W11 L2 - Security, Continuity & End of Life Flashcards
What is the CIA triad
A tool or guide for securing information systems, networks and related technological assets.
Confidentiality
- “Rules that limit access to information”.
- “Protection of information from unauthorised access”.
Integrity - ensure ppl have the right access to change information
- “The assurance that the information is trustworthy and accurate”.
- “The condition where information is kept accurate and consistent unless authorised changes are made”.
Availability - information being accessible when you need it
- “A guarantee of reliable access to the information by authorised people”.
- “The situation where information is available when and where it is rightly needed”.
Give examples of ensuring confidentiality
- Data encryption
- User IDs and passwords
- Two-factor authentication
Awareness of social engineering methods
Training for authorised people
Give examples of ensuring Integrity
- File permissions and user access controls - give people permission to do certain activities
- Version control - integrity by time/date stamping
- Backups - expensive
- Checksums
Give examples of ensuring Availability
- Hardware and software components - Architecture design
- Firewalls, proxy servers
- System upgrades up to date
- Minimal or no downtime (fast and adaptive disaster recovery)
- Business contingency plan - having a plan B (carry on
working when there is down time
- Business contingency plan - having a plan B (carry on
- Early detection of a Denial of Service attack - where someone floods the system with number of requests causing system to crash/fail
What are some other considerations for security
It is “better” to address security problems earlier rather than later.
Security is not free
- the risk could be risk of failure due to security
related issues.
Security vs. usability (and productivity)
What is Business Continuity
The continuation of a business’s operations using their systems. It is about “keeping the system going”. In cases of natural disaster or breach.
Business continuity plan - Managing information back-ups - Backup sites (hot-sites or warm-sites) - Implementing data (or even system) replication and redundancy
Risk vs. cost (money, time and effort)
What is End of Life (EOL)
- End of life, EOL, sunsetting, discontinuing, retirement, decommissioning, disposing, dispositioning, obsolescence of a system i.e. it is no longer needed.
- EOL - the end of the OPERATIONS phase
- When the SDLC finishes for a system.
- A term used to describe the “death” of a system.
- All parts of the system are “switched off” and disposed off.
- If a system is “mission-critical”, another replacement
system takes its place first.*
*Some legacy systems are kept alive for a long time for archival purposes.
What is End of Support (EOS)
- A term used to describe the ending of all MAINTENANCE activities for a system.
- EOS happens before EOL.
- The SDLC continues (being operated) but no more mini-SDLCs will occur and system no longer receives any support from the support-provider.
