Fund IS Chapters 1-4

Risk

: the likelihood that something bad will happen. To have a risk you need to have both a threat and a vulnerability to be exploited.

Biometrics: Universality

: you should be able to find your chosen biometric characteristic in the majority of people you expect to enroll in the system. Some people don't have fingers.

Access Control Model: Role-Based Access Control (RBAC)

Access based on individual roles.

Access Control Model: Rule-Based Access Control

Access based on predefined system rules.

Access Control Model: Attribute-Based Access Control (ABAC)

Access based on specific attributes of users or resources.

Access Control Model: Mandatory Access Control (MAC)

Access control by a separate authority, not the owner.

Incident Response: Preparation Phase

Activities performed ahead to enhance incident handling.

Intrusion Detection and Prevention

Alerts and actions against unusual activities to prevent attacks. Tools: IDS, IPS

Bell Model: The * Property

Anyone accessing a resource can only write (or copy) its contents to another resource classified at the same level or higher.

Biba: * Integrity Axiom

Anyone accessing a resource can only write its contents to a resource classified at the same level or lower.

Impersonation Attacks

Attacker poses as a legitimate party in communication

ABAC: Subject Attributes

Attributes that belong to an individual. (CAPTCHAs)

Mutual Authentication

Both parties authenticate each other in a transaction

Cross-Site Request Forgery (CSRF)

Browser attack misusing user's authority of the browser on the user's computer.

Integrity Difference between CIA and Parkerian

CIA: Preventing unauthorized people from changing your data. Parkerian: he doesn't account for authorized but incorrect modification of data. Data must be whole and completely unchanged from its previous state.

Identification

Claim of who or what someone is, an assertion of who we are. (Usernames, Swiping your card)

Clickjacking

Client-side attack deceiving users on webpage interactions. They create an invisible layer that the client wouldn't normally click.

Multilevel Access Control Models

Combining various access control models for security.

Physical Access Controls

Concerned with controlling the movement of individuals and vehicles.

CIA Triad

Confidentiality: Protecting data from those not authorized to view it Integrity: Preventing unauthorized people from changing your data. Availability: Accessing our data when we need it.

Data in Use

Data actively accessed or modified by an application or user.

Data in Motion

Data moving from one location to another, protected by encryption.

Logical Assets

Data or intellectual property as valuable as physical assets.

Authorization

Decides what the party being authenticated is permitted to do.

FISMA

Defines security standards for U.S. federal agencies.

Brewer and Nash Model

Designed to prevent conflicts of interest in access control. Three main Resource Classes: Objects: Resources, such as files or information, pertaining to a single organization. Company groups: All objects pertaining to an organization. Conflict classes: All groups of objects concerning competing parties.

Access Control Model

Determines resource access for different parties.

Biba Model

Emphasizes data integrity over confidentiality. ensuring that your resource can be written to only by those with a high level of access and that those with a high level of access do not access a resource with a lower classification

ABAC: Environmental Attributes

Enable access controls based on environmental conditions. Only during business hours, 24 hour time limit.

Accountability

Ensuring users will behave with your rules. In order to hold people accountable you need to trace/record all activities in your environments back to their sources.

Authentication

Establishing the truth of an identification claim (passwords, entering pin.

Parkerian Hexad

Expands CIA triad. Possesion/Control: physical disposition of the media on which the data is stored. Authenticity: Attributing the data in question to the proper owner or creator. Utility: how useful the data is to you.

ACL: Networks ACLs

Filter access based on network identifiers like IP addresses, MAC address, port. (can use more than one at once)

Bell-LaPadula Model

Focuses on confidentiality with DAC and MAC combination. Concerned with Confidentiality. you can't read any higher than your clearance level, and you can't write classified data down to any lower level.

Fabrication Attack

Generating false data, violating integrity and availability.

ACL: File System ACLs

Grant read, write, or execute permissions on files.

Principle of Least Privilege

Granting users minimal access necessary for functionality.

Incident Response: Detection and Analysis Phase

Identifying and assessing incidents using tools and human judgment.

Security Cost vs. Productivity

Increasing security may decrease productivity, cost should not exceed asset value or replacement cost.

Ethereal Items

Intangible items like software, source code, or data.

Sandboxes

Isolated environments for running sensitive/risky applications.

Access Control List (ACL)

Lists specifying access permissions for parties in a system.

IDS

Monitors and alerts about undesirable activities or attacks.

Defense in Depth

Multilayered defense to prevent attacks and resist failures

Security Patch Neglect

Not applying security updates, risking system vulnerabilities. Weak passwords. Downloading programs from internet. Opening emails from unknown senders. Using wireless networks without encryption.

ACL: Deputy Problem

Occurs when the software with access to a resource (the deputy) has a greater level of permission to access the resource than the user who is controlling the software. If you can trick the software into misusing its greater level of authority, you can potentially carry out a client side attack.

Capabilities

Permissions based on user's possession of tokens for resource access. Permissions can change at admin's will.

Hardware Tokens (Dongles)

Physical devices for authentication. Gives unique identifier that authenticates user with credentials. susceptible to theft. Something you have.

Deterrence

Preventing actions by making penalties and monitoring clear.

Incident Response: Post-Incident Activity

Process to determine what happened, why, and prevent recurrence

Information Security

Protecting information from unauthorized access, use, disclosure, disruption, modification, or destruction.

Physical Controls

Protecting the physical environment where your system sit or where data is stored

Security

Protecting your assets, whether they are attackers, disaster, vandalism, loss, or misuse.

Sarbanes-Oxley Act

Protects against corporate fraud and ensures accountability.

Health Insurance Portability and Accountability Act (HIPAA)

Protects medical information privacy.

False Acceptance Rate (FAR)

Rate of accepting unauthorized users in biometric systems. One of two primary metrics to measure performance of a biometric system

False Rejection Rate (FRR)

Rate of rejecting legitimate users in biometric systems. One of two primary metrics to measure performance of a biometric system

Incident Response

Reacting to security incidents with predefined plans and actions.

HIPAA

Regulation for organizations handling healthcare and patient data.

Incident Response: Eradication Phase

Removing the effects of an incident from the environment.

Interruption Attack

Rendering assets unusable, violating integrity and availability.

Access Control Model: Discretionary Access Control (DAC)

Resource owner decides access levels.

IPS

Responds to attacks by taking actions based on alerts/information from IDS. Might refuse traffic from the source of the attack

Incident Response: Recovery Phase

Restoring systems or data to the state before the incident.

Auditing

Reviewing records to ensure compliance and accountability.

Administrative Controls

Security controls implemented via administrative or management methods.

Tailgating

Security issue where unauthorized individuals follow authenticated users.

Nonrepudiation

Situation where an individual can't deny a statement or action due to evidence.

Authentication Factors

Something you Know: Passwords, Pins Something you are: Biometrics Something you have: Security Tokens, Verification Code Texts Something you do: Based on actions and behaviors of individual Where you are: Requires person to be in specific location

PCI DSS

Standard for companies processing credit card payments.

Identity Verification

Step above identification, below authentication. Being asked to show drivers license, birth certificate etc.

Data at Rest

Stored data not in transit, protected by encryption.

Impact

Takes into account the value of the asset being threatened and uses it to calculate risk.

Revoking Access

Taking away granted access from a party after they've gained it.

Incident Response: Containment Phase

Taking steps to prevent further damage during an incident.

Modification Attack

Tampering with assets, violating integrity and availability.

Physical Assets

Tangible items with inherent value like gold or computer hardware.

Bell Model: Simple Security Property

The level of access granted to an individual must be at least as high as the classification of the resource in order for the individual to access it.

Biba: Simple Integrity Axiom

The level of access granted to an individual must be no lower than the classification of the resource.

Risk Management

The process used to compensate for risks in your environment Identify Assets Identify Threats with CIA/Parkerian Assess Vulnerabilities in the context of threats (millions of threats but only a few work because of your system's vulnerabilities) Assess Risk, remember Threat + Vulnerability = Risk Mitigate Risks with Controls

Threats vs. Vulnerabilities

Threats can harm, vulnerabilities are weaknesses threats exploit.

Access Controls

Tools to allow or deny access to resources. It either Allows access, Denies it, or limits access.

Interception Attack

Unauthorized access to data, violating confidentiality.

Network ACLs: Media Access Control (MAC) Address

Unique identifier for network interfaces. Grants permissions to traffic instead of user.

Multi-factor authentication

Using one or more factors for authentication

Biometrics

Using unique physical attributes for identification. Defined by 7 Characteristics: Universality, Uniqueness, Permanence, Collectability, Performance, Acceptability, Circumvention

Equal Error Rate (ERR)

Where the FAR and the FRR intersect. Where you want to be.

ABAC: Resource Attributes

belong to a resource, such as an operating system or application. Some websites only work with certain browsers, not security specific but technical.

Logical Controls (Technical Controls)

controls that protect the systems, networks, and environments that process, transmit, and store our data

Biometrics: Circumvention

how easy it is to trick a system by using a falsified biometric identifier.

Biometrics: Acceptability

measure of how acceptable the characteristic is to the users of the system. People won't use systems that are slow or require you to get naked.

Biometrics: Uniqueness

measure of how unique a characteristic is among individuals. A lot of people weigh the same, twins have the same DNA, people can replicate fingerprints.

Biometrics: Collectability

measures how easy it is to acquire a characteristic. Getting and enrolling fingerprints is easier than DNA.

Biometrics: Performance

measures how well a given system functions based on factors such as speed, accuracy, and error rate.

Layer Defensive Measures

not included: physical defenses, polices, or user awareness and training

Biometrics: Permanence

tests how well a characteristic resists change over time and with advancing age. Weight changes, fingerprints don't.