Course information Course Resources - Forsiden · Draft Lecture Plan Week Date # Topic W04...
Transcript of Course information Course Resources - Forsiden · Draft Lecture Plan Week Date # Topic W04...
INF3
510
Info
rmat
ion
Secu
rity
Lect
ure
01:
-Cou
rse
info
-Bas
ic c
once
pts
in in
form
atio
n se
curit
y
Uni
vers
ity o
f Osl
o, s
prin
g 20
16
Cou
rse
info
rmat
ion
•C
ours
e or
gani
zatio
n•
Prer
equi
site
s•
Sylla
bus
and
text
boo
k•
Lect
ure
plan
•H
ome
exam
•As
sess
men
t and
exa
ms
•Se
curit
y ed
ucat
ion
•AF
Sec
urity
UiO
Spr
ing
2016
L01
-IN
F351
0 In
form
atio
n Se
curit
y2
UiO
Spr
ing
2016
L01
-IN
F351
0 In
form
atio
n Se
curit
y3
Cou
rse
orga
nisa
tion
•C
ours
e a
ctiv
ities
–At
tend
2 h
ours
lect
ures
per
wee
k•
Lect
ure
note
s av
aila
ble
at le
ast o
ne d
ay p
rior t
o le
ctur
e–
Wor
k on
the
wor
ksho
p qu
estio
ns•
Will
be d
iscu
ssed
dur
ing
the
follo
win
g w
eek’
s w
orks
hop
whi
ch
follo
ws
imm
edia
tely
afte
r the
2-h
our l
ectu
re–
Wor
k on
the
hom
e ex
am•
Topi
c fo
r the
ass
ignm
ent c
an b
e fre
ely
chos
en.
•N
ot ju
st a
bout
fact
s, y
ou a
lso
need
to–
unde
rsta
nd c
once
pts
–ap
ply
thos
e co
ncep
ts–
thin
k ab
out i
mpl
icat
ions
–un
ders
tand
lim
itatio
ns
UiO
Spr
ing
2016
L01
-IN
F351
0 In
form
atio
n Se
curit
y4
Cou
rse
Res
ourc
es
•Le
arni
ng m
ater
ial i
s av
aila
ble
at:
–ht
tp://
ww
w.u
io.n
o/st
udie
r/em
ner/m
atna
t/ifi/
INF3
510/
v16/
–le
ctur
e pr
esen
tatio
ns, w
orks
hop
ques
tions
, etc
.–
List
of E
nglis
h se
curit
y te
rms
trans
late
d to
Nor
weg
ian
•As
sign
men
t top
ic fo
r hom
e ex
am o
n:–
http
s://w
iki.u
io.n
o/m
n/ifi
/INF3
510-
2016
•Va
rious
onl
ine
reso
urce
s –
E.g.
NIS
T sp
ecia
l com
pute
r sec
urity
pub
licat
ions
http
://cs
rc.n
ist.g
ov/p
ublic
atio
ns/P
ubsS
Ps.h
tml
Lect
urer
•Pr
of. A
udun
Jøs
ang,
•Ed
ucat
ion
–C
ISSP
200
5, C
ISM
201
0,–
PhD
Info
rmat
ion
Secu
rity,
NTN
U, 1
998
–M
Sc In
form
atio
n Se
curit
y, R
oyal
Hol
low
ay C
olle
ge, L
ondo
n, 1
993
–BS
c Te
lem
atic
s, N
TH 1
987
–Ba
ccal
aure
at, L
ycée
Cor
neille
, Fra
nce,
198
1•
Wor
k–
Prof
esso
r, U
iO, 2
008
–As
soci
ate
Prof
esso
r, Q
UT,
Aus
tralia
, 200
5-20
07–
Res
earc
h Le
ader
, DST
C, A
ustra
lia 2
000-
2004
–As
soci
ate
Prof
esso
r, N
TNU
, 199
8-19
99–
Syst
em d
esig
n en
gine
er, A
lcat
el, B
elgi
um 1
988-
1992
L01
-IN
F351
0 In
form
atio
n Se
curit
yU
iO S
prin
g 20
165
UiO
Spr
ing
2016
L01
-IN
F351
0 In
form
atio
n Se
curit
y6
Prer
equi
site
s
•Pr
ereq
uisi
tes
–Ba
sic
com
pute
r and
net
wor
k te
chno
logy
–
Basi
c m
athe
mat
ics
•Th
eore
tic fo
cus
on a
bas
ic le
vel
–D
iscr
ete
mat
hem
atic
s, n
umbe
r the
ory,
mod
ular
arit
hmet
ic–
Info
rmat
ion
theo
ry–
Prob
abilit
y ca
lcul
us–
Com
pute
r and
net
wor
k ar
chite
ctur
e
Sylla
bus
and
text
boo
k•
The
sylla
bus
for t
his
cour
se c
onsi
sts
of th
e m
ater
ial p
rese
nted
dur
ing
the
lect
ures
, as
desc
ribed
in th
e le
ctur
e no
tes.
•Ad
equa
te c
ompr
ehen
sion
of t
he m
ater
ial r
equi
res
that
you
als
o–
read
par
ts o
f the
text
boo
k an
d ot
her d
ocum
ents
–w
ork
out a
nsw
ers
to th
e w
orks
hop
ques
tions
–fo
llow
the
lect
ures
.•
Text
boo
k:
CIS
SP A
ll-in
-One
Exa
m G
uide
6th
Editi
on, 2
013
Auth
or: S
hon
Har
ris(7
th e
ditio
n in
May
201
6)•
The
book
cov
ers
the
10 C
BK d
omai
ns (C
omm
on B
ody
of K
now
ledg
e)
for t
he C
ISSP
Exa
m (C
ertif
ied
Info
rmat
ion
Syst
ems
Secu
rity
Prof
essi
onal
).•
Easy
to o
rder
boo
k fro
m a
maz
on.c
om, p
rice:
US$
50
http
://w
ww
.am
azon
.com
/CIS
SP-A
ll-O
ne-G
uide
-Edi
tion/
dp/0
0717
8174
9
UiO
Spr
ing
2016
L01
-IN
F351
0 In
form
atio
n Se
curit
y7
Shon
Har
ris
How
to u
se H
arris
’ CIS
SP b
ook
(6th
ed.
)
•14
30 p
ages
in to
tal
–Bu
t exc
lude
•C
h.1
(Bec
omin
g a
CIS
SP)
•50
pag
es o
f app
endi
x, g
loss
ary
and
inde
x•
300
page
s of
tips
, Q&A
•Pa
rts o
f cha
pter
s–
Arou
nd 8
00 p
ages
of r
eada
ble
mat
eria
l–
The
book
is v
ery
easy
to re
ad
–So
met
imes
long
exp
lana
tions
and
exa
mpl
es
•Ea
ch c
hapt
er h
as M
ain
Sect
ions
(big
font
) and
Su
bsec
tions
(sm
all f
ont),
but
no
num
berin
g, a
bit
conf
usin
g.•
Don
’t re
ad d
istr
actin
g co
mm
ents
in it
alic
s und
er s
ectio
n tit
les
UiO
Spr
ing
2016
L01
-IN
F351
0 In
form
atio
n Se
curit
y8
Draft Lecture Plan UiO
Spr
ing
2016
L01
-IN
F351
0 In
form
atio
n Se
curit
y9
Wee
kD
ate
#To
pic
W04
25.0
1.20
161
Cou
rse
Info
rmat
ion.
Bas
ic C
once
pts
in IS
W05
01.0
2.20
162
IS M
anag
emen
t, H
uman
Fac
tors
for I
SW
0608
.02.
2016
3R
isk
Man
agem
ent a
nd B
usin
ess
Con
tinui
ty P
lann
ing
W07
15.0
2.20
164
Com
pute
r Sec
urity
W08
22.0
2.20
165
Cry
ptog
raph
yW
0929
.02.
2016
6Ke
y M
anag
emen
t and
PKI
W10
07.0
3.20
167
Dig
ital F
oren
sics
W11
14.0
3.20
168
Use
r Aut
hent
icat
ion
W12
Eas
ter b
reak
W13
Eas
ter b
reak
W14
04.0
4.20
169
Iden
tity
Man
agem
ent a
nd A
cces
s C
ontro
lW
1511
.03.
2016
10N
etw
ork
Secu
rity
W16
18.0
4.20
1611
Net
wor
k Pe
rimet
er S
ecur
ityW
17N
o le
ctur
eW
1802
.05.
2016
12D
evel
opm
ent a
nd A
pplic
atio
n Se
curit
yW
19N
o le
ctur
eW
20N
o le
ctur
eW
2123
.05.
2016
Rev
iew
W22
No
lect
ure
W23
08.0
6.20
16D
igita
l exa
m, t
ime:
09:
00h
-13:
00h
(4 h
ours
)
UiO
Spr
ing
2016
L01
-IN
F351
0 In
form
atio
n Se
curit
y10
Hom
e Ex
am
•W
rite
an e
ssay
on
a se
curit
y to
pic
chos
en b
y yo
u•
Wor
k in
divi
dual
ly, o
r in
grou
p of
2 o
r 3 s
tude
nts
•Se
lect
topi
c an
d sp
ecify
gro
up o
n w
iki
http
s://w
iki.u
io.n
o/m
n/ifi
/INF3
510-
2016
/•
Leng
th: 5
000
-100
00 w
ords
(app
rox.
10
–15
pag
es)
•D
ue d
ate:
13.
05.2
016
•As
sess
men
t crit
eria
:–
Stru
ctur
e an
d pr
esen
tatio
n: w
eigh
t ¼
–Sc
ope
and
dept
h of
con
tent
: wei
ght ¼
–
Evid
ence
of i
ndep
ende
nt re
sear
ch a
nd a
naly
sis:
wei
ght ¼
–
Prop
er u
se o
f ref
eren
ces:
wei
ght ¼
UiO
Spr
ing
2016
L01
-IN
F351
0 In
form
atio
n Se
curit
y11
Asse
ssm
ent a
nd M
arki
ng
•C
ours
e w
eigh
t: 10
stu
dy p
oint
s•
Asse
ssm
ent i
tem
s:–
Hom
e ex
am: w
eigh
t 0.4
–
Dig
ital e
xam
: wei
ght 0
.6•
Req
uire
d to
get
a p
ass
scor
e on
bot
h as
sess
men
t ite
ms
–At
leas
t 40%
on
hom
e ex
am a
nd 4
0% o
n w
ritte
n ex
am–
Rel
ativ
ely
easy
to g
et a
hig
h sc
ore
on h
ome
exam
–R
elat
ivel
y di
fficu
lt to
get
a h
igh
scor
e on
writ
ten
exam
•Ac
adem
ic d
isho
nest
y (in
clud
ing
plag
iaris
m a
nd c
heat
ing)
is
activ
ely
disc
oura
ged
•Se
e: h
ttp://
ww
w.u
io.n
o/en
glis
h/st
udie
s/ad
min
/exa
min
atio
ns/c
heat
ing/
•Sh
ould
be
no p
robl
em
Exam
sta
tistic
s fro
m p
revi
ous
year
s
UiO
Spr
ing
2016
L01
-IN
F351
0 In
form
atio
n Se
curit
y12
Year
# st
uden
ts#
A(%
)#
B(%
)#
C(%
)#
D(%
)#
E(%
)#
F(%
)
2015
121
10 (9%
)30
(25%
)45
(37%
)9
(7%
)9
(7%
)18
(15%
)
2014
103
4(4
%)
8(7
.5%
)45
(44%
)14
(13.
5%)
9(4
.5%
)23
(22.
5%)
2013
0Fo
r the
201
3 sp
ring
sem
este
r the
cou
rse
was
can
celle
d du
e to
facu
lty p
oliti
cs.
2012
342
(6%
)6
(18%
)14
(41%
)0
(0.0
%)
6(1
7.5%
)6
(17.
5%)
2011
701
(2%
)10
(14%
)33
(47%
)9
(13%
)10
(14%
)7
(10%
)
2010
581
(2%
)15
(26%
)25
(43%
)7
(12%
)3
(5%
)7
(12%
)
Oth
er s
ecur
ity c
ours
es a
t IFI
•U
NIK
4220
: Int
rodu
ctio
n to
Cry
ptog
raph
y–
Leif
Nils
en (
autu
mn,
taug
ht a
t IFI
)•
UN
IK42
50: S
ecur
ity in
Dis
tribu
ted
Syst
ems
–N
ils A
gne
Nor
dbot
ten
(spr
ing)
•U
NIK
4270
: Sec
urity
in O
S an
d So
ftwar
e–
Audu
n Jø
sang
(Aut
umn,
taug
ht a
t IFI
)•
UN
IK47
40: I
nfoS
ec in
Indu
stria
l Sen
sor a
nd M
obile
Sys
tem
s–
Judi
th R
osse
bø (a
utum
n)•
INF5
150
-Una
ssai
labl
e IT
-sys
tem
s–
Ketil
Stø
len
(aut
umn)
•IT
LED
4230
Led
else
av
info
rmas
jons
sikk
erhe
t–
Audu
n Jø
sang
(aut
umn)
–Fo
r pro
fess
iona
ls (f
ee N
OK
25K)
UiO
Spr
ing
2016
L01
-IN
F351
0 In
form
atio
n Se
curit
y13
Why
stu
dy in
form
atio
n se
curit
y ?
•Be
ing
an IT
exp
ert r
equi
res
know
ledg
e ab
out I
T se
curit
y–
Imag
ine
build
ing
arch
itect
s w
ithou
t kno
wle
dge
abou
t fire
saf
ety
•Bu
ildin
g IT
sys
tem
s w
ithou
t con
side
ring
secu
rity
will
lead
to
vul
nera
ble
IT s
yste
ms
•G
loba
l IT
infra
stru
ctur
e is
vul
nera
ble
to c
yber
atta
cks
•IT
exp
erts
with
out s
ecur
ity s
kills
are
par
t of t
he p
robl
em !
•Le
arn
abou
t IT
secu
rity
to b
ecom
e pa
rt of
the
solu
tion
•In
form
atio
n se
curit
y is
a p
oliti
cal i
ssue
–O
ften
seen
as
a co
st, b
ut s
aves
cos
ts in
the
long
term
–O
ften
give
n lo
w p
riorit
y in
IT in
dust
ry a
nd IT
edu
catio
n
UiO
Spr
ing
2016
L01
-IN
F351
0 In
form
atio
n Se
curit
y14
Cer
tific
atio
ns fo
r IS
Prof
essi
onal
s
•M
any
diffe
rent
type
s of
cer
tific
atio
ns a
vaila
ble
–ve
ndor
neu
tral o
r ven
dor s
peci
fic–
from
non
-pro
fit o
rgan
isat
ions
or c
omm
erci
al fo
r-pro
fit o
rgan
isat
ions
•C
ertif
icat
ion
give
s as
sura
nce
of k
now
ledg
e an
d sk
ills,
–ne
eded
in jo
b fu
nctio
ns–
give
s cr
edib
ility
for c
onsu
ltant
s, a
pply
ing
for j
obs,
for p
rom
otio
n•
Som
etim
es re
quire
d–
US
Gov
ernm
ent I
T Se
curit
y jo
bs•
Know
ledg
e do
mai
ns re
flect
cur
rent
topi
cs in
IT S
ecur
ity–
Gen
eral
ly k
ept u
p-to
-dat
e
UiO
Spr
ing
2016
L01
-IN
F351
0 In
form
atio
n Se
curit
y15
ISAC
A C
ertif
icat
ions
(Info
rmat
ion
Syst
ems
Audi
t and
Con
trol A
ssoc
iatio
n)
•IS
ACA
prom
otes
IT g
over
nanc
e fra
mew
ork
CO
BIT
(C
ontro
l Obj
ectiv
es fo
r Inf
orm
atio
n an
d R
elat
ed T
echn
olog
ies)
•IS
ACA
prov
ides
cer
tific
atio
n fo
r IT
prof
essi
onal
s–
CIS
M-C
ertif
ied
Info
rmat
ion
Secu
rity
Man
ager
–C
ISA
-Cer
tifie
d In
form
atio
n Sy
stem
Aud
itor
–C
GIT
-Cer
tifie
d in
the
Gov
erna
nce
of E
nter
pris
e IT
–C
RSI
C-C
ertif
ied
in R
isk
and
Info
rmat
ion
Syst
ems
Con
trol
•C
ISM
is th
e m
ost p
opul
ar IS
ACA
secu
rity
certi
ficat
ion
UiO
Spr
ing
2016
L01
-IN
F351
0 In
form
atio
n Se
curit
y16
CIS
M: C
ertif
ied
Info
rmat
ion
Secu
rity
Man
ager
•Fo
cuse
s on
4 d
omai
ns o
f IS
man
agem
ent
1.In
form
atio
n Se
curit
y G
over
nanc
e2.
Info
rmat
ion
Ris
k M
anag
emen
t3.
Info
rmat
ion
Secu
rity
Prog
ram
Dev
elop
men
t and
M
anag
emen
t4.
Info
rmat
ion
Secu
rity
Inci
dent
Man
agem
ent
•O
ffici
al p
rep
man
ual p
ublis
hed
by IS
ACA
–14
thed
ition
2016
–ht
tps:
//ww
w.is
aca.
org/
book
stor
e/Pr
ice:
US
$135
($10
5 fo
r ISA
CA
mem
bers
)–
http
s://w
ww
.isac
a.or
g/bo
okst
ore/
Page
s/C
ISM
-Exa
m-R
esou
rces
.asp
x
UiO
Spr
ing
2016
L01
-IN
F351
0 In
form
atio
n Se
curit
y17
CIS
M E
xam
•Ex
ams
norm
ally
twic
e pe
r yea
r wor
ldw
ide
•N
ext e
xam
in O
slo
(and
wor
ldw
ide)
: Jun
e 20
16–
Dea
dlin
e fo
r reg
iste
ring:
Apr
il 20
15
–R
egis
ter f
or e
xam
at w
ww
.isac
a.or
g–
Exam
fee
appr
ox. U
S $5
00–
Mul
tiple
cho
ice
exam
–R
equi
res
5 ye
ars
prof
essi
onal
exp
erie
nce
–Ye
arly
CIS
M m
aint
enan
ce fe
e ap
prox
. US
$100
–R
equi
res
120
hour
s “p
ract
ice
time”
per
3 y
ears
UiO
Spr
ing
2016
L01
-IN
F351
0 In
form
atio
n Se
curit
y18
(ISC
)2C
ertif
icat
ions
Inte
rnat
iona
l Inf
orm
atio
n Sy
stem
s Se
curit
y C
ertif
icat
ion
Con
sorti
um
•(IS
C)2
prov
ides
cer
tific
atio
n fo
r inf
orm
atio
n se
curit
y pr
ofes
sion
als
–C
ISSP
-Cer
tifie
d In
form
atio
n Sy
stem
s Se
curit
y Pr
ofes
sion
al–
ISSA
P -I
nfor
mat
ion
Syst
ems
Secu
rity
Arch
itect
ure
Prof
essi
onal
–IS
SMP
-Inf
orm
atio
n Sy
stem
s Se
curit
y M
anag
emen
t Pro
fess
iona
l–
ISSE
P -I
nfor
mat
ion
Syst
ems
Secu
rity
Engi
neer
ing
Prof
essi
onal
–C
AP-C
ertif
icat
ion
and
Accr
edita
tion
Prof
essi
onal
–SS
CP
-Sys
tem
s Se
curit
y C
ertif
ied
Prac
titio
ner
–C
SSLP
-C
ertif
ied
Secu
re S
oftw
are
Life
cycl
e Pr
ofes
sion
al•
CIS
SP is
the
mos
t com
mon
IT s
ecur
ity c
ertif
icat
ion
–M
ost I
T Se
curit
y C
onsu
ltant
s ar
e C
ISSP
UiO
Spr
ing
2016
L01
-IN
F351
0 In
form
atio
n Se
curit
y19
CIS
SP E
xam
:C
ertif
ied
Info
rmat
ion
Syst
em S
ecur
ity P
rofe
ssio
nal
•M
any
diffe
rent
boo
ks to
pre
pare
for C
ISSP
exa
m•
e.g.
text
boo
k us
ed fo
r IN
F351
0 co
urse
CIS
SP A
ll-in
-One
Exa
m G
uide
6th
Editi
on, 2
013
Auth
or: S
hon
Har
ris(7
thed
ition
to a
ppea
r in
May
201
6)
•€
560
fee
to s
it C
ISSP
exa
m•
Exam
thro
ugh
http
://w
ww
.pea
rson
vue.
com
/isc2
/•
Test
Cen
tre in
Osl
o: h
ttp://
ww
w.g
lass
pape
r.no/
Br
ynsv
eien
12, B
ryn,
Osl
o •
Mos
t of t
he o
f the
mat
eria
l pre
sent
ed in
the
INF3
510
cour
se is
take
n fro
m th
e sy
llabu
s of
the
CIS
SP C
BK (C
omm
on B
ody
of K
now
ledg
e).
UiO
Spr
ing
2016
L01
-IN
F351
0 In
form
atio
n Se
curit
y20
CIS
SP C
BK (C
omm
on B
ody
of K
now
ledg
e)8
dom
ains
(unt
il 20
15 th
ere
wer
e 10
dom
ains
)
5.Id
entit
y an
d A
cces
s M
anag
emen
t(C
ontro
lling
Acce
ss a
nd M
anag
ing
Iden
tity)
6.
Secu
rity
Ass
essm
ent a
nd T
estin
g (D
esig
ning
, Per
form
ing,
and
An
alyz
ing
Secu
rity
Test
ing)
7.
Secu
rity
Ope
ratio
ns (F
ound
atio
nal
Con
cept
s, In
vest
igat
ions
, Inc
iden
t M
anag
emen
t, an
d D
isas
ter
Rec
over
y)
8.So
ftwar
e D
evel
opm
ent S
ecur
ity
(Und
erst
andi
ng, A
pply
ing,
and
En
forc
ing
Softw
are
Secu
rity)
UiO
Spr
ing
2016
L01
-IN
F351
0 In
form
atio
n Se
curit
y21
1.Se
curit
y an
d R
isk
Man
agem
ent (
Secu
rity,
Ris
k,
Com
plia
nce,
Law
, Reg
ulat
ions
, an
d Bu
sine
ss C
ontin
uity
) 2.
Ass
et S
ecur
ity (P
rote
ctin
g Se
curit
y of
Ass
ets)
3.
Secu
rity
Engi
neer
ing
(Eng
inee
ring
and
Man
agem
ent
of S
ecur
ity)
4.C
omm
unic
atio
n an
d N
etw
ork
Secu
rity
(Des
igni
ng a
nd
Prot
ectin
g N
etw
ork
Secu
rity)
Secu
rity
Surv
eys
•U
sefu
l for
kno
win
g th
e tre
nd a
nd c
urre
nt s
tate
of
info
rmat
ion
secu
rity
thre
ats
and
atta
cks
–C
SI C
ompu
ter C
rime
& Se
curit
y Su
rvey
(http
://go
csi.c
om/s
urve
y)–
Veriz
on D
ata
Brea
ch R
epor
t:ht
tp://
ww
w.v
eriz
onen
terp
rise.
com
/DBI
R/
–PW
C: h
ttp://
ww
w.p
wc.
com
/gx/
en/c
onsu
lting
-ser
vice
s/in
form
atio
n-se
curit
y-su
rvey
/–
US
IC3
(The
Inte
rnet
Crim
e C
ompl
aint
Cen
ter):
http
://w
ww
.ic3.
gov/
med
ia/a
nnua
lrepo
rts.a
spx
–M
ørke
talls
unde
rsøk
else
n; h
ttp://
ww
w.n
sr-o
rg.n
o/m
oerk
etal
l/
+ m
any
othe
rs
UiO
Spr
ing
2016
L01
-IN
F351
0 In
form
atio
n Se
curit
y22
Secu
rity
Advi
sorie
s•
Use
ful f
or le
arni
ng a
bout
new
thre
ats
and
vuln
erab
ilitie
s–
Nor
CER
T: F
or g
over
nmen
t sec
tor:
http
s://w
ww
.nsm
.sta
t.no/
–N
orSI
S: F
or p
rivat
e se
ctor
: http
://w
ww
.nor
sis.
no/
–U
S C
ERT:
http
://w
ww
.cer
t.org
/–
Aust
ralia
Aus
CER
T: h
ttp://
ww
w.a
usce
rt.or
g.au
/
+ m
any
othe
rs
UiO
Spr
ing
2016
L01
-IN
F351
0 In
form
atio
n Se
curit
y23
Acad
emic
For
um o
n Se
curit
y
•M
onth
ly s
emin
ar o
n in
form
atio
n se
curit
y•
http
s://w
iki.u
io.n
o/m
n/ifi
/AFS
ecur
ity/
•G
uest
spe
aker
s•
Nex
t AFS
ecur
ity:
–W
edne
sday
27
Janu
ary
2016
, 14:
00h
–To
pic:
Blu
etoo
th B
eaco
n P
rivac
y–
Spea
ker:
Atle
Årn
es (D
atat
ilsyn
et)
•Al
l int
eres
ted
are
wel
com
e !
UiO
Spr
ing
2016
24L0
1 -I
NF3
510
Info
rmat
ion
Secu
rity
AFS
ecur
ity
Info
rmat
ion
Secu
rity
Basi
c C
once
pts
Goo
d an
d ba
d tra
nsla
tion
Engl
ish
•Se
curit
y•
Safe
ty•
Cer
tain
ty
•Se
curit
y•
Safe
ty•
Cer
tain
ty
Nor
weg
ian
•Si
kker
het
•Tr
yggh
et•
Viss
het
•Si
kker
het
Bad
Goo
d
UiO
Spr
ing
2016
L01
-IN
F351
0 In
form
atio
n Se
curit
y26
Wha
t is
secu
rity
in g
ener
al
•Se
curit
y is
abo
ut p
rote
ctin
g as
sets
from
dam
age
or h
arm
•Fo
cuse
s on
all
type
s of
ass
ets
–Ex
ampl
e: y
our b
ody,
pos
sess
ions
, the
env
ironm
ent,
the
natio
n•
Secu
rity
and
rela
ted
conc
epts
–N
atio
nal s
ecur
ity (p
oliti
cal s
tabi
lity)
–Sa
fety
(hea
lth)
–En
viro
nmen
tal s
ecur
ity (c
lean
env
ironm
ent)
–In
form
atio
n se
curit
y –
etc.
UiO
Spr
ing
2016
L01
-IN
F351
0 In
form
atio
n Se
curit
y27
Wha
t is
Info
rmat
ion
Secu
rity
•In
form
atio
n Se
curit
y fo
cuse
s on
pro
tect
ing
info
rmat
ion
asse
tsfro
m d
amag
e or
har
m•
Wha
t are
the
asse
ts to
be
prot
ecte
d?–
Exam
ple:
dat
a fil
es, s
oftw
are,
IT e
quip
men
t and
infra
stru
ctur
e•
Cov
ers
both
inte
ntio
nal a
nd a
ccid
enta
l eve
nts
–Th
reat
age
nts
can
be p
eopl
e or
act
s of
nat
ure
–Pe
ople
can
cau
se h
arm
by
acci
dent
or b
y in
tent
•In
form
atio
n Se
curit
y de
fined
:–
The
pres
erva
tion
of c
onfid
entia
lity,
inte
grity
and
ava
ilabi
lity
of
info
rmat
ion;
in a
dditi
on, o
ther
pro
perti
es s
uch
as a
uthe
ntic
ity,
acco
unta
bilit
y, n
on-re
pudi
atio
n an
d re
liabi
lity
can
also
be
invo
lved
. (IS
O27
001)
UiO
Spr
ing
2016
L01
-IN
F351
0 In
form
atio
n Se
curit
y28
Scop
e of
info
rmat
ion
secu
rity
•IS
man
agem
ent h
as a
s go
al to
avo
id d
amag
e an
d to
con
trol r
isk
of d
amag
e to
info
rmat
ion
asse
ts•
IS m
anag
emen
t foc
uses
on:
–U
nder
stan
ding
thre
ats
and
vuln
erab
ilitie
s–
Man
agin
g th
reat
s by
redu
cing
vul
nera
bilit
ies
or th
reat
ex
posu
res
–D
etec
tion
of a
ttack
s an
d re
cove
ry fr
om a
ttack
s–
Inve
stig
ate
and
colle
ct e
vide
nce
abou
t inc
iden
ts
(fore
nsic
s)
UiO
Spr
ing
2016
L01
-IN
F351
0 In
form
atio
n Se
curit
y29
The
Nee
d fo
r Inf
orm
atio
n Se
curit
y
•W
hy n
ot s
impl
y so
lve
all s
ecur
ity p
robl
ems
once
for a
ll?•
Rea
sons
why
that
’s im
poss
ible
:–
Rap
id in
nova
tion
cons
tant
ly g
ener
ates
new
tech
nolo
gy w
ith n
ew
vuln
erab
ilitie
s–
Mor
e ac
tiviti
es g
o on
line
–C
rime
follo
ws
the
mon
ey–
Info
rmat
ion
secu
rity
is a
sec
ond
thou
ght w
hen
deve
lopi
ng IT
–N
ew a
nd c
hang
ing
thre
ats
–M
ore
effe
ctiv
e an
d ef
ficie
nt a
ttack
tech
niqu
e an
d to
ols
are
bein
g de
velo
ped
•C
oncl
usio
n: In
form
atio
n se
curit
y do
esn’
t hav
e a
final
goa
l, it’
s a
cont
inui
ng p
roce
ssU
iO S
prin
g 20
1630
L01
-IN
F351
0 In
form
atio
n Se
curit
y
Inte
rnet
Sto
rm S
urvi
val T
ime
Mea
sure
UiO
Spr
ing
2016
L01
-IN
F351
0 In
form
atio
n Se
curit
y31
The
surv
ival
tim
e is
cal
cula
ted
as th
e av
erag
e tim
e be
twee
n at
tack
s ag
ains
t ave
rage
targ
et IP
add
ress
.ht
tp://
isc.
sans
.org
/sur
viva
ltim
e.ht
ml
Mal
war
e Tr
end
UiO
Spr
ing
2016
L01
-IN
F351
0 In
form
atio
n Se
curit
y32
Secu
rity
cont
rol c
ateg
orie
s
UiO
Spr
ing
2016
L01
-IN
F351
0 In
form
atio
n Se
curit
y33
Phys
ical
con
trol
s•F
acilit
y pr
otec
tion
•Sec
urity
gua
rds
•Loc
ks•M
onito
ring
•Env
ironm
enta
l con
trols
•Intru
sion
det
ectio
n
Tech
nica
l con
trol
s•L
ogic
al a
cces
s co
ntro
l•C
rypt
ogra
phic
con
trols
•Sec
urity
dev
ices
•Use
r aut
hent
icat
ion
•Intru
sion
det
ectio
n•F
oren
sics
Adm
inis
trat
ive
cont
rols
•Pol
icie
s•S
tand
ards
•Pro
cedu
res
& pr
actic
e•P
erso
nnel
scr
eeni
ng•A
war
enes
s tra
inin
g
Info
rmat
ion
Secu
rity
UiO
Spr
ing
2016
L01
-IN
F351
0 In
form
atio
n Se
curit
y34
Secu
rity
cont
rol f
unct
iona
l typ
es
•Pr
even
tive
cont
rols
: –
prev
ent a
ttem
pts
to e
xplo
it vu
lner
abilit
ies
•Ex
ampl
e: e
ncry
ptio
n of
file
s•
Det
ectiv
eco
ntro
ls:
–w
arn
of a
ttem
pts
to e
xplo
it vu
lner
abilit
ies
•Ex
ampl
e: In
trusi
on d
etec
tion
syst
ems
(IDS)
•C
orre
ctiv
eco
ntro
ls:
–co
rrect
erro
rs o
r irre
gula
ritie
s th
at h
ave
been
det
ecte
d.
•Ex
ampl
e: R
esto
ring
all a
pplic
atio
ns fr
om th
e la
st k
now
n go
od im
age
to b
ring
a co
rrupt
ed s
yste
m b
ack
onlin
e
•U
se a
com
bina
tion
of c
ontro
ls to
hel
p en
sure
that
th
e or
gani
satio
nal p
roce
sses
, peo
ple,
and
te
chno
logy
ope
rate
with
in p
resc
ribed
bou
nds.
UiO
Spr
ing
2016
L01
-IN
F351
0 In
form
atio
n Se
curit
y35
Con
trols
by
Info
rmat
ion
Stat
es
•In
form
atio
n se
curit
y in
volv
es p
rote
ctin
g in
form
atio
n as
sets
from
har
m o
r dam
age.
•In
form
atio
n is
con
side
red
in o
ne o
f thr
ee p
ossi
ble
stat
es:
–D
urin
g st
orag
e•
Info
rmat
ion
stor
age
cont
aine
rs•
Elec
troni
c, p
hysi
cal,
hum
an
–D
urin
g tra
nsm
issi
on•
Phys
ical
or e
lect
roni
c
–D
urin
g pr
oces
sing
(use
)•
Phys
ical
or e
lect
roni
c
•Se
curit
y co
ntro
ls fo
r all
info
rmat
ion
stat
es a
re n
eede
d
UiO
Spr
ing
2016
L01
-IN
F351
0 In
form
atio
n Se
curit
y36
Secu
rity
Serv
ices
and
Pro
perti
es•
A se
curit
y se
rvic
e is
a h
igh
leve
l sec
urity
pro
perty
•Th
e tra
ditio
nal d
efin
ition
of i
nfor
mat
ion
secu
rity
is to
pr
eser
ve th
e th
ree
CIA
pro
perti
es fo
r dat
a an
d se
rvic
es:
–C
onfid
entia
lity:
–In
tegr
ity
–A
vaila
bilit
y:
•Th
e C
IA p
rope
rties
are
the
thre
e m
ain
secu
rity
serv
ices
Dat
a an
dSe
rvic
esAv
aila
bilit
y
Secu
rity
serv
ices
and
con
trols
•Se
curit
y se
rvic
es (a
ka. g
oals
or p
rope
rties
)–
impl
emen
tatio
n in
depe
nden
t–
supp
orte
d by
spe
cific
con
trols
•Se
curit
y co
ntro
ls (a
ka. m
echa
nism
s)–
Prac
tical
mec
hani
sms,
act
ions
, too
ls o
r pro
cedu
res
that
are
use
d to
pro
vide
sec
urity
ser
vice
s
UiO
Spr
ing
2016
L01
-IN
F351
0 In
form
atio
n Se
curit
y37
e.g.
Con
fiden
tialit
y –
Inte
grity
–Av
aila
bilit
y
e.g.
Enc
rypt
ion
–Fi
rew
alls
– A
war
enes
s
Secu
rity
serv
ices:
Secu
rity
cont
rols:
supp
ort
Con
fiden
tialit
y
•Th
e pr
oper
ty th
at in
form
atio
n is
not
mad
e av
aila
ble
or
disc
lose
d to
una
utho
rized
indi
vidu
als,
ent
ities
, or
proc
esse
s. (I
SO 2
7001
)•
Can
be
divi
ded
into
:–
Secr
ecy:
Pro
tect
ing
busi
ness
dat
a–
Priv
acy:
Pro
tect
ing
pers
onal
dat
a–
Anon
ymity
: Hid
e w
ho is
eng
agin
g in
wha
t act
ions
•M
ain
thre
at: I
nfor
mat
ion
thef
t, un
inte
ntio
nal d
iscl
osur
e•
Con
trols
: Enc
rypt
ion,
Acc
ess
Con
trol,
Perim
eter
def
ence
UiO
Spr
ing
2016
L01
-IN
F351
0 In
form
atio
n Se
curit
y38
Inte
grity
•D
ata
Inte
grity
: The
pro
perty
that
dat
a ha
s no
t bee
n al
tere
d or
des
troye
d in
an
unau
thor
ized
man
ner.
(X.8
00)
•Sy
stem
Inte
grity
:The
pro
perty
of s
afeg
uard
ing
the
accu
racy
and
com
plet
enes
s of
ass
ets
(ISO
270
01)
•M
ain
thre
at: D
ata
and
syst
em c
orru
ptio
n•
Con
trols
: –
Cry
ptog
raph
ic in
tegr
ity c
heck
,–
Encr
yptio
n,–
Acce
ss C
ontro
l–
Perim
eter
def
ence
–Au
dit
–Ve
rific
atio
n of
sys
tem
s an
d ap
plic
atio
ns
UiO
Spr
ing
2016
L01
-IN
F351
0 In
form
atio
n Se
curit
y39
Avai
labi
lity
•Th
e pr
oper
ty o
f bei
ng a
cces
sibl
e an
d us
able
up
on d
eman
d by
an
auth
oriz
ed e
ntity
.
(IS
O 2
7001
)•
Mai
n th
reat
: Den
ial o
f Ser
vice
(DoS
)–
The
prev
entio
n of
aut
horiz
ed a
cces
s to
reso
urce
s or
the
dela
ying
of t
ime
criti
cal o
pera
tions
•C
ontro
ls: R
edun
danc
y of
reso
urce
s, tr
affic
fil
terin
g, in
cide
nt re
cove
ry, i
nter
natio
nal
colla
bora
tion
and
polic
ing
UiO
Spr
ing
2016
L01
-IN
F351
0 In
form
atio
n Se
curit
y40
Auth
entic
ity
(Sec
urity
Ser
vice
)
•U
ser a
uthe
ntic
atio
n:–
The
proc
ess
of v
erify
ing
a cl
aim
ed id
entit
y of
a (l
egal
) use
r w
hen
acce
ssin
g a
syst
em o
r an
appl
icat
ion.
•O
rgan
isat
ion
auth
entic
atio
n:–
The
proc
ess
of v
erify
ing
a cl
aim
ed id
entit
y of
a (l
egal
) or
gani
satio
n in
an
onlin
e in
tera
ctio
n/se
ssio
n•
Syst
em a
uthe
ntic
atio
n (p
eer e
ntity
aut
hent
icat
ion)
: –
The
corro
bora
tion
(ver
ifica
tion)
that
a p
eer e
ntity
(sys
tem
) in
an
asso
ciat
ion
(con
nect
ion,
ses
sion
) is
the
one
clai
med
(X.8
00).
•D
ata
orig
in a
uthe
ntic
atio
n (m
essa
ge a
uthe
ntic
atio
n):
–Th
e co
rrobo
ratio
n (v
erifi
catio
n) th
at th
e so
urce
of d
ata
rece
ived
is
as
clai
med
(X.8
00).
UiO
Spr
ing
2016
L01
-IN
F351
0 In
form
atio
n Se
curit
y41
The
CIA
pro
perti
es a
re q
uite
gen
eral
sec
urity
ser
vice
s.
Oth
er s
ecur
ity s
ervi
ces
are
ofte
n m
entio
ned.
Au
then
ticat
ion
is v
ery
impo
rtant
, with
var
ious
type
s:
Taxo
nom
y of
Aut
hent
icat
ion
UiO
Spr
ing
2016
L01
-IN
F351
0 In
form
atio
n Se
curit
y42
Auth
entic
atio
n
Entit
y Au
then
ticat
ion
Use
r Au
then
ticat
ion
Org
anis
atio
n Au
then
ticat
ion
Dat
a Au
then
ticat
ion
Syst
em
Auth
entic
atio
n
MAC
, D
igSi
g&PK
I
pass
wor
ds, t
oken
s,
OTP
, bio
met
rics,
PKI
cryp
to p
roto
cols
,e.
g. IP
Sec,
PKI
cryp
to p
roto
cols
, e.
g. T
LS, P
KI
Use
r Ide
ntifi
catio
n an
d Au
then
ticat
ion
•Id
entif
icat
ion
–W
ho y
ou c
laim
to b
e–
Met
hod:
(use
r)nam
e, b
iom
etric
s•
Use
r aut
hent
icat
ion
–Pr
ove
that
you
are
the
one
you
clai
m to
be
•M
ain
thre
at: U
naut
horiz
ed a
cces
s•
Con
trols
:–
Pass
wor
ds,
–Pe
rson
al c
rypt
ogra
phic
toke
ns,
•O
TP g
ener
ator
s, e
tc.
–Bi
omet
rics
•Id
car
ds–
Cry
ptog
raph
ic s
ecur
ity/a
uthe
ntic
atio
n pr
otoc
ols
Auth
entic
atio
n to
ken
Alic
e W
onde
rland
D.O
.B. 3
1.12
.198
5C
hesh
ire, E
ngla
nd
Stud
ent n
r.330
33U
nive
rsity
of O
xfor
d
UiO
Spr
ing
2016
L01
-IN
F351
0 In
form
atio
n Se
curit
y43
Syst
em A
uthe
ntic
atio
n
•G
oal
–Es
tabl
ish
the
corre
ct id
entit
y of
rem
ote
host
s•
Mai
n th
reat
: –
Net
wor
k in
trusi
on–
Mas
quer
adin
g at
tack
s,–
Rep
lay
atta
cks
–(D
)DO
S at
tack
s•
Con
trols
:–
Cry
ptog
raph
ic a
uthe
ntic
atio
n pr
otoc
ols
base
d on
has
hing
and
en
cryp
tion
algo
rithm
s–
Exam
ples
: TLS
, VPN
, IPS
EC
UiO
Spr
ing
2016
L01
-IN
F351
0 In
form
atio
n Se
curit
y44
Hos
t AH
ost B
Dat
a O
rigin
Aut
hent
icat
ion
(Mes
sage
aut
hent
icat
ion)
•G
oal:
Rec
ipie
nt o
f a m
essa
ge (i
.e. d
ata)
can
ver
ify th
e co
rrect
ness
of c
laim
ed s
ende
r ide
ntity
–Bu
t 3rd
par
ty m
ay n
ot b
e ab
le to
ver
ify it
•M
ain
thre
ats:
–Fa
lse
trans
actio
ns–
Fals
e m
essa
ges
and
data
•C
ontro
ls:
–En
cryp
tion
with
sha
red
secr
et k
ey–
MAC
(Mes
sage
Aut
hent
icat
ion
Cod
e)–
Secu
rity
prot
ocol
s–
Dig
ital s
igna
ture
with
priv
ate
key
–El
ectro
nic
sign
atur
e,
•i.e
. any
dig
ital e
vide
nce
UiO
Spr
ing
2016
L01
-IN
F351
0 In
form
atio
n Se
curit
y45
Non
-Rep
udia
tion
(Sec
urity
Ser
vice
)•
Goa
l: M
akin
g se
ndin
g an
d re
ceiv
ing
mes
sage
s un
deni
able
th
roug
h un
forg
ible
evi
denc
e.–
Non
-repu
diat
ion
of o
rigin
: pro
of th
at d
ata
was
sen
t.–
Non
-repu
diat
ion
of d
eliv
ery:
pro
of th
at d
ata
was
rece
ived
.–
NB:
impr
ecis
e in
terp
reta
tion:
Has
a m
essa
ge b
een
rece
ived
and
read
ju
st b
ecau
se it
has
bee
n de
liver
ed to
you
r mai
lbox
?•
Mai
n th
reat
s:–
Send
er fa
lsel
y de
nyin
g ha
ving
sen
t mes
sage
–R
ecip
ient
fals
ely
deny
ing
havi
ng re
ceiv
ed m
essa
ge•
Con
trol:
digi
tal s
igna
ture
–C
rypt
ogra
phic
evi
denc
e th
at c
an b
e co
nfirm
ed b
y a
third
par
ty•
Dat
a or
igin
aut
hent
icat
ion
and
non-
repu
diat
ion
are
sim
ilar
–D
ata
orig
in a
uthe
ntic
atio
n on
ly p
rovi
des
proo
f to
reci
pien
t par
ty–
Non
-repu
diat
ion
also
pro
vide
s pr
oof t
o th
ird p
artie
sU
iO S
prin
g 20
16L0
1 -I
NF3
510
Info
rmat
ion
Secu
rity
46
Acco
unta
bilit
y(S
ecur
ity S
ervi
ce)
•G
oal:
Trac
e ac
tion
to a
spe
cific
use
r and
hol
d th
em
resp
onsi
ble
–A
udit
info
rmat
ion
mus
t be
sele
ctiv
ely
kept
and
pro
tect
ed s
o th
at
actio
ns a
ffect
ing
secu
rity
can
be tr
aced
to th
e re
spon
sibl
e pa
rty
(TC
SEC
/Ora
nge
Book
)•
Mai
n th
reat
s:–
Inab
ility
to id
entif
y so
urce
of i
ncid
ent
–In
abilit
y to
mak
e at
tack
er re
spon
sibl
e•
Con
trols
:–
Iden
tify
and
auth
entic
ate
user
s –
Log
all s
yste
m e
vent
s (a
udit)
–El
ectro
nic
sign
atur
e–
Non
-repu
diat
ion
base
d on
dig
ital s
igna
ture
–Fo
rens
ics
UiO
Spr
ing
2016
L01
-IN
F351
0 In
form
atio
n Se
curit
y47
Auth
oriz
atio
n•
Auth
oriz
atio
n is
to s
peci
fy a
cces
s an
d us
age
perm
issi
ons
for
entit
ies,
role
s or
pro
cess
es–
Auth
oriz
atio
n po
licy
norm
ally
def
ined
by
hum
ans
–Is
sued
by
an a
utho
rity
with
in th
e do
mai
n/or
gani
satio
n•
Auth
ority
can
be
dele
gate
d– –
Impl
emen
ted
in IT
sys
tem
s as
con
figur
atio
n/po
licy
•Be
war
e of
con
fusi
on (a
lso
in H
arris
text
boo
k):
–C
orre
ct: H
arris
6th
ed. p
.161
: "A
use
r may
be
auth
oriz
ed to
acc
ess
the
files
on
the
file
serv
er, b
ut u
ntil
she
is p
rope
rly id
entif
ied
and
auth
entic
ated
, tho
se re
sour
ces
are
out o
f rea
ch."
–W
rong
: Har
ris 6
thed
. p.1
61: "
If th
e sy
stem
det
erm
ines
that
the
subj
ect
may
acc
ess
the
reso
urce
, it a
utho
rizes
the
subj
ect".
UiO
Spr
ing
2016
L01
-IN
F351
0 In
form
atio
n Se
curit
y48
Iden
tity
and
Acce
ss M
anag
emen
t (IA
M)
Phas
es
Iden
tific
atio
nC
laim
iden
tity
Prov
e cl
aim
ed
iden
tity
Are
you
auth
oriz
ed?
Auth
entic
atio
n
Acce
ss
cont
rol
Reg
istra
tion
Prov
isio
ning
Auth
oriz
atio
nD
e-re
gist
ratio
n
Dea
ctiv
ate
cred
entia
ls
Conf
igur
atio
n ph
ase
Oper
atio
n ph
ase
Term
inat
ion
phas
e
UiO
Spr
ing
2016
L01
-IN
F351
0 In
form
atio
n Se
curit
y49
Rev
oke
auth
oriz
atio
n
Con
fusi
on a
bout
Aut
horiz
atio
n
•Th
e te
rm “a
utho
rizat
ion”
is o
ften
wro
ngly
use
d in
the
sens
e of
“acc
ess
cont
rol”
–e.
g. “I
f the
sys
tem
det
erm
ines
that
the
subj
ect m
ay a
cces
s th
e re
sour
ce, i
t aut
horiz
esth
e su
bjec
t” (e
.g. H
arris
6th
ed. p
.161
)–
Com
mon
in te
xt b
ooks
and
tech
nica
l spe
cific
atio
ns (R
FC 2
196
…)
–C
isco
AAA
Ser
ver (
Auth
entic
atio
n, A
utho
rizat
ion
and
Acco
untin
g)•
Wro
ng u
sage
of “
auth
oriz
atio
n” le
ads
to a
bsur
d si
tuat
ions
:1.
You
get s
omeb
ody’
s pa
ssw
ord,
and
use
s it
to a
cces
s ac
coun
t2.
Logi
n sc
reen
giv
es w
arni
ng: “
Onl
y au
thor
ized
use
rs m
ay a
cces
s th
is s
yste
m”
3.Yo
u ar
e ca
ught
and
take
n to
cou
rt4.
You
say:
“The
text
boo
k at
uni
vers
ity s
aid
I was
aut
horiz
ed if
the
syst
em g
rant
ed a
cces
s, w
hich
it d
id, s
o I w
as a
utho
rized
”
UiO
Spr
ing
2016
L01
-IN
F351
0 In
form
atio
n Se
curit
y50
Iden
tity
and
Acce
ss M
anag
emen
t Con
cept
sSy
stem
Ow
ner D
omai
n
Iden
tity
Prov
ider
Sy
stem
Ow
ner
Acce
ss c
ontro
l fu
nctio
n
regi
stra
tion
Syst
em re
sour
ce
PAP
PAP:
Polic
y Ad
min
istra
tion
Poin
tPE
P:Po
licy
Enfo
rcem
ent P
oint
Reg
istra
tion
PDP:
Polic
y D
ecis
ion
Poin
tId
P:Id
entit
y Pr
ovid
erO
pera
tions
polic
y
PDP
PEP
prov
isio
ning
2
1
3
67 8
Use
r au
then
ticat
ion
func
tion
deci
sion
acce
ss
requ
est
requ
est
auth
oriz
atio
n
requ
est
re
sour
ce &
acce
ss ty
pe
5
4
log-
onId
Cr
+
Use
r
UiO
Spr
ing
2016
51L0
1 -I
NF3
510
Info
rmat
ion
Secu
rity
End
of le
ctur
e