Security concepts:
Information Assurance:
CIA Triad - Confidentiality, Integrity and Availability
- Confidentiality - can be achieved via Encryption {At rest, In transit, In process}
- Integrity - can be achieved via Hashing
- Availability - can be compromised by DOS or DDOS
Encryption of data can be implemented at different levels
- at Rest - Encrypted Disk/File
- in Transit - TLS, IPsec, https
- in process - A Program while processing operation
Authentication - Knowledge based(password, pin, passphrase), Token based(RSA token, OTP), Characteristics based (biometric).
MFA - multi factor authentication
KHA - Something {you KNOW, you HAVE, you ARE}
Non repudiation: Falsely denying that an action has been performed. Digital signatures can be handy with non repudiation
Impersonation/Spoofing
Risk Management
Keywords/terminology related to Risk Management
- Risk - Risk is the potential for loss, damage, or other negative outcomes/consequences resulting from a threat exploiting a vulnerability. It is a measure of the likelihood and impact of an adverse event occurring.
- Asset - Can be anything which needs protection, could be people, system or data
- Vulnerability - A vulnerability is a weakness or flaw or gap in a system, application, or process that can be exploited by an attacker to cause harm, gain unauthorized access, or disrupt operations. Vulnerabilities can be found in protocols, software, and hardware.
- Threat - A threat is anything that has the potential to cause harm to a system, organization, or individual by exploiting a vulnerability. Threats can be intentional (e.g., hackers, malware) or unintentional (e.g., natural disasters, system failures).
- Exploit - C
- Exposure - C
No comments:
Post a Comment