quartz/content/notes/01-big-picture.md

---
title: "01-big-picture"
aliases: 
tags: 
- comp210
---

# In the news

- [Axie hack](https://thehackernews.com/2022/07/hackers-used-fake-job-offer-to-hack-and.html)
- 

# Why info sec
- more interconnected
	- more exposure
- software devs need to know about security
- often security is an afterthought
	- this is bad
- IS proatects the ability of an organisation to function
	- also protects reputation

# What is security
- protecting assets from harm or damage
- related concepts
	- nation security (political security)
	- safety (health)
	- environmental security (clean environement)
	- information security 
	- economic security (stability of ecomony)

# What is information secuity
- focus of protecting information assets
	- data, systems, equipment, infrastructure
- intentional and accidental risks

> "The preservation of confidentiality, integrity and availability of information; in addition, other properties such as authenticity, accountability, non-repudiation and reliability can also be involved.” 
> (ISO27000 Information Security Management Systems – Overview and Vocabulary)

# Continuous need
- environment is rapidly changing
- innovation is rapid
- cloud computing
- more ICT capabilities introduce new attack vectors

# Components of Info systems
can all be sources of attacks

- data
	- e.g., bank: unauthorised acces to data
- people
	- e.g., social engineering
- hardware
	- e.g., physical security (usually)
- software
	- e.g., most common
- netowrk
	- e.g., lost os possibilities for attack
- procedures
	- e.g., back: inside knowledge of faults within the business, that can be exploited

# CIA Triad
- Confidentiality
- Availability
- Integ