Defence in Depth: The art of stratifying your security system

October 5, 2007 — Giannella
Defence in Depth is all about protecting the information by building up a number of layers around it. It isn’t simply putting up and firewall and walking away. Defence in Depth is building a number of layers around the information that work together to provide a strong and (hopefully) impenetrable.

An example could be anti-virus software installed on individual workstations when there is already virus protection on the firewalls and servers within the same environment. Different security products from multiple vendors may be on different vectors within the network, helping prevent a shortfall in any one defence leading to a wider failure.

Read the rest of this entry »

Posted in Documentation, Learning, Security. Tags: , , , , . 1 Comment »

The CIA Triad

August 10, 2007 — Giannella

A simple but widely-applicable security model is the CIA triad; standing for Confidentiality, Integrity and Availability; three key principles which should be guaranteed in any kind of secure system. This principle is applicable across the whole subject of Security Analysis, from access to a user’s Internet history to security of encrypted data across the Internet. If any one of the three can be breached it can have serious consequences for the parties concerned.Following, an in-depth analysis of the CIA components:

Read the rest of this entry »

Posted in Documentation, Learning. Tags: , . No Comments »