GitHub/quartz
1
0
Fork 2
mirror of https://github.com/jackyzha0/quartz.git synced 2025-12-25 05:44:06 -06:00
Code Issues Actions 2 Packages Projects Releases Wiki Activity
a54bbaf75d
quartz/content/notes/01-big-picture.md
Jet Hughes 8e48a5001b vault backup: 2022-07-13 19:37:16
2022-07-13 19:37:16 +12:00

91 lines
2.3 KiB
Markdown
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

---
title: "01-big-picture"
aliases:
tags:
- comp210
---
# In the news
- [Axie hack](https://thehackernews.com/2022/07/hackers-used-fake-job-offer-to-hack-and.html)
-
# Why info sec
- more interconnected
- more exposure
- software devs need to know about security
- often security is an afterthought
- this is bad
- IS proatects the ability of an organisation to function
- also protects reputation
# What is security
- protecting assets from harm or damage
- related concepts
- nation security (political security)
- safety (health)
- environmental security (clean environement)
- information security
- economic security (stability of ecomony)
# What is information secuity
- focus of protecting information assets
- data, systems, equipment, infrastructure
- intentional and accidental risks
> "The preservation of confidentiality, integrity and availability of information; in addition, other properties such as authenticity, accountability, non-repudiation and reliability can also be involved.”
> (ISO27000 Information Security Management Systems Overview and Vocabulary)
# Continuous need
- environment is rapidly changing
- innovation is rapid
- cloud computing
- more ICT capabilities introduce new attack vectors
# Components of Info systems
can all be sources of attacks
- data
- e.g., bank: unauthorised acces to data
- people
- e.g., social engineering
- hardware
- e.g., physical security (usually)
- software
- e.g., most common
- netowrk
- e.g., lost os possibilities for attack
- procedures
- e.g., back: inside knowledge of faults within the business, that can be exploited
# CIA Triad
how security has been appraoched by industry for ages
- Confidentiality
- having information protected from exposure
- blocking unauthorised access
- Availability
- authentic state of information
- preventing corruption etc.
- e.g., checksum, hash check etc
- Integrity
- information being available to users without obstables
- DDoS
Other models have been developed
- [slide](https://i.imgur.com/GJfb8Ph.png)
# McCumber Cube
- a way to think about how to protect your information
- [slide](https://i.imgur.com/5Ls2yUp.png)
- a map
- can be used to find "holes"
# Access Security tradeoff
- perfect info security is impossible
- unrestricted access is dangerous
- completely secure would not allow access to anyone
- balance is key
Reference in New Issue View Git Blame Copy Permalink