) accepts faults in a limited capacity and masks their manifestation (i.e., failures).
Security Policies Definition; Security policies are a formal set of rules which is issued by an organization to ensure that the user who is authorized to access company technology and information assets comply with rules and guidelines related to the security of information. ▪ A security policy also considered to be a "living document" which means that the document is never finished, but it is continuously updated as requirements of the technology and employee changes. ▪ We use security policies to manage our network security. Most types of security policies are automatically created during the installation. We can also customize policies to suit our specific environment. ▪ It focuses on the tools, processes and methods needed to design, implement and test complete systems, and to adapt existing systems as their environment evolves.
• A top down representation of the protection of a computer system might consist of the three layers shown in figure 1. Figure 1: Layers of protection in a computer system
• At the highest level of abstraction, the whole system is represented by a concise and formalised set of goals and requirements: the policy. • At the bottom level, the system is composed of mechanisms such as the computing hardware, the cryptographic primitives, tamper resistant enclosures and seals as well as procedural items such as biometric scanning of individuals (iris, fingerprint, voiceprint...) for purposes of authentication. • Between those two extremes there will be some middleware that connects together the available mechanisms in order to build the system that conforms to the policy. This may include access control structures- whether or not enforced by the operating system and cryptographic protocols. • The security policy is a set of high-level documents that state precisely what goals the protection mechanisms are to achieve. It is driven by our understanding of threats, and in turn drives our system design.
Need of Security policies 1) It increases efficiency. 2) It upholds discipline and accountability 3) It can make or break a business deal 4) It helps to educate employees on security literacy
Types of cyber security policies There are some important cyber security policies recommendations describe below- Virus and Spyware Protection Policy: ▪ It helps to detect threads in files, to detect applications that exhibits suspicious behavior. ▪ Removes, and repairs the side effects of viruses and security risks by using signatures. Firewall Policy: ▪ It blocks unauthorized users from accessing the systems and networks that connect to the Internet. ▪ It detects attacks by cybercriminals and removes unwanted sources of network traffic. Intrusion Prevention policy: ▪ This policy automatically detects and blocks network attacks and browser attacks. ▪ It also protects applications from vulnerabilities and checks the contents of one or more data packages and detects malware that is coming through legal ways
Application and Device Control: ▪ This policy protects a system's resources from applications and manages the peripheral devices that can attach to a system. ▪ The device control policy applies to both Windows and Mac computers whereas application control policy can be applied only to Windows clients.
Components of a security policy The U.S. Department of Defense has promulgated the Five Pillars of Information Assurance model that includes the protection of: • confidentiality • Integrity • Availability • Authenticity • Non-repudiation of user data.

More Related Content

PPTX
Operating system.assig.ppt gokgfchvhj;;hhjcghfxgch
nattysertse
 
PDF
Fault tolerance
Gaurav Rawat
 
PPTX
Fault Tolerance System
Ehsan Ilahi
 
PPT
Fault Tolerance System
prakashjjaya
 
PPTX
Comp8 unit9a lecture_slides
CMDLMS
 
PDF
Contrasting High Availability, Fault Tolerance, and Disaster Recovery
MaryJWilliams2
 
PPT
Lecture07_FaultTolerance in parallel and distributing
sameerkumar56473
 
PPT
Lecture07_FaultTolerance in parallel and distributed
sameerkumar56473
 
Operating system.assig.ppt gokgfchvhj;;hhjcghfxgch
nattysertse
 
Fault tolerance
Gaurav Rawat
 
Fault Tolerance System
Ehsan Ilahi
 
Fault Tolerance System
prakashjjaya
 
Comp8 unit9a lecture_slides
CMDLMS
 
Contrasting High Availability, Fault Tolerance, and Disaster Recovery
MaryJWilliams2
 
Lecture07_FaultTolerance in parallel and distributing
sameerkumar56473
 
Lecture07_FaultTolerance in parallel and distributed
sameerkumar56473
 

Similar to CYB 102 – Fundamentals of Cyber Security 2.pdf (20)

PPT
Chapter- Five fault powers poin lecture
borchala1
 
PPTX
Fault Tolerance in Distributed System
Yatru Harsha Hiski
 
PPTX
slides.08.pptx
balewayalew
 
PDF
An Investigation of Fault Tolerance Techniques in Cloud Computing
ijtsrd
 
PPTX
Fault tolerance techniques
ECEDepartmentJSREC
 
PPTX
RTS fault tolerance, Reliability evaluation
4132lenin6497ram
 
PPTX
real time systems fault tolerance, Redundancy
4132lenin6497ram
 
PPT
Lec06-IO2.ppt
HemalkumarLakdawala
 
PPTX
Resiliency vs High Availability vs Fault Tolerance vs Reliability
jeetendra mandal
 
PDF
Atifalhas
Evandro Madeira
 
PDF
10 sd-faulttolerance
Mudogo
 
PDF
Proposed Algorithm for Surveillance Applications
Editor IJCATR
 
PPT
Depandability in Software Engineering SE16
koolkampus
 
PDF
Alft
Vincenzo De Florio
 
PDF
Fault-tolerance on the Cheap: Making Systems That (Probably) Won't Fall Over
Brian Troutwine
 
PPTX
PriyaDharshini distributed operating system
PriyadharshiniVS
 
PPTX
Vanmathy distributed operating system
PriyadharshiniVS
 
PPT
Fault tolerance and computing
Palani murugan
 
PPTX
Comp8 unit9b lecture_slides
CMDLMS
 
PDF
fault tolerance management in cloud computing
Kruthikka Palraj
 
Chapter- Five fault powers poin lecture
borchala1
 
Fault Tolerance in Distributed System
Yatru Harsha Hiski
 
slides.08.pptx
balewayalew
 
An Investigation of Fault Tolerance Techniques in Cloud Computing
ijtsrd
 
Fault tolerance techniques
ECEDepartmentJSREC
 
RTS fault tolerance, Reliability evaluation
4132lenin6497ram
 
real time systems fault tolerance, Redundancy
4132lenin6497ram
 
Lec06-IO2.ppt
HemalkumarLakdawala
 
Resiliency vs High Availability vs Fault Tolerance vs Reliability
jeetendra mandal
 
Atifalhas
Evandro Madeira
 
10 sd-faulttolerance
Mudogo
 
Proposed Algorithm for Surveillance Applications
Editor IJCATR
 
Depandability in Software Engineering SE16
koolkampus
 
Alft
Vincenzo De Florio
 
Fault-tolerance on the Cheap: Making Systems That (Probably) Won't Fall Over
Brian Troutwine
 
PriyaDharshini distributed operating system
PriyadharshiniVS
 
Vanmathy distributed operating system
PriyadharshiniVS
 
Fault tolerance and computing
Palani murugan
 
Comp8 unit9b lecture_slides
CMDLMS
 
fault tolerance management in cloud computing
Kruthikka Palraj
 
Ad

More from Abolarinwa (9)

PDF
lecture notes on Introduction to Software Engineering CSC 209 .pdf
Abolarinwa
 
PDF
CYB 102 – Fundamentals of Cyber Security 4.pdf
Abolarinwa
 
PDF
CYB 102 – Fundamentals of Cyber Security 3.pdf
Abolarinwa
 
PDF
CYB 102 – Fundamentals of Cyber Security 2.pdf
Abolarinwa
 
PDF
CYB 102 – Fundamentals of Cyber Security .pdf
Abolarinwa
 
PDF
CYB 102 – Fundamentals of Cyber Security 4.pdf
Abolarinwa
 
PDF
CYB 102 – Fundamentals of Cyber Security 3.pdf
Abolarinwa
 
PPTX
Introduction to Cryptography CYB 303.pptx
Abolarinwa
 
PDF
COMPUTER SCIENCE COURSE 204 COMPILER CONSTRUCTION,.pdf
Abolarinwa
 
lecture notes on Introduction to Software Engineering CSC 209 .pdf
Abolarinwa
 
CYB 102 – Fundamentals of Cyber Security 4.pdf
Abolarinwa
 
CYB 102 – Fundamentals of Cyber Security 3.pdf
Abolarinwa
 
CYB 102 – Fundamentals of Cyber Security 2.pdf
Abolarinwa
 
CYB 102 – Fundamentals of Cyber Security .pdf
Abolarinwa
 
CYB 102 – Fundamentals of Cyber Security 4.pdf
Abolarinwa
 
CYB 102 – Fundamentals of Cyber Security 3.pdf
Abolarinwa
 
Introduction to Cryptography CYB 303.pptx
Abolarinwa
 
COMPUTER SCIENCE COURSE 204 COMPILER CONSTRUCTION,.pdf
Abolarinwa
 
Ad

Recently uploaded (20)

PPT
Lines and angles cbse class 9 math chemistry
cuteprincessmisty
 
PPTX
DEATH AUDIT MAY 2025.pptxurjrjejektjtjyjjy
somusachin100
 
PPTX
material for studying about lift elevators escalation
maxgunner1212001
 
DOCX
A PROPOSAL ON IoT climate sensor 2.docx
Praise369866
 
PDF
Dozuki_Solution-hardware minimalization.
kurtaku1
 
PPTX
Embeded System for Artificial intelligence 2.pptx
ifnadeksisa
 
PPTX
Presentacion compuuuuuuuuuuuuuuuuuuuuuuu
EstefaniaVillegas11
 
PPT
chapter_1_a.ppthduushshwhwbshshshsbbsbsbsbsh
sriram270905
 
PPT
Hypersensitivity Namisha1111111111-WPS.ppt
namisharamotra
 
PPTX
Sem-8 project ppt fortvfvmat uyyjhuj.pptx
canvaanshul
 
PDF
Smarter Security: How Door Access Control Works with Alarms & CCTV
Ighty Support
 
PPT
FABRICATION OF MOS FET BJT DEVICES IN NANOMETER
Nikhil Raj
 
PPTX
Prograce_Present.....ggation_Simple.pptx
KVENKATESH47
 
PPTX
5. MEASURE OF INTERIOR AND EXTERIOR- MATATAG CURRICULUM.pptx
MelanieEstebanVentur1
 
PPTX
1.pptxsadafqefeqfeqfeffeqfqeqfeqefqfeqfqeffqe
EarlVonneRoque
 
PPTX
PROGRAMMING-QUARTER-2-PYTHON.pptxnsnsndn
alexaqt551
 
PPTX
sdn_based_controller_for_mobile_network_traffic_management1.pptx
beatereichrath9
 
PDF
-DIGITAL-INDIA.pdf one of the most prominent
vishu244x
 
PPTX
title _yeOPC_Poisoning_Presentation.pptx
ramsiya7888123
 
PPTX
Lecture 3b C Library _ ESP32.pptxjfjfjffkkfkfk
indalrenu
 
Lines and angles cbse class 9 math chemistry
cuteprincessmisty
 
DEATH AUDIT MAY 2025.pptxurjrjejektjtjyjjy
somusachin100
 
material for studying about lift elevators escalation
maxgunner1212001
 
A PROPOSAL ON IoT climate sensor 2.docx
Praise369866
 
Dozuki_Solution-hardware minimalization.
kurtaku1
 
Embeded System for Artificial intelligence 2.pptx
ifnadeksisa
 
Presentacion compuuuuuuuuuuuuuuuuuuuuuuu
EstefaniaVillegas11
 
chapter_1_a.ppthduushshwhwbshshshsbbsbsbsbsh
sriram270905
 
Hypersensitivity Namisha1111111111-WPS.ppt
namisharamotra
 
Sem-8 project ppt fortvfvmat uyyjhuj.pptx
canvaanshul
 
Smarter Security: How Door Access Control Works with Alarms & CCTV
Ighty Support
 
FABRICATION OF MOS FET BJT DEVICES IN NANOMETER
Nikhil Raj
 
Prograce_Present.....ggation_Simple.pptx
KVENKATESH47
 
5. MEASURE OF INTERIOR AND EXTERIOR- MATATAG CURRICULUM.pptx
MelanieEstebanVentur1
 
1.pptxsadafqefeqfeqfeffeqfqeqfeqefqfeqfqeffqe
EarlVonneRoque
 
PROGRAMMING-QUARTER-2-PYTHON.pptxnsnsndn
alexaqt551
 
sdn_based_controller_for_mobile_network_traffic_management1.pptx
beatereichrath9
 
-DIGITAL-INDIA.pdf one of the most prominent
vishu244x
 
title _yeOPC_Poisoning_Presentation.pptx
ramsiya7888123
 
Lecture 3b C Library _ ESP32.pptxjfjfjffkkfkfk
indalrenu
 

CYB 102 – Fundamentals of Cyber Security 2.pdf

  • 1. CYB 102 – FUNDAMENTALS OF CYBER SECURITY Lecture Note slides Module 2
  • 2. Fault Tolerance Definition: is a process that enables an operating system to respond to a failure in hardware or software. This fault-tolerance definition refers to the system’s ability to continue operating despite failures or malfunctions. An operating system that offers a solid definition for faults cannot be disrupted by a single point of failure. It ensures business continuity and the high availability of crucial applications and systems regardless of any failures. How Does Fault Tolerance Work? Fault tolerance can be built into a system to remove the risk of it having a single point of failure. To do so, the system must have no single component that, if it were to stop working effectively, would result in the entire system failing. Fault tolerance is reliant on aspects like Load balancing and fail over, which remove the risk of a single point of failure. It will typically be part of the operating system’s interface, which enables programmers to check the performance of data throughout a transaction. A fault-tolerance process follows two core models:
  • 3. 1. Normal Functioning • This describes a situation when a fault-tolerant system encounters a fault but continues to function as usual. This means the system sees no change in performance metrics like throughput or response time. 2. Graceful Degradation • Other types of fault-tolerant systems will go through graceful degradation of performance when certain faults occur. That means the impact the fault has on the system’s performance is proportionate to the fault severity. In other words, a small fault will only have a small impact on the system’s performance rather than causing the entire system to fail or have major performance issues. Components of a Fault-tolerance System • The key benefit of fault tolerance is to minimize or avoid the risk of systems becoming unavailable due to a component error. This is particularly important in critical systems that are relied on to ensure people’s safety, such as air traffic control, and systems that protect and secure critical data and high-value transactions.
  • 4. Core Components of Improving Fault Tolerance The core components of improving fault tolerance include: ➢Diversity • If a system’s main electricity supply fails, potentially due to a storm that causes a power outage or affects a power station, it will not be possible to access alternative electricity sources. In this event, fault tolerance can be sourced through diversity, which provides electricity from sources like backup generators that take over when a main power failure occurs. • Some diverse fault-tolerance options result in the backup not having the same level of capacity as the primary source. This may, in some cases, require the system to ensure graceful degradation until the primary power source is restored. ➢Redundancy • Fault-tolerant systems use redundancy to remove the single point of failure. The system is equipped with one or more power supply units (PSUs), which do not need to power the system when the primary PSU functions as normal. In the event the primary PSU fails or suffers a fault, it can be removed from service and replaced by a redundant PSU, which takes over system function and performance. • Alternatively, redundancy can be imposed at a system level, which means an entire alternate computer system is in place in case a failure occurs.
  • 5. ➢Replication • Replication is a more complex approach to achieving fault tolerance. It involves using multiple identical versions of systems and subsystems and ensuring their functions always provide identical results. If the results are not identical, then a democratic procedure is used to identify the faulty system. Alternatively, a procedure can be used to check for a system that shows a different result, which indicates it is faulty. • Replication can either take place at the component level, which involves multiple processors running simultaneously or at the system level, which involves identical computer systems running simultaneously. Elements of Fault-tolerant Systems • Fault-tolerant systems also use backup components, which automatically replace failed components to prevent a loss of service. These backup components include: ❖Hardware Systems • Hardware systems can be backed up by systems that are identical or equivalent to them. A typical example is a server made fault-tolerant by deploying an identical server that runs in parallel to it and mirrors all its operations, such as the redundant array of inexpensive disks (RAID), which combines physical disk components to achieve redundancy and improved performance.
  • 6. ❖Software Systems • Software systems can be made fault-tolerant by backing them up with other software. A common example is backing up a database that contains customer data to ensure it can continuously replicate onto another machine. As a result, in the event that a primary database fails, normal operations will continue because they are automatically replicated and redirected onto the backup database. ❖Power Sources • Power sources can also be made fault-tolerant by using alternative sources to support them. One approach is to run devices on an uninterruptible power supply (UPS). Another is to use backup power generators that ensure storage and hardware, heating, ventilation, and air conditioning (HVAC) continue to operate as normal if the primary power source fails.
  • 7. Factors To Consider in Fault Tolerance • There are several factors that affect organizations’ decision to implement a fault-tolerant system, including: ❑Cost • The biggest disadvantage of adopting a fault-tolerant approach is the cost of doing so. Organizations must think carefully about the cost elements of a fault-tolerant or highly available system. • Fault-tolerant systems require organizations to have multiple versions of system components to ensure redundancy, extra equipment like backup generators, and additional hardware. These components need regular maintenance and testing. They also take up valuable space in data centers. ❑Quality Degradation • One way around the cost of fault tolerance is to opt for more cost-effective but lower-quality redundant components. This approach can inadvertently increase maintenance and support costs and make the system less reliable. To avoid such a situation, organizations must monitor the performance of individual components and keep an eye on their lifespan in relation to their cost. ❑Testing and Fault-detection Difficulties • Fault tolerance inevitably makes it more difficult to know if components are performing to the expected level because failures do not automatically result in the system going down. As a result, organizations will require additional resources and expenditure to continuously test and monitor their system health for faults.
  • 8. Application of Fault Tolerance • Fault tolerance specifically refers to the ability of a piece of hardware or software to withstand the failure of a key component. • This can be implemented at the hardware level using redundant power supplies or a Redundant Array of Inexpensive Disk (RAID) hard drive array. Disadvantages of Fault Tolerance • Cost: By far the biggest disadvantage of fault tolerance is that it leads to the building of systems that are far more costly than fault- intolerant systems. • That is because, among other reasons, they usually require multiple versions of the same components to provide redundancy.
  • 9. Difference between Fault Avoidance and Fault Tolerance • Fault avoidance (a process-oriented concept) seeks to prevent faults from being introduced into the software. • Fault tolerance (a product-oriented concept) accepts faults in a limited capacity and masks their manifestation (i.e., failures).
  • 10. Security Policies Definition; Security policies are a formal set of rules which is issued by an organization to ensure that the user who is authorized to access company technology and information assets comply with rules and guidelines related to the security of information. ▪ A security policy also considered to be a "living document" which means that the document is never finished, but it is continuously updated as requirements of the technology and employee changes. ▪ We use security policies to manage our network security. Most types of security policies are automatically created during the installation. We can also customize policies to suit our specific environment. ▪ It focuses on the tools, processes and methods needed to design, implement and test complete systems, and to adapt existing systems as their environment evolves.
  • 11. • A top down representation of the protection of a computer system might consist of the three layers shown in figure 1. Figure 1: Layers of protection in a computer system
  • 12. • At the highest level of abstraction, the whole system is represented by a concise and formalised set of goals and requirements: the policy. • At the bottom level, the system is composed of mechanisms such as the computing hardware, the cryptographic primitives, tamper resistant enclosures and seals as well as procedural items such as biometric scanning of individuals (iris, fingerprint, voiceprint...) for purposes of authentication. • Between those two extremes there will be some middleware that connects together the available mechanisms in order to build the system that conforms to the policy. This may include access control structures- whether or not enforced by the operating system and cryptographic protocols. • The security policy is a set of high-level documents that state precisely what goals the protection mechanisms are to achieve. It is driven by our understanding of threats, and in turn drives our system design.
  • 13. Need of Security policies 1) It increases efficiency. 2) It upholds discipline and accountability 3) It can make or break a business deal 4) It helps to educate employees on security literacy
  • 14. Types of cyber security policies There are some important cyber security policies recommendations describe below- Virus and Spyware Protection Policy: ▪ It helps to detect threads in files, to detect applications that exhibits suspicious behavior. ▪ Removes, and repairs the side effects of viruses and security risks by using signatures. Firewall Policy: ▪ It blocks unauthorized users from accessing the systems and networks that connect to the Internet. ▪ It detects attacks by cybercriminals and removes unwanted sources of network traffic. Intrusion Prevention policy: ▪ This policy automatically detects and blocks network attacks and browser attacks. ▪ It also protects applications from vulnerabilities and checks the contents of one or more data packages and detects malware that is coming through legal ways
  • 15. Application and Device Control: ▪ This policy protects a system's resources from applications and manages the peripheral devices that can attach to a system. ▪ The device control policy applies to both Windows and Mac computers whereas application control policy can be applied only to Windows clients.
  • 16. Components of a security policy The U.S. Department of Defense has promulgated the Five Pillars of Information Assurance model that includes the protection of: • confidentiality • Integrity • Availability • Authenticity • Non-repudiation of user data.