Introduction to Computer Security
Instructor: N. Vlajic, Winter 2014
Upon completion of this material, you should be able to:
• Describe the key security requirements of
confidentiality, integrity and availability (CIA).
• Describe the CNSS security model (McCumber Cube).
• Identify today’s most common threats and attacks
• Distinguish between different main categories of
Computer Security, Stallings: Chapter 1
Computer Security, Stallings: Chapter 6
• Information Technology – technology
involving development & use of computer
systems & networks for the purpose of
processing & distribution of data
in many organizations, information/data is seen as
the most valuable asset
categories of IT jobs:
IT administrator - installs, maintains, repairs IT equipment IT architect - draws up plans for IT systems and how they will be implemented
IT engineer - develops new or upgrades existing IT equipment (software or hardware)
IT manager - oversees other IT employees, has authority
to buy technology and plan budgets
• Information System – entire set of data, software,
hardware, networks, people, procedures and policies
that deal with processing & distribution of information
in an organization
each component has its own strengths, weaknesses,
and its own security requirements
- stored on computer hardware,
- manipulated by software,
- transmitted by communication,
- used by people
- controlled by policies
• Computer Security vs. Information Security
terms are often used interchangeably, but …
computer security (aka IT security) is mostly concerned
with information in ‘digital form’
information security is concerned with information in
any form it may take: electronic, print, etc.
Security = state of being secure,
free from danger.
• Information Security – practice of defending
digital information from unauthorized
• Who is responsible for ‘security of information’?
“In the last 20 years, technology has permeated every facet of the business environment. The business place is no longer static – it moves whenever employees travel from office to office, from office to home, from city to city. Since business have become more fluid, …, information security is no longer the sole responsibility of a small dedicated group of
professionals, …, it is now the responsibility of every employee ….”
Example: Gawker (2010) - importance of good passwords
C.I.A. of Information Security
• C.I.A. Triangle – 3 key characteristics of information that must be protected by information security:
confidentiality - only authorized parties can view private
integrity - information is changed only in a specified and
availability - information is accessible to authorized users whenever needed
C.I.A. of Information Security (cont.)
Example: DATA CONFIDENTIALITY
Student grade – an information asset of
high importance for student.
In US, release of such information is regulated by Family Educational Rights and Privacy Act (FERPA).
Grade information should only be available to students,
their parents and employees that require this information
to do their job.
In Canada, the same issue is regulated by Personal
Information Protection and...
Please join StudyMode to read the full document