Principles of Information System Security: Text and Cases

Gurpreet Dhillon

PowerPoint Prepared by Youlong ZhuangUniversity of Missouri-Columbia

Principles of Information System Security: Text and Cases

Chapter TwoSecurity of Technical Systems in Organizations: An Introduction

Copyright 2006 John Wiley & Sons, Inc.

2-3

Learning Objectives Understand the core information

system security requirements of an organization

Define types of vulnerabilities Describe the three principles of

security Identify the three principles of

easiest penetration, timeliness, and effectiveness

Copyright 2006 John Wiley & Sons, Inc.

2-4

Principle of Easiest Penetration A string is only as strong as its weakest link. Weakest points

Doors and windows of a house What is the vulnerability of your information system?

“Perpetrators don’t have the values assumed by the technologists. They generally stick to the easiest, safest, simplest means to accomplishing their objectives.” [Donn Parker]

Consider a range of possible security breaches– strengthening one might make another more attractive to a perpetrator

Copyright 2006 John Wiley & Sons, Inc.

2-5

Vulnerabilities At a technical level, What should

we protect? Hardware Software Date

Copyright 2006 John Wiley & Sons, Inc.

2-6

Vulnerabilities (cont’d) What threats are there?

Modification Destruction Disclosure Interception Interruption fabrication

Copyright 2006 John Wiley & Sons, Inc.

2-7

Vulnerabilities (cont’d) Modification

Data is altered without authorization Someone may change the value directly Altered software may perform additional

computations Changed hardware may modify data Data can be modified in store or in

transmission

Copyright 2006 John Wiley & Sons, Inc.

2-8

Vulnerabilities (cont’d) Destruction

Hardware, software, or data is destroyed Hardware may be destroyed by the

environment Software may be destroyed by malicious

intent Data may be destroyed by deletion, or

failure of hardware/software

Copyright 2006 John Wiley & Sons, Inc.

2-9

Vulnerabilities (cont’d) Disclosure

Mostly about data Make data available without due consent Data is stolen but owner still has it Impact on security and privacy Intentional or unintended Can be managed by instituting proper

program and software controls

Copyright 2006 John Wiley & Sons, Inc.

2-10

Vulnerabilities (cont’d) Interception

Unauthorized access to computer resources

Copying of programs, data, or other confidential information

An interceptor may use computing resources at one location to access assets elsewhere

Copyright 2006 John Wiley & Sons, Inc.

2-11

Vulnerabilities (cont’d) Interruption

Systems unavailable for legitimate use

Damaged hardware Malfunctioned operating system Congested network Denial of service

Copyright 2006 John Wiley & Sons, Inc.

2-12

Vulnerabilities (cont’d) Fabrication

Spurious transactions are inserted into a network or records added to an existing database

Counterfeited objects placed by unauthorized parties

May be difficult to distinguish between genuine and forged one

Phishing

Copyright 2006 John Wiley & Sons, Inc.

2-13

A Summary of Vulnerabilities (Table 2.1)

Computing resource

Type of Vulnerabilities

Hardware Destruction; Interception; Interruption

Software Modification; Interception; Interruption

Data Destruction; Interception; Interruption; Fabrication; Modification; Disclosure

Copyright 2006 John Wiley & Sons, Inc.

2-14

Hardware Vulnerability Destruction, interception, interruption Lock and key and common sense may

help in preventing loss or destruction of hardware

Natural disaster or terrorist attacks are possible

Even theft and replication of hardware can lead to serious security concerns

Copyright 2006 John Wiley & Sons, Inc.

2-15

Software Vulnerability Modification, interception, interruption Logic bombs Trojan horse Virus Trapdoor More people are involved in the

software protection than in the hardware protection

Copyright 2006 John Wiley & Sons, Inc.

2-16

Data Vulnerability Have the broadest impact The cost of data lost

Recover or reconstruct Lost competitiveness Difficult to measure

Time sensitive Confidentiality, integrity, and

availability of data – context dependent

Copyright 2006 John Wiley & Sons, Inc.

2-17

Confidentiality Protection of private data, either as it resides in

the computer systems or during transmission Means to protect confidentiality

Access control Lock and key password

Encryption Confidentiality of data has been compromised

where inference can be drawn without disclosure Need to know principle may work well in military

environment, but in business, the need to withhold principles is more appropriate

Copyright 2006 John Wiley & Sons, Inc.

2-18

Confidentiality Attribute and Protection of Data and Software (Table 2.2)

Data Software

Confidentiality

A set of rules to determine if a subject has access to an object

Limited access to code

Kinds of controls

Labels, encryption, discretionary and mandatory access control, reuse prevention

Copyright, patents, labels, physical access control locks

Possible losses

Disclosure, inference, espionage

Piracy, trade secret loss, espionage

Copyright 2006 John Wiley & Sons, Inc.

2-19

Integrity An unimpaired condition, a state of

completeness and wholeness and adherence to a code of values

A simpler definition, data and programs are changed only in a specified and authorized manner

All data is presented and accounted for, irrespective of it being accurate or correct

Plays a greater role at a system and user policy levels of abstraction than at the data level

Part of authenticity in Clark-Wilson Model (Chapter 3)

Copyright 2006 John Wiley & Sons, Inc.

2-20

Integrity (cont’d) Prevention mechanisms

Blocking unauthorized attempts to change the data or change the data in an unauthorized manner

Someone breaks into the sales system and tries to change the data is an example of an unauthorized attempts to change the data

A sales personnel attempt to post transactions so as to earn bonuses is an example of change the data in an unauthorized manner

Copyright 2006 John Wiley & Sons, Inc.

2-21

Integrity (cont’d) Detection mechanisms

Reporting violations of integrity, but not stopping violations from taking place

Confidentiality vs. integrity Data been compromised Trustworthiness and correctness of

data

Copyright 2006 John Wiley & Sons, Inc.

2-22

Integrity Attribute and Protection of Data and Software, Table 2.3

Data Software

Integrity

Unimpaired, complete, whole, correct

Unimpaired, everything present and in an ordered manner

Kinds of controls

Hash totals, check bits, sequence number checks, missing data checks

Hash totals, pedigree checks, escrow, vendor assurance sequencing

Possible losses

Larceny, fraud, concatenation

Theft, fraud, concatenation

Copyright 2006 John Wiley & Sons, Inc.

2-23

Availability Data and service are accessible when and

where needed by legitimate users Relate to aspects of reliability Denial of service is perhaps the best known

example System designs are based on pattern of use Availability attacks are most difficult to

detect Identifying a certain atypical event

Copyright 2006 John Wiley & Sons, Inc.

2-24

Availability Attribute and Protection of Data and Software, Table 2.4

Data Software

Availability

Present and accessible when and where needed

Usable and accessible when and where needed

Kinds of controls

Redundancy, back up, recovery plan, statistical pattern recognition

Escrow, redundancy, back up, recovery plan

Possible losses

Denial of service, failure to provide, sabotage, larceny

Larceny, failure to act, interference

Copyright 2006 John Wiley & Sons, Inc.

2-25

Authentication Assures that the message is from a

source it claims to be from A third party cannot masquerade as

one of the two parties Extrinsic correct and valid Timeliness is an important attribute Able to trace to its original

Copyright 2006 John Wiley & Sons, Inc.

2-26

Authentication Attribute and Protection of Data and Software, Table 2.5

Data SoftwareAuthentication

Genuine. Accepted as conforming to a fact

Genuine. Unquestioned origin

Kinds of controls

Audit log, verification validation

Vendor assurances, pedigree documentation. Hash totals, maintenance log. Serial checks

Possible losses

Replacement, false data entry, failure to act, repudiation, deception, misrepresentation

Piracy, misrepresentation, replacement, fraud

Copyright 2006 John Wiley & Sons, Inc.

2-27

Non repudiation Non repudiation is to prevent an

individual or entity from denying having performed a particular action

Business and society increase reliance on electronic communications and maintaining legality of electronic documents

Digital signature is one such approach More details in subsequent chapters

Copyright 2006 John Wiley & Sons, Inc.

2-28

Non Repudiation Attribute and Protection of Data and Software (Table 2.6)

Data Software

Non repudiation

Genuine, true and authentic communication

Genuine. True

Kinds of controls

Authentication, validation checks

Integrity controls, non modification controls

Possible losses

Monetary, loss of identity, disclosure of private information

Vulnerability of software code, fraud, misconstrued software

Copyright 2006 John Wiley & Sons, Inc.

2-29

Methods of Defense Encryption

Change data to unintelligible form If used successfully

Reduce the chances of interception or modification

If used improperly Performance may be compromised

Copyright 2006 John Wiley & Sons, Inc.

2-30

Methods of Defense (cont’d) Encryption

Only party in control can decrypt a message

analogous to managing access keys to your house

Security of encrypted data is as good as the protection of the keys and the machines

Copyright 2006 John Wiley & Sons, Inc.

2-31

Methods of Defense (cont’d) Software controls

Software development controls Conformance to standards and

methodologies Good testing, coding, and maintenance

Operating system controls Protecting individual user Establishing extensive checklists

Copyright 2006 John Wiley & Sons, Inc.

2-32

Methods of Defense (cont’d) Software controls

Program controls Internal to the software Access limitations

Above controls can be instituted at an input, processing, and output levels

Balance between ease of use and level of security controls

Copyright 2006 John Wiley & Sons, Inc.

2-33

Methods of Defense (cont’d) Physical and hardware controls

Locks and doors, guards at entry, and the general physical site planning

Smart card applications and circuit boards controlling access to disk drives

Copyright 2006 John Wiley & Sons, Inc.

2-34

Three Principles The principle of easiest penetration

Foundation for security Identifying and managing the weakest links

in the security chain The principle of timeliness

Delay in cracking a system Protecting data long enough

The principle of effectiveness Balance between controls Controls should not be a hindrance to the

business

Copyright 2006 John Wiley & Sons, Inc.

2-35

Copyright 2006 John Wiley & Sons, Inc.All rights reserved. Reproduction or translation of

this work beyond that permitted in section 117 of the 1976 United States Copyright Act without express permission of the copyright owner is unlawful. Request for further information should be addressed to the Permission Department, John Wiley & Sons, Inc. The purchaser may make back-up copies for his/her own use only and not for distribution or resale. The Publisher assumes no responsibility for errors, omissions, or damages caused by the use of these programs or from the use of the information herein.