Cyber security - A security architect's perspective

Question 1

Define Confidentiality

Answer 1

Only sender and intended receiver should “understand” message contents
- sender encrypts message
- receiver decrypts message

Question 2

Define Authentication

Answer 2

Sender and receiver want to confirm identity of each other

Question 3

Define Message Integrity

Answer 3

Sender and receiver want to ensure message is not altered (in transit, or afterwards) without detection

Question 4

Define Access and Availability

Answer 4

Services must be accessible and available to users

Question 5

What is NIST’s definition of Computer Security

Answer 5

The protection afforded to an automated information system in order to attain the applicable objectives of preserving the integrity, availability, and confidentiality of information system resources including hardware, software, firmware, information/data, and telecomunications

Question 6

Name some computer security challenges

Answer 6

Security not as simple as it seems
-Easy requirements, tough solutions

solutions can be attacked themselves
-Security policy enforcement structures as the targets

Protection of enforcement structure can complicate solutions
- Solution itself can be easy, but complicated by protection

Security architectural decisions
-Know what to do, but where to do them?

key management is really hard

protectors have to be right all the time
- attackers just once

no one likes security until it’s needed
-Seat belt philosophy

Security architectures require constant effort
-Strategic vs tactical perspectives