The protection afforded to an automated information system in order to attain the applicable objectives of preserving the integrity, availability, and confidentiality of information system resources (includes hardware, software, firmware, information/data, and telecommunications)
Assures that private or confidential information is not made available or disclosed to unauthorized individuals
Assures that individuals control or influence what information related to them may be collected and stored and by whom and to whom that information may be disclosed.
Assures that information and programs are changed only in a specified and authorized manner.
Assures that a system performs its intended function in an unimpaired manner, free from deliberate or inadvertent unauthorized manipulation of the system.
Assures that systems work promptly and service is not denied to authorized users.
Confidentiality, Integrity, and Availability. The three concepts embody the fundamental security objectives for both data and for information and computing services
Preserving authorized restrictions on information access and disclosure, including means for protecting personal privacy and proprietary information. A loss of _________ is the unauthorized disclosure of information
Guarding against improper information modification or destruction, including ensuring information nonrepudiation and authenticity. A loss of _________ is the unauthorized modification or destruction of information.
Ensuring timely and reliable access to and use of information. A loss of __________ is the disruption of access to or use of information or an information system.
The property of being genuine and being able to be verified and trusted; confidence in the validity of a transmission, a message, or message originator. This means verifying that users are who they say they are and that each input arriving at the system came from a trusted source.
The security goal that generates the requirement for actions of an entity to be traced uniquely to that entity.
An entity that attacks, or is a threat to, a system.
Adversary (threat agent)
An assault on system security that derives from an intelligent threat; that is, an intelligent act that is a deliberate attempt (especially in the sense of a method or technique) to evade security services and violate the security policy of a system.
An action, device, procedure, or technique that reduces a threat, a vulnerability, or an attack by eliminating or preventing it, by minimizing the harm it can cause, or by discovering and reporting it so that corrective action can be taken
An expectation of loss expressed as the probability that a particular threat will exploit a particular vulnerability with a particular harmful result.
A set of rules and practices that specify or regulate how a system or organization provides security services to protect sensitive and critical system resources.
Data contained in an information system; or a service provided by a system; or a system capability, such as processing power or communication bandwidth; or an item of system equipment (i.e., a system component— hardware, firmware, software, or documentation); or a facility that houses system operations and equipment.
System Resource (Asset)
A potential for violation of security, which exists when there is a circumstance, capability, action, or event, that could breach security and cause harm. That is, a _______ is a possible danger that might exploit a vulnerability.
A flaw or weakness in a system’s design, implementation, or operation and management that could be exploited to violate the system’s security policy.
Including computer systems and other data processing, data storage, and data communications devices
Including the operating system, system utilities, and applications.
Including files and databases, as well as security-related data, such as password files.
Local and wide area network communication links, bridges, routers, and so on.
Communication facilities and networks
Assets of computer system
Communication facilities and networks
Vulnerabilities of system resources
The agent carrying out the attack is referred to as an attacker, or __________.
An attempt to alter system resources or affect their operation.
An attempt to learn or make use of information from the system that does not affect system resources.
Initiated by an entity inside the security perimeter (an “insider”). The insider is authorized to access system resources but uses them in a way not approved by those who granted the authorization.
Initiated from outside the perimeter, by an unauthorized or illegitimate user of the system (an “outsider”). On the Internet, potential outside attackers range from amateur pranksters to organized criminals, international terrorists, and hostile governments.
A circumstance or event whereby an entity gains access to data for which the entity is not authorized
Sensitive data are directly released to an unauthorized entity.
An unauthorized entity directly accesses sensitive data traveling between authorized sources and destinations
A threat action whereby an unauthorized entity indirectly accesses sensitive data (but not necessarily the data contained in the communication) by reasoning from characteristics or by-products of communications.
An unauthorized entity gains access to sensitive data by circumventing a system’s security protections.
An unauthorized entity gains access to a system or performs a malicious act by posing as an authorized entity.
An entity deceives another by falsely denying responsibility for an act.
False data deceive an authorized entity.
Prevents or interrupts system operation by disabling a system component.
Undesirably alters system operation by adversely modifying system functions or data.
A threat action that interrupts delivery of system services by hindering system operation.
An entity assumes unauthorized logical or physical control of a system resource
Causes a system component to perform a function or service that is detrimental to system security.
A circumstance or event that may result in an authorized entity receiving false data and believing it to be true.
A circumstance or event that interrupts or prevents the correct operation of system services and functions
A circumstance or event that results in control of system services or functions by an unauthorized entity.
In the nature of eavesdropping on, or monitoring of, transmissions.
The ___________ is easily understood. A telephone conversation, an electronic mail message, and a transferred file may contain sensitive or confidential information.
release of message contents
A second type of passive attack, _______, is subtler. Suppose that we had a way of masking the contents of messages or other information traffic so that opponents, even if they captured the message, could not extract the information from the message.
Involve some modification of the data stream or the creation of a false stream and can be subdivided into four categories: replay, masquerade, modification of messages, and denial of service.
Involves the passive capture of a data unit and its subsequent retransmission to produce an unauthorized effect.
A ___________ takes place when one entity pretends to be a different entity. A masquerade attack usually includes one of the other forms of active attack.
Means that some portion of a legitimate message is altered, or that messages are delayed or reordered, to produce an unauthorized effect.
Modification of messages
The __________ prevents or inhibits the normal use or management of communication facilities
denial of service
Limit information system access to authorized users, processes acting on behalf of authorized users, or devices and to the types of transactions and functions that authorized users are permitted to exercise.
Ensure that managers and users of organizational information systems are made aware of the security risks associated with their activities and of the applicable laws, regulation, and policies related to the security of organizational information systems and ensure that personnel are adequately trained to carry out their assigned information security-related duties and responsibilities.
Awareness and Training
Create, protect, and retain information system audit records to the extent needed to enable the monitoring, analysis, investigation, and reporting of unlawful, unauthorized, or inappropriate information system activity.
Audit and Accountability
Establish and maintain baseline configurations and inventories of organizational information systems throughout the respective system development life cycles.
Establish, maintain, and implement plans for emergency response, backup operations, and post disaster recovery for organizational information systems to ensure the availability of critical information resources and continuity of operations in emergency situations.
Identify information system users, processes acting on behalf of users, or devices, and authenticate (or verify) the identities of those users, processes, or devices, as a prerequisite to allowing access to organizational information systems.
Identification and Authentication
Establish an operational incident-handling capability for organizational information systems that includes adequate preparation, detection, analysis, containment, recovery, and user-response activities.
Perform periodic and timely maintenance on organizational information systems.
Protect information system media, both paper and digital.
Limit physical access to information systems, equipment, and the respective operating environments to authorized individuals.
Physical and Environmental Protection
Develop, document, periodically update, and implement security plans for organizational information systems that describe the security controls in place or planned for the information systems and the rules of behavior for individuals accessing the information systems.
Ensure that individuals occupying positions of responsibility within organizations are trustworthy and meet established security criteria for those positions.
Periodically assess the risk to organizational operations, organizational assets, and individuals, resulting from the operation of organizational information systems and the associated processing, storage, or transmission of organizational information.
Allocate sufficient resources to adequately protect organizational information systems.
Systems and Services Acquisition
Monitor, control, and protect organizational communications at the external boundaries and key internal boundaries of the information systems.
System and Communications Protection
Identify, report, and correct information and information system flaws in a timely manner.
System and Information Integrity
means that the design of security measures embodied in both hardware and software should be as simple and small as possible.
Economy of mechanism
means that access decisions should be based on permission rather than exclusion.
means that every access must be checked against the access control mechanism.
means that the design of a security mechanism should be open rather than secret.
a practice in which multiple privilege attributes are required to achieve access to a restricted resource.
Separation of privilege
means that every process and every user of the system should operate using the least set of privileges necessary to perform the task.
means that the design should minimize the functions shared by different users, providing mutual security.
Least common mechanism
implies that the security mechanisms should not interfere unduly with the work of users, while at the same time meeting the needs of those who authorize access.
a principle that applies in three contexts. First, public access systems should be isolated from critical resources to prevent disclosure or tampering. Second, the processes and files of individual users should be isolated from one another except where it is explicitly desired. And finally, security mechanisms should be isolated in the sense of preventing access to those mechanisms.
can be viewed as a specific form of isolation based on object-oriented functionality.
provided by encapsulating a collection of procedures and data objects in a domain of its own so that the internal structure of a data object is accessible only to the procedures of the protected subsystem and the procedures may be called only at designated domain entry points.
________ in the context of security refers both to the development of security functions as separate, protected modules and to the use of a modular architecture for mechanism design and implementation.
refers to the use of multiple, overlapping protection approaches addressing the people, technology, and operational aspects of information systems.
a layering approach is often used to provide multiple barriers between an adversary and protected information or services.
defense in depth
means that a program or user interface should always respond in the way that is least likely to astonish the user.
Network attack surface
Software attack surface
Human attack surface
This category refers to vulnerabilities over an enterprise network, wide-area network, or the Internet.
Network attack surface
This refers to vulnerabilities in application, utility, or operating system code.
Software attack surface
This category refers to vulnerabilities created by personnel or outsiders, such as social engineering, human error, and trusted insiders.
Human attack surface
An _________ consists of the reachable and exploitable vulnerabilities in a system.
(T/F) An attack surface analysis is a useful technique for assessing the scale and severity of threats to a system. A systematic analysis of points of vulnerability makes developers and security analysts aware of where security mechanisms are required.
An _________ is a branching, hierarchical data structure that represents a set of potential techniques for exploiting security vulnerabilities.
These attacks target the user equipment, including the tokens that may be involved, such as smartcards or other password generators, as well as the actions of the user.
User terminal and user (UT/U)
This type of attack focuses on communication links.
Communications channel (CC)
These types of attacks are offline attack against the servers that host the Internet banking application.
Internet banking server (IBS)
This strategy can be used against many elements of the attack surface. There are procedural attacks, such as monitoring a user’s action to observe a PIN or other credential, or theft of the user’s token or handwritten notes.
User credential compromise
In this type of attack, the attacker is able to intercept communication between the UT and the IBS.
Injection of commands
It is reported in [HILT06] that brute force attacks against some banking authentication schemes are feasible by sending random usernames and passwords.
User credential guessing
For example, violating the bank’s security policy in combination with weak access control and logging mechanisms, an employee may cause an internal security incident and expose a customer’s account.
Security policy violation
This type of attack persuades or forces the user to connect to the IBS with a preset session ID.
Use of known authenticated session
an informal description of desired system behavior.
Strategy for providing computer security:
Specification/policy: What is the security scheme supposed to do?
Implementation/mechanisms: How does it do it?
Correctness/assurance: Does it really work?
Virtually all security measures involve some penalty in the area of ease of use.
Ease of use versus security
In addition to ease of use and performance costs, there are direct monetary costs in implementing and maintaining security measures.
Cost of security versus cost of failure and recovery
Security implementation four complementary courses of action:
An ideal security scheme is one in which no attack is successful
In a number of cases, absolute protection is not feasible, but it is practical to detect security attacks.
If security mechanisms detect an ongoing attack, such as a denial of service attack, the system may be able to respond in such a way as to halt the attack and prevent further damage.
the degree of confidence one has that the security measures, both technical and operational, work as intended to protect the system and the information it processes.
An example of recovery is the use of backup systems, so that if data integrity is compromised, a prior, correct copy of the data can be reloaded.
(T/F) Assurance is expressed as a degree of confidence, not in terms of a formal proof that a design or implementation is correct.
the process of examining a computer product or system with respect to certain criteria.