The CIA of security
Confidentiality + Integrity + Availability
+ (in time) – Authentication and Non-repudiation

Operational model of computer security
Protection = Prevention + (Detection + Response)

Other security concepts
– Least privilege
– Separation of duties
– Implicit deny
– Job rotation
– Layered security
– Diversity of defense
– Security through obscurity: pushing your favorite ice cream to the back of the freezer, or making your admin URL hard to guess 🙂

Identification vs Authentication vs Authorization
Identification – who are you? (typically an username)
Authentication – how can you prove who you are?
– something you know (a password)
– something you have (a physical token)
– something you are (fingerprint reader)
Authorization – what you can do once you are authenticated?

Access control
– DAC – discretionary access control
– MAC – mandatory access control
– RBAC – role based access control
– RBAC – rule based access control

Image: istockphoto