Data Security and Cryptology Lecture #3

Published on . Takes about 1 minute to read.

Lecture homepage: http://enos.itcollege.ee/~valdo/turve/

Safeguards

Safeguards can be divided into 3 classes:

  1. Preventive safeguards - Prevent security incidents from happening. The main line of defense.
    • - Minimize vulnerabilities and risk probabilities
    • - Prevent attacks
    • - Decrease the ripple effects of a security incident to other IT assets
  2. Identifying safeguards - Tell us that a security incident has occurred so we can take suitable action.
  3. Reconstructive safeguards - We need to restore the environment before the security incident occurred. For example, if the firewall was disabled, it needs to be re-enabled ASAP. The more important the object, the more attention should be given to reconstructive safeguards. Methods:
    • - Backup
    • - Renovation
    • - Replacement

Identifying safeguards

Goals:

  • Avoiding the incident
  • Identify the incident 
    • - Operative Identification: If the incident happens, we immediately want to be notified and take immediate action. Example: fire alarm.
    • - Post Identification: If operative identification is not possible, we want the get the information as soon as possible. Log files and passive alerts (e-mails by crontab).
    • - Evidence Based Identification: Security elements added to IT assets to check integrity/confidentiality.
      Examples: Signatures on paper documents, checksums on files
  • * Proving the incident happened (later)

Classification of Safeguards by IT Assets

  • Physical assets
  • Information / data
  • Software
  • Ability to reproduce a product/service
  • People
  • Intangible aspects

Components of organizational safeguards

  • Activities that someone must do
  • Activities that are prohibited for certain persons
  • Sanctions for doing something prohibited
  • Sanctions for not doing something that must be done