Security Ch.1

Security administrator

Security technician

Security officer

Security manager

Large number of vulnerabilities

End-of-life systems

Lack of vendor support

Misconfigurations

Default configurations

Weak configurations

Vulnerable business processes

Misconfigurations

When a vulnerability is discovered and there is a race to see if it can be patched before it is exploited by attackers.

When two concurrent threads of execution access a shared resource simultaneously, resulting in unintended consequences

When an attack finishes its operation before antivirus can complete its work

When a software update is distributed prior to a vulnerability being discovered.

Delays in security updating

Greater sophistication of defense tools

Increased speed of attacks

Simplicity of attack tools

Security is a goal.

Security includes the necessary steps to protect from har

Security is a process.

Security is a war that must be won at all costs.

"Security and convenience are not related."

"Convenience always outweighs security.''

"Security and convenience are inversely proportional.''

"Whenever security and convenience intersect, security always wins."

Authorization

Confidentiality

Availability

Integrity

Products

People

Procedures

Purposes

on electronic digital devices and limited analog devices that can connect via the Internet or through a local area network.

through a long-term process that results in ultimate security.

using both open-sourced as well as supplier-sourced hardware and software that interacts appropriately with limited resources.

through products, people, and procedures on the devices that store, manipulate, and transmit the information.