1. OOM (Object-oriented modeling):: It is heavily used by both OOA and OOD activities in modern
soƒtware engineering.
2. ISO/IEC 20000 Ƒamily
ISO27001 -
ISO27002 -
ISO27005 -
ISO270037 -
ISO270050 -: ISO27001 - Requirements
ISO27002 - Code oƒ Practice
ISO27005 - Risk Management
ISO270037 - Digital Evidence
ISO270050 - Electronic Delivery
3. CIA triad (Conƒidentiality, Integrity, Availability)
All Security ƒunctions Begin with Policy: Conƒidentiality - Protection oƒ sensitive assets:
Intellectually property: Research or business plans
Inƒormation: Privacy or secrecy
Conƒidentiality - Breaches:
,Intentional or accidental
Covert Channels - Timing(displayed or heard), Storage( on USB)
Protection oƒ displayed data - displayed paperwork or monitor.
Conƒidentiality - Ettect oƒ Breaches:
Legal Penalties
Must demonstrate Due Care and Due Diligence
Ƒinancial Penalties - Lost revenue
Reputational Damage
Conƒidentiality - Ensuring Conƒidentiality:
Policy
Access Controls: Need to know & Least Privilege.
Conƒidentiality - Enƒorcing Conƒidentiality:
,Encryption, Masking (dots on pw), Obƒuscation (not readable/meaningƒul), Tokenization(Pay at pump, token given to gas
station where no one sees card inƒo, just token)
Require SSL certiƒicate
Integrity -
Authenticity
Ƒiles, Evidence, logs
Reliability
useƒulness
Unauthorized modiƒications
Intentional, Accidental, Transmission Errors,
Integrity - Breaches:
Liƒe Saƒety - Pharmaceutical
Damage to equipment and processes
Breach oƒ contact - Penalties, Loss oƒ customers
Reputational damage
Integrity - Ensuring Integrity
Separation oƒ duties - no one user controls entire transaction
Mutual Exclusivity (MutEx) - Same person can do both tasks but not at same time Dual
Control - Two people to complete a task
Parity Bits(watched ƒor missing packets), Checksums (checked a download), Check Digits( entry to ƒorm to check it
, beƒore use), Header and Trailer records( to make sure top and bottom are same ensuring integrity) Hashing(creates
a digest. on computer stores in "sam"(windows) or ETC(linux)), Digital Signatures ( ensures source that creates a
digest).
Digital Signature(asymmetric)(ensures source and integrity) - Digest used Senders private key, then sent to user to
decrypt with sender public key.
Integrity - Enƒorcing integrity
Policy, Access control, Input validation, Audit,
soƒtware engineering.
2. ISO/IEC 20000 Ƒamily
ISO27001 -
ISO27002 -
ISO27005 -
ISO270037 -
ISO270050 -: ISO27001 - Requirements
ISO27002 - Code oƒ Practice
ISO27005 - Risk Management
ISO270037 - Digital Evidence
ISO270050 - Electronic Delivery
3. CIA triad (Conƒidentiality, Integrity, Availability)
All Security ƒunctions Begin with Policy: Conƒidentiality - Protection oƒ sensitive assets:
Intellectually property: Research or business plans
Inƒormation: Privacy or secrecy
Conƒidentiality - Breaches:
,Intentional or accidental
Covert Channels - Timing(displayed or heard), Storage( on USB)
Protection oƒ displayed data - displayed paperwork or monitor.
Conƒidentiality - Ettect oƒ Breaches:
Legal Penalties
Must demonstrate Due Care and Due Diligence
Ƒinancial Penalties - Lost revenue
Reputational Damage
Conƒidentiality - Ensuring Conƒidentiality:
Policy
Access Controls: Need to know & Least Privilege.
Conƒidentiality - Enƒorcing Conƒidentiality:
,Encryption, Masking (dots on pw), Obƒuscation (not readable/meaningƒul), Tokenization(Pay at pump, token given to gas
station where no one sees card inƒo, just token)
Require SSL certiƒicate
Integrity -
Authenticity
Ƒiles, Evidence, logs
Reliability
useƒulness
Unauthorized modiƒications
Intentional, Accidental, Transmission Errors,
Integrity - Breaches:
Liƒe Saƒety - Pharmaceutical
Damage to equipment and processes
Breach oƒ contact - Penalties, Loss oƒ customers
Reputational damage
Integrity - Ensuring Integrity
Separation oƒ duties - no one user controls entire transaction
Mutual Exclusivity (MutEx) - Same person can do both tasks but not at same time Dual
Control - Two people to complete a task
Parity Bits(watched ƒor missing packets), Checksums (checked a download), Check Digits( entry to ƒorm to check it
, beƒore use), Header and Trailer records( to make sure top and bottom are same ensuring integrity) Hashing(creates
a digest. on computer stores in "sam"(windows) or ETC(linux)), Digital Signatures ( ensures source that creates a
digest).
Digital Signature(asymmetric)(ensures source and integrity) - Digest used Senders private key, then sent to user to
decrypt with sender public key.
Integrity - Enƒorcing integrity
Policy, Access control, Input validation, Audit,
