overview of Security Flashcards
Information Security
Act of protecting data and information from unauthorized access, unlawful modification and disruption, disclosure, corruption and destruction.
Information Systems Security
Act of protecting the systems that hold and process our critical data.
CIA Triad
This consists of: Confidentiality, Integrity and Availability.
Confidentiality
Information has not been disclosed to unauthorized people. Encryption
Integrity
Information has not been altered or modified without proper authorization. This includes hashes.
Availability
Information is able to be stored, accessed, or protected at all times.
AAA Security
Authentication, Authorization, Accounting
Authentication
When a persons identity is established with proof and confirmed by a system.
- Something you know - password
- Something you are - fingerprint
- Something you have - Token
- Something you do - how you speak etc.
- Somewhere you are - your actual location
Authorization
Occurs when a user is given access to a certain piece of data or a certain area of a building
Accounting
tracking of data, computer usage, and network resources.
-non-repudiation occurs when you have proof that someone has taken an action.
malware
Short-hand term for malicious software
Unauthorized access
Occurs when access to computer resources and data occurs without the consent of the owner.
System Failure
Occurs when a computer crashes or an individual application fails
Social Engineering
Act of manipulating users into revealing confidential information or performing other detrimental actions. This occurs as phishing.
physical controls
Alarm systems, locks, surveillance cameras, identification cards, and security guards
Technical Controls
Smart cards, encryption, access control lists (ACL’s), intrusion detection systems, and network authentication.
Administrative Controls
Policies, procedures, security awareness training, contingency planning, and disaster recovery plans.
- User training is the most cost effective security control to use.
White Hat Hackers
Non-malicious hackers who attempt to break into a company’s systems at their request.
Black Hat Hackers
malicious hackers who break into computer systems and networks without authorization or permission
Gray Hat Hackers
Hackers without any affiliation to a company who attempt to break into a company’s network but risk the law in doing so.
Blue Hat Hackers
Hackers who attempt to hack into a network with permission of the company but are not employed by the company.
Elite Hackers
Hackers who find and exploit vulnerabilities before anyone else does.
- 1 in 10,000 are elite
Script Kiddies
Hackers with little to no skill who only use the tools and exploits written by others.
Hacktivists
Hackers who are driven by a cause like a social change, political agendas, or terrorism.
Organized Crime
Hackers who are part of a crime group that is well-funded and highly sophisticated
Advanced Persistent Threats
Highly trained and funded group of hackers (often by nation states) with covert an open-source intelligence at their disposal