1 / 8

Basic Concepts of Information Assurance

Basic Concepts of Information Assurance. Objective. To provide background on the basic concepts of information assurance that create a framework of how to protect information systems. Basic Security Concepts.

brant
Download Presentation

Basic Concepts of Information Assurance

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Basic Concepts of Information Assurance

  2. Objective • To provide background on the basic concepts of information assurance that create a framework of how to protect information systems

  3. Basic Security Concepts • CIA triad is a widely-used information assurance (IA) model which identifies confidentiality, integrity and availability as the fundamental security characteristics of information. The three characteristics of the idealized model are also referred to as IA services, goals, aims, tenets or capabilities. http://en.wikipedia.org/wiki/CIA_triad

  4. Confidentiality • Confidentiality is assurance of data privacy. Only the intended and authorized recipients (individuals, processes, or devices) may access and read the data. Disclosure to unauthorized entities, for example using unauthorized network sniffing is a confidentiality violation. • Confidentiality is often provided through the use of cryptographic techniques http://en.wikipedia.org/wiki/CIA_triad

  5. Integrity • Integrity is assurance that data has not been altered. • Data integrity is having assurance that the information has not been altered or corrupted in transmission from source to destination, willfully or accidentally, before it is read by its intended recipient. • Source integrity is the assurance that the sender of that information is who it is supposed to be. Source integrity may be compromised when an agent spoofs its identity and supplies incorrect information to a recipient. • Digital Signatures and hash algorithms are examples of mechanisms used to provide data integrity. http://en.wikipedia.org/wiki/CIA_triad

  6. Availability • Availability is confidence in timely and reliable access to data services by authorized users. It ensures that information or resources are available when needed. This means that the resources are available at a rate which is fast enough for the system to perform its intended task. • It is possible that confidentiality and integrity can be protected, but an attacker may cause resources to become less available than required, or not available at all. • A Denial of Service (DoS) attack is an example of a threat against availability. • Robust protocols and operating systems, redundant network architectures and system hardware without any single points of failure help to ensure system reliability and robustness. http://en.wikipedia.org/wiki/CIA_triad

  7. Summary • This section provides background on the basic security concepts that create a framework of how to protect information systems

  8. List of References • http://en.wikipedia.org/wiki/CIA_triad • http://www.sans.org/reading_room/whitepapers/policyissues/498.php • http://www.sharepointsecurity.com/content-130.html • http://media.wiley.com/product_data/excerpt/29/07645393/0764539329.pdf • http://securityrenaissance.com/2007/04/11/the-c-i-a-triad-%e2%80%93-weighed-and-found-wanting/ • http://en.wikipedia.org/wiki/Parkerian_hexad CyberPatriot wants to thank and acknowledge the CyberWatch program which developed the original version of these slides and who has graciously allowed their use for training in this competition.

More Related