<<O>>  Difference Topic SecurityTopics (r1.6 - 27 Sep 2007 - Main.nova)
META TOPICPARENT OntologyProject

Security and Information Assurance

Added:
>
>		 Risk assessment
  • Risk identification
  • Risk analysis
  • Cost/benefit analysis

Incident Response

  • Legal requirements
  • Incident response team
  • Incident response policies
  • incident response procedures

Security Models
Changed:
<
<
  • The McCumber/Maconachy, et.al. Information Assurance Model
>
>
  • The McCumber?/Maconachy, et.al. Information Assurance Model

  • Confidentiality models
Added:
>
>		 * Bell LaPadula? (BLP) Model

  • Integrity models
Changed:
<
<
  • Risk assessment models
>
>
    • Transaction-based integrity * Biba Model

  • Other models
Added:
>
>
    • The Clark-Wilson Model

Security Policies

  • Creation of Policies
  • Maintenance of Policies
  • Prevention
  • Avoidance
Changed:
<
<
  • Incident Response
>
>
  • Recovery
  • Defense in depth

Security Technologies

Changed:
<
<
  • Cryptography
    • Pointer to Algorithms section
>
>
  • Cryptosystems
    • Unkeyed cryptosystems
    • Secret key cryptosystems
    • Public key cryptosystems
      • Key infrastructure

    • Digital Signatures
    • Performance (software/hardware, operational approaches)
  • Authenticaiton protocols and mechanisms
Changed:
<
<
  • Defense in depth
>
>
    • Identity keys
      • Biometrics
      • Passwords
      • Hardware key
    • Timestamps
    • Kerberos

  • Physically secure hardware
  • Violation detection
    • intrusion detection
Changed:
<
<
    • audit logs
>
>
    • liveness & availability checking
    • protection tools
  • Penetration testing
  • Integrity checking
    • Error-correcting codes

    • cryptographic hashing
    • checksums
Changed:
<
<
  • Error-correcting codes
>
>		 *Countermeasures

  • Redundancy
  • Fault Tolerance
Added:
>
>		 Threats and Attacks
  • Social Engineering
  • Passive Attacks
    • Sniffing
    • Man-in-the middle
  • Active attacks
    • Forced entry
      • Password guessing
      • Dictionary attacks
    • Protocol attacks
    • Malware
      • Viruses
      • Trojans
      • Worms
      • Spyware
    • Buffer Overflow Attacks
    • Denial of Service

Network Security
Added:
>
>		 *Network nodes *Routers *Switches *Access Points *Perimeter defenses *Firewalls *Packet filter *Proxy *Personal * Virtual Private Networks (VAN) *Protocol tunneling *Bearer services *Secure design *Secure topology * intranet

  • Pointer to attacks/threats (for DOS)
Deleted:
<
<
  • Security aspects of network devices (routers, firewalls, access points)
    • packet filtering
    • Virtual Private Networks (VPN)
  • Network organization for security
  • Design for availability

Operational Issues

  • Auditing
Line: 51 to 109
  • Physical plant security
  • Disaster recovery (natural and man-made)
Deleted:
<
<		 Threats and Attacks
  • Social Engineering
  • Malware (Viruses, Trojan Horses, Worms)
  • Protocol attacks
  • Active attacks
  • Passive Attacks
  • Buffer Overflow Attacks
  • Denial of Service

Forensics

Changed:
<
<
  • Legal Systems
>
>

  • Digital Forensics and its relationship to other Forensic disciplines
Changed:
<
<
  • Rules of Evidence
  • Search and Seizure
>
>
    • Incident response responsibilities
    • Forensic procedures
    • Standards
    • Documentation
      • Audit logs
      • Investigators report

  • Digital Evidence
Changed:
<
<
  • Media Analysis
>
>
    • Preservation of evidence
      • Imaging
  • Rules/Standards of Evidence
  • Evidence Analysis *Forensic mechanisims *Acquisition mechanisms *Authentication mechanisms *Analysis mechanisms *Auditing mechanisims *Profiling *Motivation analysis *Victimology

Human Considerations

  • Applied Psychology and security policies
  • Usability design and security
  • Security mindset
Changed:
<
<

-- Main.nova - 11 Feb 2006 (by Rich LeBlanc and Bob Sloan)

      • Firewalls
        • Packet Filtering
  • Intrusion Detection
  • Intrusion Protection

>
>
  • Identity theaft

Added:
>
>		 Security Standards

Added:
>
>
  • Risks and liabilities of computer-based systems (THESE CONCEPTS ARE UNDER OTHER TABS--DO NOT BELONG HERE)
    • Authentication
    • Encryption; Certificates, Public Key
    • Capability User Authorization
    • Audit Logs
    • Access Logs
    • Backup
    • Viruses, Worms
    • Transaction Management, Rollback
    • Intrusion Detection
    • Privacy Protection
    • Security Standards Organizations
    • Security Assurance Service Organizations
    • Uses, misuses, and limits of computer technology
    • Historical examples of software risks (such as the Therac-25 case)
    • Implications of software complexity
    • Risk assessment and management
    • Feasibility assessment
    • Risk management principles
    • Contingency planning

Changed:
<
<		 Security Standards
>
>		 -- Main.nova - 11 Feb 2006 (by Rich LeBlanc and Bob Sloan)

Changed:
<
<		 -- Main.nova - 14 Jun 2005
>
>		 Social structure
  • Legal Systems *Legal frameworks *Legislation *Ethics *Ethical frameworks

View topic | Diffs | r1.7 | > | r1.6 | > | r1.5 | More
Revision r1.5 - 26 Apr 2007 - 22:54 - Main.nova
Revision r1.6 - 27 Sep 2007 - 16:13 - Main.nova