-
What is anything about which a company would collect and store information
Entity
-
What is an association between entities
A relationship
-
Is a characteristic of an entity, such as inventory number and descreption of each item in the entity of "Inventory"
An attribute
-
Things that have an economic value to a company, such as cash and inventory
Resources
-
Various business processes conducted in a company's daily operations, such as sales and purchases
Events
-
People and organizations, such as customers and salespeople, who participate in business events
Agents
-
Transforms plaintext into a short code
Hashing
-
5 Principles of system reliability
Security,confidentiality,privacy,processing integrity and availability
-
Access to the system and its data is controlled and restricted to legitimate users
security
-
sensitive organizational information is protected from unauthorized disclosure
Confidentiality
-
Personal information about customers is collected, used, disclosed, and maintained in an appropriate manner only in compliance with internal policies and external regulatory requirements.
Privacy
-
Data is processed accurately, completely, in a timely manner, and only with proper authorization
PROCESSING INTEGRITY
-
o Restrict system access to only authorized users.
o Protect the confidentiality of sensitive data, and the privacy of information collected from customers
o Provide for processing integrity by preventing submission of unauthorized or fictitious transactions and preventing unauthorized changes to stored data or programs.
o Protect against a variety of attacks, thereby ensuring the system is available when needed.
Security
-
_____is first and foremost a _______issue not a an _______issue
security,management, technology
-
FOCUSES ON THE REALTIONSHIP BETWEEn preventive, detective, and corrective controls.
Time-based model of security
-
Limit actions to those in accord with the organizaytion's security policy and to not allow undesired actions
preventive controls
-
identify when preventive controls have been breached
detective controls
-
to repari damage from any problems that ovcurred and to improve the functioning of both preventive and etective controls in order to reduce the likelihood of future problems.
corrective controls
-
time -based model of security evaluates the effectiveness of an organization's security by measuring and comparing the relationship among the follwoing
- P= the time it takes an attacker to break through the organizations preventive controls
- D= the time it takes to detect that an attack is in progress
- C=the time it takes to respond to the attack
-
If p>d+c, then the organization's security is
effective
-
If P<D+C, then the organization security procedures are
not effective
-
emloying multiple layers of controls in order to avoid having a single point of failure.
Defense-In-Depth
|
|
