Security and Performance

True

False

Secrecy: control of who gets to read information

Integrity: control of how information changes or resources are used

Availability: providing prompt access to information and resources

Accountability: knowing who has had access to resources

Hackability: providing prompt access for individuals with expertise

Damage to information

Disruption of service

Theft of money

Theft of information

Loss of privacy

True

False

True

False

Make it easy for responsible people to use the system (e.g., make security procedures simple)

Make it hard for dishonest or careless people (e.g., password management)

Train people in responsible behavior

Test the security of the system thoroughly and repeatedly, particularly after changes

Do not hide violations

System design — secure protocols, authentication, barriers to access

Programming — defensive programming and rigorous testing

Operating procedures — backup, auditing, vulnerability testing

Training and monitoring personnel

Turning off servers during a cyber attack

Real time systems when computation must be fast enough to support the service provided

Very large computations where elapsed time may be measured in days

User interfaces where humans have high expectations

Transaction processing where staff need to be productive and customers not annoyed by delays

Large data collections (e.g., Amazon)

Huge number of users (e.g., Google)

Large computation (e.g., weather forecasting)

Huge drop in stock price (e.g., Facebook)

Predict performance problems before a system is implemented

Design and build a system that is not vulnerable to performance problems

Identify causes and fix problems after a system is implemented

All of the above