Fund IS Chapters 1-4
Risk
: the likelihood that something bad will happen. To have a risk you need to have both a threat and a vulnerability to be exploited.
Biometrics: Universality
: you should be able to find your chosen biometric characteristic in the majority of people you expect to enroll in the system. Some people don't have fingers.
Access Control Model: Role-Based Access Control (RBAC)
Access based on individual roles.
Access Control Model: Rule-Based Access Control
Access based on predefined system rules.
Access Control Model: Attribute-Based Access Control (ABAC)
Access based on specific attributes of users or resources.
Access Control Model: Mandatory Access Control (MAC)
Access control by a separate authority, not the owner.
Incident Response: Preparation Phase
Activities performed ahead to enhance incident handling.
Intrusion Detection and Prevention
Alerts and actions against unusual activities to prevent attacks. Tools: IDS, IPS
Bell Model: The * Property
Anyone accessing a resource can only write (or copy) its contents to another resource classified at the same level or higher.
Biba: * Integrity Axiom
Anyone accessing a resource can only write its contents to a resource classified at the same level or lower.
Impersonation Attacks
Attacker poses as a legitimate party in communication
ABAC: Subject Attributes
Attributes that belong to an individual. (CAPTCHAs)
Mutual Authentication
Both parties authenticate each other in a transaction
Cross-Site Request Forgery (CSRF)
Browser attack misusing user's authority of the browser on the user's computer.
Integrity Difference between CIA and Parkerian
CIA: Preventing unauthorized people from changing your data. Parkerian: he doesn't account for authorized but incorrect modification of data. Data must be whole and completely unchanged from its previous state.
Identification
Claim of who or what someone is, an assertion of who we are. (Usernames, Swiping your card)
Clickjacking
Client-side attack deceiving users on webpage interactions. They create an invisible layer that the client wouldn't normally click.
Multilevel Access Control Models
Combining various access control models for security.
Physical Access Controls
Concerned with controlling the movement of individuals and vehicles.
CIA Triad
Confidentiality: Protecting data from those not authorized to view it Integrity: Preventing unauthorized people from changing your data. Availability: Accessing our data when we need it.
Data in Use
Data actively accessed or modified by an application or user.
Data in Motion
Data moving from one location to another, protected by encryption.
Logical Assets
Data or intellectual property as valuable as physical assets.
Authorization
Decides what the party being authenticated is permitted to do.
FISMA
Defines security standards for U.S. federal agencies.
Brewer and Nash Model
Designed to prevent conflicts of interest in access control. Three main Resource Classes: Objects: Resources, such as files or information, pertaining to a single organization. Company groups: All objects pertaining to an organization. Conflict classes: All groups of objects concerning competing parties.
Access Control Model
Determines resource access for different parties.
Biba Model
Emphasizes data integrity over confidentiality. ensuring that your resource can be written to only by those with a high level of access and that those with a high level of access do not access a resource with a lower classification
ABAC: Environmental Attributes
Enable access controls based on environmental conditions. Only during business hours, 24 hour time limit.
Accountability
Ensuring users will behave with your rules. In order to hold people accountable you need to trace/record all activities in your environments back to their sources.
Authentication
Establishing the truth of an identification claim (passwords, entering pin.
Parkerian Hexad
Expands CIA triad. Possesion/Control: physical disposition of the media on which the data is stored. Authenticity: Attributing the data in question to the proper owner or creator. Utility: how useful the data is to you.
ACL: Networks ACLs
Filter access based on network identifiers like IP addresses, MAC address, port. (can use more than one at once)
Bell-LaPadula Model
Focuses on confidentiality with DAC and MAC combination. Concerned with Confidentiality. you can't read any higher than your clearance level, and you can't write classified data down to any lower level.
Fabrication Attack
Generating false data, violating integrity and availability.
ACL: File System ACLs
Grant read, write, or execute permissions on files.
Principle of Least Privilege
Granting users minimal access necessary for functionality.
Incident Response: Detection and Analysis Phase
Identifying and assessing incidents using tools and human judgment.
Security Cost vs. Productivity
Increasing security may decrease productivity, cost should not exceed asset value or replacement cost.
Ethereal Items
Intangible items like software, source code, or data.
Sandboxes
Isolated environments for running sensitive/risky applications.
Access Control List (ACL)
Lists specifying access permissions for parties in a system.
IDS
Monitors and alerts about undesirable activities or attacks.
Defense in Depth
Multilayered defense to prevent attacks and resist failures
Security Patch Neglect
Not applying security updates, risking system vulnerabilities. Weak passwords. Downloading programs from internet. Opening emails from unknown senders. Using wireless networks without encryption.
ACL: Deputy Problem
Occurs when the software with access to a resource (the deputy) has a greater level of permission to access the resource than the user who is controlling the software. If you can trick the software into misusing its greater level of authority, you can potentially carry out a client side attack.
Capabilities
Permissions based on user's possession of tokens for resource access. Permissions can change at admin's will.
Hardware Tokens (Dongles)
Physical devices for authentication. Gives unique identifier that authenticates user with credentials. susceptible to theft. Something you have.
Deterrence
Preventing actions by making penalties and monitoring clear.
Incident Response: Post-Incident Activity
Process to determine what happened, why, and prevent recurrence
Information Security
Protecting information from unauthorized access, use, disclosure, disruption, modification, or destruction.
Physical Controls
Protecting the physical environment where your system sit or where data is stored
Security
Protecting your assets, whether they are attackers, disaster, vandalism, loss, or misuse.
Sarbanes-Oxley Act
Protects against corporate fraud and ensures accountability.
Health Insurance Portability and Accountability Act (HIPAA)
Protects medical information privacy.
False Acceptance Rate (FAR)
Rate of accepting unauthorized users in biometric systems. One of two primary metrics to measure performance of a biometric system
False Rejection Rate (FRR)
Rate of rejecting legitimate users in biometric systems. One of two primary metrics to measure performance of a biometric system
Incident Response
Reacting to security incidents with predefined plans and actions.
HIPAA
Regulation for organizations handling healthcare and patient data.
Incident Response: Eradication Phase
Removing the effects of an incident from the environment.
Interruption Attack
Rendering assets unusable, violating integrity and availability.
Access Control Model: Discretionary Access Control (DAC)
Resource owner decides access levels.
IPS
Responds to attacks by taking actions based on alerts/information from IDS. Might refuse traffic from the source of the attack
Incident Response: Recovery Phase
Restoring systems or data to the state before the incident.
Auditing
Reviewing records to ensure compliance and accountability.
Administrative Controls
Security controls implemented via administrative or management methods.
Tailgating
Security issue where unauthorized individuals follow authenticated users.
Nonrepudiation
Situation where an individual can't deny a statement or action due to evidence.
Authentication Factors
Something you Know: Passwords, Pins Something you are: Biometrics Something you have: Security Tokens, Verification Code Texts Something you do: Based on actions and behaviors of individual Where you are: Requires person to be in specific location
PCI DSS
Standard for companies processing credit card payments.
Identity Verification
Step above identification, below authentication. Being asked to show drivers license, birth certificate etc.
Data at Rest
Stored data not in transit, protected by encryption.
Impact
Takes into account the value of the asset being threatened and uses it to calculate risk.
Revoking Access
Taking away granted access from a party after they've gained it.
Incident Response: Containment Phase
Taking steps to prevent further damage during an incident.
Modification Attack
Tampering with assets, violating integrity and availability.
Physical Assets
Tangible items with inherent value like gold or computer hardware.
Bell Model: Simple Security Property
The level of access granted to an individual must be at least as high as the classification of the resource in order for the individual to access it.
Biba: Simple Integrity Axiom
The level of access granted to an individual must be no lower than the classification of the resource.
Risk Management
The process used to compensate for risks in your environment Identify Assets Identify Threats with CIA/Parkerian Assess Vulnerabilities in the context of threats (millions of threats but only a few work because of your system's vulnerabilities) Assess Risk, remember Threat + Vulnerability = Risk Mitigate Risks with Controls
Threats vs. Vulnerabilities
Threats can harm, vulnerabilities are weaknesses threats exploit.
Access Controls
Tools to allow or deny access to resources. It either Allows access, Denies it, or limits access.
Interception Attack
Unauthorized access to data, violating confidentiality.
Network ACLs: Media Access Control (MAC) Address
Unique identifier for network interfaces. Grants permissions to traffic instead of user.
Multi-factor authentication
Using one or more factors for authentication
Biometrics
Using unique physical attributes for identification. Defined by 7 Characteristics: Universality, Uniqueness, Permanence, Collectability, Performance, Acceptability, Circumvention
Equal Error Rate (ERR)
Where the FAR and the FRR intersect. Where you want to be.
ABAC: Resource Attributes
belong to a resource, such as an operating system or application. Some websites only work with certain browsers, not security specific but technical.
Logical Controls (Technical Controls)
controls that protect the systems, networks, and environments that process, transmit, and store our data
Biometrics: Circumvention
how easy it is to trick a system by using a falsified biometric identifier.
Biometrics: Acceptability
measure of how acceptable the characteristic is to the users of the system. People won't use systems that are slow or require you to get naked.
Biometrics: Uniqueness
measure of how unique a characteristic is among individuals. A lot of people weigh the same, twins have the same DNA, people can replicate fingerprints.
Biometrics: Collectability
measures how easy it is to acquire a characteristic. Getting and enrolling fingerprints is easier than DNA.
Biometrics: Performance
measures how well a given system functions based on factors such as speed, accuracy, and error rate.
Layer Defensive Measures
not included: physical defenses, polices, or user awareness and training
Biometrics: Permanence
tests how well a characteristic resists change over time and with advancing age. Weight changes, fingerprints don't.