Upload
evelyn-marshall
View
221
Download
0
Embed Size (px)
DESCRIPTION
Copyright 2006 John Wiley & Sons, Inc.2-3 Learning Objectives Understand the core information system security requirements of an organization Define types of vulnerabilities Describe the three principles of security Identify the three principles of easiest penetration, timeliness, and effectiveness
Citation preview
Principles of Information System Security: Text and Cases
Gurpreet Dhillon
PowerPoint Prepared by Youlong ZhuangUniversity of Missouri-Columbia
Principles of Information System Security: Text and Cases
Chapter TwoSecurity of Technical Systems in Organizations: An Introduction
Copyright 2006 John Wiley & Sons, Inc.
2-3
Learning Objectives Understand the core information
system security requirements of an organization
Define types of vulnerabilities Describe the three principles of
security Identify the three principles of
easiest penetration, timeliness, and effectiveness
Copyright 2006 John Wiley & Sons, Inc.
2-4
Principle of Easiest Penetration A string is only as strong as its weakest link. Weakest points
Doors and windows of a house What is the vulnerability of your information system?
“Perpetrators don’t have the values assumed by the technologists. They generally stick to the easiest, safest, simplest means to accomplishing their objectives.” [Donn Parker]
Consider a range of possible security breaches– strengthening one might make another more attractive to a perpetrator
Copyright 2006 John Wiley & Sons, Inc.
2-5
Vulnerabilities At a technical level, What should
we protect? Hardware Software Date
Copyright 2006 John Wiley & Sons, Inc.
2-6
Vulnerabilities (cont’d) What threats are there?
Modification Destruction Disclosure Interception Interruption fabrication
Copyright 2006 John Wiley & Sons, Inc.
2-7
Vulnerabilities (cont’d) Modification
Data is altered without authorization Someone may change the value directly Altered software may perform additional
computations Changed hardware may modify data Data can be modified in store or in
transmission
Copyright 2006 John Wiley & Sons, Inc.
2-8
Vulnerabilities (cont’d) Destruction
Hardware, software, or data is destroyed Hardware may be destroyed by the
environment Software may be destroyed by malicious
intent Data may be destroyed by deletion, or
failure of hardware/software
Copyright 2006 John Wiley & Sons, Inc.
2-9
Vulnerabilities (cont’d) Disclosure
Mostly about data Make data available without due consent Data is stolen but owner still has it Impact on security and privacy Intentional or unintended Can be managed by instituting proper
program and software controls
Copyright 2006 John Wiley & Sons, Inc.
2-10
Vulnerabilities (cont’d) Interception
Unauthorized access to computer resources
Copying of programs, data, or other confidential information
An interceptor may use computing resources at one location to access assets elsewhere
Copyright 2006 John Wiley & Sons, Inc.
2-11
Vulnerabilities (cont’d) Interruption
Systems unavailable for legitimate use
Damaged hardware Malfunctioned operating system Congested network Denial of service
Copyright 2006 John Wiley & Sons, Inc.
2-12
Vulnerabilities (cont’d) Fabrication
Spurious transactions are inserted into a network or records added to an existing database
Counterfeited objects placed by unauthorized parties
May be difficult to distinguish between genuine and forged one
Phishing
Copyright 2006 John Wiley & Sons, Inc.
2-13
A Summary of Vulnerabilities (Table 2.1)
Computing resource
Type of Vulnerabilities
Hardware Destruction; Interception; Interruption
Software Modification; Interception; Interruption
Data Destruction; Interception; Interruption; Fabrication; Modification; Disclosure
Copyright 2006 John Wiley & Sons, Inc.
2-14
Hardware Vulnerability Destruction, interception, interruption Lock and key and common sense may
help in preventing loss or destruction of hardware
Natural disaster or terrorist attacks are possible
Even theft and replication of hardware can lead to serious security concerns
Copyright 2006 John Wiley & Sons, Inc.
2-15
Software Vulnerability Modification, interception, interruption Logic bombs Trojan horse Virus Trapdoor More people are involved in the
software protection than in the hardware protection
Copyright 2006 John Wiley & Sons, Inc.
2-16
Data Vulnerability Have the broadest impact The cost of data lost
Recover or reconstruct Lost competitiveness Difficult to measure
Time sensitive Confidentiality, integrity, and
availability of data – context dependent
Copyright 2006 John Wiley & Sons, Inc.
2-17
Confidentiality Protection of private data, either as it resides in
the computer systems or during transmission Means to protect confidentiality
Access control Lock and key password
Encryption Confidentiality of data has been compromised
where inference can be drawn without disclosure Need to know principle may work well in military
environment, but in business, the need to withhold principles is more appropriate
Copyright 2006 John Wiley & Sons, Inc.
2-18
Confidentiality Attribute and Protection of Data and Software (Table 2.2)
Data Software
Confidentiality
A set of rules to determine if a subject has access to an object
Limited access to code
Kinds of controls
Labels, encryption, discretionary and mandatory access control, reuse prevention
Copyright, patents, labels, physical access control locks
Possible losses
Disclosure, inference, espionage
Piracy, trade secret loss, espionage
Copyright 2006 John Wiley & Sons, Inc.
2-19
Integrity An unimpaired condition, a state of
completeness and wholeness and adherence to a code of values
A simpler definition, data and programs are changed only in a specified and authorized manner
All data is presented and accounted for, irrespective of it being accurate or correct
Plays a greater role at a system and user policy levels of abstraction than at the data level
Part of authenticity in Clark-Wilson Model (Chapter 3)
Copyright 2006 John Wiley & Sons, Inc.
2-20
Integrity (cont’d) Prevention mechanisms
Blocking unauthorized attempts to change the data or change the data in an unauthorized manner
Someone breaks into the sales system and tries to change the data is an example of an unauthorized attempts to change the data
A sales personnel attempt to post transactions so as to earn bonuses is an example of change the data in an unauthorized manner
Copyright 2006 John Wiley & Sons, Inc.
2-21
Integrity (cont’d) Detection mechanisms
Reporting violations of integrity, but not stopping violations from taking place
Confidentiality vs. integrity Data been compromised Trustworthiness and correctness of
data
Copyright 2006 John Wiley & Sons, Inc.
2-22
Integrity Attribute and Protection of Data and Software, Table 2.3
Data Software
Integrity
Unimpaired, complete, whole, correct
Unimpaired, everything present and in an ordered manner
Kinds of controls
Hash totals, check bits, sequence number checks, missing data checks
Hash totals, pedigree checks, escrow, vendor assurance sequencing
Possible losses
Larceny, fraud, concatenation
Theft, fraud, concatenation
Copyright 2006 John Wiley & Sons, Inc.
2-23
Availability Data and service are accessible when and
where needed by legitimate users Relate to aspects of reliability Denial of service is perhaps the best known
example System designs are based on pattern of use Availability attacks are most difficult to
detect Identifying a certain atypical event
Copyright 2006 John Wiley & Sons, Inc.
2-24
Availability Attribute and Protection of Data and Software, Table 2.4
Data Software
Availability
Present and accessible when and where needed
Usable and accessible when and where needed
Kinds of controls
Redundancy, back up, recovery plan, statistical pattern recognition
Escrow, redundancy, back up, recovery plan
Possible losses
Denial of service, failure to provide, sabotage, larceny
Larceny, failure to act, interference
Copyright 2006 John Wiley & Sons, Inc.
2-25
Authentication Assures that the message is from a
source it claims to be from A third party cannot masquerade as
one of the two parties Extrinsic correct and valid Timeliness is an important attribute Able to trace to its original
Copyright 2006 John Wiley & Sons, Inc.
2-26
Authentication Attribute and Protection of Data and Software, Table 2.5
Data SoftwareAuthentication
Genuine. Accepted as conforming to a fact
Genuine. Unquestioned origin
Kinds of controls
Audit log, verification validation
Vendor assurances, pedigree documentation. Hash totals, maintenance log. Serial checks
Possible losses
Replacement, false data entry, failure to act, repudiation, deception, misrepresentation
Piracy, misrepresentation, replacement, fraud
Copyright 2006 John Wiley & Sons, Inc.
2-27
Non repudiation Non repudiation is to prevent an
individual or entity from denying having performed a particular action
Business and society increase reliance on electronic communications and maintaining legality of electronic documents
Digital signature is one such approach More details in subsequent chapters
Copyright 2006 John Wiley & Sons, Inc.
2-28
Non Repudiation Attribute and Protection of Data and Software (Table 2.6)
Data Software
Non repudiation
Genuine, true and authentic communication
Genuine. True
Kinds of controls
Authentication, validation checks
Integrity controls, non modification controls
Possible losses
Monetary, loss of identity, disclosure of private information
Vulnerability of software code, fraud, misconstrued software
Copyright 2006 John Wiley & Sons, Inc.
2-29
Methods of Defense Encryption
Change data to unintelligible form If used successfully
Reduce the chances of interception or modification
If used improperly Performance may be compromised
Copyright 2006 John Wiley & Sons, Inc.
2-30
Methods of Defense (cont’d) Encryption
Only party in control can decrypt a message
analogous to managing access keys to your house
Security of encrypted data is as good as the protection of the keys and the machines
Copyright 2006 John Wiley & Sons, Inc.
2-31
Methods of Defense (cont’d) Software controls
Software development controls Conformance to standards and
methodologies Good testing, coding, and maintenance
Operating system controls Protecting individual user Establishing extensive checklists
Copyright 2006 John Wiley & Sons, Inc.
2-32
Methods of Defense (cont’d) Software controls
Program controls Internal to the software Access limitations
Above controls can be instituted at an input, processing, and output levels
Balance between ease of use and level of security controls
Copyright 2006 John Wiley & Sons, Inc.
2-33
Methods of Defense (cont’d) Physical and hardware controls
Locks and doors, guards at entry, and the general physical site planning
Smart card applications and circuit boards controlling access to disk drives
Copyright 2006 John Wiley & Sons, Inc.
2-34
Three Principles The principle of easiest penetration
Foundation for security Identifying and managing the weakest links
in the security chain The principle of timeliness
Delay in cracking a system Protecting data long enough
The principle of effectiveness Balance between controls Controls should not be a hindrance to the
business
Copyright 2006 John Wiley & Sons, Inc.
2-35
Copyright 2006 John Wiley & Sons, Inc.All rights reserved. Reproduction or translation of
this work beyond that permitted in section 117 of the 1976 United States Copyright Act without express permission of the copyright owner is unlawful. Request for further information should be addressed to the Permission Department, John Wiley & Sons, Inc. The purchaser may make back-up copies for his/her own use only and not for distribution or resale. The Publisher assumes no responsibility for errors, omissions, or damages caused by the use of these programs or from the use of the information herein.