1. Security Security is a measure of the system’s ability to protect data and information from unauthorized access while still providing access to people and system that are authorized. Security characteristics: Confidentiality: data or services are protected from unauthorized access. Integrity: data or services are not subject to unauthorized manipulation. Availability: the system will be available for legitimate use. Authentication: verifies the identities of the parties to transactions and checks if they are truly who they claim to be. Nonrepudiation: guarantees that the sender of a message cannot later deny having sent the message, and the recipient cannot deny having received the message. Authorization: grants a user the privileges to perform a task.

2. Security

3. Security Tactics

4. Detect Attacks Detect intrusion: by comparison of network traffic or service request patterns within a system to a set of signatures or known patterns of malicious behavior stored in a database. Detect service denial: by comparison of the pattern or signature of network traffic coming into a system to historical profiles of known denial-of-service attacks. Verify message integrity: by employing techniques such as checksums or hash values to verify of messages, resource files, deployment files, and configuration files. Detect message delay: detect potential man-in-middle attacks, where a malicious party is intercepting (and possibly modifying) messages, by checking the time that it takes to deliver a message.

5. Security Tactics Resist Attacks Identity actors: identify the source of an external input to the system Authenticate actors: ensure that an actor (user or computer) is actually who or what it purports to be. Authorize actors: ensure that an authenticated actor has the rights to access ad modify either data or services. Limit access: limiting access to computing/hardware resources. Limit exposure: minimize the attack surface of a system by having the least possible number of access points for resources, data, or services and reducing the number of connectors that may provide unanticipated exposure. Encrypt data: to provide extra protection to persistently maintained data beyond that available from authorization. Separate entities: separate sensitive and non-sensitive data by physical separation on different computers, to reduce the attack possibility from non-sensitive data users. Change default settings: to prevent attackers from gaining access to the system through settings that are generally publicly available.

6. Security Tactics React to Attacks Revoke access: when an attack is underway, access can be severely limited to sensitive resources, even for normally legitimate users and uses. Lock computer: limit access from a particular computer if there are repeated failed attempts to access an account from that computer. Inform actors: the relevant actors must be notified when the system has detected an attack.

7. Security Tactics Recover from Attacks Maintain audit trail Restore (same as availability tactics)