|
McCumber Cube
In 1991, John McCumber created a model framework for establishing and evaluating information security (information assurance) programs, now known as The McCumber Cube. This security model is depicted as a three-dimensional Rubik's Cube-like grid. The concept of this model is that, in developing information assurance systems, organizations must consider the interconnectedness of all the different factors that impact them. To devise a robust information assurance program, one must consider not only the security goals of the program (see below), but also how these goals relate specifically to the various states in which information can reside in a system and the full range of available security safeguards that must be considered in the design. The McCumber model helps one to remember to consider all important design aspects without becoming too focused on any one in particular (i.e., relying exclusively on technical controls at the expense of requisite policies and end-user training) ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
McCumber Cube
In 1991, John McCumber created a model framework for establishing and evaluating information security (information assurance) programs, now known as The McCumber Cube. This security model is depicted as a three-dimensional Rubik's Cube-like grid. The concept of this model is that, in developing information assurance systems, organizations must consider the interconnectedness of all the different factors that impact them. To devise a robust information assurance program, one must consider not only the security goals of the program (see below), but also how these goals relate specifically to the various states in which information can reside in a system and the full range of available security safeguards that must be considered in the design. The McCumber model helps one to remember to consider all important design aspects without becoming too focused on any one in particular (i.e., relying exclusively on technical controls at the expense of requisite policies and end-user training) ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
Information Assurance
Information assurance (IA) is the practice of assuring information and managing risks related to the use, processing, storage, and transmission of information. Information assurance includes protection of the integrity, availability, authenticity, non-repudiation and confidentiality of user data. IA encompasses not only digital protections but also physical techniques. These protections apply to data in transit, both physical and electronic forms, as well as data at rest . IA is best thought of as a superset of information security (i.e. umbrella term), and as the business outcome of information risk management. Overview Information assurance (IA) is the process of processing, storing, and transmitting the right information to the right people at the right time. IA relates to the business level and strategic risk management of information and related systems, rather than the creation and application of security controls. IA is used to benefit business through the use of information ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
Dimension
In physics and mathematics, the dimension of a Space (mathematics), mathematical space (or object) is informally defined as the minimum number of coordinates needed to specify any Point (geometry), point within it. Thus, a Line (geometry), line has a dimension of one (1D) because only one coordinate is needed to specify a point on itfor example, the point at 5 on a number line. A Surface (mathematics), surface, such as the Boundary (mathematics), boundary of a Cylinder (geometry), cylinder or sphere, has a dimension of two (2D) because two coordinates are needed to specify a point on itfor example, both a latitude and longitude are required to locate a point on the surface of a sphere. A two-dimensional Euclidean space is a two-dimensional space on the Euclidean plane, plane. The inside of a cube, a cylinder or a sphere is three-dimensional (3D) because three coordinates are needed to locate a point within these spaces. In classical mechanics, space and time are different categ ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
Rubik's Cube
The Rubik's Cube is a Three-dimensional space, 3-D combination puzzle originally invented in 1974 by Hungarians, Hungarian sculptor and professor of architecture Ernő Rubik. Originally called the Magic Cube, the puzzle was licensed by Rubik to be sold by Pentangle Puzzles in the UK in 1978, and then by Ideal Toy Company, Ideal Toy Corp in 1980 via businessman Tibor Laczi and Seven Towns founder Tom Kremer. The cube was released internationally in 1980 and became one of the most recognized icons in popular culture. It won the 1980 Spiel des Jahres, German Game of the Year special award for Best Puzzle. , 350 million cubes had been sold worldwide, making it the world's bestselling puzzle game and bestselling toy. The Rubik's Cube was inducted into the US National Toy Hall of Fame in 2014. On the original classic Rubik's Cube, each of the six faces was covered by nine stickers, each of one of six solid colours: white, red, blue, orange, green, and yellow. Some later versions ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
Confidentiality
Confidentiality involves a set of rules or a promise usually executed through confidentiality agreements that limits the access or places restrictions on certain types of information. Legal confidentiality By law, lawyers are often required to keep confidential anything pertaining to the representation of a client. The duty of confidentiality is much broader than the attorney–client evidentiary privilege, which only covers ''communications'' between the attorney and the client. Both the privilege and the duty serve the purpose of encouraging clients to speak frankly about their cases. This way, lawyers can carry out their duty to provide clients with zealous representation. Otherwise, the opposing side may be able to surprise the lawyer in court with something he did not know about his client, which may weaken the client's position. Also, a distrustful client might hide a relevant fact he thinks is incriminating, but that a skilled lawyer could turn to the client's advanta ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
Integrity
Integrity is the practice of being honest and showing a consistent and uncompromising adherence to strong moral and ethical principles and values. In ethics, integrity is regarded as the honesty and truthfulness or accuracy of one's actions. Integrity can stand in opposition to hypocrisy, in that judging with the standards of integrity involves regarding internal consistency as a virtue, and suggests that parties holding within themselves apparently conflicting values should account for the discrepancy or alter their beliefs. The word ''integrity'' evolved from the Latin adjective ''integer'', meaning ''whole'' or ''complete''. In this context, integrity is the inner sense of "wholeness" deriving from qualities such as honesty and consistency of character. In ethics In ethics, an individual is said to possess the virtue of integrity if the individual's actions are based upon an internally consistent framework of principles. These principles should uniformly adhere to sound logi ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
Availability
In reliability engineering, the term availability has the following meanings: * The degree to which a system, subsystem or equipment is in a specified operable and committable state at the start of a mission, when the mission is called for at an unknown, ''i.e.'' a random, time. * The probability that an item will operate satisfactorily at a given point in time when used under stated conditions in an ideal support environment. Normally high availability systems might be specified as 99.98%, 99.999% or 99.9996%. Representation The simplest representation of availability (''A'') is a ratio of the expected value of the uptime of a system to the aggregate of the expected values of up and down time (that results in the "total amont of time" ''C'' of the observation window) : A = \frac = \frac Another equation for availability (''A'') is a ratio of the Mean Time To Failure (MTTF) and Mean Time To Repair (MTTR), or : A = \frac = \frac If we define the status function X(t) as : X( ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
Data In Transit
Data in transit, also referred to as data in motion and data in flight, is data en route between source and destination, typically on a computer network. Data in transit can be separated into two categories: information that flows over the public or untrusted network such as the Internet and data that flows in the confines of a private network such as a corporate or enterprise local area network (LAN). Data in transit is used as a complement to the terms ''data in use'', and '' data at rest'' which together define the three states of digital data. See also *Bandwidth-delay product In data communications, the bandwidth-delay product is the product of a data link's capacity (in bits per second) and its round-trip delay time (in seconds). The result, an amount of data measured in bits (or bytes), is equivalent to the maxim ... References Computer networks {{network-stub ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
CIA Triad
Information security, sometimes shortened to InfoSec, is the practice of protecting information by mitigating information risks. It is part of information risk management. It typically involves preventing or reducing the probability of unauthorized/inappropriate access to data, or the unlawful use, disclosure, disruption, deletion, corruption, modification, inspection, recording, or devaluation of information. It also involves actions intended to reduce the adverse impacts of such incidents. Protected information may take any form, e.g. electronic or physical, tangible (e.g. paperwork) or intangible (e.g. knowledge). Information security's primary focus is the balanced protection of the confidentiality, integrity, and availability of data (also known as the CIA triad) while maintaining a focus on efficient policy implementation, all without hampering organization productivity. This is largely achieved through a structured risk management process that involves: * identifying inform ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
Defense In Depth (computing)
Defense in depth is a concept used in information security in which multiple layers of security controls (defense) are placed throughout an information technology (IT) system. Its intent is to provide redundancy in the event a security control fails or a vulnerability is exploited that can cover aspects of ''personnel'', ''procedural'', ''technical'' and ''physical'' security for the duration of the system's life cycle. Background The idea behind the defense in depth approach is to defend a system against any particular attack using several independent methods. It is a layering tactic, conceived by the National Security Agency (NSA) as a comprehensive approach to information and electronic security. The term defense in depth in computing is inspired by a military strategy of the same name, but is quite different in concept. The military strategy revolves around having a weaker perimeter defense and intentionally yielding space to buy time, envelop, and ultimately counter-attac ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
Data Security
Data security means protecting digital data, such as those in a database, from destructive forces and from the unwanted actions of unauthorized users, such as a cyberattack or a data breach. Technologies Disk encryption Disk encryption refers to encryption technology that encrypts data on a hard disk drive. Disk encryption typically takes form in either software (see disk encryption software) or hardware (see disk encryption hardware). Disk encryption is often referred to as on-the-fly encryption (OTFE) or transparent encryption. Software versus hardware-based mechanisms for protecting data Software-based security solutions encrypt the data to protect it from theft. However, a malicious program or a hacker could corrupt the data to make it unrecoverable, making the system unusable. Hardware-based security solutions prevent read and write access to data, which provides very strong protection against tampering and unauthorized access. Hardware-based security or assiste ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
