like scratch notes in a textbook!
All this means is that information needs to be Confidential to everyone except those who are meant to use it; the information needs to be secure as in there are checks in place to ensure data hasnt been malformed; and making sure the data is available when it is needed with no hicupsThis ensures authenticity of a sender and recipient, it is proof that the communication or data are exactly as it is meant to be. Its to ensure everything has not been altered by a malicious user.Makeing sure people or systems are who they say they are, what they have access to and when they did such thingsEsuring people who are meant to have access to apropriate data or places have said accessMakeing sure systems in use are again only accessing recources and data neccessaryDefines how access to data and recources is granted or denied based on foactors like ID, role etcA comparison of a companies currenty security posture to the desired postion.No one is trusted by default from inside or outside of the network. Verification is required for anyone attempting to gain access to infoThe portion of the network that manages and configures the network. handles authentication, auth and policy enforcementDynamically adjusts access controls based on varions contextual factors such as Context-Aware Access(user location, device type, network connection and activity) Just In Time Access(Access is based on a temportary basis) and Risk Based Authentication(System can escilate auth requirements based on preceived risk level)To eliminate as many possible attack vectors as possibleusers may access info Based on security policyThe individual responsible for ensure the security policy is in effect and functioning porperlyThe driver of the actual decision making of the access control variablesAreas in the network where trust is given because a lack of need. eg a home page of a website, you shouldnt need to auth to view a landing pagePoint in the network where auth is required to continue further. eg logging in to a site to use its main fucntion or to log into a game server as a registered userthose weird poles that come out of the groud to block carsThese are all just bait for attackers, usually segmented and collects data on threats. Things that appear as legit but arent
You need to get aproval from the necessary overhead to conduct and changes and that can be long processYes the people who invest in the company have a say in security changes depending on the request, eg spending money on expensive hardware can cut earnings i guessAnalyzing the imapct a change may haveAnalyzing test results, ALWAYS TEST MAJOR CHANGES and minor ones dependingThis is a set proceudre for when you must revert and change or well backout of a deal.You gotta have a way to recover or return to a previous state should a change be madeA set timeframe in which the network may be unavailable to due updates or changes within its infrastructureThe standard to which normal operations procede with. A standard to which changes are made to ensure normal operationWho is and isnt explicitly allowedActivities only able to conducted by select individuals. eg only and admin being able to change a passwordTime in which a network is down for maintinance and changes. Usually only wanna schedule at night or a weekend when theres no operations to mess upSometimes you gonna update a service or change a config and a restart is required. Operaions may be down for a bit due to itOld applications that are still in use but are not major parts of the operations as they're outdated and unstableMost softwares are dependant on other softwares to work so you must have the required dependancies.Ensuring services and systems are suing the correct version and updating regularlyA key that is available to anyone and is associated with a system or proccess. eg SSH public keysA key that is cryptographically related to a public key and is used in conjunction with the public key for authenticationA method of securly storing and manageing keys to ensure data can be recovered in case of lossEach level can be encrypted within the previous level
the entire storage device is encryptedOnly a portion of a storage device is encryptedA single file is encrypted.A volume or a formatted partition is encryptedI'd hope u know a database is meant to be encryptedSecuring logs of importiant changesAlmost all modern data transport is encrypted or atleast through a secure tunnel. TLSThe same key is used for encryption and decryption, an exchange of the same key. Not as safe as symmetricPublic and private keys. Everyone has the public key but only those with a private key made from the public key can decrypt. This is better because no one is sharing the same key aroundA process where cryptographic keys are exchanged between 2 parties, allowing them to use the keys for sharing encrypted informationTheres many different encryption algorithms available such as: Tripple Data Encryption Standard(3DES), Blowfish, RSA, Advanced Encryption Standard 256(AES-256)A secure cryptoprocessor that is used to store device encryption keys. Its basically in charge of all of your devices encryption processesHardened and tamper resistant hardware devices that secure cryptographic proccess by creating, protecting and managing keys used for encrypt and decrypt of data and creating digital signatures and certsA system that creates, stores, distributes, destroys, controls access and disables cryptographic keysA dedicated, isolated and secure area on a devices hardware that protects sensitive data and proccesses like cyrptographic keys and biometric data. Like when you use face ID it has to access the data from the secure enclaveHiding data inside of imagesThe replacement of sensitive data with non-sensitive surrogate data called a token that can cryptographically map back to the origioal data. eg when you use your card to pay for something, your actual bank details arent being transfered around, its using tokens instead.The proccess of hiding data by modifying in a way that is is of no value to a malicious userTurns data into a sixed length string by doing alot of math and conversions. Its used everywhere like in secure data storage, digital signatures and cryptocurrency amongst many othersSalting is where theres other data sprinkled into the hash that adds other characters into the string to change the hash making it very very hard to breakHashes that ensure data has not been tampered with or to ensure something has not changed. For example, when you download software there is usually a hash given on the page to compare to hash of the downloaded data. These hashes are signatures of authenticityMakes a weak password hash into a massivly difficult one to break by repeatly hashing it possible hundreds to hundreds of thousands of times.A decentralized, distributed and publig digital ledger that records transactions across a peer-to-peer network. Mainly used for crypto but has other use cases such as supply chain management and verifying digital assetsThe public ledger associated witha blockchainCA's verify the identity of entitiies like websites people and organizations and bind their PK's to them. CA's are trusted by people and organizations do perform these actionsA list of digital certs that have been revoked by the issuing CA before their experationA protocol that allows clients to directly query a CA for the status of a certificate.A certificate signed by the developer or company responsible for the site or software instead of a trusted CA. Should only be used for testing and private networksA root of trust is a trusted source within a cryptographic system that is implimented as a secure hardware module that ensures integrity and security of crypto operation, keys and digital certificates. They are initially issued and signed by a CA representing the top most level of trustA specific file with website and organization info sent to a CA to request a digital signature for their public key.A certificate that secures multiple sub-domians under a single primary domain