РегистрацияЭто старая редакция страницы Библиотека / Основы / S S D / Риски / Угрозы за 08/03/2009 19:15.
Threats
What You Are Protecting Against
A threat is something bad that can happen to an asset. Security professionals divide the various ways threats can hurt your data assets into six sub-areas that must be balanced against each other:
- Confidentiality is keeping assets or knowledge about assets away from unauthorized parties.
- Integrity is keeping assets undamaged and unaltered.
- Availability is the assurance that assets are available to parties authorized to use them.
- Consistency is when assets behave and work as expected, all the time.
- Control is the regulation of access to assets.
- Audit is the ability to verify that assets are secure.
Threats can be classified based on which types of security they threaten. For example, someone trying to read your email (the asset) without permission threatens its confidentiality and your control over it. If, on the other hand, an adversary wants to destroy your email or prevent you from getting it, the adversary is threatening the email's integrity and availability. Using encryption, as described later in this guide, you can protect against several of these threats. Encryption not only protects the confidentiality of your email by scrambling it into a form that only you or your intended recipient can descramble, but also allows you to audit the emails — that is, check and see that the person claiming to be the sender is actually that person, or confirm that the email wasn't changed between the sender and you to ensure that you've maintained the email's integrity and your control over it.
