Security Concept (Topic One) Flashcards
What is computer security
The protection afforded to an information system that aims to maintain the confidentiality, integrity and availability of the information system resources inclusive of hardware, operating systems, firmware and telecommunications
List and define the elements of the CIA triad.
Confidentiality: Maintaining authorized restrictions on information access and disclosure
Integrity : This prevents against unauthorized modification and deletion of data as well as ensures the reliability and nonrepudiation of data
Availability : Ensuring timely and reliable access to information
List and describe the two addition features of the CIA
Authenticity: This is the property of being genuine and being verified and trusted.
Accountability: The security feature that allows an entity’s actions to be traced back uniquely to that entity.
Give three challenges faced by computer security
- Physical and Logical Locations needs to be determined
- Attackers only need to find one point of weakness while security administrators need to find as much as possible.
- Security requires regular and constant monitoring
What is an attack?
Any type of malicious activity that aims to disrupt, deny, degrade or destroy information system or its recourses
Define the term advisory.
An individual, group or government that conducts or aims to conduct any malicious activity towards information systems.
What is risk?
The adverse impacts that would arise if a particular activity should take place
Define Security Policy
This defines and constrains the activities of data processing facilities inorder to maintain a condition of security for systems and data
What is a Threat
Any circumstance that poses to potential impact an individual or group via unauthorized access or destruction of an information system
What is a vulnerability
A point of weakness in an information system that can be exploited.
What are the four assets of a computer system
Hardware
Software
Communication
Data
What are the three categories of vulnerabilities?
Corrupted
Leaky
Unavailable or slow
List the four types of attacks and describe each
Passive - An attempt to learn or make use of information without altering the system resources
Active - An attempt to make alterations to the system resources or operations
Insider: An entity within the system
Outsider: An entity outside of the system
What is an attack surface ?
Any point of the system that is vulnerable to being exploited
What are the types of attack surfaces?
Network
This category refers to vulnerabilities over an enterprise
network
Human
created by personnel
or outsiders, such as social engineering, human error, and
trusted insiders
Software
This refers to vulnerabilities in application, utility, or operating
system code. eg web server
