Cybersecurity Design Principles and CIA Triad Overview

cys 1212 n.w
1 / 16
Embed
Share

Explore the fundamentals of cybersecurity design principles and the CIA Triad, including confidentiality, integrity, and availability. Learn about key security concepts, levels of security, and the challenges of computer security at King Saud University CYS 1212 lecture series.

  • Cybersecurity
  • CIA Triad
  • King Saud University
  • Security Design
  • Fundamental Principles
rayaanacharya
millsob Follow

Uploaded on | 0 Views

Download Presentation

Please find below an Image/Link to download the presentation.

The content on the website is provided AS IS for your information and personal use only. It may not be sold, licensed, or shared on other websites without obtaining consent from the author. If you encounter any issues during the download, it is possible that the publisher has removed the file from their server.

You are allowed to download the files provided on this website for personal or commercial use, subject to the condition that they are used lawfully. All files are the property of their respective owners.

Download Presentation

The content on the website is provided AS IS for your information and personal use only. It may not be sold, licensed, or shared on other websites without obtaining consent from the author.

E N D

Presentation Transcript

  1. CYS 1212 Cybersecurity Design Principles Lecture 1 Part 1 CIA Triad and Fundamental Security Design Principles King Saud University Applied Studies and Community Service CYS 1212

  2. Topics 1. Three key objectives of computer security. 2. Levels of security. 3. Examples of security requirements: Confidentiality, Integrity, and Availability. 4. Challenges of computer security. 5. Fundamental Security Design Principles. King Saud University Applied Studies and Community Service CYS 1212

  3. Objectives Recognizing Three key objectives of Computer Security (the CIA triad). Knowing Levels of security. . Levels of security breach impact Give Examples of security requirements. Explaining Levels of security. Recognizing of Challenges of computer security. Listing Fundamental Security Design Principles. King Saud University Applied Studies and Community Service CYS 1212

  4. Three key objectives (the CIA triad) Confidentiality Data confidentiality: Assures that confidential information is not disclosed to unauthorized individuals. Privacy: Assures that individual control or influence what information may be collected and stored. Integrity Data integrity: assures that information and programs are changed only in a specified and authorized manner. King Saud University Applied Studies and Community Service CYS 1212

  5. Three key objectives (the CIA triad System integrity: Assures that a system performs its operations in unimpaired manner. Availability: assure that systems works promptly and service is not denied to authorized users. King Saud University Applied Studies and Community Service CYS 1212

  6. Key Security Concepts King Saud University Applied Studies and Community Service CYS 1212

  7. Levels of security Low: the loss will have a limited impact, e.g., a degradation in mission or minor damage or minor financial loss or minor harm Authenticity Authenticity: the property of being genuine and being able to be verified and trusted; confident in the validity of a transmission, or a message, or its originator mission or significant harm to individuals but no loss of life or threatening Moderate: the loss has a serious effect, e.g., significance degradation on injuries Accountability Accountability: generates the requirement for actions of an entity to be traced uniquely to that individual to support nonrepudiation, deference, fault isolation, organizational assets or on individuals (e.g., loss of life) High: the loss has severe or catastrophic adverse effect on operations, King Saud University Applied Studies and Community Service CYS 1212

  8. Examples of security requirements: Confidentiality Student grade information is an asset whose confidentiality is considered to be very high - The US FERPA Act: grades should only be available to students, their parents, and their employers (when required for the job) Student enrollment information: may have moderate confidentiality rating; less damage if enclosed Directory information: low confidentiality rating; often available publicly King Saud University Applied Studies and Community Service CYS 1212

  9. Examples of security requirements: Integrity A hospital patient s allergy information (high integrity data): a doctor should be able to trust that the info is correct and current - If a nurse deliberately falsifies the data, the database should be restored to a trusted basis and the falsified information traced back to the person who did it. An online newsgroup registration data: moderate level of integrity An example of low integrity requirement: anonymous online poll (inaccuracy is well understood) King Saud University Applied Studies and Community Service CYS 1212

  10. Examples of security requirements: Availability A system that provides authentication: high availability requirement If customers cannot access resources, the loss of services could result in financial loss A public website for a university: a moderate availably requirement; not A system that provides authentication: high availability requirement critical but causes embarrassment An online telephone directory lookup: a low availability requirement because unavailability is mostly annoyance (there are alternative sources) King Saud University Applied Studies and Community Service CYS 1212

  11. Some / Challenges of computer security 1. 2. 3. 4. 5. 6. 7. Computer security is not simple One must consider potential (unexpected) attacks Procedures used are often counter-intuitive Must decide where to deploy mechanisms A system that provides authentication: high availability requirement A battle of wits between attacker / admin Requires constant monitoring Regarded as impediment to using system King Saud University Applied Studies and Community Service CYS 1212

  12. Fundamental Security Design Principles These principles offer a balance between aspirational (and therefore unobtainable) perfect security, and the pragmatic need to get things done. Although each of the principles can powerfully affect security, the principles have their full effect only when used in concert and throughout an organization. King Saud University Applied Studies and Community Service CYS 1212

  13. Fundamental Security Design Principles These principles are a powerful mental tool for approaching security: one that doesn t age out of usefulness or apply only to a few specific technologies and contexts. The principles are ultimately only one piece in the security practitioner s toolkit, but they are a flexible piece that will serve different roles for different people. King Saud University Applied Studies and Community Service CYS 1212

  14. Fundamental Security Design Principles 1) Separation of privilege and duties. 2) Least Privilege . 3) Isolation . 4) Modularity. 5) Economy of mechanism. 6) Encapsulation. 7) Minimization of Implementation (Least Common Mechanism). 8) Open Design 9) Complete Mediation. 10)Layering and Defense-in-Depth. 11)Fail Safe Defaults/Fail Secure. 12)Least Astonishment (Psychological Acceptability). 13)Minimize Trust Surface (Reluctance to Trust). 14)Trust Relationships 15)Usability King Saud University Applied Studies and Community Service CYS 1212

  15. Questions? King Saud University Applied Studies and Community Service CYS 1212

  16. End of Part 1 of Lecture 1 King Saud University Applied Studies and Community Service CYS 1212

Related


Locksmith in Ireland

Locksmith in Ireland

Tejaswini
Press-Release-Newswire-Improve-Brand-Credibility-in-US

Press-Release-Newswire-Improve-Brand-Credibility-in-US

book
The Benefits of SEO for Startups and New Businesses

The Benefits of SEO for Startups and New Businesses

Digi3
SUD Life Century Gold - Individual Saving Life Insurance Plan

SUD Life Century Gold - Individual Saving Life Insurance Plan

mariah
Choose the Perfect PPT Template for Your Presentation Needs

Choose the Perfect PPT Template for Your Presentation Needs

sukie
Salinity in Seawater: Density, Composition, and Variations

Salinity in Seawater: Density, Composition, and Variations

kyliann
Thermal Physics Lecture by Dr. Erwin Sitompul at President University

Thermal Physics Lecture by Dr. Erwin Sitompul at President University

mckinzle
Guidelines for Uploading Presentation Files at ASP-DAC 2019

Guidelines for Uploading Presentation Files at ASP-DAC 2019

zaer271
SALESFORCE PPT QUE

SALESFORCE PPT QUE

Sapalogy
Advanced Topics in Communication Systems: Lecture 18 Overview and Final Exam Details

Advanced Topics in Communication Systems: Lecture 18 Overview and Final Exam Details

smiha
Modern Teaching Technologies and Productivity Apps

Modern Teaching Technologies and Productivity Apps

erdem
Anupam Saxena's ME 251 Lecture III - Part and Assembly Drawings: Example II

Anupam Saxena's ME 251 Lecture III - Part and Assembly Drawings: Example II

rroge
History of Delhi Sultanate (A.D. 1200 - A.D. 1526) Presentation

History of Delhi Sultanate (A.D. 1200 - A.D. 1526) Presentation

mlang
Caterpillar Cat 279D COMPACT TRACK LOADER (Prefix PPT) Service Repair Manual Instant Download

Caterpillar Cat 279D COMPACT TRACK LOADER (Prefix PPT) Service Repair Manual Instant Download

fuswsozdktvdmsmk
Medical Lecture Committee and Funds Overview

Medical Lecture Committee and Funds Overview

desantos_j

More Related Content