ACCT 002 Lecture Notes - Lecture 14: Encrypting File System, Steganography, Risk Assessment

Increased speed of attacks: universally connected devices, greater sophistication, availability & simplicity of attack tools, delays in patching, distributed attacks, user confusion. Security: concerned with intentional failures, not accidents or unintentional mistakes, can"t be solved by technology alone, requires, defining boundaries of acceptable behaviour (laws, enforcement by managers, user compliance / cooperation, correct deployment / operation of technical measures. Confidentiality: prevention of unauthorised disclosure of information, privacy: protection of personal data. Integrity: computerised data is same as source documents, not been altered etc, man-in-middle attack: attacker intercepts data and alters it. Availability: ensure malicious attacker can"t prevent legitimate users from access to systems, denial of service. Accountability: users should be held accountable for actions, to provide accountability; Non-repudiation: provides undeniable evidence that specific action occurred, non-rep of origin: provides evidence about sender of document, non-rep of delivery: provides evidence of message delivery.