I need a particular security issue or vulnerability
related to a linux service and explore its implications with regard
to confidentiality, integrity, or availability of enterprise data.
discuss specific administrative or technical security controls that
may effectively mitigate the issue or vulnerability. some areas for
you to consider may include:
•absence of hardened systems.
•legacy third-party applications.
•nonexistence of data backups.
•ineffective enforcement of password policies.
•poor linux operating system patch management.
Information security involves the protection of organizational assets from the disruption of business operations, modification of sensitive data, or disclosure of proprietary information. The protection of this data is usually described as maintaining the confidentiality, integrity, and availability of the organization's assets, operations, and information. As identified throughout this chapter, security goes beyond technical controls and encompasses people, technology, policy, and operations in a way that few other business objectives do.
Most IT security practices are focused on protecting systems from loss of confidentiality, loss of integrity, and loss of availability. These three together are referred to as the security triad, the CIA triad, and the AIC triad.
If a system suffers loss of confidentiality, then data has been disclosed to unauthorized individuals. This could be high level secret or proprietary data, or simply data that someone wasn’t authorized to see. For example, if an unauthorized employee is able to view payroll data, this is a loss of confidentiality. Similarly, if an attacker is able to access a customer database including names and credit card information, this is also a loss of confidentiality.
Loss of integrity means that data or an IT system has been modified or destroyed by an unauthorized entity. This could be the modification of a file, or the change in the configuration to a system. For example, if a file is infected with a virus, the file has lost integrity. Similarly, if a message within an email is modified in transit, the email has lost integrity.
Availability ensures that data and systems are up and operational when they are needed. Or said another way, loss of availability indicates that either data or a system is not available when needed by a user. For example, if a Web server is not operational when a customer wants to purchase a product, the Web server has suffered a loss of availability.
I need a particular security issue or vulnerability related to a linux service and explore its implications with regard to confidentiality, integrity, or availability of enterprise data. discuss speci...
The discussion: 150 -200 words. Auditing We know that computer security audits are important in business. However, let’s think about the types of audits that need to be performed and the frequency of these audits. Create a timeline that occurs during the fiscal year of audits that should occur and “who” should conduct the audits? Are they internal individuals, system administrators, internal accountants, external accountants, or others? Let me start you: (my timeline is wrong but you should use some...
Risk management in Information Security today Everyday information security professionals are bombarded with marketing messages around risk and threat management, fostering an environment in which objectives seem clear: manage risk, manage threat, stop attacks, identify attackers. These objectives aren't wrong, but they are fundamentally misleading.In this session we'll examine the state of the information security industry in order to understand how the current climate fails to address the true needs of the business. We'll use those lessons as a foundation...