Lecture 1 Flashcards
Mention Essential Network and Computer Security Requirements
- Confidentiality
- Availability
- Integrity
- Authenticity
- Accountability
Mention Three concepts that was mentioned by CIA, NIST and FIP
- Confidentiality
- Availability
- Integrity
Define loss for:
1. Confidentiality 2. Integrity 3. Availability
- the unauthorized disclosure of information.
- the unauthorized modification or destruction of information.
- the disruption of access to or use of information or an information system.
Mention the levels of impact on organizations or individuals
- Low
- Moderate
- High
Define Low level of impact and give examples
Definition: loss could be expected to have a
limited adverse effect on organizational operations.
Ex: 1) minor damage to organizational assets
2) minor financial loss
3) minor harm to individuals.
4) cause a degradation in mission capability to an extent and duration that the organization is able to perform its primary functions, but the effectiveness of the functions is noticeably reduced
Define Moderate level of impact and give examples
Definition: loss could be expected to have a
serious adverse effect on organizational operations.
Ex: 1) significant damage to organizational
assets
2) significant financial loss
3) significant harm to individuals.
4) cause a significant degradation in
mission capability to an extent and duration that the organization is able to perform its
primary functions, but the effectiveness of the functions is significantly reduced
Define High level of impact and give examples
Definition: loss could be expected to have a
severe adverse effect on organizational operations.
Ex: 1) major damage to organizational assets
2) major financial loss
3) major harm to individuals.
4) cause a severe degradation in or loss of mission capability to an extent and duration that the organization is not able to perform one or more of its primary functions
Individual, group, organization, or government that conducts or has the intent to conduct detrimental activities.
Adversary (threat agent)
Any kind of malicious activity that attempts to collect, disrupt, deny, degrade, or destroy
information system resources or the information itself.
Attack
A device or techniques that has as its objective the impairment of the operational effectiveness of undesirable or adversarial activity, or the prevention of espionage, sabotage, theft, or unauthorized access to or use of sensitive information or information systems.
Countermeasure
A measure of the extent to which an entity is threatened by a potential circumstance or event, and typically a function of
1) the adverse impacts that would arise if the circumstance or event occurs; and
2) the likelihood of occurrence.
Risk
A set of criteria for the provision of security services. It defines and constrains the activities of a data processing facility in order to maintain a condition of security for systems and data.
Security Policy
A major application, general support system, high impact program, physical plant, mission critical system, personnel, equipment, or a logically related group of systems.
System Resource (Asset)
Any circumstance or event with the potential to adversely impact organizational operations (including mission, functions, image, or reputation), organizational assets, individuals, other organizations, or the Nation through an information system via unauthorized access, destruction, disclosure, modification of information, and/or denial of service.
Threat
Weakness in an information system, system security procedures, internal controls, or implementation that could be exploited or triggered by a threat source.
Vulnerability
