Please enable JavaScript.
Coggle requires JavaScript to display documents.
Security - Coggle Diagram
Security
Security principles
-
-
Complete mediation:every access to a resource must be checked for compliance with a protection scheme.
Open design: the security architecture and design of a system should be made publicly available.It is the opposite of the approach known as security by obscurity
Separation of privilege:multiple conditions should be required to achieve access to restricted resources or have a program perform some action.
-
-
Physical acceptability:The good design of the interfaces and the security parameters in accordance with what is expected
Work factor: the cost of circumventing a security mechanism should be compared with resources of an attacker when designing a security scheme
Compromise recording: record the details of an intrusion better then use other measures to prevent it
threats and attacks
-
-
-
Masquerading:the fabrication of information that is purported to be from someone who is not actually the author
-
-
Goals
Integrity
-
Tools
-
-
Data correcting codes: store data that can we can detect any changes and then it canbe corrected automatically
Confidentiality
-
Tools
Encryption
the conversion of information for being hidden using an encryption key (we can use a public key or public key)
-
Authentification
the determination of the identity or role that someone has.It's about a combination of: -something the person has(exmple: a smart card). -something the person knows(exmple: password). -Something the person is(exemple: human with a figerprint).
-
Authorization
Determination if there is an access to resources, based on an access control policy.
-
-
Concepts
Assurence
trust in computer systems that depends on policies, permission and protection
Authenticity
statements, policies and permissions are genuine. there is the primary tool which is digital signatures
-
-
Cybersecurity: availability, integrity, and confidentiality of IS and network in the face of attacks, failures with the goal of protecting operations and assets