overview of key security concepts and vocabulary this document was funded by the national science...
TRANSCRIPT
![Page 1: Overview of Key Security Concepts and Vocabulary This Document was Funded by the National Science Foundation Federal Cyber Service Scholarship For Service](https://reader036.vdocument.in/reader036/viewer/2022082818/56649eab5503460f94bb10a3/html5/thumbnails/1.jpg)
Overview of Key Security Overview of Key Security CConcepts and Vocabularyoncepts and Vocabulary
This Document was Funded by the National Science Foundation Federal Cyber Service Scholarship For Service Program: Grant No. 0113627
Distributed October 2002
Embry-Riddle Aeronautical University • Prescott, Arizona • USA
Overview of Key Concepts & Vocabulary. ©2002, Matt Jaffe, Jan G. Hogle, Susan Gerhart. http://nsfsecurity.pr.erau.edu
![Page 2: Overview of Key Security Concepts and Vocabulary This Document was Funded by the National Science Foundation Federal Cyber Service Scholarship For Service](https://reader036.vdocument.in/reader036/viewer/2022082818/56649eab5503460f94bb10a3/html5/thumbnails/2.jpg)
Overview of Key Concepts & Vocabulary. ©2002, Matt Jaffe, Jan G. Hogle, Susan Gerhart. http://nsfsecurity.pr.erau.edu
Some Underlying Vocabulary and Some Underlying Vocabulary and Integrating ConceptsIntegrating Concepts
To have accessaccess is to be able to do something
AuthorizationAuthorization means that you’re supposed to have access
A security policypolicy describes who is authorized which type(s) of access to what
MechanismsMechanisms are the physical, electronic, and procedural means of enforcing a security policy
A system’s security architecturesecurity architecture consists of all the mechanisms involved in enforcing its security policy
An attackattack is a deliberate attempt to circumvent some mechanism and violate a security policy
![Page 3: Overview of Key Security Concepts and Vocabulary This Document was Funded by the National Science Foundation Federal Cyber Service Scholarship For Service](https://reader036.vdocument.in/reader036/viewer/2022082818/56649eab5503460f94bb10a3/html5/thumbnails/3.jpg)
Overview of Key Concepts & Vocabulary. ©2002, Matt Jaffe, Jan G. Hogle, Susan Gerhart. http://nsfsecurity.pr.erau.edu
The Mechanisms of Information SecurityThe Mechanisms of Information Security
Crypto Crypto COMSECCOMSEC
INFOSEC
Information Assurance
COMPUSECCOMPUSEC
Information SecurityInformation Security
Emissions Security
Emissions Security
Physical Security
Physical Security
OPSECOPSECPersonnelSecurity
PersonnelSecurity
![Page 4: Overview of Key Security Concepts and Vocabulary This Document was Funded by the National Science Foundation Federal Cyber Service Scholarship For Service](https://reader036.vdocument.in/reader036/viewer/2022082818/56649eab5503460f94bb10a3/html5/thumbnails/4.jpg)
Overview of Key Concepts & Vocabulary. ©2002, Matt Jaffe, Jan G. Hogle, Susan Gerhart. http://nsfsecurity.pr.erau.edu
INFOSEC: INFOSEC: Information Systems SecurityInformation Systems Security
InformallyInformally:: Security of information in electronic form Security of information in electronic form
Formally:
“The protection of Information Systems (IS) against unauthorized access to or modification of information, whether in storage, processing or transit, and against denial of service to authorized users or the provision of service to unauthorized users, including those measures necessary to detect, document, and counter such threats.”
![Page 5: Overview of Key Security Concepts and Vocabulary This Document was Funded by the National Science Foundation Federal Cyber Service Scholarship For Service](https://reader036.vdocument.in/reader036/viewer/2022082818/56649eab5503460f94bb10a3/html5/thumbnails/5.jpg)
Overview of Key Concepts & Vocabulary. ©2002, Matt Jaffe, Jan G. Hogle, Susan Gerhart. http://nsfsecurity.pr.erau.edu
COMPUSEC: Computer SecurityCOMPUSEC: Computer Security
Informally: Informally: Security of information in computers
Formally:
“Measures and controls that ensure confidentiality, integrity, and availability of the information processed and stored by a computer.”
![Page 6: Overview of Key Security Concepts and Vocabulary This Document was Funded by the National Science Foundation Federal Cyber Service Scholarship For Service](https://reader036.vdocument.in/reader036/viewer/2022082818/56649eab5503460f94bb10a3/html5/thumbnails/6.jpg)
Overview of Key Concepts & Vocabulary. ©2002, Matt Jaffe, Jan G. Hogle, Susan Gerhart. http://nsfsecurity.pr.erau.edu
COMSEC:COMSEC:Communication SecurityCommunication Security
Informally:Informally: Protection of information as it is being transmitted from Protection of information as it is being transmitted from one place to anotherone place to another
Formally:“Measures and controls taken to deny unauthorized persons information derived from telecommunications and to ensure the authenticity of such telecommunications. Communications security includes cryptosecurity, transmission security, emissions security, and physical security of COMSEC material.”
![Page 7: Overview of Key Security Concepts and Vocabulary This Document was Funded by the National Science Foundation Federal Cyber Service Scholarship For Service](https://reader036.vdocument.in/reader036/viewer/2022082818/56649eab5503460f94bb10a3/html5/thumbnails/7.jpg)
Overview of Key Concepts & Vocabulary. ©2002, Matt Jaffe, Jan G. Hogle, Susan Gerhart. http://nsfsecurity.pr.erau.edu
CryptographyCryptography
Informally: Concealing information (in a reversible manner)Informally: Concealing information (in a reversible manner)
Formally:
“The principles, means, and methods for rendering plain information unintelligible and for restoring encrypted information to intelligible form.”
![Page 8: Overview of Key Security Concepts and Vocabulary This Document was Funded by the National Science Foundation Federal Cyber Service Scholarship For Service](https://reader036.vdocument.in/reader036/viewer/2022082818/56649eab5503460f94bb10a3/html5/thumbnails/8.jpg)
Overview of Key Concepts & Vocabulary. ©2002, Matt Jaffe, Jan G. Hogle, Susan Gerhart. http://nsfsecurity.pr.erau.edu
Emissions SecurityEmissions Security
Informally: Protection against electronic eavesdropping Informally: Protection against electronic eavesdropping (which can come in some surprisingly nasty forms)(which can come in some surprisingly nasty forms)
Formally:
“Protection resulting from all measures taken to deny unauthorized persons information of value which might be derived from intercept and analysis of compromising emanations from crypto-equipment, AIS, and telecommunications systems.”
![Page 9: Overview of Key Security Concepts and Vocabulary This Document was Funded by the National Science Foundation Federal Cyber Service Scholarship For Service](https://reader036.vdocument.in/reader036/viewer/2022082818/56649eab5503460f94bb10a3/html5/thumbnails/9.jpg)
Overview of Key Concepts & Vocabulary. ©2002, Matt Jaffe, Jan G. Hogle, Susan Gerhart. http://nsfsecurity.pr.erau.edu
OPSECOPSECOperations SecurityOperations Security
Informally: Informally:
““We can tell something is up at the White House by keeping We can tell something is up at the White House by keeping track of the number of pizzas delivered after midnight”track of the number of pizzas delivered after midnight”
Formally:
“[The] process denying to potential adversaries information about capabilities and/or intentions by identifying, controlling and protecting generally unclassified evidence of the planning and execution of sensitive activities.
![Page 10: Overview of Key Security Concepts and Vocabulary This Document was Funded by the National Science Foundation Federal Cyber Service Scholarship For Service](https://reader036.vdocument.in/reader036/viewer/2022082818/56649eab5503460f94bb10a3/html5/thumbnails/10.jpg)
Overview of Key Concepts & Vocabulary. ©2002, Matt Jaffe, Jan G. Hogle, Susan Gerhart. http://nsfsecurity.pr.erau.edu
Physical SecurityPhysical Security
InformallyInformally:: Keeping the bad guys out of places they’re Keeping the bad guys out of places they’re not supposed to benot supposed to be
Formally:
“The physical measures necessary to safeguard equipment, material, and documents from access thereto or observation thereof by unauthorized persons.”
![Page 11: Overview of Key Security Concepts and Vocabulary This Document was Funded by the National Science Foundation Federal Cyber Service Scholarship For Service](https://reader036.vdocument.in/reader036/viewer/2022082818/56649eab5503460f94bb10a3/html5/thumbnails/11.jpg)
Overview of Key Concepts & Vocabulary. ©2002, Matt Jaffe, Jan G. Hogle, Susan Gerhart. http://nsfsecurity.pr.erau.edu
Personnel SecurityPersonnel Security
Informally: Not hiring bad guys and keeping good guys Informally: Not hiring bad guys and keeping good guys from becoming bad guysfrom becoming bad guys
Formally: The ongoing screening, selection, management, and evaluation of people with security clearances, sensitive positions, and/or special access
![Page 12: Overview of Key Security Concepts and Vocabulary This Document was Funded by the National Science Foundation Federal Cyber Service Scholarship For Service](https://reader036.vdocument.in/reader036/viewer/2022082818/56649eab5503460f94bb10a3/html5/thumbnails/12.jpg)
Overview of Key Concepts & Vocabulary. ©2002, Matt Jaffe, Jan G. Hogle, Susan Gerhart. http://nsfsecurity.pr.erau.edu
Why So Much Overlap in the Jargon?Why So Much Overlap in the Jargon?
As is often the case, what we now realize is basically one subject with several key aspects evolved from originally disparate disciplines, each with its own vocabulary
Many of the key concepts appear in slightly different guises in the separate disciplines; they each had their own, separate terms for essentially the same concepts but the overlap isn’t perfect so use of the older terms still persists
Many of the fields are young enough that the basic insights are still being developed --- a potentially major new vulnerability to computers with CRT displays was just published this year (2002) for the first time; young fields are often characterized by an excess of inconsistent and overlapping jargon
![Page 13: Overview of Key Security Concepts and Vocabulary This Document was Funded by the National Science Foundation Federal Cyber Service Scholarship For Service](https://reader036.vdocument.in/reader036/viewer/2022082818/56649eab5503460f94bb10a3/html5/thumbnails/13.jpg)
Overview of Key Concepts & Vocabulary. ©2002, Matt Jaffe, Jan G. Hogle, Susan Gerhart. http://nsfsecurity.pr.erau.edu
Another Note on the Jargon Another Note on the Jargon (and Further References)(and Further References)
Except where otherwise noted, the acronyms and formal definitions used here come from American National Standard T1.523-2001 Telecom Glossary 2000
As of October 2002, the Telecom Glossary 2000 was available online at http://www.atis.org/tg2k/; it provides a comprehensive set of references for further information
![Page 14: Overview of Key Security Concepts and Vocabulary This Document was Funded by the National Science Foundation Federal Cyber Service Scholarship For Service](https://reader036.vdocument.in/reader036/viewer/2022082818/56649eab5503460f94bb10a3/html5/thumbnails/14.jpg)
Overview of Key Concepts & Vocabulary. ©2002, Matt Jaffe, Jan G. Hogle, Susan Gerhart. http://nsfsecurity.pr.erau.edu
About this ProjectAbout this Project
This presentation is part of a larger package of materials on security issues. For This presentation is part of a larger package of materials on security issues. For more information, go to: more information, go to: http://nsfsecurity.pr.erau.edu
Other material available on this topic are:Other material available on this topic are:
Introduction to Information SecurityIntroduction to Information Security
The Key Mechanisms of Information Security: Their strengths, weaknesses and inter-The Key Mechanisms of Information Security: Their strengths, weaknesses and inter-
dependenciesdependencies
Exercises (html): Decision Maze, Crossword Puzzle, Security SceneExercises (html): Decision Maze, Crossword Puzzle, Security Scene
Quizzes (html): Multiple choice, Fill-in-the-blankQuizzes (html): Multiple choice, Fill-in-the-blank
Please complete a feedback form at http://nsfsecurity.pr.erau.edu/feedback.html to Please complete a feedback form at http://nsfsecurity.pr.erau.edu/feedback.html to tell us how you used this material and to offer suggestions for improvements.tell us how you used this material and to offer suggestions for improvements.