cybersecurity Flashcards
cybersecurity
availability, integrity, authentication, confidentiality, and nonrepudiation
when was cybersecurity developed?
U.S. Air Force in 1976
MIT Research scientist David Clark and David Wilson
Concept of developing security policies concerning info security (INFOSEC) was formalized
What is the most common model of cybersecurity?
CIA Triad
CIA
Confidentiality, Integrity, Availability
what is Confidentiality
info only available to some
what is an example of confidentiality
example: FERPA and HIPAA
what is integrity
data that should be maintained in a correct state and should not be modified
what is availability
makes sure that authorized people have access to info when and where it is rightly needed
How is availability ensured?
it is implemented using traditional methods such as hardware maintenance, software patching and network optimization
availability
process such as system redundancy, failover, RAID and High availability cluster are used to weaken serious consequences when hardware issues occur
what is Dedicated Hardware Devices Can Be Used to Guard Against Downtime and Unreachable Data Due to Malicious Distributed Denial-of-Service (DDoS) Attacks, a part of?
availability
should you have access to the info?
confidentiality
do i trust the data?
integrity
am i able to access the data when i want?
availability
social engineering
people
Social Engineering
Use to Get Victims to Take Some Sort of Questionable Action Through Deception, Often Involving a Breach of Security That Oftentimes Includes Revealing Confidential or Private Information or Sending Money (in person or technology)
what can Social Engineering do?
manipulate our emotions
phishing
people
phishing
Uses Email, Phone or Text to Entice Individuals into Providing Personal or Sensitive Information, Ranging From Passwords, Credit Card Information and Social Security Numbers to Details About a Person or Organization (only on technology)
i.e. scam emails or fake website
spear phishing
email or Electronic Communications Scam Targeting Specific Individual, Organization or Business
SMiShing
scam through text
what can phishing download
malware/ viruses, modern ware/ stuxnet, ransomware, denial of service/ botnet
password protection
12-15 characters
keep it weird
don’t bunch up special characters
don’t use the same password
change once a year
use multi-factor authentication
people
people - threats
social engineering
phishing
spear phishing
smishing
password
social engineering
phishing
spear phishing
smishing
password
confidentiality
Technology
Zero Day Exploit
Deletion/Hardware Failure
RFID Hacking
(Distributed) Denial of Service (DDoS / DOS)
availability
Zero Day Exploit
Deletion/Hardware Failure
RFID Hacking
(Distributed) Denial of Service (DDoS / DOS)
Encryption
Process of Converting Human Readable Text (plaintext) Into An Incomprehensible Text (ciphertext) Using a Cryptographic Key (numbers)
VPN (Virtual Private Network)
Creates a “Data Tunnel” in Which Data Can Be Transmitted Or Shared (Sent/Received) Across a Public Network As If The Two Computers Were Directly Connected in a Private Network
what does vpn do
hide your IP address by letting the network redirect it
how does vpn help with privacy
your internet provider and other third parties cannot see what websites you visit or what data you send or receive online
system redundancy
An Organizational Decision to Purposely Duplicate Critical Components or Functions of a Computer System With the Express Intention of Increasing The Reliability of the System - Usually in the Form of a Backup or to Improve Actual System Performance
what is an example of system redundancy
backup system or the story of renting a back up place in kansas during a tornado
process
-Harder to Design For / Against
-Generally Created in Response to A Previous Attack of Security Incident
-Attempting to Stop or Promote a Behavior
- Rules / Regulations / Policy
threat
A Possible Danger That Might Exploit a Vulnerability To Reach Security and Cause Possible Harm
control
Software, Hardware, Rules, or Procedures That Reduce or Eliminate the Threat to Information Security
privacy
The Right to Determine When, and to What Extent
current privacy concerns
- facial recognition (biometrics)
- video surveillance
-public records
-electronic surveillance
-radio frequency identification (RFID)
cookies
Small Files That Websites “Place” On Your Computer That Allow the Website to Remember Your “Preferences”.
input
Any Information Sent From an Input Device to a Computer For Processing
process
A Set of Instructions (Program) Executed By a Computer To Accomplish a Specific Task
output
Anything That Comes Out of the Computer
storage
The Ability to Record And/Or Retain Digital Data
keyboard
input
mouse
input
scanner
input
barcode
input
hard disk
storage
memory card/ flash drive
storage
cd/dvd
storage
ROM/RAM
storage
CPU
process
monitor
output
speaker
output
printer/projector
output
parts of hardware
Central Processing Unit (CPU)
Network Interface
Graphics Card
SystemBus
Motherboard
Cache
Random-Access Memory (RAM)
secondary storage
Motherboard
the main circuit board of the computer
CPU (Central Processing Unit)
executes instructions
system bus
communication pathway that allows computer components to talk to each other
system bus
-measured in megahertz
-higher the speed, faster the computer
cache
stores frequently used instructions on cpu
cache
the more memory, the more expensive
RAM (Random Access Memory)
holds info that is currently being used
RAM memory
-short term memory
-volatile, it’ll be lost when computer is off
-double data rate (DDR)
Secondary Storage
disk w/ lots of storage, data will survive if power if off
binary
all content stored and processed by computer are 1 and 0
operating system
the software that supports a computer’s basic functions
operating system example
microsoft window or apple mac
Application Software
productivity, games, internet, emails etc.
Parkerian Hexad
The First INFOSEC Model Developed by Donn Parker in 1998, included the Concepts of: Confidentiality, Possession, Integrity, Authentication, Availability, and Utility.
