-
Security Objectives
goals an organization strives to achieve through its security efforts.
-
3 Primary Security Objectives
- Confidentiality
- Integrity
- Availability
-
Confidentiality
the protection against unauthorized access, while providing authorized users access to resources without obstruction. Ensures that data is not intentionally or unintentionally disclosed to anyone without a valid need to know
-
Integrity
the protection against unauthorized changes, while allowing for authorized changes performed by authorized users. Ensures that data reamin consistent, both internally and externally. Integrity also protects against accidents and hacker modification by malicious code.
-
Availability
is the protection against downtime, loss of data, and blocked access, while providing consistent uptime, protecting data, and supporting authorized access to resources. Ensures that users can get their work done in a timely manner with access to the proper resources
-
Authentication
the proof or verification of a user's identity before granting access to a secured area
-
Authorization
controlling what users are allowed and not allowed to do. also known as access control
-
DAC
Discretionary Access Control
-
MAC
Mandatory Access Control
-
RBAC
Role-Based Access Control
-
Non-Repudiation
the security service that prevents a user from being able to deny having performed an action. For example, it prevents a sender from denying having sent a message. Services provided by Auditing and Public-Key Cyrptography
-
Privacy
protects the confidentiality, integrity, and availability of personally identifiable or sensitive data. Privacy prevents unauthorized watching and monitoring of users and employees
-
Asset
anything used to conduct business over a computer network
-
7 Domains of a Typical IT Infrastructure
- User Domain
- Workstation Domain
- LAN Domain
- LAN-to-WAN Domain
- WAN Domain
- System/Application Domain
- Remote Access Domain
|
|
