General Security Concepts Introduction to Cyber Security The
General Security Concepts Introduction to Cyber Security
The “CIA” of Security • Confidentiality-only those who have the authority to view a piece of information • Integrity-generation and modification of data • Availability-ensure that the data, or the system itself, is available for use when the authorized user wants it
Operational Model of Computer Security Protection=Prevention + (Detection + Response) NIST Framework • Identify • Protect • Detect • Respond • Recover
Security Tenets • Session Management • Includes all of the activities necessary to manage the session • Establishment • During use • Completion of “conversation”
Security Tenets • Exception Management • Involve the invocation of conditions that fall outside of the normal sequence of operation • Can result in errors on host or network operations • May allow the system to operate outside of the normal sequence depending on its use • May fail the operation and recover it in a separate action
Security Tenets • Configuration Management • Key to properation of IT systems • Design and operation of the elements to ensure proper functional environment of a system
Security Approaches • Host Security-protecting the individual computer • Network Security-protecting the group of computers • Controlling access to internal computers from external entities
- Slides: 7