dido:public:ra:1.4_req:2_nonfunc:25_security
Differences
This shows you the differences between two versions of the page.
| Both sides previous revision Previous revision Next revision | Previous revision | ||
|
dido:public:ra:1.4_req:2_nonfunc:25_security [2021/10/09 12:21] nick |
dido:public:ra:1.4_req:2_nonfunc:25_security [2022/04/12 15:20] (current) nick |
||
|---|---|---|---|
| Line 3: | Line 3: | ||
| ===== About ===== | ===== About ===== | ||
| + | [[[[dido:public:ra:1.4_req:2_nonfunc:25_security | Return to Top]] | ||
| + | |||
| Security is not a single "thing" that can be added to a system. To be truly secure, the entire [[dido:public:ra:xapend:xapend.a_glossary:e:e2esolution]] needs to be secure and needs to be considered during the entire [[dido:public:ra:xapend:xapend.a_glossary:s:syslifecycle]]. As shown in Figure {{ref>layerSecure}}, a layered approach is used to help isolate the security needs. Each layer represents a portion of the [[dido:public:ra:xapend:xapend.a_glossary:i:infotech]] stack, including the people who use and have access to the IT stack. | Security is not a single "thing" that can be added to a system. To be truly secure, the entire [[dido:public:ra:xapend:xapend.a_glossary:e:e2esolution]] needs to be secure and needs to be considered during the entire [[dido:public:ra:xapend:xapend.a_glossary:s:syslifecycle]]. As shown in Figure {{ref>layerSecure}}, a layered approach is used to help isolate the security needs. Each layer represents a portion of the [[dido:public:ra:xapend:xapend.a_glossary:i:infotech]] stack, including the people who use and have access to the IT stack. | ||
| Line 16: | Line 18: | ||
| The physical security is concerned with preventing physical harm to the [[dido:public:ra:xapend:xapend.a_glossary:c:computerplaform]] (e.g., theft, fire, flooding, etc.), as well as, preventing access to the physical platform via "back doors" thereby allowing breaches by potentially malicious actors (e.g., using pluggable USB drives, adding wire sniffers to the network, or the internal threat posed by employees with access). | The physical security is concerned with preventing physical harm to the [[dido:public:ra:xapend:xapend.a_glossary:c:computerplaform]] (e.g., theft, fire, flooding, etc.), as well as, preventing access to the physical platform via "back doors" thereby allowing breaches by potentially malicious actors (e.g., using pluggable USB drives, adding wire sniffers to the network, or the internal threat posed by employees with access). | ||
| - | * **Note:** Even though the role of Phsyical Security has somewhat diminished with the acceptance of the [[dido:public:ra:xapend:xapend.a_glossary:z:zero-trust_model]] and [[dido:public:ra:xapend:xapend.a_glossary:z:zta]], it still plays a key role as the first line of defense, but by itself, it is not enough.[[dido:public:ra:xapend:xapend.b_stds:tech:nist:zta]] | + | * [[[dido:public:ra:xapend:xapend.a_glossary:c:coldboot_atack]] |
| - | * [[dido:public:ra:xapend:xapend.a_glossary:z:zero-trust_model]] | + | * [[dido:public:ra:xapend:xapend.a_glossary:d:data_remanence]] |
| - | * [[dido:public:ra:xapend:xapend.a_glossary:z:zta]] | + | |
| - | * [[dido:public:ra:xapend:xapend.a_glossary:t:tor]] | + | |
| </WRAP>| | </WRAP>| | ||
| ^ [[dido:public:ra:xapend:xapend.a_glossary:d:datasecurity]] |<WRAP>Data security ensures that [[dido:public:ra:xapend:xapend.a_glossary:d:dataatrest]], [[dido:public:ra:xapend:xapend.a_glossary:d:data_in_motion]], or [[dido:public:ra:xapend:xapend.a_glossary:d:data_in_use]] remains intact (i.e., completeness, accuracy and consistency). For example, allowing incomplete data to be stored (i.e., date of a transaction, or //authorized by// fields). [[dido:public:ra:xapend:xapend.a_glossary:r:roundofferror]] can also affect the accuracy of the data. Modifying a bank account balance introduces inconsistencies that can be detected. | ^ [[dido:public:ra:xapend:xapend.a_glossary:d:datasecurity]] |<WRAP>Data security ensures that [[dido:public:ra:xapend:xapend.a_glossary:d:dataatrest]], [[dido:public:ra:xapend:xapend.a_glossary:d:data_in_motion]], or [[dido:public:ra:xapend:xapend.a_glossary:d:data_in_use]] remains intact (i.e., completeness, accuracy and consistency). For example, allowing incomplete data to be stored (i.e., date of a transaction, or //authorized by// fields). [[dido:public:ra:xapend:xapend.a_glossary:r:roundofferror]] can also affect the accuracy of the data. Modifying a bank account balance introduces inconsistencies that can be detected. | ||
| - | * **Note:** Formalization of [[dido:public:ra:xapend:xapend.a_glossary:z:zero-trust_model]] and [[dido:public:ra:xapend:xapend.a_glossary:z:zta]] has set a [[dido:public:ra:xapend:xapend.a_glossary:g:goal|goal]] of: //"preventing unauthorized access to data and services coupled with making the access control enforcement as granular as possible. "//[[dido:public:ra:xapend:xapend.b_stds:tech:nist:zta]] | ||
| - | * **Note:** Another way to achieve data security while the data is in motion is to use [[dido:public:ra:xapend:xapend.a_glossary:t:tor]] which was designed by the U.S. Navy to protect sensitive documents [[https://whatis.techtarget.com/definition/TOR-third-generation-onion-routing]]. | ||
| * [[dido:public:ra:xapend:xapend.a_glossary:z:zero-trust_model]] | * [[dido:public:ra:xapend:xapend.a_glossary:z:zero-trust_model]] | ||
| * [[dido:public:ra:xapend:xapend.a_glossary:z:zta]] | * [[dido:public:ra:xapend:xapend.a_glossary:z:zta]] | ||
dido/public/ra/1.4_req/2_nonfunc/25_security.1633796497.txt.gz · Last modified: 2021/10/09 12:21 by nick
