GitHub/quartz
1
0
Fork 2
mirror of https://github.com/jackyzha0/quartz.git synced 2025-12-24 21:34:06 -06:00
Code Issues Actions Packages Projects Releases Wiki Activity
b59ebc7afc
quartz/content/notes/01-big-picture.md
Jet Hughes 4fa55fca45 vault backup: 2022-07-19 20:51:12
2022-07-19 20:51:12 +12:00

2.4 KiB
Raw Blame History

title aliases tags sr-due sr-interval sr-ease
01-big-picture
comp210
lecture
2022-07-22 3 250

In the news

Why info sec

  • more interconnected
    • more exposure
  • software devs need to know about security
  • often security is an afterthought
    • this is bad
  • IS proatects the ability of an organisation to function
    • also protects reputation

What is security

  • protecting assets from harm or damage
  • related concepts
    • nation security (political security)
    • safety (health)
    • environmental security (clean environement)
    • information security
    • economic security (stability of ecomony)

What is information secuity

  • focus of protecting information assets
    • data, systems, equipment, infrastructure
  • intentional and accidental risks

"The preservation of confidentiality, integrity and availability of information; in addition, other properties such as authenticity, accountability, non-repudiation and reliability can also be involved.” (ISO27000 Information Security Management Systems Overview and Vocabulary)

Continuous need

  • environment is rapidly changing
  • innovation is rapid
  • cloud computing
  • more ICT capabilities introduce new attack vectors

Components of Info systems

can all be sources of attacks

  • data
    • e.g., bank: unauthorised acces to data
  • people
    • e.g., social engineering
  • hardware
    • e.g., physical security (usually)
  • software
    • e.g., most common
  • netowrk
    • e.g., lost os possibilities for attack
  • procedures
    • e.g., back: inside knowledge of faults within the business, that can be exploited

CIA Triad

how security has been appraoched by industry for ages

  • Confidentiality
    • having information protected from exposure
    • blocking unauthorised access
  • Availability
    • authentic state of information
    • preventing corruption etc.
    • e.g., checksum, hash check etc
  • Integrity
    • information being available to users without obstables
    • DDoS

Other models have been developed

McCumber Cube

  • a way to think about how to protect your information

  • slide

  • a map

  • can be used to find "holes"

Access Security tradeoff

  • perfect info security is impossible
  • unrestricted access is dangerous
  • completely secure would not allow access to anyone
  • balance is key