70 likes | 201 Views
Course Wrapup. So what have we dealt with?. Environment: Physical and Personnel Security, Mission Policy: What is security what is important to secure what allowed/forbidden behavior Methods authenticity, privacy, integrity, availability operating system, application, network
E N D
So what have we dealt with? • Environment: Physical and Personnel Security, Mission • Policy: What is security • what is important to secure • what allowed/forbidden behavior • Methods • authenticity, privacy, integrity, availability • operating system, application, network • Evaluation • monitoring • analysis • dealing with incidents
Environment • The more controlled the situation, the easier to protect critical information • The clearer the understanding of the mission, the easier to identify • critical information • methods of protection
Policy • No single policy fits all organizations • Relative importance of security properties • Policy must allow for human mistakes • Policy must allow for changing conditions • Default yes vs. default no • Specify allowed/forbidden behavior on all critical assets
Methods • No silver bullets • Overlapping methods • Allow for error • Allow for attack • Allow for change • Methods for identification, privacy, protection, backup, restoration
Evaluation • All security will be evaluated • Planned evaluation • Unplanned evaluation • Evaluation must be in terms of mission impact
Closing thoughts • Security means protecting what you have • Survivability means always having an option available to do what you need • This course has just scratched the surface