Lecture - Security

Lecture - Security - Security Imran Ahmad...

Info iconThis preview shows pages 1–8. Sign up to view the full content.

View Full Document Right Arrow Icon
Security Imran Ahmad
Background image of page 1

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
Unfortunate reality Security is often considered as a post deployment event at the end of the development phase or as an after-the-fact reactive action when something goes wrong.
Background image of page 2
Goals of Information Security The five major goals of information security are as follows: 1- Confidentiality 2- Integrity 3- Authentication 4- Authorization 5- Non-repudiation
Background image of page 3

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
Confidentiality Confidentiality is the concept of protecting sensitive data from being viewable by an unauthorized entity. A wide variety of information falls under the category of sensitive data. Some sensitive data may be illegal to compromise, such as a patient's medical history or a customer's credit card number.
Background image of page 4
Confidentiality (cont.) Ciphers To protect the confidentiality of sensitive data during its transit or in storage, one needs to render the data unreadable except by authorized users. This is accomplished by using encryption algorithms, or ciphers . Ciphers are secret ways of representing messages.
Background image of page 5

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
Confidentiality (cont.) Communication links are not the only area that needs solutions to ensure confidentiality. An internal database holding thousands of medical histories and credit card numbers is an enticing target to a malicious adversary. Securing the confidentiality of this data reduces the probability of exposure in the event the application itself is compromised.
Background image of page 6
Integrity Integrity is the concept of ensuring that data has not been altered by an unknown entity during it transit or storage. For example, it is possible for an e-mail containing sensitive data such as a contractual agreement to be modified before it reaches the recipient. Similarly, a purchase request sent to a Web service could be altered en route to the server,
Background image of page 7

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
Image of page 8
This is the end of the preview. Sign up to access the rest of the document.

Page1 / 27

Lecture - Security - Security Imran Ahmad...

This preview shows document pages 1 - 8. Sign up to view the full document.

View Full Document Right Arrow Icon
Ask a homework question - tutors are online