Introduction Flashcards
What is the aim of cyber security?
To protect assets from harm or tampering. These assets can be in the form of physical hardware, software and data.
How are computers protected from harm?
Through controls and countermeasures after considering threats and vulnerabilities.
What are the five functions of security?
Identify Protect Detect Respond Recover
What are the aims of security?
Confidentiality Integrity Availability Authenticity Accountability Reliability
What is a threat?
Circumstance that has the potential to cause harm such as human attacks or natural disasters
What is a vulnerability?
A weakness that might be exploited in a system.
What are the four principles of Computer Security?
Easiest Penetration
Adequate Protection
Weakest Link
Effectiveness
What is the principle of Easiest Penetration?
An intruder must be expected to attempt any available means of penetration and the one that succeeds may not be the obvious one.
What is the principle of Adequate Protection?
Computer items must be protected until they lose their value and they must be protected to a degree consistent with their value
What is the principle of Weakest Link?
Security in a system is as strong as its weakest link.
What is the principle of effectiveness?
Controls must be used used, be appropriate and be applied properly.
Why are users not to blame for security attacks?
Advice is usually technical and most users aren’t technically minded.
Users are naive
What does the identify function aid?
Allows organizations to understand their assets, data and capabilities which, in turn, allows them to manage the risks posed to them.
What kinds of activities does the Identify function support?
Identification of assets to create an asset management program.
Identification of policies to create a governance program
Identification of a risk management strategy for the organization.
What does the protect function support?
The ability to limit or contain the impact of potential cybersecurity breaches, and have safeguards in place for critical services.