We want system and Data integrity We use: Cryptography (again). Check sums (This could be CRC). Message Digests also known as a hash (This could be MD5, SHA1 or SHA2). Digital Signatures – non-repudiation. Access control. Threats: Alterations of our data. Code injections. Attacks on your encryption (cryptanalysis).
We want to keep our information confidential. We use: Encryption for data at rest (for instance AES256), full disk encryption. Secure transport protocols for data in motion. (SSL, TLS or IPSEC). Good best practices for data in use – clean desk, no shoulder surfing, screen view angle protector, PC locking
The CIA Triad (AIC) Confidentiality This is what most people think IT Security is. We keep our data secure and our secrets secret. We ensure no one unauthorized can access the data. Integrity How do we protect against modifications of the data and the systems. We ensure the data has
Upcoming in-person classes at Honolulu Community College 8/22-9/21: CISSP Domains 1-3 (A): Security and Risk Management CISSP Domains 1-3 (B): Asset Security and Security Engineering CISSP Domains 1-3 (C): CISSP Cryptography, Mobile/Web Systems, and Physical Security CISSP Domains 4-8 (A): CISSP Communication and Network Security CISSP Domains 4-8 (B): CISSP