Course Detail
Management of Information and System Security
Principles of Computer Security

Objectives

To acquire an understanding of information and information security and its changing character
• To understand how information security is conceptualized and carried out.
• To examine the historical evolution of information, information security & cryptography
• To analyze both early and contemporary threats to information and network security.
• To articulate informed opinion about issues related to information security.
• To identify and investigate risk, threats and vulnerabilities to information security and network security & Critical Infrastructure Protection (CIP)
• To appreciate the challenges of information security & network security
• To identify and explore current and future practices for enhancing information security and cyber security.


Takeaways

- Information assurance involves measures to protect and defend information and information systems.
- The McCumber Cube combines CIA (Confidentiality, Integrity, Availability) with TPP (Technology, People & Policies, Processes).
- Threat types for confidentiality include shoulder surfing, social engineering, message interception, browsing, keyboard logging, and network sniffing.
- Threats to integrity include message modification in transmission, modifying configuration files, changing audit logs, and data diddling.
- Availability is important, and threats include natural disasters, denial of service attacks, component failures, and data corruption.
- Authentication and non-repudiation are crucial for controlling access to information and verifying message integrity.
- Authentication is the first step in cryptographic solutions.
- Different types of attacks target confidentiality, integrity, and availability.
- Countermeasures include protection, detection, and correction to ensure information security.
- Risk management involves identifying, assessing, and reducing risk to an acceptable level.

- Risk models provide different conceptual views of assessing assets, vulnerabilities, threats, and mitigation mechanisms.
- The McCumber Cube considers PPT (People, Process, and Technology) to ensure CIA across different states of information.
- Risk assessment can be quantitative, qualitative, or semi-quantitative, while analysis can be threat-oriented, vulnerability-oriented, or asset & impact-oriented.
- Threats can be natural or not natural, deliberate or not deliberate, and affect CIA.
- Threat tactics, techniques, and procedures (TTP) include spamming, phishing, spoofing, data diddling, and botnets.
- Threat shifting can occur in the time domain, target domain, resource domain, and planning/attack method domain.

- Virus: A self-replicating program that spreads by modifying other files or programs on a single computer through human action.
- Worm: A self-replicating program that uses network mechanisms to spread to multiple computers without human action and can cause harm to the network.
- Trojan Horse: A non-replicating program that disguises itself as a legitimate file or program but has malicious purposes, compromising computer security.
- Blended Attack: A threat that combines aspects of viruses, worms, Trojan horses, and malicious code to spread using multiple methods.
- Metamorphic Code: Used by viruses to translate their binary code into a temporary representation, making it difficult for antivirus software to detect.
- Polymorphic Code: Code that mutates using a polymorphic engine while maintaining its original algorithm, easier to identify than metamorphic malware.
- Logic Bomb: A piece of code intentionally inserted into software that performs a malicious function when specific conditions are met.
- Attack Vector: An avenue or tool used by threats to gain access to devices, systems, or networks for launching attacks.
- Social Engineering: Tricking individuals into revealing sensitive information through deception, research, and techniques like pretexting, phishing, and tailgating.
- Dumpster Diving: Searching through discarded waste for useful information or items.
- Password Cracking: Recovering secret passwords stored in a system or transmitted over a network using software or devices.
- Insider Threat: Authorized entities with potential to harm an information system through destruction, disclosure, modification, or denial of service.
- Cyber Espionage: Obtaining secrets without permission using cracking techniques and malicious software for personal, economic, or political advantage.
- Cyber Warfare: Armed conflict conducted in whole or part using cyber means, including cyber attacks, defense, and enabling actions.
- Vulnerability: Weakness that can be exploited or triggered by a threat source, such as weak passwords, unvetted personnel, or poor coding practices.
- Risk: Measure of the extent to which an entity is threatened by potential circumstances or events, considering adverse impacts and likelihood of occurrence.
- Uncertainty: Inherent in evaluating risk and cannot be avoided but needs to be managed.
- Threat: Any circumstance or event that can adversely impact operations, assets, individuals, or organizations through unauthorized access, disclosure, or denial of service.
- Threat Source: The intent and method targeted at exploiting a vulnerability or accidentally triggering it.
- Impact: Magnitude of harm resulting from unauthorized disclosure, modification, destruction, or loss of information or system availability when a threat exploits a vulnerability.
- Countermeasure: Actions, devices, procedures, or techniques that reduce the vulnerability of an information system and are synonymous with security controls or safeguards.
- Critical Infrastructure: Vital systems and assets, physical or virtual, that would have a debilitating impact on national security, economic security, public health, or safety if incapacitated or destroyed.
- Critical Infrastructure Sectors: Chemical, commercial facilities, communications, critical manufacturing, dams, defense industrial base, emergency services, energy, financial services, food and agriculture, government facilities, healthcare and public health, information technology, nuclear reactors, transportation systems, water and wastewater systems.
- Reasons for Infrastructure Failures: Failure to anticipate, perceive, or solve problems that arise.
- Ownership and Control: Majority of critical infrastructure is privately owned and controlled, with control dispersed. About 85-90% owned and operated by the private sector.
- Vulnerabilities: Critical infrastructures are vulnerable to physical and cyber attacks due to concentration of technical/system controls, dispersed management/ownership controls, and lack of resilience.
- Protection Measures: Protection measures are generally sector-specific, but threats are not.
- Infrastructure Vulnerabilities: Physical vulnerabilities include critical-node/key resource vulnerability and control-point vulnerability. Logical vulnerabilities include control-system vulnerabilities. Systemic vulnerabilities and fixed vulnerabilities related to locations are also present.
- Cyber Issues: Information infrastructure, especially the Internet, is crucial for communication and control systems. Process control system vulnerabilities, such as the Stuxnet worm, have implications.
- Inter-Dependency Issues: Interactions and dependencies between different infrastructures, where the U.S. military and internet reliance are highlighted. Chaotic governance, lack of coherent long-term strategic plans, and regulatory structures pose challenges.
- US-Specific Vulnerability: Similar vulnerabilities and inter-dependencies exist across different infrastructures, affecting national security and the need for long-term strategic infrastructure protection planning.
- Cryptology: Science and study of codes, involving cryptography and cryptanalysis.
- Encryption: Process of encoding or enciphering plaintext into cipher text.
- Decryption: Process of decoding or deciphering encrypted or encoded messages back to plaintext.
- Steganography: Technique of hiding secret communications within innocuous text or digital documents.
- Basic functions of cryptography: Substitution and transposition.
- Stream Ciphers: Encrypt one object (bit) at a time and are lightweight and fast.
- Block Ciphers: Encrypt plaintext one block at a time, with diffusion and confusion properties.
- Symmetric Cryptography: Uses a single shared key for encryption and decryption, providing confidentiality, integrity, and authentication.
- Asymmetric Cryptography: Uses mathematically related key pairs for encryption and decryption, enabling confidentiality and authentication.
- Key Distribution: Challenge of securely distributing the right keys to establish secure communication.
- Key Strength: Longer and more complex keys generally result in stronger security.
- Hashing: One-way function that produces a unique output for every input, used for integrity and authentication.
- Public Key Cryptography: Slower compared to symmetric encryption, used for authentication but not confidentiality.
- Digital Signature: Non-repudiation mechanism created by encrypting a message digest with the sender's private key.
- Policy: A set of mechanisms and principles defining and attaining information security objectives.
- Culture for Security: User education, focus on managers, positive and negative reinforcement, acceptance and signoff.
- Risk for Public Policy: Lack of consensus definition and complexity in defining and implementing public policies.
- National Cyberspace Security Response System: Establishing a public-private architecture for responding to national-level cyber incidents.
- National Cyberspace Security Awareness and Training Program: Promoting a comprehensive national awareness program for securing cyberspace.

Back to Home