Basic Concepts and Principles Flashcards
What is inforamtion securtity?
the purpose of information security is to protect and preserve the Confidentiality, integrity, and availability of information. it also involves protecting and preserving authenticity, and reliability and holding entities accountable.
what is information assurance?
measures to protect and defend the information and information systems’ confidentiality, integrity, availability, authentication, and non-repudiation, it also includes capabilities like protection, detection, reaction, and restoration of information systems.
what is cybersecurity?
set of measures, activities, and standards. policies and rules to ensure the security(confidentiality, integrity, availability) of systems in the cyber environment.
What is computer Security?
measures and controls to ensure the the confidentiality, integrity, and availability of information system assets including hardware, software, and firmware. and information being processed, stored, and communicated.
What is cyberspace?
all systems and services that are directly or indirectly connected to the internet, electronic communications, and computer networks.
Main Characteristics of Cyberspace?
▪ Man-made domain
▪ Consists of information systems and data
▪ Its nature changes through technological changes
▪ Access happens in the speed of light
▪ Enables operations in all other domains
▪ Not limited to geographically or politically drawn borders
Elements of Cyberspace?
Hardware
* Servers
* PCs
* Mobile phones
* Industrial Control Systems
* …
▪ Software and Data
- Operating systems
- Database management systems
- Application software
- Firmware
- …
▪ Communication Infrastructure - Wired/Wireless networks
- RF
- Satellite systems
Fundamental Goals of Computer
Security?
Confidentiality, Integrity, Availability, Authentication, Authorization, Accountability
Confidentiality?
Confidentiality ensures that non-public information is accessible only to authorized parties, whether the data is stored or in transit. The goal is to prevent or minimize unauthorized access. Key security controls for maintaining confidentiality include encryption, access controls, procedural means (such as restricting physical access to offline storage media), and steganography
Integrity?
Integrity involves protecting the reliability and correctness of data, and ensuring that data, software, or hardware remains unaltered except by authorized parties. It can be examined from three perspectives: preventing unauthorized modifications, preventing authorized subjects from making unauthorized modifications, and maintaining internal and external consistency. Security controls for integrity include authentication, access control, encryption, interface restrictions, and cryptographic checksums.
Availability?
Ensuring timely and reliable access to and use of information. (FIPS199)
▪ Threats to availability:
* Device failure
* Software errors
Somesecurity controls for availability:
* Proper system design
* Access control
Authentication?
Verifying the identity of a user, process, or device, often as a
prerequisite to allowing access to resources in an information
system.
Entity authentication?
confirms that the identity of a person or system involved in a transaction is genuine, which helps in the authorization
Data [origin] authentication?
ensures that the source of the data or software is genuine
it also implies data integrity
Authorization?
Only authorized entities can access computing resources, as approved by the resource owner or domain administrator
