Professional Documents
Culture Documents
Data confidentiality
Privacy
Integrity
Data integrity
System integrity
Availability
How do security breaches impact on
organization?
Degradation in organizations primary functions.
Financial Loss
Damage to assets
Harm to individuals
3 levels of impact from a security breach
Low
Moderate
High
confidentiality – student grades
integrity – patient information
availability – authentication service
1. not simple
2. must consider potential attacks
3. procedures used counter-intuitive
4. involve algorithms and secret info
5. must decide where to deploy mechanisms
6. battle of wits between attacker / admin
7. requires regular monitoring
To assess effectively the security needs of an
organization and to evaluate and choose
various security products and policies, it is
required to represent in a systematic way.
ITU-T Recommendation X.800
ITU-T – international Telecommunication Union
Telecommunication Standardization Sector
RFC 2828
X-800provides a general description of
security services and related mechanisms
and defines the positions within the
reference model where the services and
mechanisms may provide.
RFC stands for Request for Comments.
RFC 2828 provides abbreviations;
explanations and recommendations for
information system security terminology.
The intent of this Glossary is to improve the
clarity of Internet Standards documents
X.800.
Example:
English usage, such as "e.g.", "etc.", "i.e.", "vol.",
"pp.", "U.S.")
Similarly,
$ 3DES See: triple DES.
$ *-property (N) (Pronounced "star property".) See:
"confinement property" under Bell-LaPadula Model.
ITU-TRecommendation X.800,Security
Architecture for OSI defines systematic way to
https://shintadinata.wordpress.com/2013/04/
03/security-computer-x-800-and-rfc-2828/
using this model requires us to:
1. design a suitable algorithm for the security
transformation
2. generate the secret information (keys) used
by the algorithm
3. develop methods to distribute and share the
secret information
4. specify a protocol enabling the principals to
use the transformation and secret
information for a security service