| About Blog Cheatsheets Defense Links Offense |
| Defense |
| Architecture Authorities Concept Forensic Introduction ITlawCH Malware Management Measures Methods Network Policy Risks Rules Threats Unix Linux Windows |
Introduction
|
What is IT-Security? IT-Security is not a product, it's a process. Don't think to buy a firewall which solves all your security problems! You always have to ensure good configuration and updates - this should be an integrated an always ongoing process. |
| But you never will reach 100% of security, it's like a banksafe: you can make it difficult to crack, but there will always be somebody, who is able to break it with a lot of ressources! Here are the most important components of IT-Security: |
|
Authenticity Authenticity is about the identity of a subject/object. This can be a user, a process, a system or an information. This is needed for Non Repudiation and Accountability. |
|
Integrity This means Data-Integrity, that data was not manipulated or destroyed in an unauthorized way and System-Integrity, that the system is available with the usual performance and was not manipulated with unauthorized access. Integrity is part of Authenticity. |
|
Confidentiality Information should not been seen by unauthorized persons, instances or processes. This means protection of personel or business-critical data, privacy and anonymity. |
|
Availability/Dependability Refers to functionality of soft- and hardware ist not altered in any unauthorized way and about secured business continuity. |
|
Non Repudiation/Accountability Non Repudiation means, that actions of instances (users, processes, systems and information) can be associated with only that instance. Accountability refers to financial transactions and all communication issues. |
|
Reliability The usual functionality and behavior of data and systems is secured. This is needed for Integrity and Non Repudiation. |
|
CIA stands for Confidentiality, Integrity and Availability |