Lecture 2 - Foundations of Security

Question 1

3 Protection Measures

Answer 1

Prevention
Detection
Reaction

Question 2

What is Security

Answer 2

Protection of Assets

Question 3

What is a Security Policy

Answer 3

Document explaining what is protected and how it is protected.

Question 4

CIA Concept

Answer 4

Confidentiality - Prevent information disclosure
Integrity - Prevent information modification
Availability - Prevent information witholding

Question 5

Non-repudiation

Answer 5

Un-forgeable evidence

Question 6

What is a Covert Channel

Answer 6

Carefully chosen queries that can narrow down

who has what conditions

Question 7

Good security design principals

Answer 7

• Focus of control - Data ? User ?
• The man-machine scale - Which Layer. OS? Hardware?
• Complexity vs. Assurance - simple approach high assurance?
• Centralised or Decentralised Controls - focuesed on one layer or several
• Layer Below - A good security layer built upon an insecure
layer is useless