Principles of Info Security (5th edition) Terms Ch 1
Exposure
A condition or state of being exposed; in info security it exists when a vulnerability is known to an attacker.
Loss
A single instance of an info asset suffering damage or destruction, unintended or unauthorized modification or disclosure, or denial of use.
Security
A state of being secure and free from danger or harm. Also actions taken to make someone or something secure.
Network security
A subset of communications security; the protection of voice and data networking components, connections, and content
Exploit
A technique used to compromise a system that uses existing software tools or custom made software components.
Protection profile or security posture
Entire set of controls and safeguards, including policy, education, training and awareness, and tech that the organization implements to protect the asset.
Attack
Intentinal or unintentional act that can damage or compromise info and the systems that support it. Can be active or passive, intentional or unintentional, direct or indirect.
Computer security
Old-need to secure physical location of computer tech from outside threats. To-all actions taken to preserve computer systems from losses. Now-includes protecting information in an organization
Communications security
Protection o f all communications media, technology, and content.
Information security
Protection of the confidentiality, integrity, and availability of info assets, whether in storage, processing or transmission, via the application of policy, education, training and awareness, and tech.
Control, safeguard, or countermeasure
Security mechanisms, policies, or procedures that can successfully counter attacks, reduce risk, resolve vulnerabilities, and otherwise improve security within an organization.
Access
Subject or objects ability to use, manipulate, modify, or affect another subject or object. Access controls help keep out illegal access to a system.
C.I.A Triangle
The industry standard for computer security since the development of the mainframe. Three characteristics that describe the utility of info: confidentiality, integrity, & availability.
Asset
The organizational resource that is being protected. Can be logical (website, info, data) or physical (person, computer, hardware). Info security focuses on protecting info assets.
Physical security
The protection of physical items, objects, or areas from unauthorized access and misuse.