Week 4: ISO 27000 Security Management Categories Flashcards
What is the CIA triad?
Confidentiality
Integrity
Availability
What is the main goal for confidentiality?
Information to be kept private and secure
What is the main goal for Integrity?
Data to not be modified, deleted or added
What is the main goal for Availability?
Systems to be available to those whom require it
What are the three added values in the extended security triangle?
Authentication
Accountability
Non-repudiation
What are examples of the general concept, security protocols?
Passwords
HTTPs
What are security protocols used for?
They are used to establish trust relationships to link up human users with remote machines
Why are protocols designed under certain assumptions?
Protection against all attacks is expensive
Give an example of a log-on protocol.
A Log-on protocol into computer systems ASSUMES that user can input password in the right machine
Why do people use protocols?
Required to formalise secure communication amongst:
people
companies
computers and hardware
What are some elements of security protocols
Not technical
may be very simple
Give 2 examples of complexities driven by vulnerabilities.
Magnetic strip cards to smartcards
metal to electronic keys to keyless entry to cars
What are passwords used for
authenticating humans to machines
What is authentication?
: be able to prove the identity of users (who they are)
What is Authorization?
be able to allow/deny access to resources based on authentication
