Day 2 - Chapter 1
Project
The company under review must not be associated with Mississippi State University.
Groups will be decided on Monday.
Slide Notes
This is not hacking 101.
We are trying to wrap our head around how we protect information and what business decisions are made in this process
Outline
- CIA Triad
- Other Security Concepts
- Data Classification
Security in a nutshell
Subjects are allowed or denied access to an object.
Subjects
The user/process/system requesting access to a protected resource
Objects
The protected resource
CIA Triad
Confidentiality
- Keeping information protected from unauthorized access
- Violation
- Capturing network traffic / Eavesdropping
- Social engineering
- Port scanning
- Shoulder surfing
- Relies on Integrity
- Necessary, but not sufficient
- Previous versions of Study Guide: Most important goal for government agencies
Violation of Confidentiality
Integrity
- Information can only be modified by authorized subjects
- Information is protected from “honest mistakes”
- Information is valid, consistent, and verifiable
- Violations
- Viruses
- “Logic Bombs”
- Sabotage
- Dependent on confidentiality
Violation of Integrity
Availability
- Information is timely and accessible to subjects
- Handles interruptions and outages
- Violations
- Attacks (denial of service)
- Device failure
- Environmental issues
- Dependent on both confidentiality & integrity
- Most important goal for business organizations (p.7)
Violation of Availability
