Definitions Flashcards
Learn core definitions used throughout the module
Information Security
The protection of information systems in order to preserve the confidentiality, availability and integrity of their assets
Confidentiality
Only authorised people or systems must be able to access protected assets
Availability
Assets such as data and services must be accessible to authorised parties at the appropriate times
Integrity
Assets must be: Precise Accurate Unmodified (unless in an authorised way by an authorised entity) Consistent Meaningful Usable
Vulnerability
A weakness in the information system that can be exploited to cause loss or harm
Threat
A set of circumstances that has the potential to cause loss or harm, often through exploiting a vulnerability. A threat is blocked by a control of a vulnerability.
Control
A protective measure that removes or reduces a vulnerability
Interception
Unauthorised party has gained access to an asset. A class of vulnerability
Interruption
An asset becomes lost, unavailable or unusable. A class of vulnerability
Modification
Unauthorised party tampers with an asset. A class of vulnerability
Fabrication
Unauthorised party creates a counterfeit asset. A class of vulnerability
Encryption
scramble data so that the interpretation is meaningless for an intruder without knowledge of how the scrambling was done. A type of control.
Software controls
Programs must enforce security restrictions. A type of control.
Hardware controls
Ways to prevent unauthorised access to hardware. Examples include locks, intrusion detection systems, hardware implementations of encryption. A type of control.
Policies and procedures
Rules and standards put in place to prevent threats. Examples are regular password changes, rules for accessing sensitive data. A type of control.
Cryptography
“secret writing”
The art and science of concealing meaning
Strongest control tool against numerous security threats
Building on multiple areas of higher mathematics
Encryption(encoding, enciphering)
the process of scrambling a message so that its meaning is not obvious
Decryption(decoding, deciphering)
the process of reversing the scrambling of a message so that its meaning is obvious
Plaintext
the original message
Ciphertext
the encrypted message
Key
a device used to influence the way in which encryption and decryption are carried out
Cryptosystem (cipher)
a system for encryption and decryption
