1. INTRODUCTION TO INFORMATION SYSTEMS SUPdeCO - PCM - English Track October 2008 Computer-Based Information Systems Security PROF. DIANA MANGALAGIU MANAGEMENT AND STRATEGY DEPARTMENT

2. Concept of security « The security of an information system is its non-vulnerability to accidents or deliberate attacks, that is the impossibility that those attacks have any serious impacts on the state and the operation of the system » J. P. Magnier

4. General definitions Un sinistre Causes of vulnerability Immediate and long-term effects An attack or a natural disaster Disaster : Source: P. Reix

5. S ecurity guidelines : To handle security, it should be assessed using indicators including: 1 – Availability of information and functionalities 2 – Truthfulness of information 3 – Confidentiality of information 4 – Non-repudiation of communications 5 – Traceability of operations Potential causes of the disaster make it essential to keep watch over the vulnerability of the system and thus over the risks it runs. General definitions

7. Security planning Policies for security 1 – Material resource security 2 – Software security 3 – Application security 4 – General security steps 5 – Insurance The idea that security is entirely handled by hardware and software related procedures is a dangerous utopia as it must come with organizational thinking as well as awareness and training of individuals.

8. Four cornerstones of security & trust authentication integrity & non- authorisation confidentiality repudiation

12. Confidentiality Only intended recipient can make sense of message or stored information authentication integrity & non- confidentiality repudiation

13. Authorisation Is the user allowed to perform these operations? authentication integrity & non- authorisation confidentiality repudiation