GitHub/quartz
1
0
Fork 2
mirror of https://github.com/jackyzha0/quartz.git synced 2025-12-24 21:34:06 -06:00
Code Issues Actions Packages Projects Releases Wiki Activity
ed2eacedfd
quartz/content/notes/02-concepts-and-roles.md
Jet Hughes ed2eacedfd vault backup: 2022-07-14 17:26:50
2022-07-14 17:26:50 +12:00

104 lines
3.0 KiB
Markdown
Raw Blame History

---
title: "02-concepts-and-roles"
aliases:
tags:
- comp210
---
# News
- [more personal email scams](https://theconversation.com/email-scams-are-getting-more-personal-they-even-fool-cybersecurity-experts-186009)
- They have more knowledge about your personal information
- [deakin university attack](https://australiancybersecuritymagazine.com.au/up-to-10000-students-targeted-in-deakin-university-cyberattack/)
- staff credentials were leaked and acces to students information was gathered
- [rusian hackers attack lithuania](https://www.reuters.com/world/europe/russian-hacker-group-says-cyber-attacks-continue-lithuania-2022-06-28/)
- [attacks against india](https://www.indiatoday.in/india/story/prophet-row-international-hackers-cyber-attacks-india-nupur-sharma-remark-1961941-2022-06-13)
- [retbleed attack affects AMD and Intel CPUs (spectre-based speculative-execution attacks)](https://thehackernews.com/2022/07/new-retbleed-speculative-execution.html)
# Vulnerabilities
- a potential weakness in an asset
- or in its defense security control
- e.g., flaws in software packages or an unprotected system port
exploit is the technique used to attack
- [RAND report r-609-1 (1979)](https://i.imgur.com/GEVLIq1.png)
- need to be aware of vulnerabilities
e.g.,
- websites can steal browser data via extension APIs
# Security services and control
- services
- the intended security goal or property (C.I.A provides the three main security services)
- confidentiality
- integrity
- awareness
- controls
- the mechanisms employed to implement the services
- encryption
- firewalls
- awareness
## Controls
- physical controls
- facility protection
- guards
- locks
- monitoring
- environment controls
- intrustion detection
- technical controls
- network security
- cryptography
- forensics
- user authentication
- etc
- administrative controls
- policies
- standards
- procedures
- guidelines
- personnel screening
- awareness training
- Preventive
- e.g., "prevent exposure of critical information"
- control - e.g., encrpytion
- detective
- e.g., "we want to warn attempts of intrustions"
- control - e.g., intrusion detection systems
- corrective
- reduce/fix damage
- e.g., "we want to repair our system in case of errors"
- conrtol - e.g., restoration point mechanisms (e.g., version control systems like [git](notes/git.md))
- we need security controls for all info states:
- storage
- information storage containers
- electronic, physical, human
- transmission
- physical or electronic
- processing
- physical or electronic
# CIA
- a security service provides a high level security property
## Confidentiality
- information should not be available to unauthorised people
- divided into:
- secrecy: protecting business data
- privacy: protecting personal data
- anonymity: hide who is engaging in what actions
- threats: information theft, unintentional disclosure
- controls: encyption, access control, perimeter defense
- general controls: secure systems development, and incident response
# Privacy and Actions
# Shared responsibility
# Balance
Reference in New Issue View Git Blame Copy Permalink