Uploaded bynewbie2019
PDF, PPTX393 views

Chapter 3 security principals

This document discusses several key concepts in information system security: Authentication involves verifying the identity of a user or system, usually through passwords, ID cards, or biometrics. Authorization determines what resources a user can access after authentication. Privacy/confidentiality ensures sensitive personal data and messages are kept secret through encryption. Integrity keeps information from being altered without authorization. Availability ensures security services and data remain accessible. Non-repudiation prevents denied participation in online transactions. Auditing records network activity and communications for security monitoring through system logging.

Embed presentation

Download as PDF, PPTX
INFORMATION SYSTEM SECURITY Jupriyadi, S.Kom. M.T. jupriyadi@teknokrat.ac.id Bandarlampung, Juli 2021 Chapter 3
Security Principals Authentication Authorization or Access Control Privacy / Confidentiality Integrity Availability Non-repudiation Auditing
Authentication Stating that the data or information used or provided by the user is the person's original Countermeasure: Using Digital signature
Authentication  Authentication is used by a server when the server needs to know exactly who is accessing their information or site.  Authentication is used by a client when the client needs to know that the server is system it claims to be.  In authentication, the user or computer has to prove its identity to the server or client.  Usually, authentication by a server entails the use of a user name and password. Other ways to authenticate can be through cards, retina scans, voice recognition, and fingerprints.  Authentication by a client usually involves the server giving a certificate to the client in which a trusted third party.  Authentication does not determine what tasks the individual can do or what files the individual can see. Authentication merely identifies and verifies who the person or system is.
Three Schemes Authentication • Password Something you know • ID Card Something you have • Finger Prints Something you are
Authorization or Access Control Setting who can do what, or from where to where. Can use the mechanisms of user / password or other mechanism Example: ACL on Proxy Server
Authorization or Access Control  Authorization is a process by which a server determines if the client has permission to use a resource or access a file.  Authorization is usually coupled with authentication so that the server has some concept of who the client is that is requesting access.  The type of authentication required for authorization may vary; passwords may be required in some cases but not in others.  In some cases, there is no authorization; any user may be use a resource or access a file simply by asking for it. Most of the web pages on the Internet require no authentication or authorization.
Privacy/Confidentiality Security of personal data, messages or other sensitive information Countermeasure: Using encryption
Integrity Information or messages that are kept unchanged or changed.
Availability The availability of information security services. Countermeasure : Firewall and router filtering, backup and redundancy, IDS and IPS
Non-repudiation Keeping that if it is done online transactions or activities, it can not be disclaimed
Auditing The existence of the file records data communications that occur on the network for auditing purposes such as identifying attacks on the network or server Implementation : Using System Logging
Basic Terminology  Threats  natural threats  unintentional threats  intentional threats  Vulnerabilities  weakness in the design  Configuration  implementation  Risk  Attacks
What's Next ?

More Related Content

PDF
C02
bynewbie2019
 
PDF
Ethical hacking and social engineering
bySweta Kumari Barnwal
 
PPT
Security and information assurance
bybdemchak
 
PDF
Chapter 4 vulnerability threat and attack
bynewbie2019
 
PDF
Fundamentals of information systems security ( pdf drive ) chapter 1
bynewbie2019
 
PDF
Addressing Insider Threat using "Where You Are" as Fourth Factor Authentication
byPeter Choi
 
PDF
55994241 cissp-cram
bybsnl007
 
PPTX
PACE-IT, Security+ 6.3: Introduction to Public Key Infrastructure (part 1)
byPace IT at Edmonds Community College
 
C02
bynewbie2019
 
Ethical hacking and social engineering
bySweta Kumari Barnwal
 
Security and information assurance
bybdemchak
 
Chapter 4 vulnerability threat and attack
bynewbie2019
 
Fundamentals of information systems security ( pdf drive ) chapter 1
bynewbie2019
 
Addressing Insider Threat using "Where You Are" as Fourth Factor Authentication
byPeter Choi
 
55994241 cissp-cram
bybsnl007
 
PACE-IT, Security+ 6.3: Introduction to Public Key Infrastructure (part 1)
byPace IT at Edmonds Community College
 

What's hot

PPT
E business security
bySameer Sharma
 
PPTX
Security and management
byArtiSolanki5
 
PDF
Two-factor authentication- A sample writing _Zaman
byAsad Zaman
 
PPTX
Architecting for Security Resilience
byJoel Aleburu
 
PPTX
Data and Message Security
byNrapesh Shah
 
PPTX
5 Security Tips to Protect Your Login Credentials and More
byCommunity IT Innovators
 
PPTX
information security(authentication application, Authentication and Access Co...
byZara Nawaz
 
PDF
Chapter 15 incident handling
bynewbie2019
 
PDF
E commerce Security
byWisnu Dewobroto
 
PDF
Chapter 2 konsep dasar keamanan
bynewbie2019
 
PPTX
Threat Modeling - Writing Secure Code
byCaleb Jenkins
 
PDF
Ch19 E Commerce Security
byphanleson
 
PDF
Honey Pot Intrusion Detection System
byInternational Journal of Engineering Inventions www.ijeijournal.com
 
PPTX
PACE-IT, Security+ 4.1: Application Security Controls and Techniques
byPace IT at Edmonds Community College
 
PPTX
PACE-IT, Security+3.5: Types of Application Attacks (part 2)
byPace IT at Edmonds Community College
 
PPTX
Data base security and injection
byA. Shamel
 
PDF
Combating Phishing Attacks
byRapid7
 
DOCX
VAPT- A Service on Eucalyptus Cloud
bySwapna Shetye
 
PPTX
PACE-IT, Security+ 6.2: Cryptographic Methods (part 2)
byPace IT at Edmonds Community College
 
PPT
Security in e-commerce
bySensePost
 
E business security
bySameer Sharma
 
Security and management
byArtiSolanki5
 
Two-factor authentication- A sample writing _Zaman
byAsad Zaman
 
Architecting for Security Resilience
byJoel Aleburu
 
Data and Message Security
byNrapesh Shah
 
5 Security Tips to Protect Your Login Credentials and More
byCommunity IT Innovators
 
information security(authentication application, Authentication and Access Co...
byZara Nawaz
 
Chapter 15 incident handling
bynewbie2019
 
E commerce Security
byWisnu Dewobroto
 
Chapter 2 konsep dasar keamanan
bynewbie2019
 
Threat Modeling - Writing Secure Code
byCaleb Jenkins
 
Ch19 E Commerce Security
byphanleson
 
Honey Pot Intrusion Detection System
byInternational Journal of Engineering Inventions www.ijeijournal.com
 
PACE-IT, Security+ 4.1: Application Security Controls and Techniques
byPace IT at Edmonds Community College
 
PACE-IT, Security+3.5: Types of Application Attacks (part 2)
byPace IT at Edmonds Community College
 
Data base security and injection
byA. Shamel
 
Combating Phishing Attacks
byRapid7
 
VAPT- A Service on Eucalyptus Cloud
bySwapna Shetye
 
PACE-IT, Security+ 6.2: Cryptographic Methods (part 2)
byPace IT at Edmonds Community College
 
Security in e-commerce
bySensePost
 

Similar to Chapter 3 security principals

PPT
Technical seminar on Security
bySTS
 
PDF
APNIC_TRAINING_NetSec-25062013-Day1_MODUL.pdf
bybiasnasional
 
PPT
Lecture 01- What is Information Security.ppt
byshahadd2021
 
PPTX
informations_security_presentations.pptx
byFAKHARZAMANPROUD
 
PPTX
Access control
byMohibullah Saail
 
PDF
CyberSecurity101.pdf
byDhananjaySingh23178
 
PDF
information security introduction for campus students.pdf
byhailegebrielgeta6
 
PDF
network security.pdf
byKIYALIBAN1
 
PPTX
Health information security 2 : Basic concepts
byDr. Lasantha Ranwala
 
PPTX
2 security concepts
byLimenihMuluneh1
 
PPTX
Computer Literacy Chapter_1_Unit1_2022.ppt
byLwandoMatilose
 
PPTX
Security Architectures and Models.pptx
byRushikeshChikane2
 
PPT
1 security goals
bydrewz lin
 
PDF
What is Authentication vs Authorization Difference? | INTROSERV
bySaqifKhan3
 
PDF
information security (security fundamental)
bypurwantosimamora1
 
PPTX
Computer Security Primer - Eric Vanderburg - JURINNOV
byEric Vanderburg
 
PPTX
Information Security
byUmangThakkar26
 
PDF
Basic security concepts_chapter_1_6perpage
bynakomuri
 
PPT
educational content,educational content,educational content,
byOlajide Kuku
 
PPT
InfoSecConcepts.ppt
byMobileAntitheft
 
Technical seminar on Security
bySTS
 
APNIC_TRAINING_NetSec-25062013-Day1_MODUL.pdf
bybiasnasional
 
Lecture 01- What is Information Security.ppt
byshahadd2021
 
informations_security_presentations.pptx
byFAKHARZAMANPROUD
 
Access control
byMohibullah Saail
 
CyberSecurity101.pdf
byDhananjaySingh23178
 
information security introduction for campus students.pdf
byhailegebrielgeta6
 
network security.pdf
byKIYALIBAN1
 
Health information security 2 : Basic concepts
byDr. Lasantha Ranwala
 
2 security concepts
byLimenihMuluneh1
 
Computer Literacy Chapter_1_Unit1_2022.ppt
byLwandoMatilose
 
Security Architectures and Models.pptx
byRushikeshChikane2
 
1 security goals
bydrewz lin
 
What is Authentication vs Authorization Difference? | INTROSERV
bySaqifKhan3
 
information security (security fundamental)
bypurwantosimamora1
 
Computer Security Primer - Eric Vanderburg - JURINNOV
byEric Vanderburg
 
Information Security
byUmangThakkar26
 
Basic security concepts_chapter_1_6perpage
bynakomuri
 
educational content,educational content,educational content,
byOlajide Kuku
 
InfoSecConcepts.ppt
byMobileAntitheft
 

More from newbie2019

PDF
Fundamental digital forensik
bynewbie2019
 
PDF
Digital forensic principles and procedure
bynewbie2019
 
PDF
Chapter 12 iso 27001 awareness
bynewbie2019
 
PDF
Vulnerability threat and attack
bynewbie2019
 
PDF
Nist.sp.800 37r2
bynewbie2019
 
PDF
Chapter 13 web security
bynewbie2019
 
PDF
Pendahuluan it forensik
bynewbie2019
 
PDF
Chapter 10 security standart
bynewbie2019
 
PDF
Ccna rse chp7 Access Control List (ACL)
bynewbie2019
 
PDF
Chapter 14 sql injection
bynewbie2019
 
PDF
CCNA RSE Routing concept
bynewbie2019
 
PDF
NIST Framework for Information System
bynewbie2019
 
PDF
Chapter 6 information hiding (steganography)
bynewbie2019
 
PDF
ether channel_hsrp
bynewbie2019
 
PPTX
Sca nv6 instructorppt_chapter2
bynewbie2019
 
PDF
Chapter 8 cryptography lanjutan
bynewbie2019
 
PDF
Pertemuan 7 cryptography
bynewbie2019
 
PDF
Chapter 1 introduction
bynewbie2019
 
PPT
Chapter 1 introduction
bynewbie2019
 
PPTX
Ccna rse chp9 nat fo i_pv4
bynewbie2019
 
Fundamental digital forensik
bynewbie2019
 
Digital forensic principles and procedure
bynewbie2019
 
Chapter 12 iso 27001 awareness
bynewbie2019
 
Vulnerability threat and attack
bynewbie2019
 
Nist.sp.800 37r2
bynewbie2019
 
Chapter 13 web security
bynewbie2019
 
Pendahuluan it forensik
bynewbie2019
 
Chapter 10 security standart
bynewbie2019
 
Ccna rse chp7 Access Control List (ACL)
bynewbie2019
 
Chapter 14 sql injection
bynewbie2019
 
CCNA RSE Routing concept
bynewbie2019
 
NIST Framework for Information System
bynewbie2019
 
Chapter 6 information hiding (steganography)
bynewbie2019
 
ether channel_hsrp
bynewbie2019
 
Sca nv6 instructorppt_chapter2
bynewbie2019
 
Chapter 8 cryptography lanjutan
bynewbie2019
 
Pertemuan 7 cryptography
bynewbie2019
 
Chapter 1 introduction
bynewbie2019
 
Chapter 1 introduction
bynewbie2019
 
Ccna rse chp9 nat fo i_pv4
bynewbie2019
 

Recently uploaded

PPTX
How to configure Client action in odoo 18
byCeline George
 
PPTX
Overview of Cash on delivery in Odoo 19
byCeline George
 
PPTX
Improved ui_ux in Odoo 18.2 Purchase in Odoo 19
byCeline George
 
PPTX
How to Get Ahead in Marketing: Insights for University Students
byCareLineLive
 
PDF
2025 Caribbean Examinations Council CSEC Merit List
byCaribbean Examinations Council
 
PPTX
How to Manage Scrap in Odoo 18 Inventory
byCeline George
 
PDF
JRF Plant Science Preparation Strategy by Experts | Complete Syllabus Discuss...
bySatyam Sharma
 
PPTX
Gender, School and Society - B.Ed Course
byRejoshaRajendran
 
PPTX
EARLY CARCINOMA BREAST SURGICAL MANAGEMENT
byJohn Thanakumar
 
PDF
🧬 ICAR SRF & ASRB NET Exam – Genetics and Plant Breeding Syllabus | Complete ...
bySatyam Sharma
 
PDF
Guidelines for Management of Libraries: KVS Library Policy-2025
byBISWA BAG
 
PPTX
Correlation Analysis (Biostatistics)ppt.
byKajal Kashyap
 
PPTX
Unit 7- Organ Function Test(Biochemical parameters.
byAkanksha Kotangale
 
PDF
BP605 T PHARMACEUTICAL BIOTECHNOLOGY UNIT 4 PART 1
byRushiMandali
 
PPTX
Emminent personalities from agriculture sciences.pptx
byconvey2vivek
 
PDF
BP303T PHARMACEUTICALMICROBIOLOGY UNIT 3
byRushiMandali
 
PDF
BP605 T PHARMACEUTICAL BIOTECHNOLOGY UNIT 3 PART 1
byRushiMandali
 
PDF
ARS Nematology Syllabus | Complete Unit-wise Topics, Booklist & Preparation S...
bySatyam Sharma
 
PPTX
Unit 6- Heme Catabolism.pptx............
byAkanksha Kotangale
 
DOCX
ANATOMY NOTES- Dr. Sudhadevi Sadanandan
byDr. Sudhadevi Sadanandan
 
How to configure Client action in odoo 18
byCeline George
 
Overview of Cash on delivery in Odoo 19
byCeline George
 
Improved ui_ux in Odoo 18.2 Purchase in Odoo 19
byCeline George
 
How to Get Ahead in Marketing: Insights for University Students
byCareLineLive
 
2025 Caribbean Examinations Council CSEC Merit List
byCaribbean Examinations Council
 
How to Manage Scrap in Odoo 18 Inventory
byCeline George
 
JRF Plant Science Preparation Strategy by Experts | Complete Syllabus Discuss...
bySatyam Sharma
 
Gender, School and Society - B.Ed Course
byRejoshaRajendran
 
EARLY CARCINOMA BREAST SURGICAL MANAGEMENT
byJohn Thanakumar
 
🧬 ICAR SRF & ASRB NET Exam – Genetics and Plant Breeding Syllabus | Complete ...
bySatyam Sharma
 
Guidelines for Management of Libraries: KVS Library Policy-2025
byBISWA BAG
 
Correlation Analysis (Biostatistics)ppt.
byKajal Kashyap
 
Unit 7- Organ Function Test(Biochemical parameters.
byAkanksha Kotangale
 
BP605 T PHARMACEUTICAL BIOTECHNOLOGY UNIT 4 PART 1
byRushiMandali
 
Emminent personalities from agriculture sciences.pptx
byconvey2vivek
 
BP303T PHARMACEUTICALMICROBIOLOGY UNIT 3
byRushiMandali
 
BP605 T PHARMACEUTICAL BIOTECHNOLOGY UNIT 3 PART 1
byRushiMandali
 
ARS Nematology Syllabus | Complete Unit-wise Topics, Booklist & Preparation S...
bySatyam Sharma
 
Unit 6- Heme Catabolism.pptx............
byAkanksha Kotangale
 
ANATOMY NOTES- Dr. Sudhadevi Sadanandan
byDr. Sudhadevi Sadanandan
 

Chapter 3 security principals

  • 1.
  • 2.
    Security Principals Authentication Authorization orAccess Control Privacy / Confidentiality Integrity Availability Non-repudiation Auditing
  • 3.
    Authentication Stating that thedata or information used or provided by the user is the person's original Countermeasure: Using Digital signature
  • 4.
    Authentication  Authentication isused by a server when the server needs to know exactly who is accessing their information or site.  Authentication is used by a client when the client needs to know that the server is system it claims to be.  In authentication, the user or computer has to prove its identity to the server or client.  Usually, authentication by a server entails the use of a user name and password. Other ways to authenticate can be through cards, retina scans, voice recognition, and fingerprints.  Authentication by a client usually involves the server giving a certificate to the client in which a trusted third party.  Authentication does not determine what tasks the individual can do or what files the individual can see. Authentication merely identifies and verifies who the person or system is.
  • 5.
    Three Schemes Authentication •Password Something you know • ID Card Something you have • Finger Prints Something you are
  • 6.
    Authorization or Access Control Settingwho can do what, or from where to where. Can use the mechanisms of user / password or other mechanism Example: ACL on Proxy Server
  • 7.
    Authorization or Access Control Authorization is a process by which a server determines if the client has permission to use a resource or access a file.  Authorization is usually coupled with authentication so that the server has some concept of who the client is that is requesting access.  The type of authentication required for authorization may vary; passwords may be required in some cases but not in others.  In some cases, there is no authorization; any user may be use a resource or access a file simply by asking for it. Most of the web pages on the Internet require no authentication or authorization.
  • 8.
    Privacy/Confidentiality Security of personaldata, messages or other sensitive information Countermeasure: Using encryption
  • 9.
    Integrity Information or messagesthat are kept unchanged or changed.
  • 10.
    Availability The availability ofinformation security services. Countermeasure : Firewall and router filtering, backup and redundancy, IDS and IPS
  • 11.
    Non-repudiation Keeping that ifit is done online transactions or activities, it can not be disclaimed
  • 12.
    Auditing The existence ofthe file records data communications that occur on the network for auditing purposes such as identifying attacks on the network or server Implementation : Using System Logging
  • 13.
    Basic Terminology  Threats natural threats  unintentional threats  intentional threats  Vulnerabilities  weakness in the design  Configuration  implementation  Risk  Attacks
  • 14.