Chapter 1 Flashcards
Protection afforded to an automated info system in order to preserve CIA
Computer Security
Confidentiality - data con.. - privacy Integrity - data int.. - system int.. Availability - system works and not denied to authorized users
CIA Triad
Low: loss could be expected to have a limited effect
Moderate: loss could have serious adverse effect
High: loss = sever or catastrophic
Levels of Impact
Hardware
Software
Data
Communication facilities/networks
Assets of a Computer System
Attempt to alter system resources/affect their operation
Active Attack
Attempt to learn/make use of information from the system that does not affect system resources
Passive Attack
Corrupted (loss of integrity)
Leaky (loss of confidentiality)
Unavailable or very slow (loss of availability)
Categories of vulnerabilities
Capable of exploiting vulnerabilities
Threats
Initiated by an entity inside security parameter
Insider
Initiated from outside perimeter
Outsider
Any means taken to deal with a security attack
Countermeasures
Threat Action (Attack): Exposure Interception Inference Intrusion
Threat Consequence:
Unauthorized Disclosure
Threat Action (Attack):
Masquerade
Falsification
Repudiation
Threat Consequence:
Deception
Threat Action (Attack):
Incapacitation
Corruption
Obstruction
Threat Consequence:
Disruption
Threat Action (Attack):
Misappropriation
Misuse
Threat Consequence:
Usurpation
Eavesdropping, monitoring of transmissions
Passive Attack
Involve some modificaton of data stream
Active Attack
Consist of reachable and exploitable vulerabilities in a system
Attack Surfaces
Network _ _ - vulnerabilities denial-of-service attack, disruption of communication links
Software - v.. in apps, OS code
Human - v.. created by personnel
Attack Surface Categories
Security policy
Security implementation
Assurance
Evaluation
Computer Security Strategy
