I had one missed Security Dictionary in week 3 so I am posting my notes from my onedrive now.
Is/ought = fact / should be that way. Ought is often a moral/ethical question
Centralisation – Systems with a single point of failure often have very high-level security, but if it goes down it has a huge impact.
Space-time tradeoff – is the case when an algorithm/program can increase space usage to decrease time spent or vice versa. Exploiting space-time tradeoff, an attacker can roughly halve the effective number of bits.
Work factor – work factor is defined as the amount of effort required to break down a cryptosystem
Low-probability high-impact event - e.g. asteroids. We tend to obsess about such events or ignore it.
Risk matrix – 2D graph. Impact vs likelihood. Helpful for allocation of resources. High impact and high likelihood (focus). Low impact and low likelihood (ignore). The other ones are trickier.
Risk registers – tool for documenting risks and actions to manage each risk
Compliance – with processes. E.g. checklist for the car. Stops dumb things from happening.
Measure info in bits - 1 bit of info distinguishes between two cases
Richard was a bit vague with his discussion about managing risk. So I have reflected, done my own research and added more content for my own self study.
1. PreventionTry to prevent an event from happening by removing the vulnerabilities which allow the event to occur. I.e. if a fire is likely to occur in a building because people smoke in the building, then implement rules to prevent people from smoking inside the building.
2. LimitationIf the event cannot be prevented, then try and minimise it by limiting how bad the situation can get. I.e. if a fire does happen to occur inside a building, a method of limitation would be the installation of fire separation walls beforehand, so that the effect of the fire is limited to certain areas. Another method of limitation is by lowering the probability of the event occurring if the event cannot be fully prevented.
3. Passing the risk to a 3rd PartySimilar to Limitation, we try and limit the effects of the risk by shifting the responsibility off to another party. I.e. we can limit the losses occurred from the fire by having insurance, which can help with the recovery from the fire, through financial aid.
4. Wearing the riskIf a risk cannot be fully prevented, it is necessary to just wear the risk and in the case that the bad event does happen, the methods used to minimise the impact will help reduce the severity of the risk so that the worst case scenario does not occur.