COMP416 Information Security Introduction 164851
COMP416 Information Security Introduction 164851
LECTURE#01
Muhammad Yousif
Department of Computer Science (CS)
Minhaj Univeristy
[email protected]
Information Security Foundations
Outline
What is security?
According to a dictionary, security is the “freedom
from risk or danger”
In practice, 100% security is unachievable
Not about completely preventing loss, but about managing it
A definition of computer security
Risk An expectation of loss expressed as the probability that a particular threat will
exploit a particular vulnerability with a particular harmful result.
Security Policy A set of rules and practices that specify or regulate how a system or
organization provides security services to protect sensitive and critical system
resources.
System Resource (Asset) Data contained in an information system; or a service
provided by a system; or a system capability, such as processing power or
communication bandwidth; or an item of system equipment (i.e., a system
component— hardware, firmware, software, or documentation); or a facility that
houses system operations and equipment.
Threats
. .
Threat × Vulnerability
Risk = × Value
Countermeasures
Threat consequences