Please enable JavaScript.
Coggle requires JavaScript to display documents.
IAA - 01 Basics of Computer Security, Computer Security Model (RFC…
IAA - 01
Basics
of
Computer Security
Key Objectives
Confidentiality
Confidential Info is not disclosed to unauthorized individuals.
Integrity
Data Integrity
IS & programs are changed only in a specified and authorized manner.
System Integrity
Performs intended functions in an unimpaired manner & free from unauthorized manipulations.
Availability
System works promptly and service is not denied to authorized users.
Information Assurance
Protect and defend information and information systems by ensuring the CIA triad .
Privacy
Ownerns has control on
What information related to them is collected & stored.
Who collects the data & to whom it may be disclosed to.
Authenticity
Verify that users are who they claim they are.
Data is received from a trusted source.
Accuntability
able to trace back the actions performed by an entity to that entity.
Vulnerability Assesment
Process of defining, identifying, classifying and prioritizing vulnerabilities in information systems.
Penetration Testing
Practice of testing information systems to find security vulnerabilities that attackers could exploit.
Goals
Identify weak spots
Measure Compliance
Test staff awareness.
Computer Security Model
(RFC 2828)
System Resources
/Assests
Hardware
Software
Data
Communications
Vulnerabilities
A flaw or weakness in a system that can be exploited to violate the systems security.
Attack
Types
Passive
Makes use of system information, does not affect the system.
Hard to detect
Active
Has negative effects on system resources.
Replay
Masquerade
Pretends to be another entity.
Data Modification
Denial of Service
Origin
Inside
Outside
Adversary
Counter Measures
Hackers
Hactivists
Gray-hat hacker who rally and protest against different social and political ideas
State-sponsored
White-hat
Ethical & Legal
Black Hat
Un-ethical / Legal
Gray Hat
Unethical but not for personal gain or serious damage.
Security Controls
Functionality
Corrective
Cleaning an infected system.
Adding new FW Rules
Preventive
Separation of Duties
Planning / Testing
Hiring Practices
Proper processing of terminations
Approvals, Authorizations & Verifications
Detective
Monitoring Systems
Log Reviews
Burglar Alarms
File Integrity Checks
Security Revies & Audits
Performance Evaluations
Deterrent
Notice of Monitoring & Logging
Recovery
DR & BCP
Backups
Emergency Key
Managements Arrangements
Compensating
Intended to be alternative arrangements for other controls.
Categories
Physical
CCTV
Motion / Thermal Alarms
Security Guards
IDs
Locks
Work Area Seperation
Administrative
Training & Awareness
DR Drills & BCP
Recruitment & separation strategies.
Personnel registration & accounting
Policy & Procedures
Technical / Logical
Smart Cards
Network Authentication
ACLs
File Integrity Auditing
Encryption