Security and Information Assurance
Risk assessment
- Risk identification
- Risk analysis
- Cost/benefit analysis
Incident Response
- Legal requirements
- Incident response team
- Incident response policies
- incident response procedures
Security Models
- The McCumber/Maconachy, et.al. Information Assurance Model
- Confidentiality models
- Bell LaPadula (BLP) Model
- Integrity models
- Transaction-based integrity
- Other models
Security Policies
- Creation of Policies
- Maintenance of Policies
- Prevention
- Avoidance
- Recovery
- Defense in depth
Security Technologies
- Cryptosystems
- Unkeyed cryptosystems
- Secret key cryptosystems
- Public key cryptosystems
- Key infrastructure
- Digital Signatures
- Performance (software/hardware, operational approaches)
- Authenticaiton protocols and mechanisms
- Identity keys
- Biometrics
- Passwords
- Hardware key
- Timestamps
- Kerberos
- Physically secure hardware
- Violation detection
- intrusion detection
- liveness & availability checking
- protection tools
- Penetration testing
- Integrity checking
- Error-correcting codes
- cryptographic hashing
- checksums
- Countermeasures
- Redundancy
- Fault Tolerance
Threats and Attacks
- Social Engineering
- Passive Attacks
- Sniffing
- Man-in-the middle
- Active attacks
- Forced entry
- Password guessing
- Dictionary attacks
- Protocol attacks
- Malware
- Viruses
- Trojans
- Worms
- Spyware
- Buffer Overflow Attacks
- Denial of Service
Network Security
- Network nodes
- Routers
- Switches
- Access Points
- Perimeter defenses
- Firewalls
- Packet filter
- Proxy
- Personal
- Virtual Private Networks (VAN)
- Protocol tunneling
- Bearer services
- Secure design
- Pointer to attacks/threats (for DOS)
Operational Issues
- Auditing
- Cost / benefit analysis
- Asset Management
- Standards
- Enforcement
- Legal issues
- Physical plant security
- Disaster recovery (natural and man-made)
Forensics
- Digital Forensics and its relationship to other Forensic disciplines
- Incident response responsibilities
- Forensic procedures
- Standards
- Documentation
- Audit logs
- Investigators report
- Digital Evidence
- Rules/Standards of Evidence
- Evidence Analysis
- Forensic mechanisims
- Acquisition mechanisms
- Authentication mechanisms
- Analysis mechanisms
- Auditing mechanisims
- Profiling
- Motivation analysis
- Victimology
Human Considerations
- Applied Psychology and security policies
- Usability design and security
- Security mindset
- Identity theaft
Security Standards
- Risks and liabilities of computer-based systems (THESE CONCEPTS ARE UNDER OTHER TABS--Links Needed)
- Authentication
- Encryption; Certificates, Public Key
- Capability User Authorization
- Audit Logs
- Access Logs
- Backup
- Viruses, Worms
- Transaction Management, Rollback
- Intrusion Detection
- Privacy Protection
- Security Standards Organizations
- Security Assurance Service Organizations
- Uses, misuses, and limits of computer technology
- Historical examples of software risks (such as the Therac-25 case)
- Implications of software complexity
- Risk assessment and management
- Feasibility assessment
- Risk management principles
- Contingency planning
-- Main.nova - 11 Feb 2006 (by Rich LeBlanc and Bob Sloan)
Social structure
- Legal Systems
- Legal frameworks
- Legislation
- Ethics
to top