Introduction to Information Security and Secure Programming Flashcards
an asset to all individuals and businesses
Information
refers to the protection of these assets in order to achieve CIA
Information Security
refers to the processes and methodologies which are designed and implemented
Information Security
C in CIA
Confidentiality
I in CIA
Integrity
A in CIA
Availability
Information kept private and secure
Confidentiality
Data not modified, deleted or added
Integrity
Systems available to whom requires them
Availability
The act in which a subject attempts to verify/prove their claims to a given identity
Authentication
The act of granting an authenticated subject the proper access rights to different assets
Authorization
Actions should be traceable to a specific subject to allow information to be useful
Audit Trails
Any item, tangible or intangible, with value to an organization
Assets
anything whose loss can cause disruption to an organization
Assets
weakness or flaw that may be accidentally or intentionally triggered leading to the violation of security policies
Vulnerabilities
an action or event that may potentially compromise or violate security
Threat
the occurrence upon realization of a violation of security
Incident
the outcome when a violation of security has been realized
Impact
defined as the potential loss of an asset when a threat is realized
Exposure factor
the probability that a particular threat directed towards a specific vulnerability will occur
Risk
refers to the process reducing risks to acceptable levels
Risk Management
Mechanisms by which threats can be mitigated
Security Controls
The process of solving customers’ problems by the systematic development and evolution of large, high-quality software systems within cost, time and other constraints
Software Engineering
encapsulates functionality and represents data in a structured manner
Model
