Computer security provides:
Provides Confidentiality, Integrity, and Availability (CIA) assurances to users
Roles in computer security:
Users, Black hat hackers, white hats
The International Information System Security Certification Consortium (ISC)2 code of ethics:
Protect, have honour, provide services, adhere to profession
Asset State in McCumber Cube:
Where info is when exploited
Safeguards
How to protect technical, storage, procedural, and human factors
Confidentiality, Integrity, and Availability (CIA) in McCumber Cube
Quality and safety. CIA itself
Asset
Something of value to protect
Threat
Potential event. Loss of value or data
Mitigation is the process . . .
Process of reducing risks
Attack Vector
A path an attacker takes to access an asset
Threat Modelling is the process . . .
Process of analysing a system for vulnerabilities
Disclosure attacks
Confidentiality. Asset viewed against the owner’s wishes
Alteration attacks
Integrity. Unauthorised change to/on user’s data
Denial attack
Availability. Disrupts access to system
STRIDE:
Spoofing, Tampering, Repudiation (Hide tracks), Info disclosure, Denial of service, Elevation of privileges
-
Unit 1 Methods, DevOps, Scrum12
-
Unit 2B+3B Lean software development + The three ways of DevOps10
-
Unit 7 Telemetry, Tests, TDD13
-
Unit 8 Continuous integration and delivery13
-
Unit 9 Bugs, Monitoring, Learning Culture14
-
Unit 10A+B Ethics and Professionalism and Legal Issues14
-
Unit 10C Computer Security15
-
Extra7
