Week 4: ISO 27000 Security Management Categories Flashcards
What is the CIA triad?
Confidentiality
Integrity
Availability
What is the main goal for confidentiality?
Information to be kept private and secure
What is the main goal for Integrity?
Data to not be modified, deleted or added
What is the main goal for Availability?
Systems to be available to those whom require it
What are the three added values in the extended security triangle?
Authentication
Accountability
Non-repudiation
What are examples of the general concept, security protocols?
Passwords
HTTPs
What are security protocols used for?
They are used to establish trust relationships to link up human users with remote machines
Why are protocols designed under certain assumptions?
Protection against all attacks is expensive
Give an example of a log-on protocol.
A Log-on protocol into computer systems ASSUMES that user can input password in the right machine
Why do people use protocols?
Required to formalise secure communication amongst:
people
companies
computers and hardware
What are some elements of security protocols
Not technical
may be very simple
Give 2 examples of complexities driven by vulnerabilities.
Magnetic strip cards to smartcards
metal to electronic keys to keyless entry to cars
What are passwords used for
authenticating humans to machines
What is authentication?
: be able to prove the identity of users (who they are)
What is Authorization?
be able to allow/deny access to resources based on authentication
Give some examples of login issues
: http/s example, weak/reused password, weak recovery mechanism, lack of two factor authentication, session hijacking
What are Access control issues?
unauthorized users gaining higher privileges, access to unauthorized resources via different mechanisms
What are the 3 types of authentication?
Based on something you know
Based on something you have
Based on something you are
What is the Information Security Framework Model?
Plan-Do-Check-Act (PDCA)
