CISSP – IAAA (Identification and Authentication, Authorization and Accountability)
Identification: Your name, username, ID number, employee number, SSN etc. “I am Thor”. Authentication: “Prove you are Thor”. – Should always be done with Multifactor Authentication! Something you know – Type 1 Authentication (passwords, pass phrase, PIN etc.). Something you have – Type 2 Authentication (ID, Passport, Smart Card, Token, cookie on PC etc.). Something […]
CISSP – the CIA Triad and its opposites.
Confidentiality, Integrity and Availability Finding the right mix of Confidentiality, Integrity and Availability is a balancing act. This is really the corner stone of IT Security – finding the RIGHT mix for your organization. Too much Confidentiality and the Availability can suffer. Too much Integrity and the Availability can suffer. Too much Availability and both […]
CISSP – the CIA Triad – Availability!
We want to keep our System and Data available. We use: IPS/IDS. Patch Management. Redundancy on Hardware Power (Multiple Power Supplies/UPS’/Generators), Disks (RAID), Traffic paths (Network Design), HVAC, Staff, HA (high availability) and much more. SLA’s – How high uptime to we want (99,9%?) – (ROI) Threats: Malicious attacks (DDOS, Physical, System compromise, Staff). Application […]
CISSP – the CIA Triad – Integrity!
We want system and Data integrity We use: Cryptography (again). Check sums (This could be CRC). Message Digests also known as a hash (This could be MD5, SHA1 or SHA2). Digital Signatures – non-repudiation. Access control. Threats: Alterations of our data. Code injections. Attacks on your encryption (cryptanalysis).