week-2-security principles

CIA Triad

A model of information security that includes three core principles: Confidentiality, Integrity, and Availability.

Confidentiality

The principle that ensures private information is not disclosed to unauthorized individuals.

Integrity

The principle that guarantees information and programs are modified only in a specified and authorized manner.

Availability

The principle that ensures systems are operational and accessible to authorized users when needed.

Authentication

The process of verifying the identity of an individual claiming to be a certain entity.

Nonrepudiation

The assurance that someone cannot deny the validity of their actions, typically in sending or receiving messages.

Threats

Potential dangers that could exploit vulnerabilities in a system.

Vulnerabilities

Weaknesses in a system that allow threats to be realized.

Defense in Depth

A security strategy that employs multiple layers of defense to protect information systems.

Least Privilege

The principle that users and processes should have the minimum levels of access – or permissions – needed to perform their job functions.

Separation of Privilege

A security concept that requires multiple conditions to be met before granting access to sensitive resources.

Separation of Duties

A security practice where no single individual has enough privileges to misuse a system independently.

Fail-safe Defaults

The principle that systems should default to a secure state when failing.

Psychological Acceptability

The idea that security measures should not make systems too difficult or cumbersome for users.

Open Design

The principle that the security of a mechanism should not depend on the secrecy of its design.

Kerckhoff’s Principle

The notion that a cryptographic system should remain secure even if everything about the system, apart from the key, is public knowledge.

Economy of Mechanism

The principle advocating for security designs to be as simple and small as possible for easy verification.

Isolation

A strategy to protect systems from unauthorized use by separating items that may interfere with each other.

Running Untrusted Code

The practice of executing applications from potentially unreliable sources in a controlled manner to prevent damage.

Ethics

A set of moral principles that guide an individual's or group's behavior, especially in the field of information security.

Why are Ethics Important in Security?

They establish trust and responsibility towards protecting confidential data.