Topic 1 Flashcards
Any transaction online, including online banking, software services, remote service providers, or online course platforms.
E-commerce
Aspects of Information Needing protection
Availability
Confidentiality
Authentication
Non-repudiation
is the resource being protected
Assets
devices, computers, people
Physical assets
information, data (in transmission, storage, or processing), and intellectual property
Logical assets
any software, hardware, data, administrative, physical, communications, or personnel resource within an information system
System assets
an attack in which the attacker observes interaction with the system
Passive attack
an attack in which the attacker directly interacts with the system
Active attack
an attack where there is not a deliberate goal of misuse
Unintentional attack
is an instance when the system is vulnerable to attack
Exposure
is a situation in which the attacker has succeeded
Compromise
is a recognized, action specific, generalized or theoretical that an adversary (threat actor) might be expected to take in preparation for an attack
Indicator
is the outcome of the attack, may cause the information system to lose effectiveness and may have other costs
Consequence
targets availability
Disruption
targets integrity
Corruption
targets confidentiality
Exploitation
is a type of consequence, involving accidental exposure of information to an agent not authorized access.
Inadvertent disclosure
Taxonomy of attacks with relation to security goals
Threat to Confidentiality
Threat to integrity
Threat to availability
Snooping
Traffic analysis
Threat to Confidentiality
Modification
Masquerading
Replaying
Repudiation
Threat to integrity
Denial of service
Threat to availability
information needs to be hidden from unauthorized access
Confidentiality
protected from unauthorized change
Integrity
Available to an authorized entity when it is needed
Availability
Characteristics of information to be useful
Accurate
Timely
Complete
Verifiable
Consistent
Available
timely, reliable access to data and information services for authorized users
Aspects of Information Needing protection
- Availability
you can only see the data but you cannot change it, protection against unauthorized modification or destruction of information
Aspects of Information Needing protection
- Integrity
assurance that information is not disclosed to unauthorized parties
Aspects of Information Needing protection
- Confidentiality
to identify and verify user’s identity , security measures to establish the validity of a transmission, message or originator
Aspects of Information Needing protection
- Authentication
you cannot deny the authenticity/validity of an act you committed, sender given proof of data delivery and recipient given proof of sender’s identity so that neither can deny processed data
Aspects of Information Needing protection
- Non-repudiation