Stimulus Unauthorized attempt is made to display data, change or delete data, access system services, change the system’s behavior, or reduce availability.Īrtifact System services data within the system a component or resources of the system data produced or consumed by the systemĮnvironment The system is either online or offline, connected to or disconnected from a network, behind a firewall or open to a network, fully operational, partially operational, or not operational A human attacker may be from outside the organization or from inside the organization. Source Human or another system which may have been previously identified (either correctly or incorrectly) or may be currently unknown.
Security General ScenarioPortion of Scenario For example, an online banking system authorizes a legitimate user to access his account. – Authorization grants a user the privileges to perform a task. For example, you cannot deny ordering something from the Internet, or the merchant cannot disclaim getting your order. – Nonrepudiation guarantees that the sender of a message cannot later deny having sent the message and that the recipient cannot deny having received the message. For example, when you get an e-mail purporting to come from a bank, authentication guarantees that it actually comes from the bank.
– Integrity is the property that data or services are not subject to unauthorized manipulation. For example, a hacker cannot access your income tax returns on a government computer. – Confidentiality is the property that data or services are protected from unauthorized access.
Security has three main characteristics, called CIA:.© Len Bass, Paul Clements, Rick Kazman, distributed under Creative Commons Attribution License
0 kommentar(er)
