Zusammenfassung der Ressource
U2.1 Comp Sec: deals with prevention
& detection of unauthorised
actions by users of a comp system
- Accountability &
Authorisation
- Accountability
closely related to
detection
- Keep audit trails and logs
protected so actions affecting
Sec can be traced to those
responsible
- Authorisation
related to prevention
- Users must be
identified and
authorised, usernames
/ passwords
- Confidentiality
- Prevent unauthorised
disclosure
- Stop
unauthorised
viewing
- Prevention more important
than detecting or reacting
- Cant recover
from a breach of
confidentiality
- Privacy
- Protecting
personal data
- Secrecy
- Protecting
organisational
secrets
- Integrity
- Prevent unauthorised
modification
- Internal Consistency
- Clark & Wilson
- No user of a system even if authorised
may be permitted to modify data in a way
that assets or accounting records are lost
/corrupted
- External consistency
- Orange Book
- data has not been exposed to
to accidental or malicious
alteration or destruction
- Detection of intentional /
accidental modifications
- A prerequisite for
many security services
- Availability
- Prevent unauthorised
withholding of information
/ resources
- May be the most
important aspect of
Comp Sec
- DDOS
- Prevention
- Measures to
prevent damage
- Detection
- Detecting when, how &
who did damage
- Maintaining the integrity
- Reaction
- Recovery
from damage
- Reliability &
dependability
- Making
systems
dependable
- Extremley important in
safety critical systems,
national infrastructure