Abstract

Computer Network Defense is the defensive and largely proactive component of Computer Network Operations, and is one of the few places where military and civilian approaches are similar. But how does Computer Network Defense fit into the category of defensive actions? To answer this question, one must understand what is being defended. This chapter explains what type of information should be protected from cyber attacks and highlights the key principles of security—namely, the CIA triad of confidentiality, integrity, and availability, and AAA which covers authentication, authorization, and auditing. Of course, no attempt at defending information assets is complete if users’ security mindset is weak, ...