Scribd
Upload
41 views

Pillars and Access Control

The document discusses key information security principles and practices including threats, vulnerabilities, risks, impacts, and security architectures. It covers the pillars of security as well as common security concepts like the CIA triad and Parkerian hexad. Finally, it examines access control methods like authentication, authorization, and strategies like discretionary access control, mandatory access control, and role-based access control.

Uploaded by

Aura Firdaraya
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
41 views

Pillars and Access Control

The document discusses key information security principles and practices including threats, vulnerabilities, risks, impacts, and security architectures. It covers the pillars of security as well as common security concepts like the CIA triad and Parkerian hexad. Finally, it examines access control methods like authentication, authorization, and strategies like discretionary access control, mandatory access control, and role-based access control.

Uploaded by

Aura Firdaraya
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 17

Key Principles and Practices

Threats, Pillars of Security, Security Concepts and Access Control

ITB STIKOM Bali


I Gede Teguh Satya Dharma, S.Kom, M.Cs.
SI213106 - Information System Security
Attacks, Threats, Vulnerability, Risks and Impact

• Attacks
• A deliberate action taken to exploit a vulnerability in an organization's security defenses.
• Threats
• A potential danger to an organization's information assets, systems, or operations.
• Vulnerabilities
• Weakness, holes that threats can exploit to harm the organizations.
• Risks
• The potential for loss, damage or destruction of assets or data.
• Impact
• Impact considers the value of the asset being threatened and uses it to calculate risk.

ITB STIKOM Bali


I Gede Teguh Satya Dharma, S.Kom, M.Cs.
SI213106 - Information System Security
Type of Threats

ITB STIKOM Bali


I Gede Teguh Satya Dharma, S.Kom, M.Cs.
SI213106 - Information System Security
IS Architectures

• Information security architectures and frameworks are the basis for building a secure system.
• However, this doesn’t mean the system will always be 100% safe.

ITB STIKOM Bali


I Gede Teguh Satya Dharma, S.Kom, M.Cs.
SI213106 - Information System Security
Information Security Architecture

• A layered approach to information security


• Simple examples of each layers:
• Physical: Placing the system (i.e.
computer/server) in a safe environment,
fingerprints, ID Card, Biometrics.
• Access control: Correctly granting access
of a certain directory for a certain people
(Authentication and Authorization).
• Application: Correctly configuring
database, creating a reliable code that
ensure safety.
• Network: Correctly configuring networks
components such as router, TCP/IP,
setting firewalls, IDS/IPS.
• Host: Maintained drivers, implementing
anti-virus, strong password etc.

ITB STIKOM Bali


I Gede Teguh Satya Dharma, S.Kom, M.Cs.
SI213106 - Information System Security
Information Security Frameworks

ITB STIKOM Bali


I Gede Teguh Satya Dharma, S.Kom, M.Cs.
SI213106 - Information System Security
Pillars of Information
Security
Security is a continuous process. It
involves people, policies, procedures,
processes, and technology.
These three categories can be
considered the pillars of information
security.

ITB STIKOM Bali


I Gede Teguh Satya Dharma, S.Kom, M.Cs.
SI213106 - Information System Security
Information Security
Concepts: CIA Triads

The CIA Triads:


1. Confidentiality: Some information is
secret or needs to be restricted.
2. Integrity: Information is not modified
against the intention of the originator.
3. Availability: Information must be
always available.

ITB STIKOM Bali


I Gede Teguh Satya Dharma, S.Kom, M.Cs.
SI213106 - Information System Security
Information Security
Concepts: Parkerian
Hexard
Donn B. Parker’s alternative perspective
of the perspective of information security.
He complements the CIA triad, resulting
6 core concepts (Hexa):
1. Confidentiality
2. Possession or Control
3. Integrity
4. Authenticity
5. Availability
6. Utility

ITB STIKOM Bali


I Gede Teguh Satya Dharma, S.Kom, M.Cs.
SI213106 - Information System Security
“Attacks” on CIA Triad Perspective

ITB STIKOM Bali


I Gede Teguh Satya Dharma, S.Kom, M.Cs.
SI213106 - Information System Security
Access Control

ITB STIKOM Bali


I Gede Teguh Satya Dharma, S.Kom, M.Cs.
SI213106 - Information System Security
Authentication and Authorization in Access Control

Authentication Authorization

• Authentication is verifying the identity of a user • Authorization is permitting or restricting access


or a host that is accessing the system or to the information based on the type of users
network resource. and their roles.
• To determine from where and how the
resource is being accessed

ITB STIKOM Bali


I Gede Teguh Satya Dharma, S.Kom, M.Cs.
SI213106 - Information System Security
Access control

System access

Access control Network access

Data access

ITB STIKOM Bali


I Gede Teguh Satya Dharma, S.Kom, M.Cs.
SI213106 - Information System Security
Layers of Access Control

ITB STIKOM Bali


I Gede Teguh Satya Dharma, S.Kom, M.Cs.
SI213106 - Information System Security
Access Control Strategies

Discretionary Access Control (DAC) Mandatory Access Control (MAC)

• The owner of the resource can decide to


whom he/she should grant permission to
access, and exactly what they are allowed to
access.
• Example: CHMOD command in UNIX and
Linux

ITB STIKOM Bali


I Gede Teguh Satya Dharma, S.Kom, M.Cs.
SI213106 - Information System Security
Access Control Strategies (continued)

Role-Based Access Control (RBAC) Attribute Based Access Control

ITB STIKOM Bali


I Gede Teguh Satya Dharma, S.Kom, M.Cs.
SI213106 - Information System Security
Implementation of
Access Controls
Filesystem ACL
Network ACL
AAA Configuration
LDAP
IDAM

ITB STIKOM Bali


I Gede Teguh Satya Dharma, S.Kom, M.Cs.
SI213106 - Information System Security

You might also like