Security Principles

Confidentiality

  • Definition:

Confidentiality are designed for web admin for login or view the private page or data on website and protect wrong people. 

  • Example:

It like when you login the Facebook to enter your own account to use it or another example is your email that only know the password to enter you email and read it.

  • Recommendation:

Make sure that you have strong passwords and make it safety for wrong people can’t get into your website.

  • Reference:

Whatis Techtarget

Integrity

  • Definition:

Integrity is guarantee that the information on the website is trustworthy and accurate

  • Example:

When user have an account on some website, this website have to take care of personal information and make sure that unauthorized people do not have access to this information

  • Recommendation:

I would recommend to make sure that data which is stored is safe, for example use some outside software to make it safe and also recommendation for user is to use

  • Reference:

Whatis Techtarget

Availability

  • Definition:

High availability refers to systems that are durable and likely to operate continuously without failure for a long time. The term implies that parts of a system have been fully tested and, in many cases, that there are accommodations for failure in the form of redundant components. Availability/Reliability refers to the ability of a user to access information or resources in a specific location and in the correct format.

  • Example:

Account lockouts, which occur when a computer system encounters an onslaught of “bad” passwords, thus locking out the accounts in question and its availability.

  • Recommendation:
  1. Invest in higher infrastructure. Larger server to cope with the running of the system. Must be well funded to allow better access to users.
  2. Invest in security software. Scanning, Monitoring and constant updating of security.
  • Reference:

Your Dictionary

Principle of Least Privilege

10215791 – access denied
  • Definition:

Principle which increases security by giving minimal privileges necessary to users. (Don’t need to have administrative rights if it’s not needed)

  • Example:

If a normal user in a company with minimal privileges gets attacked by any malware or virus, the malware will have limited access since the user doesn’t have root privileges.

  • Recommendation:
  1. Never give full privilege if it’s not necessary
  2. The user just need the minimum access, only the necessary for doing his work
  • Reference:

Search Security

Social Engineering

  • Definition:

It is a way to manipulate users and take confidential information from them. This can be password, phone, location, credit card number.  

  • Example:

“You won in the lottery. Click here” ; “Your friend took a picture off you. Click here to download”

  • Recommendation:

Beware of any email which ask to open something; to download; to offer something; Review your Spam filters; Install anti-virus software  

  • Reference:

We Broot