General Security Concepts Introduction to Cyber Security The

General Security Concepts Introduction to Cyber Security

The “CIA” of Security • Confidentiality-only those who have the authority to view a piece of information • Integrity-generation and modification of data • Availability-ensure that the data, or the system itself, is available for use when the authorized user wants it

Operational Model of Computer Security Protection=Prevention + (Detection + Response) NIST Framework • Identify • Protect • Detect • Respond • Recover

Security Tenets • Session Management • Includes all of the activities necessary to manage the session • Establishment • During use • Completion of “conversation”

Security Tenets • Exception Management • Involve the invocation of conditions that fall outside of the normal sequence of operation • Can result in errors on host or network operations • May allow the system to operate outside of the normal sequence depending on its use • May fail the operation and recover it in a separate action

Security Tenets • Configuration Management • Key to properation of IT systems • Design and operation of the elements to ensure proper functional environment of a system

Security Approaches • Host Security-protecting the individual computer • Network Security-protecting the group of computers • Controlling access to internal computers from external entities