What are the basic Security services ?
1. Confidentiality - concealment of information. Military is more interested in Confidentiality. Cryptography is an access control mechanism to ensure Confidentiality of information.
2. Integrity - Trustworthiness of data / resources. The two types of Integrity are
1. Data Integrity - Content of information
2. Origin Integrity - Source of data, called Authentication
Business is more interested in Integrity than Confidentiality. For example, it would be more damaging for a bank for someone to change his bank balance than for him gain unauthorized access to confidential information of the bank (say customer data).
3. Availability - Ability to use information / resource desired.
What are the Goals of Security ?
1. Prevention - To prevent a state which could compromise the Security services
2. Detection - Goal is to identify that an attack is underway / has occured and report it
3. Recovery - There are 2 forms
1. Stop the Attack and assess / repair the damage caused by the attack
2. Continue to function Biz As Usual(BAU) even when the attack is underway. This can be achieved through Fault tolerance / similar techniques.
ps: References - "Computer Security : Arts and Science" - Matt Bishop.
No comments:
Post a Comment