M3 - Network Security Concepts Flashcards
Review
It is anything of value to the organization. In includes people equipment, resources, and data.
Assets
It is a weakness in a system, or its design, that could be exploited by a threat.
Vulnerability
It is a potential danger to a company’s assets, data or network functionality.
Threat
It is a mechanism that takes advantage of a vulnerability.
Exploit
It is a counter-measure that reduces the likelihood or severity of a potential threat or risk. Network Security involves multiple mitigation techniques.
Mitigation
It is the likelihood of a threat to exploit the vulnerability of a asset, with the aim of negatively affecting an organization. It is measured using the probability of the occurence of an event and its consequences.
Risk
Intercepted email or IM messages could be captured and reveal confidential information.
Email/Social Networking
If the data is not stored using an encryption algorithm, then the thief can retrieve valuable confidential data.
Unencrypted Devices
Sensitive data can be lost if access to the cloud is compromised due to weak security settings.
Cloud Storage Devices
One risk is that an employee could perform an unauthorized transfer of data to a USB drive. Another risk is that a USB drive containing valuable corporate data could be lost.
Removable Media
Confidential data should be shredded when no longer required.
Hard Copy
Passwords or weak passwords which have been compromised can provide a threat actor with easy access to corporate data.
Improper Access Control