New User Special Price Expires in

Let's log you in.

Sign in with Facebook


Don't have a StudySoup account? Create one here!


Create a StudySoup account

Be part of our community, it's free to join!

Sign up with Facebook


Create your account
By creating an account you agree to StudySoup's terms and conditions and privacy policy

Already have a StudySoup account? Login here

Lecture 1 - Intro to Computer Security

by: Leslie Ogu

Lecture 1 - Intro to Computer Security CSCI 4531

Marketplace > George Washington University > Computer science > CSCI 4531 > Lecture 1 Intro to Computer Security
Leslie Ogu
GPA 3.01
View Full Document for 0 Karma

View Full Document


Unlock These Notes for FREE

Enter your email below and we will instantly email you these Notes for Computer Security

(Limited time offer)

Unlock Notes

Already have a StudySoup account? Login here

Unlock FREE Class Notes

Enter your email below to receive Computer Security notes

Everyone needs better class notes. Enter your email and we will send you notes for this class for free.

Unlock FREE notes

About this Document

In this lecture, we discuss the basics of computer security such as what constitutes a threat, how far we have come dealing with them, how to categorize them, and other things that contribute to th...
Computer Security
Mohamed Tamer Abdelrahman Refaei
Class Notes
threat, vulnerability, Risk, asset, assessment, Computer, Security, Prevention, detection, Science, history, confidentiality, integrity, availability, assurance, evaluation, response, Recovery




Popular in Computer Security

Popular in Computer science

This 6 page Class Notes was uploaded by Leslie Ogu on Wednesday August 31, 2016. The Class Notes belongs to CSCI 4531 at George Washington University taught by Mohamed Tamer Abdelrahman Refaei in Fall 2016. Since its upload, it has received 38 views. For similar materials see Computer Security in Computer science at George Washington University.


Reviews for Lecture 1 - Intro to Computer Security


Report this Material


What is Karma?


Karma is the currency of StudySoup.

You can buy or earn more Karma at anytime and redeem it for class notes, study guides, flashcards, and more!

Date Created: 08/31/16
Leslie Ogu CSCI 4531  08/30/2016 ­ C​ hapter 1: Overview    Computer Security:​ the protection afforded to an automated information system in  order to attain the applicable objectives or preserving the integrity, availability and  confidentiality of information system resources” (includes hardware, software, firmware,  information/data, and telecommunications)  ~ NIST Computer Security Handbook Definition    The CIA Triad  ● Confidentiality (trying to make sure the data can only be accessed and seen by  authorized entities)  ○ data confidentiality  ○ privacy  ● Integrity  ○ data integrity  ○ system integrity  ● Availability (system is accessible)    Key Security Concepts  + Confidentiality  + preserving authorized restrictions on information access and disclosure,  including means for protecting personal privacy and proprietary  information  + Integrity  + guarding against improper information modification or destruction,  including ensuring information nonrepudiation (assurance that someone  cannot deny something) and authenticity  + Availability  + ensuring timely and reliable access to and use of information    Computer Security Challenges  ­ Computer security is not as simple as it might first appear to the novice  ­ Attackers only need to find a single weakness, the developer needs to find all  weaknesses  ­ Potential attacks on the security features must be considered  ­ Security requires regular and constant monitoring  ­ Is often an afterthought to be incorporated into a system after the design is  complete  ­ Physical and logical placement needs to be determined  ­ Procedures used to provide particular services are often counterintuitive    Lax Security is also good business:  + Cheaper cost of deploying software  + Private information for marketing  + Selling anti­virus & security products  + Cleaning up incidents  + Few benefit from secure computers    Terminology  ● Adversary​ (threat agent): an entity that attacks, or is a threat, to a system  ● Attack:​ an assault on a system security that derives from an intelligent threat;  that is, an intelligent act that is a deliberate attempt (especially in the sense of a  method or technique) to evade security services and violate the security policy of  a system  ● Countermeasure:​ an action, device, procedure, or technique that reduces a  threat, vulnerability, or an attack by eliminating or preventing it, by minimizing the  harm it can cause, or by discovering and reporting it so that corrective action can  be taken  ● Risk:​ an expectation of loss expressed as the probability that a particular threat  will exploit a particular vulnerability with a particular harmful result  ● Security Policy:​ a set of rules and practices that specify or regulate how a  system or organization provides security services to protect sensitive and critical  system resources  ● Security Resource (Asset):​ data contained in an information system; or a  service provided by a system; or a system capability, such as processing power  or communication bandwidth; or an item of system equipment (i.e., a system  component ­ hardware, firmware, software, or documentation); or a facility that  houses system operations and equipment  ● Threat:​ a potential violation of security, which exists when there is a  circumstance, capability, action, or event that could breach security and cause  harm. That is, a threat is a possible danger that might exploit a vulnerability  ● Vulnerability:​ a flaw or weakness in a system’s design, implementation, or  operation and management that could be exploited to violate the system’s  security policy    Asset v. Threat v. Vulnerability v. Risk  ● Asset​ is what you are trying to protect  ● Threat​ is what you are trying to protect against  ● Vulnerability​ is a weakness or a gap in security  ● Risk​ is the intersection of all three: loss or damage to an asset as a result of a  threat exploiting a vulnerability    Vulnerabilities, Threats and Attacks  ­ Categories of vulnerabilities  ­ Corrupted (loss of integrity)  ­ Leaky (loss of confidentiality)  ­ Unavailable or very slow (loss of availability)  ­ Threats  ­ Capable of exploiting vulnerabilities  ­ Represent potential security harm to an asset  ­ Attacks (threats carried out)  ­ Passive:​ does not affect system resources  ­ Active:​ attempt to alter system resources or affect their operation  ­ Insider:​ initiated by an entity inside the security parameter  ­ Outsider:​ initiated from outside the perimeter    Countermeasures  + Prevention   + Detection  + Recover  + You hear about attacks because prevention failed and there was  something detected  + These are all means used to deal with security attacks  + May introduce new vulnerabilities    Threat Consequences  ­ Unauthorized Disclosure:​ a circumstance or event whereby an entity gains  access to data for which the entity is not authorized  ­ Threat Action (attack)  ­ Exposure:​ sensitive data are directly related to an unauthorized  entity  ­ Interception:​ an unauthorized entity directly accesses sensitive  data traveling between authorized sources and destinations  ­ Inference:​ a threat action whereby an unauthorized entity indirectly  accesses sensitive data (but not necessarily the data contained in  the communication) by reasoning from characteristics or  byproducts of communications  ­ Intrusion:​ an unauthorized entity gains access to sensitive data by  circumventing a system’s security protections  ­ Deception:​ a circumstance or event that may result in an authorized entity  receiving false data and believing it to be true  ­ Threat Action (attack)  ­ Masquerade:​ an unauthorized entity gains access to a system or  performs a malicious act by posing as an authorized entity  ­ Falsification:​ false data deceive an authorized entity  ­ Repudiation:​ an entity deceives another by falsely denying  responsibility for an act  ­ Disruption:​ a circumstance or event that interrupts or prevents the correct  operation of system services and functions  ­ Threat Action (attack)  ­ Incapacitation:​ prevents or interrupts system operation by  disabling a system component  ­ Corruption:​ undesirably alters system operation by adversely  modifying system functions or data  ­ Obstruction:​ a threat that interrupts delivery of system services by  hindering system operation  ­ Usurpation:​ a circumstance or event that results in control of system services or  functions by an unauthorized entity  ­ Threat Action (attack)  ­ Misappropriation:​ an entity assumes unauthorized logical or  physical control of a system resource  ­ Misuse:​ causes a system component to perform a function or  service that is determined to system security    Passive and Active Attacks  ● Passive attacks​ attempt to learn or make use of information from the system but  does not affect system resources  ○ eavesdropping/monitoring transmissions  ○ difficult to detect  ○ emphasis is on prevention rather than detection  ○ two types:  ■ release of message contents  ■ traffic analysis  ● Active attacks​ involve modification of the data stream  ○ goal is to detect them and recover  ○ Four Categories:  ■ masquerade  ■ replay  ■ modification of messages  ■ denial of service    Security Functional Requirements  + Functional areas that primarily require computer security technical measures  include:  + access control  + identification and authentication  + system and communication protection  + system and information integrity  + Functional areas that primarily require management controls and procedures  include:  + awareness and training  + audit and accountability  + certification, accreditation, and security assessments  + contingency planning  + maintenance  + physical and environmental protection  + planning  + personnel security  + risk assessment  + systems and services acquisition  + Functional areas that overlap computer security technical measures and  management controls include:  + Configuration management  + Incident response    Computer Security Strategy  + Specification / Policy  + What is the security scheme supposed to do?  + Implementation / Mechanisms  + How does it do it?  + Correctness / Assurance  + Does it really work?    Security Policy  ● Def:​ formal statement of rules and practices that specify or regulate how a  system or organization provides security services to protect sensitive and critical  system resources  ● Factors to consider:  ○ Value of the assets being protected  ○ Vulnerabilities of the system  ○ Potential threats and the likelihood of attacks  ● Involves four complementary courses of action:  ○ Ease of use versus security  ○ Cost of security versus cost of failure and recovery    Security Implementation  + Involves Four Complementary Courses of Action:  + Detection  + Intrusion detection systems  + Detection of denial of service attacks  + Response  + Upon detection, being able to halt an attack and prevent further  damage  + Recovery  + Use of backup systems  + Prevention  + Secure encryption algorithms  + Prevent unauthorized access to encryption keys    Assurance and Evaluation  ● Assurance: ​the degree of confidence one has that the security measures work  as intended to protect the system and the information it processes  ○ Encompasses both system design and system implementation  ● Evaluation:​ process of examining a computer product or system with respect to  certain criteria  ○ Involves testing and formal analytic or mathematical techniques 


Buy Material

Are you sure you want to buy this material for

0 Karma

Buy Material

BOOM! Enjoy Your Free Notes!

We've added these Notes to your profile, click here to view them now.


You're already Subscribed!

Looks like you've already subscribed to StudySoup, you won't need to purchase another subscription to get this material. To access this material simply click 'View Full Document'

Why people love StudySoup

Bentley McCaw University of Florida

"I was shooting for a perfect 4.0 GPA this semester. Having StudySoup as a study aid was critical to helping me achieve my goal...and I nailed it!"

Janice Dongeun University of Washington

"I used the money I made selling my notes & study guides to pay for spring break in Olympia, Washington...which was Sweet!"

Steve Martinelli UC Los Angeles

"There's no way I would have passed my Organic Chemistry class this semester without the notes and study guides I got from StudySoup."

Parker Thompson 500 Startups

"It's a great way for students to improve their educational experience and it seemed like a product that everybody wants, so all the people participating are winning."

Become an Elite Notetaker and start selling your notes online!

Refund Policy


All subscriptions to StudySoup are paid in full at the time of subscribing. To change your credit card information or to cancel your subscription, go to "Edit Settings". All credit card information will be available there. If you should decide to cancel your subscription, it will continue to be valid until the next payment period, as all payments for the current period were made in advance. For special circumstances, please email


StudySoup has more than 1 million course-specific study resources to help students study smarter. If you’re having trouble finding what you’re looking for, our customer support team can help you find what you need! Feel free to contact them here:

Recurring Subscriptions: If you have canceled your recurring subscription on the day of renewal and have not downloaded any documents, you may request a refund by submitting an email to

Satisfaction Guarantee: If you’re not satisfied with your subscription, you can contact us for further help. Contact must be made within 3 business days of your subscription purchase and your refund request will be subject for review.

Please Note: Refunds can never be provided more than 30 days after the initial purchase date regardless of your activity on the site.