Introduction

Slides

• 01-Introduction Slides
  • Topics: definition of security, swiss cheese mode
• 02-Threat Models
  • Topics: threat model introduction

Remember

From 01-Introduction:

• CIA
  • Confidentiality - computer-related assets are accessed only by authorized parties.
  • Integrity - assets can be modified only by authorized parties and only in authorized ways.
  • Availability - assets are accessable to authorized parties at appropriate times.
• CIAAA adds two more:
  • Accountability - actions are traceable to entities responsible.
  • Authentication - user or data origin accurately identifiable.
• Swiss cheese model
• Data breaches are usually caused by multiple security failures.

From: 02-Threat Models

• Role of threat models in security
• Who is the adversary?
• What needs to be protected and what risks can be accepted?

Additional Resources

Videos

How Chinese Criminals Steal Your Credit Card With Just One Text

News and blogs

• The Age of Integrity by Bruce Schneier
• The computer errors from outer space - cosmic radiation can flip bits. Threats to correct opperation of software can come from anyware. Cosmic radiation even triggered a precautionary fleet action for Airbus A320’s.