the zen of information
play

The Zen of Information Security Joshua Hill March 1 st , 1999 The - PDF document

Nov 06, 2023 •424 likes •543 views

The Zen of Information Security Joshua Hill March 1 st , 1999 The Goals of Information Security Aside from Fame, Fortune and the Pursuit of Members of the Appropriate Sex What is Information Security? 1. Information Integrity Persistence

  1. The Zen of Information Security Joshua Hill March 1 st , 1999

  2. The Goals of Information Security Aside from Fame, Fortune and the Pursuit of Members of the Appropriate Sex What is Information Security? 1. Information Integrity • Persistence of data. • Ability to access data. • Immutability of static data • Verifiability of data consistency 2. Confidentiality • Ability to control access to your data • Ability to securely transfer your data between trusted sites 3. Authentication • Data Authentication • Entity identification 4. Non-Repudiation.

  3. Information Integrity The Great Information Taco Least ‘Sexy’ of the Information Security goals. Persistence of information Accomplished with • Backups • RAID • Mirroring • Eternity servers • Data Havens Can conflict with the goal of confidentiality . Verification of data Accomplished by: • cryptographic hashes • MACs • signatures.

  4. Confidentiality The Obfuscated Burrito The most widely recognized Information Security goal. Accomplished with • Envelopes • Safes • Briefcases attached to very large men named ‘Butch’. • Encryption Can conflict with the goal of Information Integrity .

  5. Authentication: The Chili Rieno of Love One of the most valuable information security goals. Includes: 1. Verification of data authenticity 2. Verification of entity identity. Accomplished with • Signatures • Seals • Digital Signatures • MACs • Shared secret encryption Shares verification goals with Information Integrity .

  6. Non-Repudiation: The Misunderstood Enchilada The most commonly neglected and misunderstood goal Accomplished with • Public Notary and Witnesses • Digital Signatures Shared Secrets don't work. Required for • Legally binding contracts • Electronic commerce This goal is related to Authentication .

  7. The Foundations of Information Security The Method to the Madness Trust and trust Management • Implicit and Explicit assignments of trust Buying a carton of milk from the store Driving on the freeway Information Security transfers trust: • Trust in the machine • Trust in the data • Trust in identity of another At it’s very best, Information Security can provide the same trust as in the real world.

  8. Further Foundations to Information Security Further Madness How do they do that? 1. Minimize secret information. • The meaning of 'Security through Obscurity' • The principle of information leverage. 1. Use well developed protocols. • Try to use pre-developed protocols • Peer Review of original protocols 1. Rely on understood primitives. • NEVER make your own primitive. • NEVER use new or poorly understood primitives. • If it sounds too good to be true, it is.

  9. The Truth is Out There!

  10. Trust no one!

  11. I wasn’t wrong , I was lying.

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

NII Homepage INFORMATION SYSTEMS IN JAPAN 2.1 The Science Information System and NACSIS / NII

NII Homepage INFORMATION SYSTEMS IN JAPAN 2.1 The Science Information System and NACSIS / NII

1. ECONOMICS OF INFORMATION Economics of Information Services 1.1 Microeconomics of Information 1961- Market Models with Asymmetric Information for Scientific and Technical Data in Information Cost / Value the Information Age: Lemon Market,

530 views • 6 slides
Information Information partition Player 's information partition is a collection of his

Information Information partition Player 's information partition is a collection of his

Information by Prof. Kyung Hwan Baik. Slides for chapter 7 of Games and Information Information partition Player 's information partition is a collection of his information sets i such that each path is represented by one node in

799 views • 43 slides
1 Information and its Presentation: Gender Cues in Low-Information vs. High-Information

1 Information and its Presentation: Gender Cues in Low-Information vs. High-Information

Information and its Presentation: Gender Cues in Low-Information vs. High-Information Experiments David J. Andersen Tessa Ditonto Iowa State University (9214 words) This article examines how the presentation of information during a laboratory

738 views • 37 slides
. distribution of all types of information . Not just news and advertising Meet the information

. distribution of all types of information . Not just news and advertising Meet the information

Presentation By Howard I. Finberg Director, Information Te chnology The fuizona Republic 4/3/e7 TECHNOLOGY STRATEGY Become the information leader . Effective collection, storage, retrieval and . distribution of all types of information . Not just

1.21k views • 22 slides
optimization work (including the timing thereof), construction activities, power supply and

optimization work (including the timing thereof), construction activities, power supply and

Certain information contained in this presentation constitutes forward looking information. This information may relate to future events or the Companys future performance. All information other than information of historical fact is forward

594 views • 41 slides
Certain information contained in this presentation constitutes forward looking information. This

Certain information contained in this presentation constitutes forward looking information. This

Certain information contained in this presentation constitutes forward looking information. This information may relate to futur e events or the Companys future performance. All information other than information of historical fact is forward

489 views • 13 slides
Information The following Information has been compiled from various sources by

Information The following Information has been compiled from various sources by

Information The following Information has been compiled from various sources by Westaff/Personnel Plus! HR Consultants It has been updated to be current as of this morning but It contains perishable information that can change at any

805 views • 45 slides
Requesting information under the Freedom of Information Act and the Data Protection Act Leigh

Requesting information under the Freedom of Information Act and the Data Protection Act Leigh

Requesting information under the Freedom of Information Act and the Data Protection Act Leigh Day / CORE Training Event on Access to Information 10 July 2015 Emily Soothill Freedom of Information Act 2000 (FOIA) " Freedom of Information

568 views • 18 slides
Information Retrieval Introducing Information Retrieval and Web Search Information Retrieval

Information Retrieval Introducing Information Retrieval and Web Search Information Retrieval

Introduction to Information Retrieval Introducing Information Retrieval and Web Search Information Retrieval Information Retrieval (IR) is finding material (usually documents) of an unstructured nature (usually text) that satisfies an

1.01k views • 57 slides
Information Theory Don Fallis Information in the Wild Intentional Information Transfer Data

Information Theory Don Fallis Information in the Wild Intentional Information Transfer Data

Information Theory Don Fallis Information in the Wild Intentional Information Transfer Data Storage Measuring Information Surprise! Inversely Related to Probability The lower the probability of event A, the more information you get by

608 views • 33 slides
recovery rates, net present values and internal rates of return, timing for the commencement of

recovery rates, net present values and internal rates of return, timing for the commencement of

Certain information contained in this presentation constitutes forward looking information. This information may relate to future events or the Companys future performance. All information other than information of historical fact is forward

582 views • 41 slides
11/15/2012 Storage of Classified Information DoD Information Security Program 1 Information

11/15/2012 Storage of Classified Information DoD Information Security Program 1 Information

11/15/2012 Storage of Classified Information DoD Information Security Program 1 Information Security Webinar Storage of Classified Information Host: Treva Alexander, SAPPC Information Security Course Manager, DSS - CDSE Gained experience in

329 views • 14 slides
INFORMATION AS POWER COMM1A WEEK 1; Sept 21, 2015 Information as Power 2 Information shapes

INFORMATION AS POWER COMM1A WEEK 1; Sept 21, 2015 Information as Power 2 Information shapes

INFORMATION AS POWER COMM1A WEEK 1; Sept 21, 2015 Information as Power 2 Information shapes behavior News media are the principal providers of current affairs information Political elites and those seeking to replace them have a strong

900 views • 64 slides
Information & Entropy Comp 595 DM Professor Wang Information & Entropy Information

Information & Entropy Comp 595 DM Professor Wang Information & Entropy Information

Information & Entropy Comp 595 DM Professor Wang Information & Entropy Information Equation p = probability of the event happening b = base (base 2 is mostly used in information theory) *unit of information is determined by base

226 views • 9 slides
Security 101 Definition of Information Security Information security is the protection of

Security 101 Definition of Information Security Information security is the protection of

Computing Services Information Security Office Security 101 Definition of Information Security Information security is the protection of information and systems from unauthorized access, disclosure, modification, destruction or disruption. The

469 views • 22 slides
Chapter 9: Information and Strategic Behavior Asymmetric information. Firms may have

Chapter 9: Information and Strategic Behavior Asymmetric information. Firms may have

Chapter 9: Information and Strategic Behavior Asymmetric information. Firms may have better (private) information on their own costs, the state of the demand... Static game fi rms information can be partially revealed by

309 views • 11 slides
Whose Bits Are They, Anyway? Access Controlled Applications Built Around AFS DJ Byrne

Whose Bits Are They, Anyway? Access Controlled Applications Built Around AFS DJ Byrne

Whose Bits Are They, Anyway? Access Controlled Applications Built Around AFS DJ Byrne djbyrne@jpl.nasa.gov Jet Propulsion Laboratory Information Services - File/Web Service Engineer http://fil.jpl.nasa.gov/ 2004-03-24 SLAC AFS Best

509 views • 21 slides
C -correspondence functoriality of Cuntz-Pimsner algebras Menevs e Ery uzl u

C -correspondence functoriality of Cuntz-Pimsner algebras Menevs e Ery uzl u

C -correspondence functoriality of Cuntz-Pimsner algebras Menevs e Ery uzl u September, 2020 What/Why are we doing? Menevs e Ery uzl u C -correspondence functoriality of Cuntz-Pimsner algebras What/Why are we doing? A

706 views • 55 slides
CSCI 4760 - Computer Networks Fall 2016 Instructor: Prof. Roberto Perdisci perdisci@cs.uga.edu

CSCI 4760 - Computer Networks Fall 2016 Instructor: Prof. Roberto Perdisci perdisci@cs.uga.edu

source: computer-networks-webdesign.com CSCI 4760 - Computer Networks Fall 2016 Instructor: Prof. Roberto Perdisci perdisci@cs.uga.edu This slides are adapted from the textbook slides by J.F. Kurose and K.W. Ross Chapter 8: Network Security

971 views • 93 slides
Custom Content Migrations to Drupal 8 Getting your stuff into Drupal 8 Michael Anello

Custom Content Migrations to Drupal 8 Getting your stuff into Drupal 8 Michael Anello

Custom Content Migrations to Drupal 8 Getting your stuff into Drupal 8 Michael Anello DrupalEasy/Anello Consulting, Inc. drupaleasy.com ultimike on drupal.org (drupal.org/u/ultimike) @ultimike Drupal 8 core contributor -

469 views • 31 slides
THE PERFECT CALLS- TO-ACTION CONTAINS ALL VIDEO SLIDEDECKS FOR THIS SESSION 1 SESSION 2

THE PERFECT CALLS- TO-ACTION CONTAINS ALL VIDEO SLIDEDECKS FOR THIS SESSION 1 SESSION 2

SLIDEDECKS SESSION 2 THE PERFECT CALLS- TO-ACTION CONTAINS ALL VIDEO SLIDEDECKS FOR THIS SESSION 1 SESSION 2 THE PERFECT CALLS TO ACTION 2 THE PERFECT CALLS TO ACTION SESSION 2 2.1 MAP YOUR CUSTOMER JOURNEY: STARTING

782 views • 64 slides
SELL MORE PRODUCTS ONLINE STEP FIVE SELL THEM STUFF PART 1 jane hamill 1 STEP 5: SELL STUFF

SELL MORE PRODUCTS ONLINE STEP FIVE SELL THEM STUFF PART 1 jane hamill 1 STEP 5: SELL STUFF

SELL MORE PRODUCTS ONLINE STEP FIVE SELL THEM STUFF PART 1 jane hamill 1 STEP 5: SELL STUFF What well cover in Step Five Whats working NOW Your marketing triggers as a way to sell more Increase conversions When

419 views • 20 slides
Wayland/X Compositor Architecture By Example: Enlightenment DR19 Blog:

Wayland/X Compositor Architecture By Example: Enlightenment DR19 Blog:

Wayland/X Compositor Architecture By Example: Enlightenment DR19 Blog: http://e19releasemanager.wordpress.com Contact: zmike@enlightenment.org E19 Release Date: LOL Source: http://git.enlightenment.org/core/enlightenment.git/

624 views • 27 slides
Ascon (A Submission to CAESAR) Ch. Dobraunig 1 , M. Eichlseder 1 , F. Mendel 1 , M. Schl affer 2

Ascon (A Submission to CAESAR) Ch. Dobraunig 1 , M. Eichlseder 1 , F. Mendel 1 , M. Schl affer 2

Ascon (A Submission to CAESAR) Ch. Dobraunig 1 , M. Eichlseder 1 , F. Mendel 1 , M. Schl affer 2 1 IAIK, Graz University of Technology, Austria 2 Infineon Technologies AG, Austria 22nd Crypto Day, Infineon, Munich Overview CAESAR Design of

639 views • 25 slides

More recommend