Information Assurance Essentials
Explore key concepts in Information Assurance including security components, common threats, defense strategies, policy goals, and correctness considerations. Enhance your understanding with examples and insights from Adam Doup at Arizona State University.
Download Presentation
Please find below an Image/Link to download the presentation.
The content on the website is provided AS IS for your information and personal use only. It may not be sold, licensed, or shared on other websites without obtaining consent from the author. If you encounter any issues during the download, it is possible that the publisher has removed the file from their server.
You are allowed to download the files provided on this website for personal or commercial use, subject to the condition that they are used lawfully. All files are the property of their respective owners.
The content on the website is provided AS IS for your information and personal use only. It may not be sold, licensed, or shared on other websites without obtaining consent from the author.
E N D
Presentation Transcript
Overview CSE 465 Information Assurance Fall 2017 Adam Doup Arizona State University http://adamdoupe.com
What is security? Adam Doup , Information Assurance 2
Components of Security Confidentiality Access Control Encryption Integrity Prevention Detection Availability Denial of Service Adam Doup , Information Assurance 3
Threats Disclosure Deception Disruption Usurpation Adam Doup , Information Assurance 4
Common Threats Snooping (wiretapping) Modification/alteration Man-in-the-middle (MITM) Masquerading/spoofing Delegation? Repudiation Denial of receipt Delay Denial of service Adam Doup , Information Assurance 5
How to Defend Against Threats? Security policy Security mechanism Adam Doup , Information Assurance 6
Example The system we want to defend is a house. Threats? Policy? Mechanism? Adam Doup , Information Assurance 7
Security Policy Goals Prevention Detection Recovery Adam Doup , Information Assurance 8
Defining Policies Natural Language Mathematics Policy Languages Adam Doup , Information Assurance 9
Correctness of Security Policy Assumptions What assumptions did we make in our house example? Policy is correct Mechanism correctly implements policy Trust Who do we trust? Adam Doup , Information Assurance 10
Mechanisms Technical Procedural Adam Doup , Information Assurance 11
Security Mechanism Effectiveness Secure Precise Broad Adam Doup , Information Assurance 12
Assurance How to trust that the system is secure? How much to trust the system? Can this be quantified? What does it depend on? Adam Doup , Information Assurance 13
Specification What is the system supposed to do? How to define? Adam Doup , Information Assurance 14
Design How to design the system? Does the design satisfy the specification? How to prove this? Adam Doup , Information Assurance 15
Implementation How is the design implemented? Does the implementation satisfy the design? How to prove this? Adam Doup , Information Assurance 16
Deployment, Configuration, Operation How is the implementation Deployed? Configured? Operation? How to prove this? Adam Doup , Information Assurance 17
Cost-Benefit Analysis Are security measures/mechanisms worth the cost? What factors to consider? Adam Doup , Information Assurance 18
Risk Analysis Should an asset be protected? What threats does it face? What are the consequences if it is attacked? What level to protect an asset? Does risk remain constant? How to quantify risk? Adam Doup , Information Assurance 19
Laws/Customs Laws can restrict policy and mechanisms Various countries have (or have had in the past) laws regrading cryptography Could privacy laws restrict an admin from performing their job? Customs Adam Doup , Information Assurance 20
Human Issues Who is responsible for security in an organization? How much budget do they have? How much organizational power do they have? Who enforces the security of a system? People and systems Adam Doup , Information Assurance 22
![❤[READ]❤ Deep Space Craft: An Overview of Interplanetary Flight (Springer Praxis](/thumb/21511/read-deep-space-craft-an-overview-of-interplanetary-flight-springer-praxis.jpg)
