Midterm Flashcards
confidentiality
Avoidance of the unauthorized disclosure of information
Confidentiality is crucial for protecting sensitive data.
integrity
Information has not been altered in an unauthorized way
Integrity ensures that data remains accurate and trustworthy.
availability
Information is accessible and modifiable in a timely fashion by those authorized
Availability ensures that users can access information when needed.
assurance
How trust is provided and managed in computer systems
Assurance includes methods to ensure that systems function as intended.
authenticity
Determine that statements, policies, and permissions by persons/systems are genuine
Authenticity is vital for verifying the legitimacy of data and actions.
anonymity
Certain records or transactions not to be attributable to any individual
Anonymity protects individuals’ identities in transactions.
encryption
Transformation of information using a secret called an encryption key
Encryption is a key method for securing data from unauthorized access.
access control
Rules and policies that limit access to confidential info to those who need to know
Access control is essential for maintaining confidentiality.
authentication
Determination of identity or role that someone has
Authentication verifies user identities before granting access.
authorization
Determination if a person/system is allowed access to resources
Authorization follows authentication to control access rights.
physical security
Establishment of physical barriers to limit access to computational resources
Physical security protects hardware and infrastructure from unauthorized access.
backup
Periodic archiving of data
Backups are essential for data recovery in case of loss.
checksum
Computation of a function that maps the contents of a file to a numerical value
Checksums are used to verify data integrity.
data correcting code
Methods for storing data in such a way that small changes can easily be detected and automatically corrected
Data correcting codes enhance data reliability.
digital signature
Cryptographic computations that allow a person/system to commit to the authenticity of their documents in a unique way that achieves nonrepudiation
Digital signatures provide a means of verifying the sender’s identity.
nonrepudiation
Authentic statements issued by some person/system cannot be denied
Nonrepudiation ensures accountability in communications.
eavesdropping
Interception of information intended for someone else during its transmission over a communication channel
Eavesdropping poses a significant risk to data confidentiality.
correlation
Integration of multiple data sources and information flows to analyze relationships between different data sets
Correlation helps in identifying patterns and insights.
traceback
Process of determining the source of a particular data stream or piece of information by analyzing its flow through various data points
Traceback is crucial for understanding data origins and preventing misuse.
social engineering
Manipulation of individuals into divulging confidential information
Social engineering exploits human psychology rather than technical vulnerabilities.
pretexting
Creating a story that convinces an admin or operator into revealing secret info
Pretexting is a common tactic in social engineering attacks.
baiting
Offering a kind of ‘gift’ to get a user or agent to perform an insecure action
Baiting leverages curiosity to compromise security.
quid pro quo
Offering an action or service and then expecting something in return
Quid pro quo is another tactic used in social engineering.
man-in-the-middle (MitM) attack
an active attack where the attacker intercepts and can modify the communication between two parties.
MitM attacks can lead to data theft or manipulation.