Security¶
CIA Triad¶
CIA Triad is the foundational concept in IT security.
Confidentiality: ensuring that information can be only accessed by the authorized people or machine.
Integrity: ensuring the data is accurate, complete, and not be modified.
Availability: ensuring that information and resources are available to authorized users when needed.
The CIA triad is used as a guideline to help organizations establish security policies and procedures to protect their information assets.
Golden Guideline¶
These three "Au" could be used as a foundational golden guideline to solve security problems, which may arise during the lifecycle of an interaction with systems.
Authentication: Who are you?
Authorization: What can you do?
Audit: What did you do?
Additionally, consider the following principles:
Encryption: Ensures data integrity and protects data confidentiality against unauthorized access. Durability: Ensures data durability through methods such as backups, RAID 5, and replication.
NIST Cyber Security Framework (CSF 2.0)¶
| Govern | Identity | Protect | Detect | Respond | Recover |
|---|---|---|---|---|---|
| * Organizational Context * Risk Management Strategy * Roles, Responsibilities, and Authorities * Policy * Oversight * Cybersecurity Supply Chain Risk Management |
* Asset Management * Risk Management * Improvement |
* Identity Management, Authentication, and Access Control * Awareness and Training * Data Security * Platform Security * Technology Infrastructure Resilience |
* Continuous Monitoring * Adverse Event Analysis |
* Incident Management * Incident Analysis * Incident Response Reporting and Communication * Incident Mitigation |
* Incident Recovery Plan Execution * Incident Recovery Communication |
-
安全攻防技能30讲 - 极客时间 何为舟 ↩