Organization. TA. Md. . Morshedul. Islam. Process of Security Evaluation. Identify the security goal. Perform a threat assessment. Do a security analysis . Identify the security . goal. It directly related with . ID: 215644
DownloadNote - The PPT/PDF document "Security Evaluation of an" is the property of its rightful owner. Permission is granted to download and print the materials on this web site for personal, non-commercial use only, and to display it on your personal computer provided you do not modify the materials and that you retain all copyright notices contained in the materials. By downloading content from our website, you accept the terms of this agreement.
Security Evaluation of an Organization
TA
Md
Morshedul
Islam
Slide2Process of Security Evaluation
Identify the security goal
Perform a threat assessment
Do a security analysis
Slide3Identify the security goal
It directly related with
integrity
,
confidentiality
and
availability
of the resources(
assets
)
Assents of an organization:
Hardware
: computer system, data storage, data communication devices
Software
: Operating system, application program
Data
: file, database, password file
Communication and network facility
: Local communication, global communication, router and so on
Slide4Identify the security goal
Security goal of U of C-1. Student’s point of view:Keep result private (confidentiality)No one can alter or temper my assignment(integrity)I like to see my result from my home (availability)…………………………………………..2. TA’s point of view:-----------------------------------------3. Instructor’s point of view……………………………………………...4. In Administrator points of view-------------------------------------------
All are related with-
Confidentiality
Integrity
Availability
Slide5Perform a threat assessment
What is
threat
?: In computer security a threat is a possible danger that might exploit a
vulnerability
to breach security and thus cause possible
harm.
Example:
Vulnerability: A weakness of system’s design, implementation or operation that could be exploited to violate the
system policy
and increase
risk
.
Example:
System Policy:
Risk:
Slide6Perform a threat assessment
We need t find out the answer of those following question-
Whom am I trying to protect against?(
adversary
)
How they motivated?(curiosity, revenge, financial gain)
What capability and adversary have? (tool, skill, knowledge, etc.)
What threat might I face?
Slide7Security analysis
What kind of attack is possible?
Active attack
: : Denial-of-service attack, Spoofing,
Network: Man
in the
middle, ARP poisoning, Ping flood, Ping
of
death, Smurf attack
Host:
Buffer overflow, Heap overflow ,Stack overflow ,Format string
attack
Passive attack
:
Passive
Network
:
wiretapping, Port scanner, Idle
scan
Origin of the attack
Inside attack
Outside attack
Slide8Security, Access & Accounts of UofC
Latest Threats & Vulnerabilities
Information Security Policies
Anti-Virus Protection
Access Management
Security Awareness Program
Systems Security
Security Advisories
Vulnerability Assessment Program
SecurID
More Details
Slide9Information Security Awareness Program of UofC
http
://www.ucalgary.ca/it/infosecurity/awareness/posters
Slide10Some Observation…..
Select a password for your system and then justify your selection.
What can you do to protect your laptop?
How to identify a pirated software?
How can
you
avoid spam?
Give an example of identity theft.
Give some examples of Malware.
Which kind of information is highly confidential for
UofC
?
What kind of the social networking technique you can use to know the id of your classmate?
What is the most potential threat to your smart phone?
Consider, some of your resources
are in security
risk. What kind of initiative you
have to
take to protect
them?
Next Slides
Lecture 19 trusted computing and multilevel security
Lecture 20
Supporting security at the gate level:
Bill barnett, bob flynn &
Experimental evaluation
1 ebrpss accountability, assessment and evaluation
Hello and welcome to today’s webinar on the homeland secur
Blade
Eset smart security premium: security for everyone