This chapter presents the following content: Security concepts: confidentiality, integrity, availability; security attacks, services, mechanisms; models for network (access) security; classical encryption techniques; symmetric cipher model. | Data Security and Encryption (CSE348) Lecture slides by Lawrie Brown for “Cryptography and Network Security”, 5/e, by William Stallings, briefly reviewing the text outline from Ch 0, and then presenting the content from Chapter 1 – “Introduction”. Lecture # 2 Review Course outline Topic roadmap Standards organizations Security concepts Chapter 1 summary. Computer Security Protection afforded to an automated information system in order to attain the applicable objectives of preserving the integrity, availability and confidentiality of information system resources (includes hardware, software, firmware, information/data, and telecommunications) The NIST Computer Security Handbook [NIST95] defines the term computer security as shown on this slide. This definition introduces three key objectives that are at the heart of computer security as we see on the next slide. Key Security Concepts These three concepts form what is often referred to as the CIA triad (Figure ). The three concepts embody the fundamental security objectives for both data and for information and computing services. FIPS PUB 199 provides a useful characterization of these three objectives in terms of requirements and the definition of a loss of security in each category: • Confidentiality (covers both data confidentiality and privacy): preserving authorized restrictions on information access and disclosure, including means for protecting personal privacy and proprietary information. A loss of confidentiality is the unauthorized disclosure of information. • Integrity (covers both data and system integrity): Guarding against improper information modification or destruction, and includes ensuring information non-repudiation and authenticity. A loss of integrity is the unauthorized modification or destruction of information. • Availability: Ensuring timely and reliable access to and use of information. A loss of availability is the disruption of access to or use of | Data Security and Encryption (CSE348) Lecture slides by Lawrie Brown for “Cryptography and Network Security”, 5/e, by William Stallings, briefly reviewing the text outline from Ch 0, and then presenting the content from Chapter 1 – “Introduction”. Lecture # 2 Review Course outline Topic roadmap Standards organizations Security concepts Chapter 1 summary. Computer Security Protection afforded to an automated information system in order to attain the applicable objectives of preserving the integrity, availability and confidentiality of information system resources (includes hardware, software, firmware, information/data, and telecommunications) The NIST Computer Security Handbook [NIST95] defines the term computer security as shown on this slide. This definition introduces three key objectives that are at the heart of computer security as we see on the next slide. Key Security Concepts These three concepts form what is often referred to as the CIA .
