Principles of Info Security (5th edition) Terms Ch 1

Exposure

A condition or state of being exposed; in info security it exists when a vulnerability is known to an attacker.

Loss

A single instance of an info asset suffering damage or destruction, unintended or unauthorized modification or disclosure, or denial of use.

Security

A state of being secure and free from danger or harm. Also actions taken to make someone or something secure.

Network security

A subset of communications security; the protection of voice and data networking components, connections, and content

Exploit

A technique used to compromise a system that uses existing software tools or custom made software components.

Protection profile or security posture

Entire set of controls and safeguards, including policy, education, training and awareness, and tech that the organization implements to protect the asset.

Attack

Intentinal or unintentional act that can damage or compromise info and the systems that support it. Can be active or passive, intentional or unintentional, direct or indirect.

Computer security

Old-need to secure physical location of computer tech from outside threats. To-all actions taken to preserve computer systems from losses. Now-includes protecting information in an organization

Communications security

Protection o f all communications media, technology, and content.

Information security

Protection of the confidentiality, integrity, and availability of info assets, whether in storage, processing or transmission, via the application of policy, education, training and awareness, and tech.

Control, safeguard, or countermeasure

Security mechanisms, policies, or procedures that can successfully counter attacks, reduce risk, resolve vulnerabilities, and otherwise improve security within an organization.

Access

Subject or objects ability to use, manipulate, modify, or affect another subject or object. Access controls help keep out illegal access to a system.

C.I.A Triangle

The industry standard for computer security since the development of the mainframe. Three characteristics that describe the utility of info: confidentiality, integrity, & availability.

Asset

The organizational resource that is being protected. Can be logical (website, info, data) or physical (person, computer, hardware). Info security focuses on protecting info assets.

Physical security

The protection of physical items, objects, or areas from unauthorized access and misuse.