Chapter 1 Flashcards
Information security refers to protecting information administratively, physically, and technically to prevent damage, alteration, and leakage of information while being collected, processed, stored, and transmitted information.
Concept of information security
The need to guarantee privacy and prevent crimes on the Internet is gradually increasing. Concerns about the leakage of major domestic technologies and information are also increasing, due to globalization, as the entire world is connected through the Internet.
Need for information security
the three goals of information security are confidentiality, integrity, and availability. Efforts should be made to administratively, physically and technically ensure these attributes.
Goals of information security
refers to a method of verifying whether the information exchanged between the sender and receiver, who are the information, has not been altered or deleted and whether the subject (sender and receiver) is legitimate.
Authentication
refers to security technology to prevent the repudiation after receiving and sending a message, by verifying the fact of message receiving/sending.
non-repudiation
is largely classified into cryptographic techniques and encryption protocol techniques.
Cryptography
refers to the prevention of the sender’s claim that the message was not received after receiving the message.
Non-repudiation of origin
refers to the prevention of receiver’s claim that the message was not delivered after sending the message.
Non-repudiation of delivery
refers to the prevention of the receiver’s claim that the message was not received after receiving the message.
Non-repudiation of receipt
refer to the products that use cryptographic techniques.
Cryptography protocols
is the method of providing both data integrity and signature authentication, by performing a has operation on a specific document, using the signature’s private key.
Digital Signature
is a mathematical function that converts a random string of various sizes into a short hast value
Hash Function
is an abbreviation of malicious software and refers to software designed to perform malicious actions against computers, file systems, or networks.
Malware
The Bitcoin cryptocurrency system and all transactions occurring in the network are recorded in one public ledger, distributed, and stored in a single ledger
Blockchain
established in July 2012 to set the technical (de facto) standard for authentication method, using biometrics in the online environment.
FIDO (Fast Identity Online Alliance).
is a security solution installed between a public and a private network to protect the private network from external threats.
Firewall
is a security system that detects and blocks intrusions in real-time by monitoring unauthorized or abnormal behavior within a network.
Intrusion Prevention System (IPS)
enables secure use of access control, authentication, and confidentiality services over a public network, mimicking the security of a private network.
Virtual Private Network (VPN):
allows a user to access multiple sites or services without needing to re-authenticate after logging into one site.
Single Sign-On (SSO)
positioned in front of a web server and monitors incoming traffic using the HTTP/HTTPS protocols
Web Application Firewall (WAF)
ensures that endpoints, such as user computers, comply with security policies before accessing an internal network.
Network Access Control (NAC)
automatically detects and blocks unauthorized wireless devices by continuously monitoring an organization’s wireless LAN.
Wireless Intrusion Prevention System (WIPS)
integrates security management functions into a consistent and intuitive interface.
Enterprise Security Management (ESM)
extend the role of ESM by providing early warnings and monitoring intelligent threats.
Security Information and Event Management (SIEM)
