Work in progress
This informal write up includes
- Core security goals
- Extended goals of system security
- Vulnerabilities, threats, risks & safeguards
Core security goals
Core goals of information security are to provide
- Availability
To ensure, in item order of dependency,
1. Reliability and timely access to information and system for authorized access.
2. Acceptable level of performance
3. Resilience on failure
2. Integrity
To ensure,
1. Accuracy and correctness of information and system for authorized access.
3. Confidentiality
To ensure,
1. Necessary level of secrecy maintenance of information and system.
Extended goals of system security
In addition to core goals of security,
- Authentication
To ensure and enforce intended access, and thereby identify accessing party to information and system.
2. Authorization
To ensure that identified party has intended — access and permission — to act on information and system.
3. Accountability
To ensure that there is means to identify and prove a party’s access on information and system.
Of these above AAA — last one can take few other takes like auditing or non-repudiation.
Vulnerability, threat, risk and safeguard
- Vulnerability
Weakness that exists in a system that can cause to compromise or not achieve the security goals.
2. Threat
Potential danger that is associated with exploiting the vulnerability present in a system.
3. Risk
Likelihood of a threat exploiting a vulnerability and its impact.
4. Safeguard / Control / Countermeasure
Aims to achieve security goals against threat eliminating or reducing risk.