Download Cyber Security I

Survey
yes no Was this document useful for you?
   Thank you for your participation!

* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project

page
1
page
2
page
3
page
4
page
5
page
6
page
7
page
8
page
9
page
10
page
11
page
12
page
13
page
14
page
15
page
16
Document related concepts

Mobile security wikipedia , lookup

Trusted Computing wikipedia , lookup

Next-Generation Secure Computing Base wikipedia , lookup

Computer and network surveillance wikipedia , lookup

Information privacy law wikipedia , lookup

Information security wikipedia , lookup

Computer security wikipedia , lookup

Cybercrime countermeasures wikipedia , lookup

Cyber-security regulation wikipedia , lookup

Transcript 
Cybersecurity
First Principles
Janica Edmonds
Cybersecurity
Introduction
2
Security Needs
Confidentiality
Integrity
Availability
3
Security Threats
A potential occurrence, malicious or otherwise, that might damage or
compromise assets.
• Interception – asset is diverted.
• Interruption – asset is delayed
• Modification – asset is altered.
• Fabrication – asset is manufactured.
4
Security Assets
Components of the system or network.
• Hardware
• Software
• People
• Data
5
Cybersecurity First Principles
Domain separation
Process Isolation
Resource encapsulation
Layering
Modularization
Least Privilege
Information hiding
Abstraction
Simplicity
Minimization
6
Domain Separation
Separating areas where resources are located prevents accidents and loss of
data, keeping information worlds from colliding.
7
Process Isolation
A process occurs when a task is executed. Keeping processes separate
prevents the failure of one process from negatively impacting another.
8
Resource Encapsulation
Resources – hardware, system objects, or processes – must be separated and
used as intended.
9
Layering
Multiple layers of defense protect information. If one layer is defeated, the next
one should catch it.
10
Modularization
Able to be inserted or removed from a project; each module has its own function,
interchangeable with other modules.
11
Least Privilege
Limits what access people have to your resources and what they can do with
them.
12
Information Hiding
Any attempt to prevent people from being able to see information.
13
Abstraction
Abstraction is a fancy word for summarizing or explaining in a way that can be
easily understood.
14
Simplicity
If something is less complicated, it is less likely to have problems and it is easier
to troubleshoot and fix.
15
Minimization
Minimization’s goal is to simplify and decrease the number of ways the software
can be exploited.
16
Related documents
Slide 1
Slide 1
CS 110 Introduction to computer programming
CS 110 Introduction to computer programming
Interagency Cybersecurity Forum Launched; NRC Chairman Allison Macfarlane Chairs Inaugural Meeting
Interagency Cybersecurity Forum Launched; NRC Chairman Allison Macfarlane Chairs Inaugural Meeting
what is the Database abstraction level?
what is the Database abstraction level?
Ecns 300 Midterm #3 Due: Wednesday, Oct. 26, 2011 at the
Ecns 300 Midterm #3 Due: Wednesday, Oct. 26, 2011 at the
summary - Spatial Database Group
summary - Spatial Database Group
Cybersecurity and Information Assurance
Cybersecurity and Information Assurance
MCN 7105 Structure and Interpretation of computer programs
MCN 7105 Structure and Interpretation of computer programs
Framework for Improving Critical Infrastructure Cybersecurity
Framework for Improving Critical Infrastructure Cybersecurity
Transfers net income
Transfers net income
At its advent, wealth management consisted of providing brokerage
At its advent, wealth management consisted of providing brokerage
we4startups cybersecurity workshop
we4startups cybersecurity workshop
SPAWAR AFCEA Cybersecurity Brf (RDML Ailes)
SPAWAR AFCEA Cybersecurity Brf (RDML Ailes)
Tackling the challenges of cybersecurity in Africa
Tackling the challenges of cybersecurity in Africa
Safe and Sound: The Physics of Hacking
Safe and Sound: The Physics of Hacking
USCBC Comments on Cybersecurity Law_EN
USCBC Comments on Cybersecurity Law_EN