Scribd Logo
Upload

Welcome to Scribd!

  • Devops Help

    Uploaded by

    Hamza Ahmed
    2 views4 pages
    Guide to devops

    Copyright

    © © All Rights Reserved

    Available Formats

    DOCX, PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    Guide to devops

    Copyright:

    © All Rights Reserved
    Download as DOCX, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    2 views4 pages

    Devops Help

    Uploaded by

    Hamza Ahmed
    Guide to devops

    Copyright:

    © All Rights Reserved
    Download as DOCX, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 4

    IS Assignment 1

    Hamza Ahmed
    20K-1097

    Q1
    Confidentiality, Integrity, and Availability are the three components of the CIA. It is a fundamental
    idea in information security that stands for the three main goals of system security in a computer.
    Information must only be accessed by those who are authorised, according to the principles of
    confidentiality, integrity, and availability. Accuracy and unaltered information must be available when
    needed.

    Q2
    The accuracy, completeness, and reliability of data across its whole lifecycle are referred to as data
    integrity. It guarantees that data stays constant and unaltered. In contrast, system integrity describes
    how reliable a system is overall. It covers the procedures, software, and hardware that make up a
    system and makes sure they all work as they should and are not tampered with or altered without
    authorization.

    Q3
    The following are examples of threat consequences:
    unauthorised access

    Gaining access to confidential data or resources by an unauthorised party is known as unauthorised


    access.

    data breach

    When private or sensitive information is revealed to unauthorised individuals, it is called a data


    breach.
    Loss of data

    Loss of data, whether deliberate or unintentional, can have serious consequences for businesses.

    service disruption

    Unavailability of services or systems, usually as a result of technical malfunctions or cyberattacks, is


    referred to as service disruption.

    These kinds of threat acts include the following:

    malware

    Software intended to cause harm, interference, or unapproved access to computer systems or data is
    known as malware.

    phishing

    Phishing is when someone pretends to be a reliable source in an attempt to get private information,
    including financial information or passwords.

    DoS attack

    Attacks known as denial of service (DoS) aim to prevent someone from using a computer or network
    resource by flooding it with a large number of unauthorised requests.

    Insider threat

    Threats from people working for a company who possess sensitive data and may abuse or exploit it
    for their own gain or malicious intent are known as insider threats.
    Q4
    Fundamental security design principles:

    Least privilege
    Users should only be given the minimum level of authority or permissions required to do their tasks.

    Defence in depth
    Implementing in place several security control layers to defend against different kinds of threats and
    attacks.

    Fail-safe defaults
    In case of an error or malfunction, systems ought to be built with the ability to return to a safe state
    by default.

    Separation of duties

    Splitting the responsibilities and rights among several users to avoid any one person from having
    excessive power or control.

    Secure by design
    Implementing security features from the beginning into the architecture and design of systems and
    applications.

    Q5

    The information resources of an organization and assets are protected by a defined set of rules,
    guidelines, and processes known as security policies. It describes the goals, obligations, and
    standards for security for workers and users. The following are involved in implementing a security
    policy:
    Policy Development
    Outlining the security criteria, goals, and instructions that the policy will cover.

    Policy Communication
    Making sure that everyone involved is aware of the security policy and knows their roles and
    obligations

    Implementing the policy


    Introducing in place technical protections, guidelines, and enforcement mechanisms to uphold the
    security policy and stop breaches.

    Audits and examination

    Checking for violations of the security policy on a regular basis and doing audits to find any
    vulnerabilities or variances.

    Modify and update


    The security policy should be updated on a regular basis to take into account modifications to risks,
    laws, and technology.

    Q6

    Network attack surface


    An attacker can use any of the entry points and weaknesses in a network architecture to obtain
    unauthorised access or interfere with operations. Along with related protocols and services, this
    covers hardware such as servers, routers, and endpoints.

    Software attack surface


    The concept describes flaws in software applications that hackers can use to get through security
    measures in place. This includes Insecure setups, injection vulnerabilities, and buffer overflows.

    You might also like