Topic 1 Flashcards
Any transaction online, including online banking, software services, remote service providers, or online course platforms.
E-commerce
Aspects of Information Needing protection
Availability
Confidentiality
Authentication
Non-repudiation
is the resource being protected
Assets
devices, computers, people
Physical assets
information, data (in transmission, storage, or processing), and intellectual property
Logical assets
any software, hardware, data, administrative, physical, communications, or personnel resource within an information system
System assets
an attack in which the attacker observes interaction with the system
Passive attack
an attack in which the attacker directly interacts with the system
Active attack
an attack where there is not a deliberate goal of misuse
Unintentional attack
is an instance when the system is vulnerable to attack
Exposure
is a situation in which the attacker has succeeded
Compromise
is a recognized, action specific, generalized or theoretical that an adversary (threat actor) might be expected to take in preparation for an attack
Indicator
is the outcome of the attack, may cause the information system to lose effectiveness and may have other costs
Consequence
targets availability
Disruption
targets integrity
Corruption
targets confidentiality
Exploitation
is a type of consequence, involving accidental exposure of information to an agent not authorized access.
Inadvertent disclosure
Taxonomy of attacks with relation to security goals
Threat to Confidentiality
Threat to integrity
Threat to availability
Snooping
Traffic analysis
Threat to Confidentiality
Modification
Masquerading
Replaying
Repudiation
Threat to integrity
Denial of service
Threat to availability
information needs to be hidden from unauthorized access
Confidentiality
protected from unauthorized change
Integrity
Available to an authorized entity when it is needed
Availability