FIT2093 Lecture Notes - Lecture 1: Telephone Tapping, Email Spam, Information Security
30 May 2018
School
Department
Course
Professor
FIT2093 - Revision Notes
Lecture 1 - Introduction to Cyber Security
•Computer Security: The protection afforded to an automated information system in order
to attain the applicable objectives of preserving the integrity, availability and
confidentiality of information system resources (includes hardware, software, firmware,
information/data, and telecommunication)
◦Confidentiality preserving authorised restrictions on information access and
disclosure, including means for protecting personal privacy and proprietary
information. A loss of confidentiality is the unauthorised disclosure of information
◦Integrity: Guarding against improper information modification or destruction,
including ensuring information nonrepudiation and authenticity. A loss of integrity
is the unauthorised modification or destruction of information
◦Availability: Ensuring timely and reliable access to and use of information. A loss of
availability is the disruption of access to or use of information or an information
system
Terminology:
Repudiation: the denial of a commitment or data receipt
- this involves an attempt to back out of a contract or a protocol that requires the different parties
to provide receipts acknowledging that data has been received
Key Security Concepts:
-CIA Triad
-Confidentiality:
-Data
-Privacy
-Integrity:
-Data
-System
-Availability: the information should be accessible and useable (without delay) upon demand
by an authorised entity
-Level of Impact:
-Low: loss could be expected to have a limited adverse effect on organisational operations,
organisational assets, or individuals
-Moderate: loss could be expected to have a serious adverse effect on organisational
operations, organisational assets, or individuals
-High: loss could be expected to have a severe or catastrophic adverse effect on
organisational operations, organisational assets, or individuals
Network Security Attacks
Categorised as passive or active
Passive: an attempt to learn or make use of information from the system that does not affect
system resources, eavesdropping
- release of message contents: opponent learns contents of sensitive transmissions
- traffic analysis: can occur even when contents of messages are masked (e.g. encrypted)
find more resources at oneclass.com
find more resources at oneclass.com
Document Summary
Computer security: the protection afforded to an automated information system in order to attain the applicable objectives of preserving the integrity, availability and confidentiality of information system resources (includes hardware, software, firmware, information/data, and telecommunication) Confidentiality preserving authorised restrictions on information access and disclosure, including means for protecting personal privacy and proprietary information. A loss of confidentiality is the unauthorised disclosure of information. Integrity: guarding against improper information modification or destruction, including ensuring information nonrepudiation and authenticity. A loss of integrity is the unauthorised modification or destruction of information. Availability: ensuring timely and reliable access to and use of information. A loss of availability is the disruption of access to or use of information or an information system. Repudiation: the denial of a commitment or data receipt. This involves an attempt to back out of a contract or a protocol that requires the different parties to provide receipts acknowledging that data has been received.
