Cyber Security - Intro to Security Flashcards
Sophisticated Attacks
These attacks are complex and are difficult to detect and thwart. They use common internet tools and protocols which make it hard to tell if its an attack or traffic. Their behavior also varies.
Proliferation of Attack Software
Wide variety of attack tools that are available on the internet that anyone can use if they have moderate technical knowledge.
Attack Scale and Velocity
The scale and velocity of an attack could grow to millions of computers in minutes or days because of its ability to proliferate on the internet.
Confidentiality
Ensures that data is not disclosed to unintended people. This can happen through encryption which converts the data to a form that is harder for a unintended person to use.
Integrity
Ensures data isn’t modified or tampered with. Provided through hashing.
Availability
Ensures uptime of the system so that data is available when needed.
Non-repudiation
Provides validation of a messages origin.
Physical Security
Includes all hardware and software necessary to secure data. Firewalls and antivirus softwares.
Users and Administrators
The people who use the software and people who manage the software.
Policies
Rules an organization implements to protect information.
Asset
Something that has value to the person or the organization.
Threat
Entity that can cause the loss of an asset or any potential danger to the confidentiality.
Threat Agent
Entity that can carry out a threat. Example is when a disgruntled employee who copies a database to a thumb drive and sells it to a competitor.
Vulnerability
Weakness that allows a threat to be carried out. Such as a USB port that is enabled on the server hosting the database or a server room door that is open.
Exploit
Procedure or product that takes advantage of a vulnerability to carry out a threat.
