Chapter 1 Flashcards
Vulnerability
a weakness in a system that can be exploited
Threat
A possible security harm that might exploit a vulnerability.
Attack
a threat carried out
Risk
probability that a threat will exploit a vulnerability
Countermeasure
that which reduces a vulnerability, threat, attack, or risk
Security Policy
a set of rules on how security services are provided
Asset
that which has value
Threat agent (Adversary)
an entity that carries out an attack
Computer security
deals with protecting data in the computer by preventing unauthorized access.
Passive threats
Does not modify the system
Makes use of the system without affecting the operation
monitors data transmission
Active threats
attack that tries to modify the system resources.
affect the operation of the system.
modifies data that is transmitted
Attack surface
an outward facing or reachable system vulnerability
Attack Tree
a layered or branched structure of potentially exploitable vulnerabilities.
Fundamental security design principles
Economy of mechanism Fail-safe default complete mediation Open design Separation of privilege Least privilege Least common mechanism Psychological acceptability Isolation Encapsulation Modularity Layering Least astonishment
CIA triad
Confidentiality (data and privacy)
Integrity (Data and system)
Availability
