To ensure availability we use: IPS/IDS. Patch Management. Redundancy on Hardware Power (Multiple Power Supplies/UPS’/Generators), Disks (Redundant Array of Independent Disks (RAID)), Traffic paths (Network Design), HVAC, Staff, HA (high availability) and much more. SLA’s – How high uptime to we want (99.9%?) – (ROI).

When dealing with sensitive data we want to encrypt as much as possible while still keeping data availability acceptable.

Civil Law (Tort Law): Individuals, groups or organizations are the victims and proof must be ”the Majority of Proof”. Financial fines to “Compensate the Victim(s)”.

Viruses - require some sort of human interaction and are often transmitted by USB sticks or other portable devices. When the program is executed, they replicate themselves by inserting their own code into other programs. Macro (document) viruses: Written in Macro Languages; embedded in other documents (Word, Outlook). Boot Sector viruses: infects the PC's boot sector or the Master Boot Record, ensuring it runs every time the PC boots. Stealth Viruses: try to hide themselves from the OS and antivirus software. Polymorphic Viruses: change their signature to avoid the antivirus signature definitions. Well-written polymorphic viruses have no parts that remain identical between infections, making it very difficult to detect directly using antivirus signatures. Multipart (Multipartite) Viruses: spread across multiple vectors. They are often hard to get rid of because even if you clean the file infections, the virus may still be in the boot sector and vice-versa.

Symmetric: n(n-1)/2 users, with 100 users we would need 100(100-1)/2 or (100x99)/2 = 4950 keys.

Social engineering is often more successful if they use one or more of these approaches: Authority, intimidation, consensus, scarcity, urgency, or familiarity. Often people just want to be helpful or not get in trouble.

We should patch all our hardware on a regular schedule, if we do not we can have many vulnerabilities on our network. We want defense in depth.

SOC 2 Type 2 report on management’s description of a service organization’s system and the suitability of the design and operating effectiveness of controls.

Redundant Array of Independent Disks (RAID), comes in 2 basic forms, disk mirroring and disk striping. Disk mirroring: Writing the same data across multiple hard disks, this is slower, the RAID controller has to write all data twice. Uses at least 2 times as many disks for the same data storage, needs at least 2 disks. Disk striping: Writing the data simultaneously across multiple disks providing higher write speed. Uses at least 2 disks, and in itself does not provide redundancy. We use parity with striping for the redundancy, often by XOR, if we use parity for redundancy we need at least 3 disks.

Personally identifiable information (PII) is any information about an individual that can be used to distinguish or trace an individual‘s identity, such as name, social security number, date and place of birth, mother‘s maiden name, or biometric records; and any other information that is linked or linkable to an individual, such as medical, educational, financial, and employment information.

https://en.wikipedia.org/wiki/Personal_data#NIST_definition