Defenses Methods
Prevention
Prevent attackers from violating security policy.
Detection
Detect attackers’ violation of security policy.
Recovery
Stop attacks, assess, and repair damage. Continue to function correctly even if the attack succeeds
Controls
Encryption
To ensure confidentiality and integrity of data.
Weak encryption can be worse than no encryption.
Software / Program Controls
Prevent outside attacks.
Maintained and developed to ensure confidence.
Development controls
Quality standards (e.g. recommending Penetration Testing).
Program controls include
Internal program controls: parts of the program that enforce security restrictions.
i.e. access limitations in a database management program.
Operating system and network system controls limitations enforced by the operating system or network to protect each user from all other users.
i.e.
chmod
on UNIX: (Read, Write, Execute) vs. (Owner, Group, Other).
Independent control programs: application programs.
i.e. password checkers, intrusion detection utilities, or virus scanners, that protect against certain types of vulnerabilities.
Last updated