Frameworks


 * DOLLS - Principles of Information Security**

Diversity -Different password types, Different authentication methods. Different Software, Operating Systems Obscurity -Hide information: Operating System, Application types and versions, Internal Addresses (NAT, PAT) Limiting -Physical Access, RBAC/IBAC, privileges: root, read, write, modify, delete Layering -Multiple Obstacles, firewalls Simplicity -Usability, Biometrics, Management Tools


 * Characteristics of Secure Information**

//Confidentiality// Authorization - login/pw Access control - physical limitations -Identity Based Access Control (IBAC) -Role Based Access Control (RBAC) Authenticate (examples) Single Factor - username/pw Two Factor - ATM card/code Multifactor - tokens, card, dongle, USB key, biometrics

//Integrity// Information is correct: entered correctly, processed correctly, stored correctly, not modified without authorization.

//Availability// What is needed is where it's needed, in the form that it's needed. -redundant systems -backups -failsafe/failover protection

Stored Processed Transmitted
 * Three States of Information**

Hardware Software Information People Procedures
 * Parts of Information Security**

Asset Threat Threat Agent Vulnerability Exploit Risk
 * Security Threat Framework**


 * Increases in Security Lead to Decreases in Productivity**