Security Video
For this assignment we were to watch three videos by Professor Messer on Security. After, we were to choose one video and write a brief synopsis on what we learned and why it is significant. The three videos are posted below:
Confidentiality, Integrity, Availability, and Safety
Quantitive and Qualitive Risk Assessment
Vulnerabilities, Threat Vectors, and Probability
Video Choice - Confidentiality, Integrity, Availability and Safety
The AIC triad are the fundamentals of security.
- Availability - systems and networks must be up and running
- Integrity - messages can’t be modified without detection
- Confidentiality - prevent disclosure of info to unauthorized individuals or systems
Confidentiality managed through:
- Encryption - encode messages so only certain people can read it.
- Access Controls - selectively restrict access to a resource
- Stenography - concealing info and data with another piece of info (commonly associated with hiding info with an image)
Integrity (where data is stored and transferred as intended and any modification to data would be identified) is maintained by:
- Hashing - creating a hash (map data of an arbitrary length to data of a fixed length)
- Digital signatures (mathematical scheme to verify integrity of data and allows the sender of data to digitally sign information that's being sent out)
- Certificates - Digital signature work in conjunction with certificates; Certificates are used to sign data originally so that on the other side the certificate is compared. Certificates combine with a digital signature to verify an individual
- Non-Repudiation - provides proof of integrity, can be asserted to be genuine
Availability - information is accessible to authorized users provided through:
- Redundancy - build services that will always be available
- Fault Tolerant - system will continue to run even when a failure occurs
- Patching - for stability and to close security holes