From 51c007c545088e8d2f245c10872b6ccf5ac64c0b Mon Sep 17 00:00:00 2001 From: Nanne Baars Date: Mon, 13 Dec 2021 20:28:43 +0100 Subject: [PATCH] Update documentation --- .../main/resources/lessonPlans/en/CIA_availability.adoc | 2 +- .../resources/lessonPlans/en/CIA_confidentiality.adoc | 8 ++++---- .../src/main/resources/lessonPlans/en/CIA_integrity.adoc | 6 +++--- .../cia/src/main/resources/lessonPlans/en/CIA_intro.adoc | 6 +++--- .../cia/src/main/resources/lessonPlans/en/CIA_quiz.adoc | 2 +- 5 files changed, 12 insertions(+), 12 deletions(-) diff --git a/webgoat-lessons/cia/src/main/resources/lessonPlans/en/CIA_availability.adoc b/webgoat-lessons/cia/src/main/resources/lessonPlans/en/CIA_availability.adoc index a0c885ccc..041c344d3 100644 --- a/webgoat-lessons/cia/src/main/resources/lessonPlans/en/CIA_availability.adoc +++ b/webgoat-lessons/cia/src/main/resources/lessonPlans/en/CIA_availability.adoc @@ -19,6 +19,6 @@ Availability is "the property of being accessible and usable on demand by an aut ** network traffic control ** firewalls ** physical security of hardware and underlying infrastructure -*** protections against fire, water, and other elements +*** protection against fire, water, and other elements ** hardware maintenance ** redundancy diff --git a/webgoat-lessons/cia/src/main/resources/lessonPlans/en/CIA_confidentiality.adoc b/webgoat-lessons/cia/src/main/resources/lessonPlans/en/CIA_confidentiality.adoc index 7d4e4b8a5..9045d4d5e 100644 --- a/webgoat-lessons/cia/src/main/resources/lessonPlans/en/CIA_confidentiality.adoc +++ b/webgoat-lessons/cia/src/main/resources/lessonPlans/en/CIA_confidentiality.adoc @@ -1,15 +1,15 @@ == Confidentiality -Confidentiality is "the property, that information is not made available or disclosed to unauthorized individuals, entities, or processes." In other words, confidentiality requires that unauthorized users should not be able to access sensitive resources. Confidentiality must be balanced with availability; authorized persons must still be able to access the resources they have been granted permissions for. +Confidentiality is "the property that information is not made available or disclosed to unauthorized individuals, entities, or processes." In other words, confidentiality requires that unauthorized users should not be able to access sensitive resources. Confidentiality must be balanced with availability; authorized persons must still access the resources they have been granted permissions for. -Although confidentiality is similar to "privacy", these two words are not interchangeable. Rather, confidentiality is a component of privacy; confidentiality is implemented to protect resources from unauthorized entities. +Although confidentiality is similar to "privacy," these two words are not interchangeable. Instead, confidentiality is a component of privacy; confidentiality is implemented to protect resources from unauthorized entities. {nbsp} + === Examples that compromise confidentiality: ** a hacker gets access to the password database of a company -** a sensitive emails is sent to the incorrect individual +** a sensitive email is sent to the incorrect individual ** a hacker reads sensitive information by intercepting and eavesdropping on an information transfer {nbsp} + @@ -22,4 +22,4 @@ Although confidentiality is similar to "privacy", these two words are not interc *** multi-factor authentication (MFA) *** biometric verification ** minimizing the number of places/times the information appears -** physical security controls such as properly secured server rooms \ No newline at end of file +** physical security controls such as properly secured server rooms diff --git a/webgoat-lessons/cia/src/main/resources/lessonPlans/en/CIA_integrity.adoc b/webgoat-lessons/cia/src/main/resources/lessonPlans/en/CIA_integrity.adoc index e3978d242..cddf63cfc 100644 --- a/webgoat-lessons/cia/src/main/resources/lessonPlans/en/CIA_integrity.adoc +++ b/webgoat-lessons/cia/src/main/resources/lessonPlans/en/CIA_integrity.adoc @@ -1,6 +1,6 @@ == Integrity -Integrity is "the property of accuracy and completeness." In other words, integrity means maintaining the consistency, accuracy and trustworthiness of data over its entire life cycle. Data must not be changed during transit and unauthorized entities should not be able to alter the data. +Integrity is "the property of accuracy and completeness." In other words, integrity means maintaining the consistency, accuracy, and trustworthiness of data over its entire life cycle. Data must not change during transit, and unauthorized entities should not alter the data. {nbsp} + @@ -13,9 +13,9 @@ Integrity is "the property of accuracy and completeness." In other words, integr {nbsp} + -=== Examples of methods ensuring integrity +=== Examples of methods ensuring the integrity ** well functioning authentication methods and access control ** checking integrity with hash functions ** backups and redundancy -** auditing and logging \ No newline at end of file +** auditing and logging diff --git a/webgoat-lessons/cia/src/main/resources/lessonPlans/en/CIA_intro.adoc b/webgoat-lessons/cia/src/main/resources/lessonPlans/en/CIA_intro.adoc index f987387fd..8804d73bd 100644 --- a/webgoat-lessons/cia/src/main/resources/lessonPlans/en/CIA_intro.adoc +++ b/webgoat-lessons/cia/src/main/resources/lessonPlans/en/CIA_intro.adoc @@ -1,7 +1,7 @@ == The CIA Triad The CIA Triad (confidentiality, integrity, availability) is a model for information security. -The three elements of the triad are considered the most crucial information security components and should be guaranteed in any secure system. + -Serious consequences can result if even one these elements is breached. +The three elements of the triad are considered the most crucial information security components and should guarantee in any secure system. + +Serious consequences can result if even one of these elements is breached. -The CIA Triad was created to provide a baseline standard for evaluating and implementing security regardless of the underlying system and/or organization. \ No newline at end of file +The CIA Triad was created to provide a baseline standard for evaluating and implementing security regardless of the underlying system and/or organization. diff --git a/webgoat-lessons/cia/src/main/resources/lessonPlans/en/CIA_quiz.adoc b/webgoat-lessons/cia/src/main/resources/lessonPlans/en/CIA_quiz.adoc index 56840faa5..90be99409 100644 --- a/webgoat-lessons/cia/src/main/resources/lessonPlans/en/CIA_quiz.adoc +++ b/webgoat-lessons/cia/src/main/resources/lessonPlans/en/CIA_quiz.adoc @@ -1,3 +1,3 @@ Now it's time for a quiz! Answer the following question to check if you understood the topic. -Today, most systems are protected by a firewall.A properly configured firewall can prevent malicious entities from accessing a system and helps protect an organization's resources. For this quiz, imagine a system that handles personal data but is not protected by a firewall: \ No newline at end of file +Today, most systems are protected by a firewall. A properly configured firewall can prevent malicious entities from accessing a system and helps protect an organization's resources. For this quiz, imagine a system that handles personal data but is not protected by a firewall: