ISA
according to him IA should be viewed as spanning four security engineering domains
debra herrman
what is four security domains
physical,personnel,it,&operational security
what is four security domains
physical,personnel,it,&operational security
protection of hardware,software and data against physical threats
physical security
variety of ongoing measure taken to reduce the likehood and severity of accidental and intentional alterations
personnel security
Technical features and functions.
it security
Implementation of operational standards.
operational security
according to him the taxonomy of information security a computing environment is made up of continously interacting components
raggad
what are the interacting componets according to raggad
activities, people, data, technology, network
according to them the thought of protecting info at the three distinct levels
blyth & kovacich
data processing activities in physical space
physical data
info and data manipulation abilities in cyberspace
information infrastructure
knowledge and understanding in human decision space
perceptual
what is the lowest level
physical
what is the second level
infrastructure
what is the third level
perceptual or social engineering
what is COMPSEC
computer security
what is COMSEC
communication and network security
what is COMSEC
communication and network security
what is OPSEC
operation security
uses a different platforms and a worldwide interconnection
global info infrastructure
what is PDD
presidential decision directive
what is COTS(leads to worms and viruses)
commercial on the shelf
what is SIGSEC
signal security
what is TRANSEC
transmission security
it's resource being protected
assets
what are the physical asset
device, computer, people
information, data and intellectual property
logical assets
any software, hardware, data, physical, communication l
system assets
information, data and intellectual property
logical assets
authorized user are able to access it
availability
the info is free of error and has the value expected
accuracy
the info is genuine
authenticity
the info has not been disclosed to unauthorized parties
confidentiality
the info is whole, complete & uncorrupted
integrity
the info has a value for intended purpose
utility
the data is under authorized ownership and control
posession
specific instance of a threat
threat actor
assets become unusable, unavailable or lost
interruption
unauthorized party gain access to an info assets
interception
unauthorized party tampers with an assets
modification
assets has been counterfeit
fabrication
assets known for a threats
hostile environment
non hostile environment that may be protected
benign environment
collection of computing environment
enclave
weakness or fault in a system
vulnerabilitiy
method taking advantage of known vulnerabilitiy
exploit
consists of employees, former employees and contractors.
insiders
one who gains unauthorized access to or breaks into information systems for thrills, challenge, power, or profit.
hackers
target information that may be of value to them: bank accounts, credit card information, intellectual property, etc.
criminals
actively seek intelligence about competitors or steal trade secrets
corporation
seek the military, diplomatic, and economic secrets of foreign governments, foreign corporations, and adversaries. May also target domestic adversaries.
government & agencies
usually politically motivated and may seek to cause maximal damage to information infrastructure as well as endanger lives and property.
terrorist
what are the six types of nature threats
insiders,criminals,hacker, corporation, government & agencies and terrorist
what are the 4 IA FUNCTIONAL COMPONENTS
protection, detection, capability restoration,& response
what are the 3 federal orgs defining IA
Committee On national security system(cnss), national security agencies (nsa) national institute of standard and technology (nist)
both subject & objects have
attributes
what are the 7 critical aspect of information assets
availability, accuracy, authenticity,utility, confidentiality,integrity, possession,
what are the three assets
physical,logical,system assets
what are the multiple discipline of security
COMPUSEC
COMSEC
SIGSEC
TRANSEC
EMSEC
OPSEC
dnying Access to info from unintended emanatiom such as radio and electric signal
EMSEC
involved protecting information
OPSEC
item being protected by the system
object
entities that execute activities
subject
operation that can operate on object and must be controlled
actions
both subject and object have associated
attributes
threats can be categorized by 2
accidental & purposeful
computer program that common in vulnerability in computer security
bug