Module 1 Flashcards

Overview of Computer Security

1
Q

Computer

A

An electronic device that can be programmed to carry out a set of arithmetic or logical operations and may be used for storing and processing data/information. Examples include desktop computers, mobile devices, IoT devices, and industrial controllers.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Data

A

Raw statistics and facts collected from either analysis or reference. It lacks context and can be stored in an electronic format.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Information

A

Processed data that offers context and can influence decisions.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Information System

A

An entire set of data, software, hardware, network, people, procedures, and policies dealing with processing and distributing information in an organization.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Computer Security

A

Measures and controls ensuring the confidentiality, integrity, and availability of information system assets, including hardware, software, firmware, and information being processed, stored, and communicated.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Confidentiality

A

Only authorized parties can view private/confidential information.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Integrity

A

Information is changed only in a specified and authorized manner.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Availability

A

Information is accessible to authorized users whenever needed.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Data at Rest

A

Data being stored in memory or on disk.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Data in Transit

A

Data being transferred between systems, in physical or electronic form.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Data in Use

A

Data being actively examined or modified, usually decrypted.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Security Threat

A

Any action/inaction that could cause disclosure, alteration, loss, damage, or unavailability of information assets.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Target

A

Organization’s assets such as hardware, software, data, and communication lines and networks.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

Agent

A

Entity (people and/or organizations) originating the threat (intentional or unintentional).

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

Event

A

Malicious or accidental disclosure/alteration of information, misuse of authorized information, etc.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

Vulnerability

A

Weakness in an information system, security procedure, internal controls, or implementation that could be exploited or triggered by a threat source.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

Attack

A

A threat event deliberately executed by an agent against an asset with vulnerability.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

Inside Attack

A

Initiated by an entity inside the security perimeter with authorized access but uses resources improperly.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
19
Q

Outside Attack

A

Initiated from outside the perimeter by an unauthorized or illegitimate user of the system.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
20
Q

Active Attack

A

An attempt to alter system resources or affect their operation, compromising integrity or availability.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
21
Q

Passive Attack

A

An attempt to learn or make use of information without affecting system resources, compromising confidentiality.

22
Q

Deliberate Software Attacks

A

A deliberate action aimed at violating/compromising a system’s security using specialized software.

23
Q

Malware

A

A program covertly inserted into a victim’s system with the intent to compromise CIA of data or disrupt operations.

24
Q

Password Cracking

A

Discovering a password through methods like brute force, dictionary attacks, or guessing.

25
Denial of Service (DoS)
An attack that overwhelms a target system with requests, rendering it unavailable to legitimate users.
26
Spoofing
The insertion of forged identification data to gain illegitimate advantages, such as IP or email spoofing.
27
Sniffing
Use of a program or device to monitor data traveling over a network, often undetectable.
28
Man-in-the-Middle Attack
An attack where two computers believe they are communicating directly, but a third party is intercepting the data.
29
Phishing
An attempt to gain sensitive information by posing as a legitimate entity, often through email or fake websites.
30
Pharming
Redirecting users to a false website without their knowledge, typically through DNS poisoning.
31
White Hat
Ethical hackers hired to discover security vulnerabilities.
32
Gray Hat
Hackers who illegally access systems but typically do not exploit vulnerabilities.
33
Black Hat
Criminal hackers who use their skills for malicious activities.
34
Elite Hacker
Hackers capable of discovering new vulnerabilities and writing scripts to exploit them.
35
Script Writer
Hackers who write scripts to exploit known vulnerabilities.
36
Script Kiddies
Hackers with minimal knowledge, relying on scripts written by others to conduct attacks.
37
Economy of Mechanism
Design security mechanisms as simple and small as possible for easier testing and verification.
38
Fail-safe Defaults
Access should be based on permission rather than exclusion, with the default being lack of access.
39
Complete Mediation
Every access request must be checked against the control mechanism, without relying on cached decisions.
40
Open Design
Security mechanism design should be open rather than secret, avoiding 'security by obscurity.'
41
Separation of Privilege
Multiple privilege attributes are required to achieve access to a restricted resource (e.g., multi-factor authentication).
42
Least Privilege
Users should operate with the minimum privileges necessary to perform their tasks.
43
Least Common Mechanism
Minimize shared functions across users to enhance mutual security.
44
Psychological Acceptability
Security mechanisms should not unduly interfere with users' work and should meet the needs of access authorizers.
45
Encapsulation
Encapsulating a collection of procedures and data objects in its own domain to restrict access.
46
Modularity
Develop secure functions as separate modules and use modular architecture for security design.
47
Layering
Use multiple, overlapping protection strategies addressing people, technology, and operations.
48
Least Astonishment
Systems should behave in ways that are least likely to surprise the user.
49
Attack Surface
The reachable and exploitable vulnerabilities in a system.
50
Network Attack Surface
Vulnerabilities over networks, such as denial-of-service attacks or communication link disruptions.
51
Software Attack Surface
Vulnerabilities in software code, especially in web servers.
52
Human Attack Surface
Vulnerabilities created by personnel or outsiders, like social engineering and human error.