U2.1 Comp Sec: deals with prevention & detection of unauthorised actions by users of a comp system

Description

Masters Comp Sec Mind Map on U2.1 Comp Sec: deals with prevention & detection of unauthorised actions by users of a comp system, created by Craig Parker on 02/11/2013.
Craig Parker
Mind Map by Craig Parker, updated more than 1 year ago
Craig Parker
Created by Craig Parker about 11 years ago
58
1

Resource summary

U2.1 Comp Sec: deals with prevention & detection of unauthorised actions by users of a comp system
  1. Accountability & Authorisation
    1. Accountability closely related to detection
      1. Keep audit trails and logs protected so actions affecting Sec can be traced to those responsible
      2. Authorisation related to prevention
        1. Users must be identified and authorised, usernames / passwords
      3. Confidentiality
        1. Prevent unauthorised disclosure
          1. Stop unauthorised viewing
            1. Prevention more important than detecting or reacting
            2. Cant recover from a breach of confidentiality
            3. Privacy
              1. Protecting personal data
              2. Secrecy
                1. Protecting organisational secrets
              3. Integrity
                1. Prevent unauthorised modification
                  1. Internal Consistency
                    1. Clark & Wilson
                      1. No user of a system even if authorised may be permitted to modify data in a way that assets or accounting records are lost /corrupted
                    2. External consistency
                      1. Orange Book
                        1. data has not been exposed to to accidental or malicious alteration or destruction
                      2. Detection of intentional / accidental modifications
                      3. A prerequisite for many security services
                      4. Availability
                        1. Prevent unauthorised withholding of information / resources
                          1. May be the most important aspect of Comp Sec
                            1. DDOS
                            2. Prevention
                              1. Measures to prevent damage
                              2. Detection
                                1. Detecting when, how & who did damage
                                  1. Maintaining the integrity
                                2. Reaction
                                  1. Recovery from damage
                                  2. Reliability & dependability
                                    1. Making systems dependable
                                      1. Extremley important in safety critical systems, national infrastructure
                                    Show full summary Hide full summary

                                    Similar

                                    U3.2 Access Control Structures
                                    Craig Parker
                                    U3. Labels & Access Control
                                    Craig Parker
                                    U2.2 Fundamentals
                                    Craig Parker
                                    U3.1 Access Control
                                    Craig Parker
                                    U3.3 Administration
                                    Craig Parker
                                    U4. Security Models & Policy
                                    Craig Parker
                                    U4. Bell-LaPladula
                                    Craig Parker
                                    U4. Biba
                                    Craig Parker
                                    U4. Further Aspects of BLP
                                    Craig Parker
                                    U4. Harrison–Ruzzo–Ullman
                                    Craig Parker
                                    U4. Chinese Wall
                                    Craig Parker