Uploaded byMobileAntitheft
PPT, PDF11 views

InfoSecConcepts.ppt

This document provides an overview of key concepts in information security. It defines information and why it is valuable, then discusses the goals of information security - confidentiality, integrity, and availability. It explores common security terms like threats, vulnerabilities, attacks, and controls. The document provides examples and discussions to illustrate differences between related terms. It also presents exercises for students to apply the concepts to scenarios.

Embed presentation

Download to read offline
Cpr E 531: Information Security Concepts Iowa State University Thomas E. (Tom) Daniels
Overview  Administrivia  What is Information?  Goals of Information Security  Group Session  Computer and Information Assets  Common Terms and Concepts  Group Session
What is Information?  Oxford Eng. Dict.: “Knowledge communicated concerning some particular fact, subject, or event; that of which one is apprised or told”  Almost a philosophical question.  But, here we are trying to protect it!  Digital information  Replication cost near $0
Why is Information Valuable?  Competitive advantage  It takes work to produce  Disclosure/modification/loss could cost  Lives  Money  Reputation  Freedom  Others
How do we maintain Information’s Value? • Avoid • Prevent • Deter • Detect • Mitigate • Recover • Correct
Goals of Information Security  CIA model  Confidentiality  Integrity  Availability  Utility  Authenticity  Non-repudiation  Access Control  Auditability  Privacy  Copy protection/control  Others?
Confidentiality  Only authorized subjects should be able to read given data  Also, “secrecy”  Do not confuse with privacy  Achieved by:  Access control  Cryptography
Confidentiality (cont.)  Examples:  Recipe for Coca-Cola  Your password  Business Plan  “Attack at Dawn!”  Source code  Personnel Records  Grade information
Integrity  Information should be modified in a controlled manner  Examples of integrity policies:  Only by authorized subjects  In a consistent/meaningful fashion  Never modify  Only by a given method
Availability  Applies to data and services  Presence of object/service for use  Enough of object/service to meet demand  Sufficient speed/timeliness of access or response  Fair use of shared object/service
Balancing C-I-A  Situationally dependent  Military values confidentiality above others  Data dependent  Web pages need integrity & availability Confidentiality Integrity Availability
Authenticity  Confirmation of the identity (or other feature) of some object  User authentication  “I am who I say I am!”  Document authorship/agreement  “I wrote that document!”  Group membership  “I’m with the government, we’re here to help you.”
Authenticity vs. Integrity  Overlap somewhat  Integrity means an object doesn’t change  An object is authentic if it is the same object as it claims  So, if an object can change in some way and yet still retain its identity, it can be authentic but lack integrity.
Non-repudiation  Example: certified mail  Recipient must sign for a package  Recipient can not deny receipt of item  A subject can not later falsely deny some action  Certified mail, online gaming, contracts, official orders, timestamps
Access Control  “Who can do What to Whom?”  For each subject and object pair, specifies the operation (i.e. read, write) the subject can perform on the object.  In theory, a giant Access Control matrix  In practice, ad hoc file permission bits, access control lists, and others.
Access Control In Theory Objects Subjects password file User1’s Desktop User1 Priv.Key User1 read read,write read,write Admin read,write read,write null ...
Access Control vs. Authentication  Access Control relies on authentication mechanisms  Real subject?  Real object?  Are objects/subjects members of some group?  But, they are distinct mechanisms!
Auditability  Ability to store logs (or audit trails) of transactions, and  Later use those logs to detect mistakes, wrong doing, or recover from failures  Often neglected or done in an ad hoc manner
Privacy  Avoiding monitoring, not just of explicit content but of various behaviors as well.  Not just confidentiality!  Behavior tracking  One approach: pseudonymous communication "The right to be left alone -- the most comprehensive of rights, and the right most valued by a free people." - Justice Louis Brandeis, Olmstead v. U.S. (1928).
Content Control/Protection  Protect copyrights on content  May be software, text, music, images, video, …  Prevention, deterrence, and detection techniques exist.  “Trusted” hardware/software  Watermarking
Review  Value of Information  What is information?  Why is it valuable?  Goals of Information Assurance and Security  Varied and often conflicting  Dependent on the data and situation
Exercise  For each of 3 given scenarios, rate the relative importance of Confidentiality, Integrity, Authentication, and Access Control, and give short reasons why you chose the ordering. Exchange results with a neighbor. Where do you disagree?  Scenarios 1. Information collected/accessed via an Automatic Teller Machine 2. Semi-public web site advising stockholders 3. Control Programs on a 777 Jet
Exercise (cont.)  Pick 2-3 types of information that is dealt with in business and try to determine its value in some concrete way.  What are the top security goal(s) for each type of information?
Computer and Information Assets  Hardware  Software  Data
Hardware Assets  Computers, Network infrastructure, Removable media  Physical Security  Without physical security, you have nothing!  Availability, Support, etc.
Hardware Assets: Trust  Do you trust your hardware?  Sources of hardware  Repair of hardware  Multipurpose hardware  Emissions (TEMPEST)
Hardware Assets: Networking  Outside Network Links  Internal Network Access Points  Wireless Networks  Network Service Providers  Firewalls  Intrusion Detection Systems
Software Assets  Homebrew or Legacy  Do you have the source?  What’s the platform?  How is it supported?  Is it stable?  Is it stored securely?
Software Assets (cont.)  Commercial  Is it supported?  Licensing issues  Do you read them?  Why this product?  Quality vs. Following the herd  Do you trust the vendor?
Data Assets  Stored information owned by the organization  Intellectual Property  Trade Secrets  Patents, Trademarks, Copyrights  Intangibles  Employee knowledge and training  Public opinion  Reputation
Common Terms and Their Relations  Threats  Risk Analysis  Cost-Benefit Analysis  Vulnerabilities  Attacks  Exploits  Controls
Threats • Events that may lead to losses  Environmental (Earthquake,fires…)  Traditional Miscreants • theft, vandalism, etc.  “Cyber” • Viruses, network attacks, subversion of clients/servers, etc.  Loss of utilities,  And so on…
Risk Analysis  Method for security planning and prioritization  Quantify likelihood of a threat occurring (your risk)  Estimates from industry pubs.  Past Experience  Your utility providers
Cost-Benefit Analysis  Try assessing costs to each risk  Assess cost of measures that address each risk  Consider lifetime of measures  Result  By reviewing the list, a prioritized list of actions may be inferred  Recovery may be cheaper than prevention, deterrence may be sufficient, etc.
Vulnerability  Property of or error in a system that allow violation of expected system behavior or policy  A weakness (or hole) in a system that allows some outside agent to reduce the value of the system  Widely confused with attacks and exploits
Vulnerabilities  Result from errors in  Design  Specification  Implementation  Configuration  Note: if an error is in the design, no amount of correct specification, implementation, or configuration can fully eliminate it.
Vulnerabilities (cont.)  Often occur when people make assumptions about the environment in which their system will operate.  Examples:  Input length bounded  Objects will not change during an operation  Bandwidth/Memory will not run out
Vulnerability Examples  Design  Spoofability of network traffic  Specification  Typos in documents  Implementation  Buffer overflows, race conditions,…  Configuration  Anonymous ftp, Sendmail configurations  Emergent: 2 ok systems fail when joined
Attacks  Multiple levels of definition  Low level  An action intended to break security policy using a supposed vulnerability  High level  A group of these low level attacks toward some higher goal
Exploits  An exploit is a procedure that carries out a low-level attack.  Often scripted  Easily transferred between parties  However, to exploit a vulnerability:  Means to successfully attack a system by taking advantage of the vulnerability.
How are these related?  There are often many distinct attacks on a single vulnerability  Usually, only a few exploits get published  The terms are not interchangeable! Attacks Vulnerabilities V Attacks On V
Controls  “Countermeasures”  Procedures and/or objects put in place to prevent/ameliorate successful exploitation of vulnerabilities  Training  Encryption  Firewalls  Backup systems  And many more….
Controls/Countermeasures • May help you  Avoid  Prevent  Deter  Detect  Mitigate  Recover  Correct LOST
Exercises Apply the information security terms you learned above to a typical home. Briefly determine the most severe/effective vulnerabilities, threats, risks,...,controls in a typical home. Why do very few people have bars on their windows? Now, consider the home of the CEO of a fortune 500 company, and finally the White House. For each of Confidentiality, Integrity, Availability, Authenticity, and Access Control, write down a few controls that could be used. How can each be circumvented? How can the control be improved?

More Related Content

PPTX
Security and Risk Management Practices.pptx
byharshadrai2
 
PDF
information security introduction for campus students.pdf
byhailegebrielgeta6
 
PPT
hel1systemsecurityinfomationsecurity.ppt
byprathmesh3878
 
PPT
Cybercrime Definition and Origins of the Word, Cybercrime and Information Sec...
byVinayKumarYB
 
PPT
its a computer security based ppt which is very useful
bySantoshChintawar
 
PPT
PBL PROJECT - B2- (54,56,50,40) (2) (1).ppt
byItzsonya
 
DOCX
Security ConceptsDr. Y. ChuCIS3360 Security in Computing.docx
bybagotjesusa
 
PPTX
IT Security & Risk
byTanujpandey5
 
Security and Risk Management Practices.pptx
byharshadrai2
 
information security introduction for campus students.pdf
byhailegebrielgeta6
 
hel1systemsecurityinfomationsecurity.ppt
byprathmesh3878
 
Cybercrime Definition and Origins of the Word, Cybercrime and Information Sec...
byVinayKumarYB
 
its a computer security based ppt which is very useful
bySantoshChintawar
 
PBL PROJECT - B2- (54,56,50,40) (2) (1).ppt
byItzsonya
 
Security ConceptsDr. Y. ChuCIS3360 Security in Computing.docx
bybagotjesusa
 
IT Security & Risk
byTanujpandey5
 

Similar to InfoSecConcepts.ppt

PPTX
Information Security introduction and management.pptx
bydaudevarist18
 
PPT
Security practivce and their best way to lear
byrahulshah641439
 
PPTX
Information Security Lecture One for Basic
byhassankhan978073
 
PPTX
Chapter 1 compu secur.pptx of security service
byyhalemayalu
 
PPTX
ISM-CS5750-01.pptx
byRashidSahito1
 
PPT
Information security introduction
byPrachi Gulihar
 
PPT
Cyber Security Business Plan Google Slides & PPT Template:
byMrchemMasterMindtric
 
PPT
Lecture2-3-CIAin Cyber security with details.ppt
byMuhammadSaleemKhan26
 
PPT
Example of threats to the security of systems.ppt
byhellasassin
 
PPT
Cybercrime Definition and Origins of the Word, Cybercrime and Information Sec...
byVinayKumarYB
 
PPTX
informations_security_presentations.pptx
byFAKHARZAMANPROUD
 
PPTX
1. Introduction to Information Security.pptx
bynoura53269
 
PPTX
Date security introduction
byLeo Mark Villar
 
PDF
Management Information Systems
bymsd11
 
PPT
hel1.ppt
byLakshmiPrasadGutta
 
PPT
hel1.ppt
byssuserfdf7272
 
PPT
hel1.ppt
byFauziRahmanWiratmadj
 
PPT
Cybercrime Definition and Origins of the Word, Cybercrime and Information Sec...
byVinayKumarYB
 
PPT
Cybercrime Definition and Origins of the Word, Cybercrime and Information Sec...
byVinayKumarYB
 
PPTX
security in is.pptx
byselvapriyabiher
 
Information Security introduction and management.pptx
bydaudevarist18
 
Security practivce and their best way to lear
byrahulshah641439
 
Information Security Lecture One for Basic
byhassankhan978073
 
Chapter 1 compu secur.pptx of security service
byyhalemayalu
 
ISM-CS5750-01.pptx
byRashidSahito1
 
Information security introduction
byPrachi Gulihar
 
Cyber Security Business Plan Google Slides & PPT Template:
byMrchemMasterMindtric
 
Lecture2-3-CIAin Cyber security with details.ppt
byMuhammadSaleemKhan26
 
Example of threats to the security of systems.ppt
byhellasassin
 
Cybercrime Definition and Origins of the Word, Cybercrime and Information Sec...
byVinayKumarYB
 
informations_security_presentations.pptx
byFAKHARZAMANPROUD
 
1. Introduction to Information Security.pptx
bynoura53269
 
Date security introduction
byLeo Mark Villar
 
Management Information Systems
bymsd11
 
hel1.ppt
byLakshmiPrasadGutta
 
hel1.ppt
byssuserfdf7272
 
hel1.ppt
byFauziRahmanWiratmadj
 
Cybercrime Definition and Origins of the Word, Cybercrime and Information Sec...
byVinayKumarYB
 
Cybercrime Definition and Origins of the Word, Cybercrime and Information Sec...
byVinayKumarYB
 
security in is.pptx
byselvapriyabiher
 

Recently uploaded

PDF
Introduction to Cloud Computing-Cloud Security by Dr. K. Adisesha
byAdiseshaK
 
PDF
Introduction Cloud Computing-Cloud Solutions ppt by Dr. K. Adisesha
byAdiseshaK
 
PPTX
Unit 1_Introduction to Automation & Robotics.pptx
bybekhem2008
 
PDF
Introduction Operating System ppt by Dr. K. Adisesha
byAdiseshaK
 
PPTX
Beyond SAP: Domain-Specific SaaS for Maintenance 4.0 | MaintWiz CMMS
byMaintWiz Technologies Private Limited
 
PDF
From Orchestration to Platform The Missing Puzzles to Unify Polyglot Services...
byRichárd Kovács
 
PPTX
Devising_an_IoT_Based_Water_Quality_Monitoring_and_pH_Controlling_System_for_...
bymynulislam9612917
 
PPTX
19ECX25-CAD for VLSI Circuits Unit-1.pptx
bytamil arasan
 
PPTX
Refrigeration and air conditioning .pptx
bykhushicapricorn1001
 
PDF
UK P&I Club Good Practice Posters Series
byMahmoud Moghtaderi
 
PPTX
Rahul Sharma.pptx for summer internshipp
byirfan7231089794
 
PDF
Test Blueprint for National Exit Examination.pdf
byshumibiru238
 
PPTX
First law of thermodynamics for chemical engineering.pptx
byAnonymousEBReO8v
 
DOCX
23AE205-IMAGE AND VLSI SIGNAL PROCESSING LAB.docx
bytamil arasan
 
PPTX
chapter 2 EMI Mitigation techniques.pptx
bybewnet
 
PDF
A Guide to Boiler Construction and Design
byMahmoud Moghtaderi
 
PDF
Unit - III Analysis of Pin Jointed Plane Trusses / Frames
bynmmorkane
 
PPTX
EARTHWORM DIGESTIVE SYSTEM by a student.pptx
byGabPeralta2
 
PDF
EFFECT OF ULTRAVIOLET RADIATION ON STRUCTURAL PROPERTIES OF NANOWIRES
byijoejnl
 
PDF
Architecture notes Architecture notes Architecture notes
byjosellelucillecayana
 
Introduction to Cloud Computing-Cloud Security by Dr. K. Adisesha
byAdiseshaK
 
Introduction Cloud Computing-Cloud Solutions ppt by Dr. K. Adisesha
byAdiseshaK
 
Unit 1_Introduction to Automation & Robotics.pptx
bybekhem2008
 
Introduction Operating System ppt by Dr. K. Adisesha
byAdiseshaK
 
Beyond SAP: Domain-Specific SaaS for Maintenance 4.0 | MaintWiz CMMS
byMaintWiz Technologies Private Limited
 
From Orchestration to Platform The Missing Puzzles to Unify Polyglot Services...
byRichárd Kovács
 
Devising_an_IoT_Based_Water_Quality_Monitoring_and_pH_Controlling_System_for_...
bymynulislam9612917
 
19ECX25-CAD for VLSI Circuits Unit-1.pptx
bytamil arasan
 
Refrigeration and air conditioning .pptx
bykhushicapricorn1001
 
UK P&I Club Good Practice Posters Series
byMahmoud Moghtaderi
 
Rahul Sharma.pptx for summer internshipp
byirfan7231089794
 
Test Blueprint for National Exit Examination.pdf
byshumibiru238
 
First law of thermodynamics for chemical engineering.pptx
byAnonymousEBReO8v
 
23AE205-IMAGE AND VLSI SIGNAL PROCESSING LAB.docx
bytamil arasan
 
chapter 2 EMI Mitigation techniques.pptx
bybewnet
 
A Guide to Boiler Construction and Design
byMahmoud Moghtaderi
 
Unit - III Analysis of Pin Jointed Plane Trusses / Frames
bynmmorkane
 
EARTHWORM DIGESTIVE SYSTEM by a student.pptx
byGabPeralta2
 
EFFECT OF ULTRAVIOLET RADIATION ON STRUCTURAL PROPERTIES OF NANOWIRES
byijoejnl
 
Architecture notes Architecture notes Architecture notes
byjosellelucillecayana
 

InfoSecConcepts.ppt

  • 1.
    Cpr E 531:Information Security Concepts Iowa State University Thomas E. (Tom) Daniels
  • 2.
    Overview  Administrivia  Whatis Information?  Goals of Information Security  Group Session  Computer and Information Assets  Common Terms and Concepts  Group Session
  • 3.
    What is Information? Oxford Eng. Dict.: “Knowledge communicated concerning some particular fact, subject, or event; that of which one is apprised or told”  Almost a philosophical question.  But, here we are trying to protect it!  Digital information  Replication cost near $0
  • 4.
    Why is InformationValuable?  Competitive advantage  It takes work to produce  Disclosure/modification/loss could cost  Lives  Money  Reputation  Freedom  Others
  • 5.
    How do wemaintain Information’s Value? • Avoid • Prevent • Deter • Detect • Mitigate • Recover • Correct
  • 6.
    Goals of InformationSecurity  CIA model  Confidentiality  Integrity  Availability  Utility  Authenticity  Non-repudiation  Access Control  Auditability  Privacy  Copy protection/control  Others?
  • 7.
    Confidentiality  Only authorizedsubjects should be able to read given data  Also, “secrecy”  Do not confuse with privacy  Achieved by:  Access control  Cryptography
  • 8.
    Confidentiality (cont.)  Examples: Recipe for Coca-Cola  Your password  Business Plan  “Attack at Dawn!”  Source code  Personnel Records  Grade information
  • 9.
    Integrity  Information shouldbe modified in a controlled manner  Examples of integrity policies:  Only by authorized subjects  In a consistent/meaningful fashion  Never modify  Only by a given method
  • 10.
    Availability  Applies todata and services  Presence of object/service for use  Enough of object/service to meet demand  Sufficient speed/timeliness of access or response  Fair use of shared object/service
  • 11.
    Balancing C-I-A  Situationallydependent  Military values confidentiality above others  Data dependent  Web pages need integrity & availability Confidentiality Integrity Availability
  • 12.
    Authenticity  Confirmation ofthe identity (or other feature) of some object  User authentication  “I am who I say I am!”  Document authorship/agreement  “I wrote that document!”  Group membership  “I’m with the government, we’re here to help you.”
  • 13.
    Authenticity vs. Integrity Overlap somewhat  Integrity means an object doesn’t change  An object is authentic if it is the same object as it claims  So, if an object can change in some way and yet still retain its identity, it can be authentic but lack integrity.
  • 14.
    Non-repudiation  Example: certifiedmail  Recipient must sign for a package  Recipient can not deny receipt of item  A subject can not later falsely deny some action  Certified mail, online gaming, contracts, official orders, timestamps
  • 15.
    Access Control  “Whocan do What to Whom?”  For each subject and object pair, specifies the operation (i.e. read, write) the subject can perform on the object.  In theory, a giant Access Control matrix  In practice, ad hoc file permission bits, access control lists, and others.
  • 16.
    Access Control InTheory Objects Subjects password file User1’s Desktop User1 Priv.Key User1 read read,write read,write Admin read,write read,write null ...
  • 17.
    Access Control vs.Authentication  Access Control relies on authentication mechanisms  Real subject?  Real object?  Are objects/subjects members of some group?  But, they are distinct mechanisms!
  • 18.
    Auditability  Ability tostore logs (or audit trails) of transactions, and  Later use those logs to detect mistakes, wrong doing, or recover from failures  Often neglected or done in an ad hoc manner
  • 19.
    Privacy  Avoiding monitoring,not just of explicit content but of various behaviors as well.  Not just confidentiality!  Behavior tracking  One approach: pseudonymous communication "The right to be left alone -- the most comprehensive of rights, and the right most valued by a free people." - Justice Louis Brandeis, Olmstead v. U.S. (1928).
  • 20.
    Content Control/Protection  Protectcopyrights on content  May be software, text, music, images, video, …  Prevention, deterrence, and detection techniques exist.  “Trusted” hardware/software  Watermarking
  • 21.
    Review  Value ofInformation  What is information?  Why is it valuable?  Goals of Information Assurance and Security  Varied and often conflicting  Dependent on the data and situation
  • 22.
    Exercise  For eachof 3 given scenarios, rate the relative importance of Confidentiality, Integrity, Authentication, and Access Control, and give short reasons why you chose the ordering. Exchange results with a neighbor. Where do you disagree?  Scenarios 1. Information collected/accessed via an Automatic Teller Machine 2. Semi-public web site advising stockholders 3. Control Programs on a 777 Jet
  • 23.
    Exercise (cont.)  Pick2-3 types of information that is dealt with in business and try to determine its value in some concrete way.  What are the top security goal(s) for each type of information?
  • 24.
    Computer and InformationAssets  Hardware  Software  Data
  • 25.
    Hardware Assets  Computers,Network infrastructure, Removable media  Physical Security  Without physical security, you have nothing!  Availability, Support, etc.
  • 26.
    Hardware Assets: Trust Do you trust your hardware?  Sources of hardware  Repair of hardware  Multipurpose hardware  Emissions (TEMPEST)
  • 27.
    Hardware Assets: Networking Outside Network Links  Internal Network Access Points  Wireless Networks  Network Service Providers  Firewalls  Intrusion Detection Systems
  • 28.
    Software Assets  Homebrewor Legacy  Do you have the source?  What’s the platform?  How is it supported?  Is it stable?  Is it stored securely?
  • 29.
    Software Assets (cont.) Commercial  Is it supported?  Licensing issues  Do you read them?  Why this product?  Quality vs. Following the herd  Do you trust the vendor?
  • 30.
    Data Assets  Storedinformation owned by the organization  Intellectual Property  Trade Secrets  Patents, Trademarks, Copyrights  Intangibles  Employee knowledge and training  Public opinion  Reputation
  • 31.
    Common Terms andTheir Relations  Threats  Risk Analysis  Cost-Benefit Analysis  Vulnerabilities  Attacks  Exploits  Controls
  • 32.
    Threats • Events thatmay lead to losses  Environmental (Earthquake,fires…)  Traditional Miscreants • theft, vandalism, etc.  “Cyber” • Viruses, network attacks, subversion of clients/servers, etc.  Loss of utilities,  And so on…
  • 33.
    Risk Analysis  Methodfor security planning and prioritization  Quantify likelihood of a threat occurring (your risk)  Estimates from industry pubs.  Past Experience  Your utility providers
  • 34.
    Cost-Benefit Analysis  Tryassessing costs to each risk  Assess cost of measures that address each risk  Consider lifetime of measures  Result  By reviewing the list, a prioritized list of actions may be inferred  Recovery may be cheaper than prevention, deterrence may be sufficient, etc.
  • 35.
    Vulnerability  Property ofor error in a system that allow violation of expected system behavior or policy  A weakness (or hole) in a system that allows some outside agent to reduce the value of the system  Widely confused with attacks and exploits
  • 36.
    Vulnerabilities  Result fromerrors in  Design  Specification  Implementation  Configuration  Note: if an error is in the design, no amount of correct specification, implementation, or configuration can fully eliminate it.
  • 37.
    Vulnerabilities (cont.)  Oftenoccur when people make assumptions about the environment in which their system will operate.  Examples:  Input length bounded  Objects will not change during an operation  Bandwidth/Memory will not run out
  • 38.
    Vulnerability Examples  Design Spoofability of network traffic  Specification  Typos in documents  Implementation  Buffer overflows, race conditions,…  Configuration  Anonymous ftp, Sendmail configurations  Emergent: 2 ok systems fail when joined
  • 39.
    Attacks  Multiple levelsof definition  Low level  An action intended to break security policy using a supposed vulnerability  High level  A group of these low level attacks toward some higher goal
  • 40.
    Exploits  An exploitis a procedure that carries out a low-level attack.  Often scripted  Easily transferred between parties  However, to exploit a vulnerability:  Means to successfully attack a system by taking advantage of the vulnerability.
  • 41.
    How are theserelated?  There are often many distinct attacks on a single vulnerability  Usually, only a few exploits get published  The terms are not interchangeable! Attacks Vulnerabilities V Attacks On V
  • 42.
    Controls  “Countermeasures”  Proceduresand/or objects put in place to prevent/ameliorate successful exploitation of vulnerabilities  Training  Encryption  Firewalls  Backup systems  And many more….
  • 43.
    Controls/Countermeasures • May helpyou  Avoid  Prevent  Deter  Detect  Mitigate  Recover  Correct LOST
  • 44.
    Exercises Apply the informationsecurity terms you learned above to a typical home. Briefly determine the most severe/effective vulnerabilities, threats, risks,...,controls in a typical home. Why do very few people have bars on their windows? Now, consider the home of the CEO of a fortune 500 company, and finally the White House. For each of Confidentiality, Integrity, Availability, Authenticity, and Access Control, write down a few controls that could be used. How can each be circumvented? How can the control be improved?