The CIA of Security

  • Confidentiality
    deals with keeping
    • information,
    • networks and
    • systems
    secure from unauthorized access.
    can be achieved by using
    • encryption,
    • authentication, and
    • access control.
  • Security
    is defined as the
    • consistency,
    • accuracy, and
    • validity
    of data or information.
    can be achieved by hashing.
  • Availability
    describes a resource being accessible to a
    • user,
    • application, or
    • computer system
    when required.

It should be well understood that those do actually contradict - especially confidentiality and availability. Confidentiality (keep data from people) VS Availability (get people to data). The key is that you want to be able to give access at the appropriate data at the appropriate time.

This then directly connects to the next slide:

  • Least Privilege
    Users, applications and systems should have no more privilege than necessary to perform their function or job.
  • Attack Surface
    Set of methods and avenues an attacker can use to enter a system and potentially cause damage.

Sources:
Security Fundamentals: Part 1 at 12 min.

Keywords:
Security

Comments

Post a Comment

Popular posts from this blog

SQL Server Setup: Windows Firewall warning (Ports)

Image
What was it again SQL server setup throws out, when you have your Windows Firewall on?! Rule "Windows Firewall" generated a warning. The Windows Firewall is enabled. Make sure the appropriate ports are open to enable remote access. See the rules documentation at http://go.microsoft.com/fwlink/?LinkId=94001 for information about ports to open for each feature. Keywords: Setup, Firewall, Ports, SQL Server, Microsoft
Read more

SQL Server 2014 Enterprise Edition: Server Setup: Feature Selection

Note: Still needs Microsoft .NET Framework 3.5. Instance Features The configuration and operation of each instance feature of a SQL Server instance is isolated from other SQL Server instances. SQL Server instances can operate side-by-side on the same computer. Database Engine Services Includes the Database Engine, the core service for storing, processing and securing data. The Database Engine provides controlled access and rapid transaction processing and also provides rich support for sustaining high availability. The Database Engine also provides support for the utility control point in the SQL Server Utility. Only Database Engine Services and Analysis Services can be clustered. SQL Server Replication Includes a set of technologies for copying and distributing data and database objects from one database to another and synchronizing between the databases for consistency. You can use replication to distribute data to different locations, and to remote a
Read more

How to read an assembly.dll.config

There is the common misconception that only a app.exe.config can be read in .NET C#. The truth is that the app.config is automatically read, while any other (correctly formed) app.config XML file can be read "manually". To open a named config file: Reference System.Configuration.dll assembly Using System.Configuration Create code like: Configuration GetDllConfiguration(Assembly targetAsm) { var configFile = targetAsm.Location + ".config"; var map = new ExeConfigurationFileMap { ExeConfigFilename = configFile }; return ConfigurationManager.OpenMappedExeConfiguration(map, ConfigurationUserLevel.None); } Sources: stackoverflow: Reading dll.config (not app.config!) from a plugin module Keywords: .NET, C#, app.config, dll.config, ConfigurationManager
Read more