8 Questions
What is the main purpose of encryption in ensuring confidentiality?
To ensure that only authorized users can read the message
What is the primary function of authentication in access control?
To verify the user's identity
What is the main goal of integrity in a system?
To ensure that a message or transaction is true to itself and has not been tampered with
What type of attack involves flooding the system with traffic?
DoS attack
What is the purpose of role-based access control?
To authorize users based on their roles
What is an example of a technology used to ensure integrity?
Digital signatures
What is the primary concern of availability in a system?
To ensure that the system is available to authorized users when needed
What is the purpose of authorization in access control?
To verify the user's privileges and permissions
Study Notes
Confidentiality
- Confidentiality is ensured through two main technologies: access control and encryption
- Access control consists of authentication and authorization
- Authentication: verifying the user's identity (e.g., using multi-factor authentication)
- Authorization: verifying the user's privileges and permissions
- Role-based access control is used to check the user's privileges and match them with the requested action
- Encryption is used to ensure that only authorized users can read the message
- Symmetric encryption uses the same key for encryption and decryption
- Encryption creates an encrypted envelope that obscures the message, making it unreadable to unauthorized users
Integrity
- Integrity ensures that a message or transaction is true to itself and has not been tampered with
- Technologies used to ensure integrity include digital signatures and message authentication codes
- These technologies allow for the detection of modifications to logs or records, ensuring that the system is trustworthy
- Examples of integrity include:
- Logging activities in a system and detecting tampering with the logs
- Using blockchain technology to create an immutable and unchangeable record
Availability
- Availability ensures that the system and resources are available to authorized users when needed
- Denial of Service (DoS) attacks and Distributed Denial of Service (DDoS) attacks are examples of threats to availability
- DoS attacks involve flooding the system with traffic, while DDoS attacks amplify the effect using multiple compromised systems (botnets)
- Other types of DoS attacks include:
- SYN flood: reserving resources for incomplete sessions, exhausting available resources
- Reflection attacks: sending information to someone else and spoofing the source address to target the intended system
- To ensure availability, it's essential to have measures in place to prevent and mitigate these types of attacks.
CIA Triad
- The CIA Triad is a checklist for ensuring the security of an IT project
- It covers three main areas:
- Confidentiality: ensuring sensitive data is only available to authorized users
- Integrity: ensuring that the system and data are true to themselves and have not been tampered with
- Availability: ensuring that the system and resources are available to authorized users when needed
Confidentiality
- Confidentiality is ensured through two main technologies: access control and encryption
- Access control involves authentication and authorization
- Authentication verifies the user's identity (e.g., using multi-factor authentication)
- Authorization verifies the user's privileges and permissions
- Role-based access control checks the user's privileges and matches them with the requested action
- Encryption ensures that only authorized users can read the message
- Symmetric encryption uses the same key for encryption and decryption
- Encryption creates an encrypted envelope that obscures the message, making it unreadable to unauthorized users
Integrity
- Integrity ensures that a message or transaction is true to itself and has not been tampered with
- Digital signatures and message authentication codes are used to ensure integrity
- These technologies allow for the detection of modifications to logs or records, ensuring that the system is trustworthy
- Examples of integrity include logging activities in a system and detecting tampering with the logs
- Blockchain technology is used to create an immutable and unchangeable record
Availability
- Availability ensures that the system and resources are available to authorized users when needed
- Denial of Service (DoS) and Distributed Denial of Service (DDoS) attacks are threats to availability
- DoS attacks involve flooding the system with traffic
- DDoS attacks amplify the effect using multiple compromised systems (botnets)
- Other types of DoS attacks include SYN flood and reflection attacks
- SYN flood attacks reserve resources for incomplete sessions, exhausting available resources
- Reflection attacks send information to someone else and spoof the source address to target the intended system
- Measures to prevent and mitigate DoS and DDoS attacks are essential to ensure availability
CIA Triad
- The CIA Triad is a checklist for ensuring the security of an IT project
- It covers three main areas: Confidentiality, Integrity, and Availability
- Confidentiality ensures sensitive data is only available to authorized users
- Integrity ensures that the system and data are true to themselves and have not been tampered with
- Availability ensures that the system and resources are available to authorized users when needed
Learn about the two main technologies used to ensure confidentiality in information systems: access control and encryption. Understand the roles of authentication, authorization, and role-based access control.
Make Your Own Quizzes and Flashcards
Convert your notes into interactive study material.
Get started for free
