search

What is availability in it security?

1 anos atrás
Comentários: 0
Visualizações: 1

With vehicles becoming more connected and their systems relying more on complex networked information, protecting the information is a priority task.

Think of information as all the bits and pieces that are gathered about something or someone. In a vehicle, information covers the details of the user, the information exchanged between electronic systems, and, even the software that is stored to make the systems work. Cybersecurity simply means that the information is protected against criminal or unauthorized use and/or that measures are taken to achieve this.

When we analyze cybersecurity, the first step is to look into the C-I-A triad, which is a well-known model for cybersecurity development. C-I-A stands for Confidentiality, Integrity and Availability – these security concepts help to guide cybersecurity policies. Automotive systems and related infrastructure must be protected against deliberate or accidental compromise of confidentiality, integrity or availability of the information that they store, process and communicate without hindering safety and functionality. It is important to understand each of these concepts because all risks, threats and vulnerabilities are measured for their potential capability to compromise one or all of these principles.

  • Confidentiality ensures that data exchanged is not accessible to unauthorized users. The users could be applications, processes, other systems and/or humans. When designing a system, adequate control mechanisms to enforce confidentiality should be in place, as well as policies that dictate what authorized users can and cannot do with the data. The more sensitive the data, the higher the level of confidentiality. Therefore, all sensitive data should always be controlled and monitored.To maintain confidentiality in automotive systems, data needs to be protected inside and outside the vehicle, while it is stored (data at rest), while it is transmitted (data in motion), and while it is being processed (data in use). Memory protection can be applied to data in use. Cryptography is excellent for protecting the confidentiality of data at rest and data in motion, but keep in mind that it imposes computational complexity and increases latency, so it should be used with caution in time-sensitive systems.
  • Integrity is the ability to ensure that a system and its data has not suffered unauthorized modification. Integrity protection protects not only data, but also operating systems, applications and hardware from being altered by unauthorized individuals. In automotive systems, CRC is known to provide integrity protection against accidental or non-malicious errors; however, it is not suitable for protecting against intentional alteration of data. Hence, the sensitive data should include cryptographic checksums for verification of integrity. Moreover, mechanisms should be in place to detect when integrity has been violated and to restore any affected system or data back to their correct state.
  • Availability guarantees that systems, applications and data are available to users when they need them. The most common attack that impacts availability is denial-of-service in which the attacker interrupts access to information, system, devices or other network resources. A denial-of-service in an internal vehicular network could result in an ECU not being able to access the information needed to operate and the ECU could become nonoperational or even worst it could bring the system to an unsafe state. To avoid availability problems, it is necessary to include redundancy paths and failover strategies in the design stage, as well as to include intrusion prevention systems that can monitor network traffic pattern, determine if there is an anomaly and block network traffic when needed.

The C-I-A triad is a very fundamental security model, but as with any model there is room for improvement; other attributes such as non-repudiation and authentication are important and needed to be considered too. But at least, ensuring that the three aspects of the C-I-A triad are covered is an important first step towards designing any secure system.

If you want to know more about cybersecurity processes, related standards, and their impact on the automotive industry, come to our two day UL-CCSP training in automotive.

The fundamental principles (tenets) of information security are confidentiality, integrity, and availability.  Every element of an information security program (and every security control put in place by an entity) should be designed to achieve one or more of these principles.  Together, they are called the CIA Triad.

Confidentiality measures are designed to protect against unauthorized disclosure of information. The objective of the confidentiality principle is to ensure that private information remains private and that it can only be viewed or accessed by individuals who need that information in order to complete their job duties.

What is Integrity?

Integrity involves protection from unauthorized modifications (e.g., add, delete, or change) of data. The principle of integrity is designed to ensure that data can be trusted to be accurate and that it has not been inappropriately modified.  

What is Availability?

Availability is protecting the functionality of support systems and ensuring data is fully available at the point in time (or period requirements) when it is needed by its users. The objective of availability is to ensure that data is available to be used when it is needed to make decisions.

Effectively executing all three tenets of the Security Triad creates an ideal outcome from an information security perspective. Consider this example: An organization obtains or creates a piece of sensitive data that will be used in the course of its business operations. Because the data is sensitive, that data should only be able to be seen by the people in the organization that need to see it in order to do their jobs. It should be protected from access by unauthorized individuals. This is an example of the principle of confidentiality.

When the individual that needs that piece of data to perform a job duty is ready to utilize it, it must be readily accessible (i.e. online) in a timely and reliable manner so the job task can be completed on time and the company can continue its processing. This describes the principle of availability. And finally, the data will be used in calculations that affect business decisions and investments that will be made by the organization. Therefore, the accuracy of the data is critical to ensure the proper calculations and results upon which decisions will be made. The assurance that the data has not been improperly tampered with and therefore can be trusted when making the calculations and resulting decisions is the principle of integrity.

LBMC Information Security provides strong foundations for risk-management decisions. We design our security risk assessments to arm your organization with the information it needs to fully understand your risks and compliance obligations. Learn more about our Risk Assessments / Current State Assessments.

What is availability in it security?

Providing Solutions to Cybersecurity Problems

  Ensuring timely and reliable access to and use of information.
Source(s):
FIPS 200 under AVAILABILITY from 44 U.S.C., Sec. 3542
NIST SP 800-137 under Availability from 44 U.S.C., Sec. 3542
NIST SP 800-172 from 44 U.S.C., Sec. 3552
NIST SP 800-172A from 44 U.S.C., Sec. 3552
NIST SP 800-18 Rev. 1 under Availability from 44 U.S.C., Sec. 3542
NIST SP 800-30 Rev. 1 under Availability from 44 U.S.C., Sec. 3542
NIST SP 800-37 Rev. 2
NIST SP 800-39 under Availability from 44 U.S.C., Sec. 3542
NIST SP 800-53 Rev. 5 from PL 113-283 (FISMA)
NIST SP 800-53A Rev. 5 under Availability from PL 113-283 (FISMA)
NIST SP 800-53B from PL 113-283 (FISMA)
NIST SP 800-60 Vol. 1 Rev. 1 under Availability from 44 U.S.C., Sec. 3542
NIST SP 800-60 Vol. 2 Rev. 1 under Availability from 44 U.S.C., Sec. 3542
NIST SP 800-171 Rev. 2 from 44 U.S.C., Sec. 3552
NIST Privacy Framework Version 1.0 under Availability from 44 U.S.C., Sec. 3542
NISTIR 7497 under Availability from 44 U.S.C., Sec. 3542
NISTIR 7621 Rev. 1 under Availability from 44 U.S.C., Sec. 3542

  1. Ensuring timely and reliable access to and use of information.
Source(s):
CNSSI 4009-2015 from 44 U.S.C., Sec. 3542

  As defined in FISMA, the term 'availability' means ensuring timely and reliable access to and use of information.
Source(s):
NIST SP 800-59 under Availability from 44 U.S.C., Sec. 3542 (b)(1)(C)

  The property that data or information is accessible and usable upon demand by an authorized person.
Source(s):
NIST SP 800-66 Rev. 1 under Availability from 45 C.F.R., Sec. 164.304

  Ensuring timely and reliable access to and use of information. Note: Mission/business resiliency objectives extend the concept of availability to refer to a point-in-time availability (i.e., the system, component, or device is usable when needed) and the continuity of availability (i.e., the system, component, or device remains usable for the duration of the time it is needed).
Source(s):
NIST SP 800-160 Vol. 1 from EGovAct

  2. Timely, reliable access to data and information services for authorized users.
Source(s):
CNSSI 4009-2015 from NSA/CSS Manual Number 3-16 (COMSEC)

  The ability for authorized users to access systems as needed.
Source(s):
NIST SP 800-113 under Availability

  Timely, reliable access to information or a service.
Source(s):
NIST SP 800-152 under Availability

  the timely, reliable access to data and information services for authorized users.
Source(s):
NIST SP 800-16 under Availability

  Timely, reliable access to information by authorized entities.
Source(s):
NIST SP 800-57 Part 1 Rev. 5 under Availability
NIST SP 800-57 Part 2 Rev.1 under Availability

  Ensuring timely and reliable access to and use of information. Note: Mission/business resiliency objectives extend the concept of availability to refer to a point-in-time availability (i.e., the system, component, or device is usable when needed) and the continuity of availability (i.e., the system, component, or device remains usable for the duration of the time it is needed).
Source(s):
NIST SP 800-160 Vol. 1 from EGovAct

  The state that exists when data can be accessed or a requested service provided within an acceptable period of time.
Source(s):
NISTIR 4734 under Availability

  measures an attacker’s ability to disrupt or prevent access to services or data. Vulnerabilities that impact availability can affect hardware, software, and network resources, such as flooding network bandwidth, consuming large amounts of memory, CPU cycles, or unnecessary power consumption.
Source(s):
NISTIR 7946 under Availability

Q&A What

Postagens relacionadas

DMC 5 how to unequip all weapons
DMC 5 how to unequip all weapons

What will happen to a firm that finds a way to lower production costs through better technology or improved organization?
What will happen to a firm that finds a way to lower production costs through better technology or improved organization?

What is the probability of 3 friends having same birthday?
What is the probability of 3 friends having same birthday?

What is an epidemiology study?
What is an epidemiology study?

What is a computer that is controlled by a master, and used to launch various types of attacks?
What is a computer that is controlled by a master, and used to launch various types of attacks?

How many numbers can be formed with the digits 1,2 3 4 3 2 1 Taken all together so that odd digits always occupy odd places?
How many numbers can be formed with the digits 1,2 3 4 3 2 1 Taken all together so that odd digits always occupy odd places?

When do you start peeing more during pregnancy
When do you start peeing more during pregnancy

Who is more dramatic male or female?
Who is more dramatic male or female?

What is Branding in Marketing?
What is Branding in Marketing?

What do achievement tests and aptitude tests try to measure?
What do achievement tests and aptitude tests try to measure?

Publicidade

ÚLTIMAS NOTÍCIAS

The method of programmed conflict that assigns a person to the role of critic is known as ______.
1 anos atrás . por JuvenileConfidant
Average temperature of ocean water
1 anos atrás . por SunnyPublisher
What is the term used in referring to the degree of being able to achieve the desired result based on their objective or purpose?
1 anos atrás . por DisruptiveComplexity
How does the substitution effect work on the demand for goods?
1 anos atrás . por IncompleteBowling
What impact did silver have on Spain?
1 anos atrás . por InsolentLine-up
Is executing simple harmonic motion with frequency n the frequency of its potential energy?
1 anos atrás . por ReformedEvacuation
Difference between ARMY membership and ARMY membership: Merch Pack
1 anos atrás . por DomedOrientalism
A set of programs that coordinate all the activities among computer or mobile device hardware.
1 anos atrás . por KnowledgeableStimulus
Which of the following is not a type of iteration statement in java?
1 anos atrás . por PlayingTranslation
Samsung tv set default sound output
1 anos atrás . por TartConspiracy

Toplistas

#1
Top 8 considere o conjunto a = (0, 1, 4, 5, 7, 8 utilizando os elementos desse conjunto responda) 2022
1 anos atrás
#2
Top 6 cardapio para marmitas congeladas 2022
1 anos atrás
#3
Top 8 28 semanas e 6 dias são quantos meses 2022
1 anos atrás
#4
Top 9 resultado do jogo do bicho da corujinha deu no poste 2022
1 anos atrás
#5
Top 4 palavras oxitona paroxitona proparoxitona 2022
1 anos atrás
#6
Top 8 lis significado do nome 2022
1 anos atrás
#7
Top 6 como tirar estrias branca com óleo de cozinha 2022
1 anos atrás
#8
Top 8 sonhar com nossa senhora aparecida livro dos sonhos 2022
1 anos atrás
#9
Top 7 10- a região onde se concentra a indústria de tecnologia de ponta, nos estados unidos, é: 2022
1 anos atrás
#10
Top 6 com relação ao conceito de aprendizagem colaborativa e correto afirmar que 2022
1 anos atrás

Publicidade

Populer

Publicidade

Sobre

Jurídica

Ajuda

Social

hometrjp
direito autoral © 2024 mesadeestudo Inc.