Threats - What Can Happen?

Objectives

1. Better understand what can happen to assets.
2. Explore the CIA triad.

Notes

• This continues with chapter 1 of Pfleeger
• What can happen to an electronic asset?
  • This is frequently defined in terms of three properties
    • Confidentiality: the ability of a system to ensure that an asset is viewed only by authorized parties.
    • Integrity: the ability of a system to ensure that an asset is modified only by authorized parties.
    • Availability : the ability of a system to ensure that an asset can be used by any authorized parties.
  • Frequently referred to as the CIA triad or the security triad.
• Any asset must maintain one of these properties.
• Think about the money in your wallet
  • Availability is probably the most important. You want to be the only one who uses the money stored in the wallet.
  • The government ensures integrity, making sure that the money is hard to counterfeit
  • Confidentiality is less of an issue for this asset, unless you are bartering.
• This list is some times modified
  • Authentication: the ability of a system to confirm the identity of a user
  • Nonrepudiation or accountability: the ability of a system to confirm that a sender can not convincingly deny having taken an action.
  • The DOD adds audibility: the ability of a system to trace all actions related to a given asset.
• Can you describe how the CIA triad applies to your grade in this course?
  • I think it is reasonable to discuss the grade as officially maintained by the university.
  • But is there another aspect we might want to discuss? (My gradebook?)
• Just like vulnerability-threat-control, understanding CIS is essential for a study of cybersecurity
  • This is the standard language used by cybersecurity experts.
  • It will be used in the literature
  • Look at zerodayinitiative.com.