Definitions Flashcards
Learn core definitions used throughout the module
Information Security
The protection of information systems in order to preserve the confidentiality, availability and integrity of their assets
Confidentiality
Only authorised people or systems must be able to access protected assets
Availability
Assets such as data and services must be accessible to authorised parties at the appropriate times
Integrity
Assets must be: Precise Accurate Unmodified (unless in an authorised way by an authorised entity) Consistent Meaningful Usable
Vulnerability
A weakness in the information system that can be exploited to cause loss or harm
Threat
A set of circumstances that has the potential to cause loss or harm, often through exploiting a vulnerability. A threat is blocked by a control of a vulnerability.
Control
A protective measure that removes or reduces a vulnerability
Interception
Unauthorised party has gained access to an asset. A class of vulnerability
Interruption
An asset becomes lost, unavailable or unusable. A class of vulnerability
Modification
Unauthorised party tampers with an asset. A class of vulnerability
Fabrication
Unauthorised party creates a counterfeit asset. A class of vulnerability
Encryption
scramble data so that the interpretation is meaningless for an intruder without knowledge of how the scrambling was done. A type of control.
Software controls
Programs must enforce security restrictions. A type of control.
Hardware controls
Ways to prevent unauthorised access to hardware. Examples include locks, intrusion detection systems, hardware implementations of encryption. A type of control.
Policies and procedures
Rules and standards put in place to prevent threats. Examples are regular password changes, rules for accessing sensitive data. A type of control.
