Category: Security & Privacy

Submit the change Approve the change Document the change Test the change Implement the change Report the change

FIN Scan: Uses an IP-bases server’s error-handling mechanism against it. Operation System (OS) Identification: users an operating system’s weaknesses to obtain valuable information. Port sweep: Bombards a servers’s IP address with packets to identify active services. Evasive sweep: Identifies a server’s systems and services without ever completely connecting to it.

Network architecture Protection mechanisms Platform architecture Security Models Enterprise architecture

Address security, integrity and information flow Graham-Denning: Defines the commands that a subject can execute to create or delete an object. Noninterference: Prevents covert channels and interference attacks. Brewer & Nash Address security and integrity Clark-Wilson State Machine: Is concerned with capturing a system’s state and ensuring its security. Bell-LaPadula (is a statemachine) Further Descriptions…

Supervisory: A system routine, or highly privileged routine, is being executed by the system. Ready: Processing can be resumed for an application. Wait: A specific event must be completed before another process resumes. (Needs review: Problem: An application is being run by the system.(?))

Control Objects for Information and Related Technology (COBIT) can be used to as the basis for internal and external security audits. determines the security mechanisms to be implemented for a system.

ISO / IEC 27001:2005 can be used for certifying a company’s ISMS and making comaprisons to other companies’ ISMSs. Defines a company’s ISMS and how it’s structured, controlled, run, and maintained.

ISO / IEC 27002 Defines the way in which security mechanisms should be run Provides guidelines for ensuring that security controls are consistent with industry best practices