Layering (Defence in depth) Flashcards
What is layering or defence in depth
Layering, also known as defense in depth, is simply the use of multiple controls in a series. No one control can protect against all possible threats. Using a multilayered solution allows for numerous, different controls to guard against whatever threats come to pass. When security solutions are designed in layers, a failed control should not result in exposure of systems or data.
What is abstraction
Abstraction is used for efficiency. the concept of abstraction is used when classifying objects or assigning roles to subjects. The concept of abstraction also includes the definition of object and subject types or of objects themselves.
What is Data Hiding
Data hiding is exactly what it sounds like: preventing data from being discovered or accessed by a subject by positioning the data in a logical storage compartment that is not accessible or seen by the subject. It is often a key element in security controls as well as in programming.
Data hiding is the act of intentionally positioning data so that it is not viewable or accessible to an unauthorized subject
Security through obscurity
Security through obscurity is the idea of not informing a subject about an object being present and thus hoping that the subject will not discover the object. Security through obscurity does not actually implement any form of protection. It is instead an attempt to hope something important is not discovered by keeping knowledge of it a secret.
What is encryption
Encryption is the art and science of hiding the meaning or intent of a communication from unintended recipients.
Encryption is an important element in security controls, especially in regard to the transmission of data between systems. There are various strengths of encryption, each of which is designed and/or appropriate for a specific use or purpose.