Plan-Respond-Protect Cycle

Cyber Security Concept

CNSS Cyber-Security Model

The McCubmer Cube

SECURITY:
- State of freedom from a danger or risk 远离危险或风险的状态
CYBER-SECURITY:
- Tasks of guarding information that is in a digital format 保护数字化格式信息的任务
- Ensures that protective measures are properly implemented 确保保护措施得以正确实施
- Protect information that has value to people and organizations 保护对个人和组织有价值的信息
  - Value comes from the characteristics of the information 价值源自信息的特性
Security is achieved through a combination of three entities
- Products
- People
- Procedures
Layers of Security:
- Physical (Products)
- Personal (People)
- Organization (Procedure)
- Communications
- Network
- Cyber Security (CIA)

Policies, Practices, and Technology that must be in place for an organization to transact business electronically via networks with a reasonable assurance of safety. 为了确保在网络上以合理的安全性进行电子交易，组织必须制定和实施相应的政策、实践和技术
ASSETS AT RISK
- Data assets
- Knowledge assets
- Software assets
- Physical assets
- Monetary or financial assets
- Employee assets
- Customer and partner assets
- Goodwill

AUTHENTICATION: Assurance that communicating entity is the one claimed. 认证：保证通信实体是所声称的实体。
ACCESS CONTROL: Prevention of the unauthorized use of a resource. 访问控制：防止未经授权使用资源。
DATA CONFIDENTIALITY: Protection of data from unauthorized disclosure. 数据保密：保护数据免受未经授权的披露。
DATA INTEGRITY: Assurance that data received is as sent by an authorized entity. 数据完整性：保证接收到的数据与授权实体发送的数据一致。
NON-REPUDIATION: Protection against denial by one of the parties in a communication. 不拒绝：防止通信中有一方拒绝。
AVAILABILITY: Resource accessible/usable. 可用性：资源可访问/可用。
SECURITY MECHANISM: Feature designed to detect, prevent, or recover from a security attack. 安全机制：旨在检测、预防安全攻击或从中恢复的功能。