3.1 Goals and Principles - What Is Security Flashcards
What is a threat ?
Bad Event that might happen.
What is an attack ?
someone intentionally causes something bad to happen
What is an Vulnerability ?
weakness in an information system that might enable an attack
What is an exploit ?
Implementation of an attack
What is Risk ?
The probability of an attack multiplied by the possible damage
What is a critical infastructure ?
Entities/organisations that are important for essential services delivered to the public
What are the consequences of a loss of a critical infastructure ?
Loss or deterioration of service would have a significant impact on public safety
In which Sectors would you normally find a critical infastructure ?
Energy, IT, Telecommunication, Water, Food, Finance, Health, Transport
What is technical prevention ?
design systems to prevent, discourage ( If attack cannot be prevented, increase its cost and control damage ) and mitigate attacks
What are attacks that happen all the time in open networks ?
port scans, spam, phishing etc.
What is the focus of proactive security ?
Prevent attacks with technical prevention
What is the focus of reactive security ?
detect attacks and take measures to stop them. Find the perpetraitors of the attack afterwards
Why is Security a continious process ?
Attackers always try to find new methods of attack, Defenders need to contiously upgrade their systems
What is contingency planning ?
how to recover from a breach
What are the traditional Security goals ?
CIA = confidentiality, integrity, availability
Confidentiality:
protection of secrets
Integrity:
only authorized modification of data and system configuration
Availability:
no denial of service, business continuity