Theories

Back to Home

Back to Home
 * Information Security || -is protecting information and information systems from unauthorized access, use, disclosure, disruption, modification, perusal, inspection, recording or destruction ||
 * Information Technology (IT) || -is "the acquisition, processing, storage and dissemination of vocal, pictorial, textual and numerical information by a microelectronics-based combination of computing and telecommunications". ||
 * ~ DOLLS ||~ - Diversity, Oscurity, Limiting, Layering, and Security ||
 * Diversity || -is primarily practiced by requiring multiple and differing types of passwords and authentication methods. ||
 * Obscurity || -is a pejorative referring to a principle in security engineering, which attempts to use secrecy (of design, implementation, etc.) to provide security. A system relying on security through obscurity may have theoretical or actual security vulnerabilities, but its owners or designers believe that the flaws are not known, and that attackers are unlikely to find them. ||
 * Limiting || -is any process by which a specified characteristic (usually amplitude) of the output of a device is prevented from exceeding a predetermined value. Limiting can be done by restricting physical access and priveleges (access, delete, modify, read, root, write). ||
 * Layering || -describes the practice of leveraging several different point security solutions, filtering systems, and monitoring strategies to protect information technology resources and data. ||
 * Simplicity || -is aimed at keeping the usability of systems simple and accessible. This is primarily aimed at simplifying management tools. ||
 * ~ User Account ||~ -allows a user to authenticate to system services and be granted authorization to access them. ||
 * Identity Based Access Control (IBAC) || -is an approach to restricting system access to an authorized user based on who the user is. It is not based on the user's role or membership in a particular work group. This may be granted to an individual based on his identity as the owner, manager, or chief operator, or may be based on his name. ||
 * Role Based Access Control (RBAC) || -is an approach to restricting system access to authorized users. It is a newer alternative approach to mandatory access control (MAC) and discretionary access control (DAC). RBAC is sometimes referred to as role-based security. The permissions to perform certain operations are assigned to specific roles. Members of staff (or other system users) are assigned particular roles, and through those role assignments acquire the permissions to perform particular system functions. Since users are not assigned permissions directly, but only acquire them through their role (or roles), management of individual user rights becomes a matter of simply assigning appropriate roles to the user; this simplifies common operations, such as adding a user, or changing a user's department. ||
 * ~ CIA ||~ Confidentiality, Integrity, and Availibility ||
 * Confidentiality || -verifies the information is secure and seen only by those who should be seeing it. Only authorized personnel with the correct access (see above) should be granted permission to view. Authentication must be received through either single or multi-factor authentication. ||
 * Integrity || -refers to the information and the correctness or accuracy of the information reported. ||
 * Availibity || -verifies the information is where it needs to be when, it is needed and in a form that is available to the user. This is made possible by backups, failsafes and redundant systems. ||
 * Authentication || -the way in which someone may be authenticated fall into three categories, based on what are known as the factors of authentication: something you know, something you have, or something you are. Each authentication factor covers a range of elements used to authenticate or verify a person's identity prior to being granted access, approving a transaction request, signing a document or other work product, granting authority to others, and establishing a chain of authority. ||
 * ~ Standard Operating Procedure (SOP) ||~ -is a written document or instruction detailing all steps and activities of a process or procedure, or set of procedures to perform a given operation or evolution or in reaction to a given event. ||
 * ~ Security Threat Framework ||
 * Asset, Exploit, Risk, Threat, Threat Agent, Vulnerability ||
 * ~ Parts of Information Security ||
 * Hardware, Software, Information, People, Procedures ||
 * ~ Three States of Information ||
 * Stored, Processed, Transmitted ||
 * ~ Parts of Information Security ||
 * Hardware, Software, Information, People, Procedures ||
 * ~ Three States of Information ||
 * Stored, Processed, Transmitted ||
 * Stored, Processed, Transmitted ||