BUSI 4404 Chapter Notes - Chapter 11: Denial-Of-Service Attack, Ipsec, Public Key Infrastructure
Document Summary
Confidentiality: protection of organizational data from unauthorized disclosure. Integrity: assurance that data have not been altered or destroyed. Availability: the degree to which information and systems are accessible to authorized users. Threats to business continuity: disruptions, destruction of data, disasters. Threat of unauthorized access (intrusion): external attackers exist, but most unauthorized access incidents involve employees. Network controls: are safeguards that reduce or eliminate threats to network security. Preventative controls: mitigate or stop a person from acting or an event from occurring. Act as a deterrent by discouraging or restraining. Detective controls: reveal or discover unwanted events (e. g. , auditing). Corrective controls: remedy an unwanted event or intrusion. Risk assessment: a key step in developing a secure network. Octave: operationally critical threat, asset, and vulnerability evaluation. Cobit: control objectives for information and related technology. Nist guide: risk management guide for information technology systems. Develop risk measurement criteria (step 1): the measures used to examine how threats impact the organization.