Theories

 ** 3 Characteristics of Information Protection (CIA) ** **1. ****Confidentiality ** · Authorization i.e login & password · Access Controls o Privileges : things you are allowed to do on the computer o Privilege escalation: coming in under a restriction set and gaining higher privileges (“pwn” or own) o Mandatory Access Control: To set up Control o Identity Based Access Controls (IBAC) : controls set for individual users o Role Based Access Controls (RBAC): Taking the identity controls and adding them to the group · Authenticate o Single Factor (i.e. only have a password) o Two factors (card + code) o Multiple Factors o Token cards o Dongles o Biometrics (finger prints, facial markers, retina scan) 2. **Integrity **: Making sure Information is correct · Entered Correctly · Processed Correctly (software bugs) · Stored Correctly · Not modified without authentication 3. **Availability ** : Information is where it’s needed so when it is needs you can get to it in the form you need it. · Redundancy: fail safe systems · Safe from DDS attacks

** D.O.L.L.S. **
 * D**iversity – Don’t run 1 kind of protection. Example: Different password types, SW OS, mix up servers
 * O**bscurity- Hide your information! Ex: OS, Apps, Internal Addresses (NAT/PAT)
 * L**imiting – Limit physical access. Ex: Role Based Access Controls (RBAC)/IBAC, privileges
 * L**ayering – Have multiple obstacles
 * S**implicity- Usability built into the system Ex. Biometrics, management tools

· Security Increase, Productivity Decreases

 **** 7 Fundamental Principles of Cyber security **** 1. All security measures of defeatable.

2. Today’s defenses are obsolete tomorrow.

3. Any security measure/technology is only as good as its implementation.

4. Treat security as if the law enforcement did not exist.

5. Black hats cannot be deterred.

6. Any new technology is a new attack vector.

7. Information security is an evolutionary arms race.