Computer Security: Chapter 1 Flashcards
The protection afforded to an automated information system in order to attain the applicable objectives of preserving the integrity, availability, and confidentiality of information system resources (includes hardware, software, firmware, information/data, and telecommunications)
Computer Security
Three objectives that are the heart of computer security:
The CIA triad!
Confidentiality
integrity
Availability
Confidentiality
- Data confidentiality: Assures that private or confidential information is not made available or disclosed to unauthorized individuals
- Privacy: Assures that individuals control or influence what information related to them may be collected and stored and by whom and to whom that information may be disclosed.
Integrity
- Data integrity: Assures that information and programs are changed only in a specified and authorized manner.
- System integrity: Assures that a system performs its intended function in an unimpaired manner, free from deliberate or inadvertent unauthorized manipulation of the system
definition of a loss of security in -Availability
Assures that systems work promptly and service is not denied to authorized users
definition of a loss of security in - Confidentiality
Preserving authorized restrictions on information access and disclosure, including means for protecting personal privacy and proprietary information. Al loss of confidentiality is the unauthorized disclosure of information.
definition of a loss of security in - Integrity
Guarding against improper information modification or destruction. Including ensuring information nonrepudiation and authenticity. a loss of integrity is the unauthorized modification or destruction of information
You could add these two to the triad
Authenticity
Accountability
The property of being genuine and being able to be verified and trusted; confidence in the validity of a transmission, message, or message originator. This means that users are who they say they are and that each input arriving at the system came from a trusted source.
Authenticity
*note: FIPS 199 includes authenticity under integrity
The security goal that generates the requirement for actions of an entity to be traced uniquely to that entity. This supports nonrepudiation, deterrence, fault isolation, intrusion detection and prevention, and after-action recovery and legal action. Because truly secure systems are not yet an achievable goal, we must be able to trace a security breach to a responsible party. Systems must keep records of their activities to permit later forensic analysis to trace security breaches or to aid in transaction disputes.
Accountability
Three levels of impact
Low
Moderate
High (even loss of life)
There is a natural tendency on the part of users and system managers to perceive little benefit from security investment until a security failure occurs.
True
The advantage of the attackers
They only have to find a single weakness while the administrator/designer has to find and eliminate all weaknesses to achieve perfect security
The natural tendancy
is for people to perceive little benefit from security investment until a security failure occurs.
How is security usually viewed by users and admins?
An impediment to efficient and user-friendly operations
An entity that attacks, or is a threat to, a system (threat agent)
Adversary
A deliberate attempt to evade security services
An attack
A potential for violation of security
A threat
3 types of vulnerability
1) Corruption
2) Leaked info
3) unavailability
- Exposures
- Interception
- Inferences
- Intrusion
Unauthorized Disclosure
- Masquerade
- Falsification
- Repudiaton
Deception
- Incapacitation
- Corruption
- Obstruction
Disruption
- Misappropriation
- Misuse
Usurpation
