لطفا منتظر باشید ...
Security Objectives
When performing security tasks, security professionals try to protect their environments as effectively as possible. These actions can also be described as protecting confidentiality, integrity, and availability (CIA), or maintaining CIA. CIA stands for
- Confidentiality
Ensure that no data is disclosed intentionally or unintentionally. - Integrity
Make sure that no data is modified by unauthorized personnel, that no unauthorized changes are made by authorized personnel, and that the data remains consistent, both internally and externally. - Availability
Provide reliable and timely access to data and resources.
NOTEThe opposite of CIA is disclosure, alteration, and denial (DAD).A major security objective is measuring the costs and benefits of security. If you want to measure the cost of securing an entity, whether it is data on networks, data on computers, or other assets of an organization, you need to know something about risk assessment. Generally, the assets of an organization have multiple risks associated with them, such as:
After you have identified the assets at risk as well as the risks themselves, you need to determine the probability of a risk occurring. Although there are numerous threats that could affect an organization, not all of them are likely to occur in your environment. For example, an earthquake is highly possible if you live close to San Francisco but not if you live in New York City. For this reason, a realistic assessment of the risks must be performed. Research must be performed to determine the likelihood of risks occurring to certain resources at specific places. By determining the likelihood of a risk occurring within a year, you can determine what is known as the annualized rate of occurrence (ARO).
