Documentos de Académico
Documentos de Profesional
Documentos de Cultura
Cc thnh phn c bn ca An ton BM HTTT Cc mi e da Chnh sch v k thut S tin cy Vn nghip v Vn con ngi
Slide #1-1
Cc thnh phn c bn
Bo mt - Confidentiality
Keeping data and resources hidden
Ton vn - Integrity
Data integrity (integrity) Origin integrity (authentication)
Kh dng - Availability
Enabling access to data and resources
Slide #1-2
Cc mi e da
Tit l - Disclosure
Snooping
La o - Deception
Modification, spoofing, repudiation of origin, denial of receipt
Ph hoi - Disruption
Modification
Cp ot - Usurpation
Modification, spoofing, delay, denial of service
Slide #1-3
Mc tiu ca An ton BM
Ngn chn - Prevention
Prevent attackers from violating security policy
Phc hi - Recovery
Stop attack, assess and repair damage Continue to function correctly even if attack succeeds
Slide #1-5
secure
precise
broad
Thit k - Design
How system will meet specification
Vn tc nghip
Cost-Benefit Analysis
Is it cheaper to prevent or recover?
Risk Analysis
Should we protect something? How much should we protect this thing?
Vn con ngi
Organizational Problems
Power and responsibility Financial benefits
People problems
Outsiders and insiders Social engineering
Slide #1-9
Gn kt cc vn
Threats Policy Specification Design Implementation Operation
Slide #1-10
Key Points
Policy defines security, and mechanisms enforce security
Confidentiality Integrity Availability