Basic_Concepts

Document Sample
Basic_Concepts Powered By Docstoc
					Basic Concepts of Information
Assurance
                    Objective
To provide background on the basic concepts of
information assurance that create a framework of how to
protect information systems
             Basic Security Concepts
CIA triad is a widely-used
information assurance (IA) model
which identifies confidentiality,
integrity and availability as the
fundamental security characteristics
of information. The three
characteristics of the idealized model
are also referred to as IA services,
goals, aims, tenets or capabilities.


                  http://en.wikipedia.org/wiki/CIA_triad
                  Confidentiality
Confidentiality is assurance of data privacy. Only the
intended and authorized recipients (individuals,
processes, or devices) may access and read the data.
Disclosure to unauthorized entities, for example using
unauthorized network sniffing is a confidentiality
violation.
Confidentiality is often provided through the use of
cryptographic techniques




                      http://en.wikipedia.org/wiki/CIA_triad
                        Integrity
Integrity is assurance that data has not been altered.
  Data integrity is having assurance that the information has
  not been altered or corrupted in transmission from source to
  destination, willfully or accidentally, before it is read by its
  intended recipient.
  Source integrity is the assurance that the sender of that
  information is who it is supposed to be. Source integrity may
  be compromised when an agent spoofs its identity and
  supplies incorrect information to a recipient.
Digital Signatures and hash algorithms are examples of
mechanisms used to provide data integrity.

                         http://en.wikipedia.org/wiki/CIA_triad
                         Availability
Availability is confidence in timely and reliable access to data
services by authorized users. It ensures that information or
resources are available when needed. This means that the
resources are available at a rate which is fast enough for the
system to perform its intended task.
It is possible that confidentiality and integrity can be protected, but
an attacker may cause resources to become less available than
required, or not available at all.
A Denial of Service (DoS) attack is an example of a threat against
availability.
Robust protocols and operating systems, redundant network
architectures and system hardware without any single points of
failure help to ensure system reliability and robustness.



                                                    http://en.wikipedia.org/wiki/CIA_triad
                     Summary
This section provides background on the basic security
concepts that create a framework of how to protect
information systems
                        List of References
http://en.wikipedia.org/wiki/CIA_triad
http://www.sans.org/reading_room/whitepapers/policyi
ssues/498.php
http://www.sharepointsecurity.com/content-130.html
http://media.wiley.com/product_data/excerpt/29/07645
393/0764539329.pdf
http://securityrenaissance.com/2007/04/11/the-c-i-a-
triad-%e2%80%93-weighed-and-found-wanting/
http://en.wikipedia.org/wiki/Parkerian_hexad

      CyberPatriot wants to thank and acknowledge the CyberWatch program
      which developed the original version of these slides and who has graciously
      allowed their use for training in this competition.

				
DOCUMENT INFO