ITM820 - Midterm Study Prep.doc

28 Pages
Unlock Document

Ryerson University
Information Technology Management
ITM 820
Farid Shirazi

Chapter 1What is a system The first thing we need to clarify is what we mean by system 1 A product or component such as a cryptographic protocol a smartcard or PC hardware2 A collection of the above plus an operating system communications and other things that make up an organizations infrastructure3 The above plus one or more applications accounts payroll design4 Any or all of the above plus IT staff5 Any or all of the above plus internal users and management6 Any or all of the above plus customers and other external users7 Any or all of the above plus the surrounding environment including the media competitors regulators and politiciansSecuritymeans a set of principles models rules and mechanisms to ensure correct and reliable system or application operation and to achieve the following generic security properties of the secure system operation subject or entityConfidentialityAuthenticityIntegrityAccess controlAvailability Security engineering is a specialized field of engineering that focuses on the security aspects in the design of systems that need to be able to deal robustly with possible sources of disruption ranging from natural disasters to malicious actsSecurity engineering has two basic types of systems There are well defined security models for both types of systems 1Open internetnetwork based systems web based applications or network file sharing Open System Interconnection OSI Security Architecture X800ISO78942 provides a framework for building open systems and applications that interact over network including internet and web based applications A common framework and approach for developing secure protocols and applications on one hand and for evaluation and management of different security services and procedures on other hand Security Architecture for OSI that specifies basic security services and mechanisms and their relation to the OSI layers The OSI security architecture is fully applicable to the Internet TCPIP protocol stack due their direct mapping at the Data link network and transport layers2Computer systems that operating systems Trusted Computing Base TCB defines how such trusted computing environments as operating systems are built and operate everything in a computing system that provides a secure environmentDifference between these two models TCB which functionality is mostly provided by the operating system security kernel is focused on the security of the managed object which are the processes in the operating system run under the security monitor controlOSI security is focused on the security of independent distributed systems interaction over open networkingInternet environment Security services are defined as services provided by a protocol layer of communicating or interacting systems which ensure adequate security of the systems or of data transfers Security policies are used to manage security services and can be a part of an application specific security service implementationSecurity mechanisms can be defined as processes that may be implemented as a device or a program or applied as a security management procedure that are designed to detect prevent or recover from a potential security attacks To ensure openness and interoperability of communicating or interacting systems the services are defined for specific OSI layers and may use one or more security mechanisms Security mechanisms are divided into two groups oSpecific security mechanisms ie those that can be incorporated into the specific OSI layer in order to provide some of the services oPervasive security mechanisms which are not specific to any particular service or layer Some of the pervasive security mechanisms can be regarded as aspects of security management
More Less

Related notes for ITM 820

Log In


Don't have an account?

Join OneClass

Access over 10 million pages of study
documents for 1.3 million courses.

Sign up

Join to view


By registering, I agree to the Terms and Privacy Policies
Already have an account?
Just a few more details

So we can recommend you notes for your school.

Reset Password

Please enter below the email address you registered with and we will send you a link to reset your password.

Add your courses

Get notes from the top students in your class.