---
title: "01-information-assurance"
aliases: 
tags: 
- comp210
- lecture
sr-due: 2022-08-31
sr-interval: 30
sr-ease: 270
---

- [information-security](notes/information-security.md)
- [mccumber-cube](notes/mccumber-cube.md)
- [access-security-tradeoff](notes/access-security-tradeoff.md)
- [cia-triad](notes/cia-triad.md)













































# In the news

- [Axie hack](https://thehackernews.com/2022/07/hackers-used-fake-job-offer-to-hack-and.html)
- 

# Why info sec
- more interconnected
	- more exposure
- software devs need to know about security
- often security is an afterthought
	- this is bad
- IS proatects the ability of an organisation to function
	- also protects reputation

# What is security
- protecting assets from harm or damage
- related concepts
	- nation security (political security)
	- safety (health)
	- environmental security (clean environement)
	- information security 
	- economic security (stability of ecomony)

# What is information secuity
- focus of protecting information assets
	- data, systems, equipment, infrastructure
- intentional and accidental risks

> "The preservation of confidentiality, integrity and availability of information; in addition, other properties such as authenticity, accountability, non-repudiation and reliability can also be involved.” 
> (ISO27000 Information Security Management Systems – Overview and Vocabulary)

# Continuous need
- environment is rapidly changing
- innovation is rapid
- cloud computing
- more ICT capabilities introduce new attack vectors

# Components of Info systems
can all be sources of attacks

- data
	- e.g., bank: unauthorised acces to data
- people
	- e.g., social engineering
- hardware
	- e.g., physical security (usually)
- software
	- e.g., most common
- netowrk
	- e.g., lost os possibilities for attack
- procedures
	- e.g., back: inside knowledge of faults within the business, that can be exploited

# CIA Triad
how security has been appraoched by industry for ages

- Confidentiality
	- having information protected from exposure
	- blocking unauthorised access
- Availability
	- authentic state of information
	- preventing corruption etc.
	- e.g., checksum, hash check etc
- Integrity
	- information being available to users without obstables 
	- DDoS

Other models have been developed
- [slide](https://i.imgur.com/GJfb8Ph.png)

# McCumber Cube
- a way to think about how to protect your information
- [slide](https://i.imgur.com/5Ls2yUp.png)

- a map
- can be used to find "holes"

# Access Security tradeoff
- perfect info security is impossible
- unrestricted access is dangerous
- completely secure would not allow access to anyone
- balance is key