Core Security Concepts Flashcards
Define: Threat
Any potential danger
Define: Threat agent
An entity that may act upon a vulnerability
Define: Vulnerability
A weakness or flaw that may provide an opportunity to a threat agent
Define: Risk
the likelihood of a threat agent exploiting a discovered vulnerability
Define: Exposure
an instance of being compromised by a threat agent
Define: Countermeasure
An administrative operation, or logical mitigation against potential risks
Define 3 core security concepts
- Accounting
- Non-repudiation
- Privacy
Define: CIA triangle
Confidentiality Integrity Availability All wrapped around data and services
Define: Confidentiality
The concept of preventing the disclosure of information to unauthorised parties
Define 3 confidentiality concepts
- is about viewing data
- assure the secrecy of data
- helps maintaining data privacy
What is integrity?
The concept of protecting the data from unauthorised alteration
Define 3 integrity concepts
- It must ensure that the data that is transmitted, processed and stored correctly
- Is as accurate as the originator intended
- The software performs reliably as it was intended to
Define: Availability
The security concept that is related to the access of the software or the data or information it handles
What 2 determines availability ?
- the criticality of the data or service
- its purpose in the system
Actions that support availability
- Loading balancing
- replication
- redundancy
Define: Authentication
Authentication is the process of determining the identity of a user
3 Authentication methods and examples
- Something you know (password or pin)
- Something you have (one time token or phone)
- Something you are (fingerprint or biometric)
Define: Authorisation
- Applying access control rules to a user process
- Determining whether or not a particular user process can access an object.
Define: Requester and requestes resource
- Requester is referred to as the subject
- Requested resource is referred to as the object
Authorisation subject can be
and priviledge levels
- Subject may be human process another object
- Can be categorized by privilege level
- Admin
- user
- manager
- anonymous user
Define: Accounting
- Means of measuring activity
- Also known as auditing
Accounting 2 concepts
- Logging crucial elemnts of activity as they occur
- Audit logs must be balanced as they required resources to create, store and review
Define: Non-repudiation
The concept of preventing a subject from denying a previous action with an object in a system
prevention of repudiation is ensured by:
authentication, authorisation and auditing are properly configured
privacy 3 concepts
- data anonymisation
- user consent
- test data management - prevention of production data leaking into test environments