General Security Concepts Flashcards
Basic
CIA
Confidentiality, integrity, availability
Confidentiality
Concept of preventing the disclosure of information to unauthorized parties.
Integrity
Protecting the data from unauthorized alteration.
Availability
Access to system/data by authorized personnel.
Authentication
Process of determining the identity of a user.
authorization
the mechanisms to ensure that only valid users are permitted to perform specific allowed actions.
Three general methods used in authentication.
Something you know (password)
Something you have (cac card)
Something about you (bio-metrics)
Elements of Authorization
A requester
The object
type or level of access
Accounting / Auditing
Means of measuring activity.(IT Example, critical elements of activity)
Non-repudiation
Concept of preventing a subject from denying a previous action with an object in a system.
Session Management
Design and implementation of controls to ensure that communication channels are secured from unauthorized access and disruption of communication.
Exception Management
process of handling errors and unknown conditions
TCP
Transmission Control Protocol
UDP
User Datagram Protocal (connectionless/sessionless)
Secure Design Tenets
Good Enough Security Least Privilege Separation of Duties Defense in Depth Fail Safe