Class Critique

The first class critique I am going to write is about my first day of class. The topics of discussion were Components of information security, Threats (and vulnerabilities), Policy, Mechanisms (controls), Security Goals, Trust and Assumptions, Assurance, and Operational issues.

The first topic, Components of information security, deal with the idea of a three legged approach to security. This CIA model, or Confidentiality, Integrity, and Availability, are the main concepts of what the best way is to secure a system. The idea of Confidentiality is to keep sensitive information secure and away from unintended parties. In information security, the medical field is particularly interested in the Confidentiality of their files because it has sensitive information pertaining to their patient’s records. The idea of integrity is to maintain the correctness of the information. If the integrity of bank files were in question this would cause massive uprising because how would we know that the amount of money in your account is correct? Availability is the last leg and it is just as it sounds. A system has to be available for people to use or what good is it? All of these ideas mesh together to make one secure system and without an aspect, the system is not secure.

Threats to a computer are a broad category and can be broken down into smaller, more definable components: Disclosure (Snooping), Modification or alteration, Spoofing, repudiation of origin, denial of Receipt, delay, and denial of service. A more in-depth description of all of these topics can be found here.

The threats to a computer are targeted toward specific vulnerabilities. These vulnerabilities include but not limited to, hardware, software, data, networks, and people. As long as there is new technology, there will always be new vulnerabilities and threats. Attackers are the people who exploit these vulnerabilities. As with every attacker, computer or non-computer, they need motivation, opportunity, and a method of how to attack. Although an every day burger might use a firearm as their method, a computer attacker might use a virus or worm as theirs.

In general, the class started out well and the first lecture was a nice introduction to information security. As specific and technical information security can be, this lecture provided a nice overview about the topic.