Security Concepts
Security is...
... not a product; it's a process
... a journey, not a destination
... not an ends but a means
... only as strong as its weakest link
... a "tax" on the honest (but
doesn't have to be)
... about preventing adverse consequences from the intentional and
unwarranted actions of others
...like the brakes on an automobile.
It allows you to go faster.
Definitions
-
Attacker (non-pejorative and value-neutral) - Performs intentional and unwarranted
actions
-
Attacks - Intentional unwarranted actions
-
Assets - Objects of attack
-
Countermeasures - Individual, discrete and independent security components
Universal Truisms
-
Security decisions need to be made as close to the problem as possible
-
Security analysis needs to happen as far away from the sources as possible
-
The implication of these two truisms is that security will work better if it is:
Centrally coordinated yet…
…implemented in a distributed manner
Security Objectives
Confidentiality / Privacy
-
Ensures the protection (through encryption) of sensitive and private data
Integrity
-
Ensures that the data has not been altered or manipulated
Non-repudiation
-
Ensures that data or transaction cannot be “disowned”
Availability
-
Ensures that authorized users have access to data when required
-
Provide adequate redundancy to perform at scale and not impact user experience
Authentication
-
Verification of users' claimed identities
Authorization
-
Determination that a user is authorized to carry out a particular action
Audit
-
Logging of authentication and authorization actions
-
Ability to review and analyze logs to uncover suspicious activities, failures, etc.
Administration
-
Can centrally enroll users and define policies
-
Controls authentication and authorization for particular users or applications
Let us help you change your mindset and address cybersecurity