Chapter 1

availability

data and services are available when needed. Redundancy and Fault tolerance, patching

safety of assets

safety of individuals and of organisation's assets. assets - physical security controls ensure safety of assets. fencing, lighting, locks, CCTV. Chapter 2

identification

user claim an identity. eg use usernames

authorisation

grant and restrict access. eg using permissions

steganography

hiding data within data

access controls

identification, authentication, authorisation controls ensure only authorised personnel can access data.

safety

individuals and assets. people should be top priority (as assets can be replaced)

encryption

make confidential data difficult to decode. Covered in Chapter 10

confidentiality

prevents unauthorised disclosure of data. encryption, access controls, steganography

authentication

prove their identity. eg passwords

integrity

provides assurance that data has not changed. Ensuring that no one has modified, tampered with, or corrupted the data. Hashing, Digital Signatures Certificates and non-repudiation

safety of individuals

safety of individuals and of organisation's assets. people - risks include disasters, fires, earthquakes, hurricanes and tornadoes. business continuity plans to prepare for these. these include escape plans and escape routes. hold drills and training to teach personnel

security triad

confidentiality, integrity, availability

non-repudiation

digital signatures, audit logs prove if someone did a thing

hashing

a hash is a number created by executing a hashing algorithm against data. If the data doesn't change, the hash doesn't change. Hashing verifies integrity. MD5, HMC, SHA-1

redundancy

availability. adds duplication to critical systems and provides fault tolerance. Remove single points of failure. Disk, server, load balancing, site redundancies, backups, alternate power, cooling systems.

patching

availability. software bugs are patched. Chapter 5

Digital Signatures, certificates and non-repudiation

used for integrity. digital signatures can be attached to data. when it is received, the digital signature provides assurance it has not been modified. A digital signature provides authentication. It authenticates the sender. A digital signature provides non-repudiation. The sender cannot deny sending the data because digital signature proves she did. digital signatures require certificates and a Public Key Infrastructure. Certificates include keys used for encryption and the PKI provides the means to create, manage and distribute certificates.