Information safety
protective facts, software program, and hardware comfortable in opposition to unauthorized get
admission to, use, disclosure, disruption, change, or destruction.
Compliance
The necessities that are set forth with the aid of laws and enterprise regulations.
IE: HIPPA/ HITECH- healthcare, PCI/DSS- fee card enterprise, FISMA- federal government
groups
DAD Triad
Disclosure, alteration, and denial
CIA Triad
The middle version of all records security standards. Confidential, integrity and availability
Confidential
Ability to protect our records from individuals who aren't authorized to view it.
What ways can confidentiality be compromised?
- lose a private computer with statistics
- Person can view your password you're coming into in
- Send an e-mail attachment to the incorrect individual.
- Attacker can penetrate your systems....And so on.
Integrity
Keeping information unaltered through accidental or malicious intent
,How to preserve integrity?
Prevent unauthorized adjustments to the statistics and the ability to reverse undesirable
authorized adjustments.
Via gadget/record permissions or Undo/Roll returned unwanted adjustments.
Availability
The ability to get admission to statistics whilst wished
Ways Availability can be compromised
- Power loss
- Application issues
- Network attacks
- System compromised (DoS)
Denial of Service (DoS)
Security trouble in which users are not able to get right of entry to an information system; may
be because of human mistakes, natural catastrophe, or malicious interest.
Parkerian hexad version
A model that adds three greater ideas to the CIA triad:
Possession/Control
Utility
Authenticity
Possession/ manipulate
Refers to the physical disposition of the media on which the facts is saved; This lets in you to
talk about loss of information through its physical medium.
Principle of Possession instance
Lost package deal (encrypted USB's and unencrypted USB's)
possession is an trouble due to the fact the tapes are bodily lost.
(Unencrypted is compromised via confidentiality and possession; encrypted is compromised
simplest through ownership).
,Principle of Authenticity
Allows you to mention whether you have attributed the information in query to the right
owner/creator.
Ways authenticity can be compromised
Sending an email but changing the message to appear to be it came from someone else, than
the authentic one that turned into sent.
Utility
How beneficial the facts is to you.
Ex. Unencrypted (plenty of utility) Encrypted (little utility).
Security Attacks
Broken down from the type of attack, risk the attack represents, and controls you would possibly
use to mitigate it.
Interception
Attacks lets in unauthorized customers to get entry to our information, applications, or
environments.
Primarily an assault against confidentiality
Interception Attack Examples
Unauthorized record viewing, copying, eavesdropping on phone conversations, studying a
person's emails.
Interruption
, Attacks reason our property to grow to be risky or unavailable for our use, on a brief or
permanent foundation.
This attack impacts availability however also can assault integrity
Interruption Attack Examples
DoS assault on a mail server; availability assault
Attacker manipulates the methods on which a database runs to save you get entry to; integrity
assault.
Could additionally be a combination of each.
Modification
Attacks contain tampering with our asset.
Such assaults would possibly in the main be considered an integrity attack, however may also
be an availability assault.
Modification Attack example
Accessing a report in a unauthorized manner and alter the statistics it carries; impacts the
integrity.
If the report in question is a config report that manages how a carrier behaves (internet server)
this may affect the supply.
If the config file changes how the server deals with encrypted connections; then its a
confidentiality attack.
Fabrication
Attacks involve producing records, methods, communications, or other comparable sports with a
gadget.
Attacks more often than not affect integrity but can be considered an availability attack.
Fabrication attack examples
The benefits of buying summaries with Stuvia:
Guaranteed quality through customer reviews
Stuvia customers have reviewed more than 700,000 summaries. This how you know that you are buying the best documents.
Quick and easy check-out
You can quickly pay through credit card or Stuvia-credit for the summaries. There is no membership needed.
Focus on what matters
Your fellow students write the study notes themselves, which is why the documents are always reliable and up-to-date. This ensures you quickly get to the core!
Frequently asked questions
What do I get when I buy this document?
You get a PDF, available immediately after your purchase. The purchased document is accessible anytime, anywhere and indefinitely through your profile.
Satisfaction guarantee: how does it work?
Our satisfaction guarantee ensures that you always find a study document that suits you well. You fill out a form, and our customer service team takes care of the rest.
Who am I buying these notes from?
Stuvia is a marketplace, so you are not buying this document from us, but from seller Ashley96. Stuvia facilitates payment to the seller.
Will I be stuck with a subscription?
No, you only buy these notes for $12.99. You're not tied to anything after your purchase.
