compare and contrast two fundamental security design principles. Analyze how these principles and how they impact an organizations security posture. Every discussion posting must be properly APA formatted. - Humanities
compare and contrast two fundamental security design principles. Analyze how these principles and how they impact an organizations security posture. This is a Discussion. discussion.pptx Unformatted Attachment Preview Cryptography and Network Security Seventh Edition by William Stallings © 2017 Pearson Education, Inc., Hoboken, NJ. All rights reserved. Chapter 1 Computer and Network Security Concepts © 2017 Pearson Education, Inc., Hoboken, NJ. All rights reserved. Cryptographic algorithms and protocols can be grouped into four main areas: Symmetric encryption • Used to conceal the contents of blocks or streams of data of any size, including messages, files, encryption keys, and passwords Asymmetric encryption • Used to conceal small blocks of data, such as encryption keys and hash function values, which are used in digital signatures Data integrity algorithms • Used to protect blocks of data, such as messages, from alteration Authentication protocols • Schemes based on the use of cryptographic algorithms designed to authenticate the identity of entities © 2017 Pearson Education, Inc., Hoboken, NJ. All rights reserved. The field of network and Internet security consists of: measures to deter, prevent, detect, and correct security violations that involve the transmission of information © 2017 Pearson Education, Inc., Hoboken, NJ. All rights reserved. Computer Security The NIST Computer Security Handbook defines the term computer security as: “the protection afforded to an automated information system in order to attain the applicable objectives of preserving the integrity, availability and confidentiality of information system resources” (includes hardware, software, firmware, information/ data, and telecommunications) © 2017 Pearson Education, Inc., Hoboken, NJ. All rights reserved. Computer Security Objectives Confidentiality •Data confidentiality • Assures that private or confidential information is not made available or disclosed to unauthorized individuals •Privacy • Assures that individuals control or influence what information related to them may be collected and stored and by whom and to whom that information may be disclosed Integrity •Data integrity • Assures that information and programs are changed only in a specified and authorized manner •System integrity • Assures that a system performs its intended function in an unimpaired manner, free from deliberate or inadvertent unauthorized manipulation of the system Availability •Assures that systems work promptly and service is not denied to authorized users © 2017 Pearson Education, Inc., Hoboken, NJ. All rights reserved. © 2017 Pearson Education, Inc., Hoboken, NJ. All rights reserved. Breach of Security Levels of Impact High • The loss could be expected to have a severe or catastrophic adverse effect on organizational operations, organizational assets, or individuals Moderate Low © 2017 Pearson Education, Inc., Hoboken, NJ. All rights reserved. • The loss could be expected to have a serious adverse effect on organizational operations, organizational assets, or individuals • The loss could be expected to have a limited adverse effect on organizational operations, organizational assets, or individuals Computer Security Challenges • Security is not simple • Potential attacks on the security features need to be considered • Procedures used to provide particular services are often counter-intuitive • It is necessary to decide where to use the various security mechanisms • Requires constant monitoring • Is too often an afterthought © 2017 Pearson Education, Inc., Hoboken, NJ. All rights reserved. • Security mechanisms typically involve more than a particular algorithm or protocol • Security is essentially a battle of wits between a perpetrator and the designer • Little benefit from security investment is perceived until a security failure occurs • Strong security is often viewed as an impediment to efficient and user-friendly operation OSI Security Architecture • Security attack • Any action that compromises the security of information owned by an organization • Security mechanism • A process (or a device incorporating such a process) that is designed to detect, prevent, or recover from a security attack • Security service • A processing or communication service that enhances the security of the data processing systems and the information transfers of an organization • Intended to counter security attacks, and they make use of one or more security mechanisms to provide the service © 2017 Pearson Education, Inc., Hoboken, NJ. All rights reserved. Table 1.1 Threats and Attacks (RFC 4949) © 2017 Pearson Education, Inc., Hoboken, NJ. All rights reserved. Security Attacks •A means of classifying security attacks, used both in X.800 and RFC 4949, is in terms of passive attacks and active attacks •A passive attack attempts to learn or make use of information from the system but does not affect system resources •An active attack attempts to alter system resources or affect their operation © 2017 Pearson Education, Inc., Hoboken, NJ. All rights reserved. Passive Attacks • Are in the nature of eavesdropping on, or monitoring of, transmissions • Goal of the opponent is to obtain information that is being transmitted © 2017 Pearson Education, Inc., Hoboken, NJ. All rights reserved. • Two types of passive attacks are: • The release of message contents • Traffic analysis Active Attacks • Involve some modification of the data stream or the creation of a false stream • Difficult to prevent because of the wide variety of potential physical, software, and network vulnerabilities • Goal is to detect attacks and to recover from any disruption or delays caused by them © 2017 Pearson Education, Inc., Hoboken, NJ. All rights reserved . Masquerade •Takes place when one entity pretends to be a different entity •Usually includes one of the other forms of active attack Replay •Involves the passive capture of a data unit and its subsequent retransmission to produce an unauthorized effect Modification of messages •Some portion of a legitimate message is altered, or messages are delayed or reordered to produce an unauthorized effect Denial of service •Prevents or inhibits the normal use or management of communications facilities Security Services • Defined by X.800 as: • A service provided by a protocol layer of communicating open systems and that ensures adequate security of the systems or of data transfers • Defined by RFC 4949 as: • A processing or communication service provided by a system to give a specific kind of protection to system resources © 2017 Pearson Education, Inc., Hoboken, NJ. All rights reserved. Table 1.2 Security Services (X.800) (This table is found on page 12 in textbook) © 2017 Pearson Education, Inc., Hoboken, NJ All rights reserved. Authentication • Concerned with assuring that a communication is authentic • In the case of a single message, assures the recipient that the message is from the source that it claims to be from • In the case of ongoing interaction, assures the two entities are authentic and that the connection is not interfered with in such a way that a third party can masquerade as one of the two legitimate parties Two specific authentication services are defined in X.800: • Peer entity authentication • Data origin authentication © 2017 Pearson Education, Inc., Hoboken, NJ. All rights reserved . Access Control • The ability to limit and control the access to host systems and applications via communications links • To achieve this, each entity trying to gain access must first be indentified, or authenticated, so that access rights can be tailored to the individual © 2017 Pearson Education, Inc., Hoboken, NJ. All rights reserved. Data Confidentiality • The protection of transmitted data from passive attacks • Broadest service protects all user data transmitted between two users over a period of time • Narrower forms of service includes the protection of a single message or even specific fields within a message • The protection of traffic flow from analysis • This requires that an attacker not be able to observe the source and destination, frequency, length, or other characteristics of the traffic on a communications facility © 2017 Pearson Education, Inc., Hoboken, NJ. All rights reserved. Data Integrity Can apply to a stream of messages, a single message, or selected fields within a message Connection-oriented integrity service, one that deals with a stream of messages, assures that messages are received as sent with no duplication, insertion, modification, reordering, or replays A connectionless integrity service, one that deals with individual messages without regard to any larger context, generally provides protection against message modification only © 2017 Pearson Education, Inc., Hoboken, NJ. All rights reserved. Nonrepudiation • Prevents either sender or receiver from denying a transmitted message • When a message is sent, the receiver can prove that the alleged sender in fact sent the message • When a message is received, the sender can prove that the alleged receiver in fact received the message © 2017 Pearson Education, Inc., Hoboken, NJ. All rights reserved. Availability Service • Protects a system to ensure its availability • This service addresses the security concerns raised by denial-of-service attacks • It depends on proper management and control of system resources and thus depends on access control service and other security services © 2017 Pearson Education, Inc., Hoboken, NJ. All rights reserved . Security Mechanisms (X.800) Specific Security Mechanisms • Encipherment • Digital signatures • Access controls • Data integrity • Authentication exchange • Traffic padding • Routing control • Notarization © 2017 Pearson Education, Inc., Hoboken, NJ. All rights reserved. Pervasive Security Mechanisms • Trusted functionality • Security labels • Event detection • Security audit trails • Security recovery Table 1.3 Security Mechanisms (X.800) (This table is found on pages 14-15 in textbook) © 2017 Pearson Education, Inc., Hoboken, NJ. All rights reserved. Fundamental Security Design Principles • Economy of mechanism • Fail-safe defaults • Complete meditation • Open design • Separation of privilege • Least privilege © 2017 Pearson Education, Inc., Hoboken, NJ. All rights reserved. • Least common mechanism • Psychological acceptability • Isolation • Encapsulation • Modularity • Layering • Least astonishment Fundamental Security Design Principles Economy of mechanism • Means that the design of security measures embodied in both hardware and software should be as simple and small as possible • Relatively simple, small design is easier to test and verify thoroughly • With a complex design, there are many more opportunities for an adversary to discover subtle weaknesses to exploit that may be difficult to spot ahead of time © 2017 Pearson Education, Inc., Hoboken, NJ. All rights reserved. Fail-safe defaults • Means that access decisions should be based on permission rather than exclusion • The default situation is lack of access, and the protection scheme identifies conditions under which access is permitted • Most file access systems and virtually all protected services on client/server use fail-safe defaults Fundamental Security Design Principles Complete mediation • Means that every access must be checked against the access control mechanism • Systems should not rely on access decisions retrieved from a cache • To fully implement this, every time a user reads a field or record in a file, or a data item in a database, the system must exercise access control • This resource-intensive approach is rarely used © 2017 Pearson Education, Inc., Hoboken, NJ. All rights reserved. Open design • Means that the design of a security mechanism should be open rather than secret • Although encryption keys must be secret, encryption algorithms should be open to public scrutiny • Is the philosophy behind the NIST program of standardizing encryption and hash algorithms Fundamental Security Design Principles Separation of privilege Least privilege • Defined as a practice in which multiple privilege attributes are required to achieve access to a restricted resource • Means that every process and every user of the system should operate using the least set of privileges necessary to perform the task • Multifactor user authentication is an example which requires the use of multiple techniques, such as a password and a smart card, to authorize a user • An example of the use of this principle is role-based access control; the system security policy can identify and define the various roles of users or processes and each role is assigned only those permissions needed to perform its functions © 2017 Pearson Education, Inc., Hoboken, NJ. All rights reserved. Fundamental Security Design Principles Least common mechanism Psychological acceptability • Means that the design should minimize the functions shared by different users, providing mutual security • Implies that the security mechanisms should not interfere unduly with the work of users, while at the same time meeting the needs of those who authorize access • This principle helps reduce the number of unintended communication paths and reduces the amount of hardware and software on which all users depend, thus making it easier to verify if there are any undesirable security implications • Where possible, security mechanisms should be transparent to the users of the system or, at most, introduce minimal obstruction © 2017 Pearson Education, Inc., Hoboken, NJ. All rights reserved. • In addition to not being intrusive or burdensome, security procedures must reflect the user’s mental model of protection Fundamental Security Design Principles Isolation • Applies in three contexts: • Public access systems should be isolated from critical resources to prevent disclosure or tampering • Processes and files of individual users should be isolated from one another except where it is explicitly desired • Security mechanisms should be isolated in the sense of preventing access to those mechanisms © 2017 Pearson Education, Inc., Hoboken, NJ. All rights reserved. Encapsulation • Can be viewed as a specific form of isolation based on object-oriented functionality • Protection is provided by encapsulating a collection of procedures and data objects in a domain of its own so that the internal structure of a data object is accessible only to the procedures of the protected subsystem, and the procedures may be called only at designated domain entry points Fundamental Security Design Principles Modularity • Refers both to the development of security functions as separate, protected modules and to the use of a modular architecture for mechanism design and implementation © 2017 Pearson Education, Inc., Hoboken, NJ. All rights reserved. Layering • Refers to the use of multiple, overlapping protection approaches addressing the people, technology, and operational aspects of information systems • The failure or circumvention of any individual protection approach will not leave the system unprotected Fundamental Security Design Principles Least astonishment • Means that a program or user interface should always respond in the way that is least likely to astonish the user • The mechanism for authorization should be transparent enough to a user that the user has a good intuitive understanding of how the security goals map to the provided security mechanism © 2017 Pearson Education, Inc., Hoboken, NJ. All rights reserved. Attack Surfaces • An attack surface consists of the reachable and exploitable vulnerabilities in a system • Examples: • Open ports on outward facing Web and other servers, and code listening on those ports • Services available on the inside of a firewall • Code that processes incoming data, email, XML, office documents, and industry-specific custom data exchange formats • Interfaces, SQL, and Web forms • An employee with access to sensitive information vulnerable to a social engineering attack © 2017 Pearson Education, Inc., Hoboken, NJ. All rights reserved. Attack Surface Categories • Network attack surface • Refers to vulnerabilities over an enterprise network, wide-area network, or the Internet • Software attack surface • Refers to vulnerabilities in application, utility, or operating system code • Human attack surface • Refers to vulnerabilities created by personnel or outsiders © 2017 Pearson Education, Inc., Hoboken, NJ. All rights reserved. © 2017 Pearson Education, Inc., Hoboken, NJ. All rights reserved. Attack Tree • A branching, hierarchical data structure that represents a set of potential techniques for exploiting security vulnerabilities • The security incident that is the goal of the attack is represented as the root node of the tree, and the ways that an attacker could reach that goal are represented as branches and subnodes of the tree • The final nodes on the paths outward from the root, (leaf nodes), represent different ways to initiate an attack • The motivation for the use of attack trees is to effectively exploit the information available on attack patterns © 2017 Pearson Education, Inc., Hoboken, NJ. All rights reserved . © 2017 Pearson Education, Inc., Hoboken, NJ. All rights reserved. Model for Network Security © 2017 Pearson Education, Inc., Hoboken, NJ. All rights reserved. Network Access Security Model © 2017 Pearson Education, Inc., Hoboken, NJ. All rights reserved. Unwanted Access • Placement in a computer system of logic that exploits vulnerabilities in the system and that can affect application programs as well as utility programs such as editors and compilers • Programs can present two kinds of threats: • Information access threats • Intercept or modify data on behalf of users who should not have access to that data • Service threats • Exploit service flaws in computers to inhibit use by legitimate users © 2017 Pearson Education, Inc., Hoboken, NJ. All rights reserved . Standards National Institute of Standards and Technology •NIST is a U.S. federal agency that deals with measurement science, standards, and technology related to U.S. government use and to the promotion of U.S. private-sector innovation •Despite its national scope, NIST Federal Information Processing Standards (FIPS) and Special Publications (SP) have a worldwide impact Internet Society •ISOC is a professional membership society with world-wide organizational and individual membership •Provides leadership in addressing issues that confront the future of the Internet and is the organization home for the groups responsible for Internet infrastructure standards ITU-T •The International Telecommunication Union (ITU) is an international organization within the United Nations System in which governments and the private sector coordinate global telecom networks and services •The ITU Telecommunication Standardization Sector (ITU-T) is one of the three sectors of the ITU and whose mission is the development of technical standards covering all fields of telecommunications ISO •The International Organization for Standardization is a world-wide federation of national standards bodies from more than 140 countries •ISO is a nongovernmental organization that promotes the development of standardization and related activities with a view to facilitating the international exchange of goods and services and to developing cooperation in the spheres of intellectual, scientific, technological, and economic activity © 2017 Pearson Education, Inc., Hoboken, NJ. All rights reserved. Summary • Computer security concepts • Definition • Examples • Ch ... Purchase answer to see full attachment
CATEGORIES
Economics Nursing Applied Sciences Psychology Science Management Computer Science Human Resource Management Accounting Information Systems English Anatomy Operations Management Sociology Literature Education Business & Finance Marketing Engineering Statistics Biology Political Science Reading History Financial markets Philosophy Mathematics Law Criminal Architecture and Design Government Social Science World history Chemistry Humanities Business Finance Writing Programming Telecommunications Engineering Geography Physics Spanish ach e. Embedded Entrepreneurship f. Three Social Entrepreneurship Models g. Social-Founder Identity h. Micros-enterprise Development Outcomes Subset 2. Indigenous Entrepreneurship Approaches (Outside of Canada) a. Indigenous Australian Entrepreneurs Exami Calculus (people influence of  others) processes that you perceived occurs in this specific Institution Select one of the forms of stratification highlighted (focus on inter the intersectionalities  of these three) to reflect and analyze the potential ways these ( American history Pharmacology Ancient history . Also Numerical analysis Environmental science Electrical Engineering Precalculus Physiology Civil Engineering Electronic Engineering ness Horizons Algebra Geology Physical chemistry nt When considering both O lassrooms Civil Probability ions Identify a specific consumer product that you or your family have used for quite some time. This might be a branded smartphone (if you have used several versions over the years) or the court to consider in its deliberations. Locard’s exchange principle argues that during the commission of a crime Chemical Engineering Ecology aragraphs (meaning 25 sentences or more). Your assignment may be more than 5 paragraphs but not less. INSTRUCTIONS:  To access the FNU Online Library for journals and articles you can go the FNU library link here:  https://www.fnu.edu/library/ In order to n that draws upon the theoretical reading to explain and contextualize the design choices. Be sure to directly quote or paraphrase the reading ce to the vaccine. Your campaign must educate and inform the audience on the benefits but also create for safe and open dialogue. A key metric of your campaign will be the direct increase in numbers.  Key outcomes: The approach that you take must be clear Mechanical Engineering Organic chemistry Geometry nment Topic You will need to pick one topic for your project (5 pts) Literature search You will need to perform a literature search for your topic Geophysics you been involved with a company doing a redesign of business processes Communication on Customer Relations. Discuss how two-way communication on social media channels impacts businesses both positively and negatively. Provide any personal examples from your experience od pressure and hypertension via a community-wide intervention that targets the problem across the lifespan (i.e. includes all ages). Develop a community-wide intervention to reduce elevated blood pressure and hypertension in the State of Alabama that in in body of the report Conclusions References (8 References Minimum) *** Words count = 2000 words. *** In-Text Citations and References using Harvard style. *** In Task section I’ve chose (Economic issues in overseas contracting)" Electromagnetism w or quality improvement; it was just all part of good nursing care.  The goal for quality improvement is to monitor patient outcomes using statistics for comparison to standards of care for different diseases e a 1 to 2 slide Microsoft PowerPoint presentation on the different models of case management.  Include speaker notes... .....Describe three different models of case management. visual representations of information. They can include numbers SSAY ame workbook for all 3 milestones. You do not need to download a new copy for Milestones 2 or 3. When you submit Milestone 3 pages): Provide a description of an existing intervention in Canada making the appropriate buying decisions in an ethical and professional manner. Topic: Purchasing and Technology You read about blockchain ledger technology. Now do some additional research out on the Internet and share your URL with the rest of the class be aware of which features their competitors are opting to include so the product development teams can design similar or enhanced features to attract more of the market. The more unique low (The Top Health Industry Trends to Watch in 2015) to assist you with this discussion.         https://youtu.be/fRym_jyuBc0 Next year the $2.8 trillion U.S. healthcare industry will   finally begin to look and feel more like the rest of the business wo evidence-based primary care curriculum. Throughout your nurse practitioner program Vignette Understanding Gender Fluidity Providing Inclusive Quality Care Affirming Clinical Encounters Conclusion References Nurse Practitioner Knowledge Mechanics and word limit is unit as a guide only. The assessment may be re-attempted on two further occasions (maximum three attempts in total). All assessments must be resubmitted 3 days within receiving your unsatisfactory grade. You must clearly indicate “Re-su Trigonometry Article writing Other 5. June 29 After the components sending to the manufacturing house 1. In 1972 the Furman v. Georgia case resulted in a decision that would put action into motion. Furman was originally sentenced to death because of a murder he committed in Georgia but the court debated whether or not this was a violation of his 8th amend One of the first conflicts that would need to be investigated would be whether the human service professional followed the responsibility to client ethical standard.  While developing a relationship with client it is important to clarify that if danger or Ethical behavior is a critical topic in the workplace because the impact of it can make or break a business No matter which type of health care organization With a direct sale During the pandemic Computers are being used to monitor the spread of outbreaks in different areas of the world and with this record 3. Furman v. Georgia is a U.S Supreme Court case that resolves around the Eighth Amendments ban on cruel and unsual punishment in death penalty cases. The Furman v. Georgia case was based on Furman being convicted of murder in Georgia. Furman was caught i One major ethical conflict that may arise in my investigation is the Responsibility to Client in both Standard 3 and Standard 4 of the Ethical Standards for Human Service Professionals (2015).  Making sure we do not disclose information without consent ev 4. Identify two examples of real world problems that you have observed in your personal Summary & Evaluation: Reference & 188. Academic Search Ultimate Ethics We can mention at least one example of how the violation of ethical standards can be prevented. Many organizations promote ethical self-regulation by creating moral codes to help direct their business activities *DDB is used for the first three years For example The inbound logistics for William Instrument refer to purchase components from various electronic firms. During the purchase process William need to consider the quality and price of the components. In this case 4. A U.S. Supreme Court case known as Furman v. Georgia (1972) is a landmark case that involved Eighth Amendment’s ban of unusual and cruel punishment in death penalty cases (Furman v. Georgia (1972) With covid coming into place In my opinion with Not necessarily all home buyers are the same! When you choose to work with we buy ugly houses Baltimore & nationwide USA The ability to view ourselves from an unbiased perspective allows us to critically assess our personal strengths and weaknesses. This is an important step in the process of finding the right resources for our personal learning style. Ego and pride can be · By Day 1 of this week While you must form your answers to the questions below from our assigned reading material CliftonLarsonAllen LLP (2013) 5 The family dynamic is awkward at first since the most outgoing and straight forward person in the family in Linda Urien The most important benefit of my statistical analysis would be the accuracy with which I interpret the data. The greatest obstacle From a similar but larger point of view 4 In order to get the entire family to come back for another session I would suggest coming in on a day the restaurant is not open When seeking to identify a patient’s health condition After viewing the you tube videos on prayer Your paper must be at least two pages in length (not counting the title and reference pages) The word assimilate is negative to me. I believe everyone should learn about a country that they are going to live in. It doesnt mean that they have to believe that everything in America is better than where they came from. It means that they care enough Data collection Single Subject Chris is a social worker in a geriatric case management program located in a midsize Northeastern town. She has an MSW and is part of a team of case managers that likes to continuously improve on its practice. The team is currently using an I would start off with Linda on repeating her options for the child and going over what she is feeling with each option.  I would want to find out what she is afraid of.  I would avoid asking her any “why” questions because I want her to be in the here an Summarize the advantages and disadvantages of using an Internet site as means of collecting data for psychological research (Comp 2.1) 25.0\% Summarization of the advantages and disadvantages of using an Internet site as means of collecting data for psych Identify the type of research used in a chosen study Compose a 1 Optics effect relationship becomes more difficult—as the researcher cannot enact total control of another person even in an experimental environment. Social workers serve clients in highly complex real-world environments. Clients often implement recommended inte I think knowing more about you will allow you to be able to choose the right resources Be 4 pages in length soft MB-920 dumps review and documentation and high-quality listing pdf MB-920 braindumps also recommended and approved by Microsoft experts. The practical test g One thing you will need to do in college is learn how to find and use references. References support your ideas. College-level work must be supported by research. You are expected to do that for this paper. You will research Elaborate on any potential confounds or ethical concerns while participating in the psychological study 20.0\% Elaboration on any potential confounds or ethical concerns while participating in the psychological study is missing. Elaboration on any potenti 3 The first thing I would do in the family’s first session is develop a genogram of the family to get an idea of all the individuals who play a major role in Linda’s life. After establishing where each member is in relation to the family A Health in All Policies approach Note: The requirements outlined below correspond to the grading criteria in the scoring guide. At a minimum Chen Read Connecting Communities and Complexity: A Case Study in Creating the Conditions for Transformational Change Read Reflections on Cultural Humility Read A Basic Guide to ABCD Community Organizing Use the bolded black section and sub-section titles below to organize your paper. For each section Losinski forwarded the article on a priority basis to Mary Scott Losinksi wanted details on use of the ED at CGH. He asked the administrative resident