Professional Documents
Culture Documents
David
David
security traids
confidentiality
only people with access can have see the information
- it protects the data that needs protection yet permits access to authorized
individuals
integrety
ensures that information has not been altered in an authorized manner
only people who are authorized can change the information
- data integrety
- system integrety
data in storage
data in transit
data during processing
Avalibilty
ensures data is accessible to authoried users when and where it is needed and in
the form and format that
is required
- make sure the data is available whenever we need it
how important for a resource to be avaiable
identification
telling people who you are (id, passport)
authentication
proof of identification (passwords, face id)
something you know - something you have - something you are
email card finger print
authorization
permission that is granted to access a resource
non-repudiation
privacy
to control wht happens with your data
gdpr- protects info in europe
hippa- protects health info in america
Risk appetite:
how much are you willing to take a risk
some companies are more willing to take risks then othere
some comanies like to play it save even though it might take longer for them to
achive their goals
others like to take risks and achieve their oals faster
risk tolerence
the maximum level of risk that you can take
if you go over the maximum you can be fined by the police
importance
it helps mitigate potential risks
data base:
where things are saved or information is stored
threat actor:
hacker, theif
threat vector
what he usses to hack
threat actor:
insiders:
they spread the hate or complains
outside individsuals:
risk avoidance
deciding that the risk is too hight and decided not to take it
review:
security control
technical controls:
firewalls: controls of going to certain wesites its like a barrier from going to
certain websites or apps
antivirus:
it detects viruses and blocks them
encryption:
changing data so hackers don't understand it when they hack you
configuration
administrative control:
telling people what to do and what not to do
physical controls:
fences - cameras - signs - guards - locks - scanners