Lecture 6 - Risk Flashcards
What is the balance between security and cost?
We need to keep the data secure, but cannot lock everything down that it becomes impossible to use
What is the balance between monitoring and anonymity?
The more we monitor, the less we allow for anonymity
What is the process for risk managment?
Risks should be recognised and assessed, and mechanisms should be put in place to mitigate those risks
What is information assurance?
Things to make sure the info we have is trustworthy
(measures to protect and defend info and info systems by ensuring their integrity, authentication, confidentiality and non repudiation.)
What is information protection?
The mechanisms to make sure the info is safe
Protection of info from unauthorised access, use, disclosure, disruption or modification.
What is some of the NCSC’s advice?
- Accounts with admin privilege should only be used to complete admin tasks
- Staff accounts should have only just enough access to complete their role
- Only use software from official sources
What are preventative controls?
Intended to stop an incident from occuring
What are detective controls?
Intended to identify and characterise an incident in progress
What are corrective controls?
Intended to limit the extent of any damage caused by an incident
What are ISO/IEC 27001 standards?
They are a broad, evolving set of standards designed to ensure info sec is under management control
What happens without the ISO/IEC standards?
Without this, controls tend to be lots of different and incoherent systems
What does component driven management focus on?
It focuses on technical components, and the threats and vulnerabilities they face
What does system driven management focus on?
It focuses on the systems as a whole
What are characteristics of system driven management
- Good for large systems
- Can be time consuming and expensive
- May not be appropriate in certain circumstances
