The CIA of Security

  • Confidentiality
    deals with keeping
    • information,
    • networks and
    • systems
    secure from unauthorized access.
    can be achieved by using
    • encryption,
    • authentication, and
    • access control.
  • Security
    is defined as the
    • consistency,
    • accuracy, and
    • validity
    of data or information.
    can be achieved by hashing.
  • Availability
    describes a resource being accessible to a
    • user,
    • application, or
    • computer system
    when required.

It should be well understood that those do actually contradict - especially confidentiality and availability. Confidentiality (keep data from people) VS Availability (get people to data). The key is that you want to be able to give access at the appropriate data at the appropriate time.

This then directly connects to the next slide:

  • Least Privilege
    Users, applications and systems should have no more privilege than necessary to perform their function or job.
  • Attack Surface
    Set of methods and avenues an attacker can use to enter a system and potentially cause damage.

Sources:
Security Fundamentals: Part 1 at 12 min.

Keywords:
Security

Comments

Post a Comment

Popular posts from this blog

SQL Server Setup: Windows Firewall warning (Ports)

Image
What was it again SQL server setup throws out, when you have your Windows Firewall on?! Rule "Windows Firewall" generated a warning. The Windows Firewall is enabled. Make sure the appropriate ports are open to enable remote access. See the rules documentation at http://go.microsoft.com/fwlink/?LinkId=94001 for information about ports to open for each feature. Keywords: Setup, Firewall, Ports, SQL Server, Microsoft
Read more

Artifical Intelligence / Machine Learning: Generative Adversarial Networks (GANs) / Generative Modeling

Image
While there is a lot of buzz on data analysis and understanding data there for applied use of artifical intelligence and machine learning it is less known in the public on what Artifical Intelligence can do regarding generating original content and altering existing content. So called Generative Adversarial Networks can generate or change pictures and can even alter videos. E.g. The website www.ThisPersonDoesNotExist.com gives and interesting and somewhat worrisome examples of that technolgy. The speed at which this technology evolves is as astounding as the results it can give already. The technology can not only be used to generate static content like the pictures of faces, but can also modify videos. There is an example where the same scene filmed by day is recreated to appear at night: Another example illustrates how a video of a horse is transferred to a video of a zebra. As Ian Goodfellow points out the GAN did not only change the brown horse to be white with bla...
Read more

Dates in JSON

What format is the right one in JSON? "Or best? Is there any sort of standard on this?" "DateTimes in JSON are hard. The problem comes from the JSON spec itself: there is no literal syntax for dates in JSON. The spec has objects, arrays, strings, integers, and floats, but it defines no standard for what a date looks like." A common date/time-format used is ISO 8601. It is also used widely in libraries such as JavaScript's toJSON-method and Json.NET . In principle this turns the DateTime string into: <YYYY-MM-DD>T<HH:MM>[:SS.SSS][[+|-]HH:MM[:SS]|Z] Example: { "lastPlayedDateTime": "2021-12-28T23:30:00+01:00" } What's the Z? Z depicts the shorthand notation for UTC times, e.g. "2009-02-15T00:00Z" . Sources: Serializing Dates in JSON StackOverflow What is the "right" JSON date format? Wikipedia on ISO 8601 toJSON-method JSON spec
Read more