Chapter 1

Réussis tes devoirs et examens dès maintenant avec Quizwiz!

Networks (VI)

IS component that created much of the need for increased computer and information security.

Threat

a category of objects, people, or other entities that represents a danger to an asset.

Exposure

a condition or state of being exposed in information security, basically when a vulnerability is known to an attacker.

McCumber Cube

a graphical representation of the architectural approach widely used in computer and information security; commonly shown as a cube composed of 3X3X3 cells, similar to a Rubik's Cube.

Intentional Attack

a hacker attempting to break into an information system.

Indirect Attack

a hacker compromising a system and using it to attack other systems.

Loss

a single instance of information asset suffering damage, or destruction, unintended or unauthorized modification or disclosure or denial of use. When an organization's information is stolen, it has suffered a loss.

Security

a state of being secure and free from danger or harm. Also the actions taken to make someone or something secure.

Access

a subject or object's ability to use, manipulate, modify, or affect another subject or object. Authorized users have legal access to a system, whereas hackers must gain illegal access to a system. Access controls regulate this ability.

Network Security

a subset of communications security; the protection of voice and data networking components, connections, and content.

Exploit

a technique used to compromise a system.

Vulnerability

a weakness or fault in a system or protection mechanism that opens it to attack or damage.

Subjects or Objects

an agent entity used to conduct the attack or the object of an attack: the target entity.

Utility

an attribute of information that describes how data has value or usefulness for an end purpose.

Availability

an attribute of information that describes how data is accessible and correctly formatted for use without interference or obstruction.

Accuracy

an attribute of information that describes how data is free of errors and has the value that the user expects.

Authenticity

an attribute of information that describes how data is genuine or original rather than reproduced or fabricated

Confidentiality

an attribute of information that describes how data is protected from disclosure or exposure to unauthorized individuals or systems.

Integrity

an attribute of information that describes how data is whole, complete, and uncorrupted.

Possession

an attribute of information that describes how the data's ownership or control is legitimate or authorized.

Attack

an intentional or unintentional act that can damage or compromise information and the systems that support it. Attacks can be active/passive, intentional/unintentional, and direct/indirect.

Software Component (I)

includes applications, operating systems, and assorted command utilities. Most difficult to secure. Easy target of accidental or intentional attacks.

C.I.A Triangle

industry standard for computer security since the development of the mainframe. Based on characteristics that describe the utility of information: confidentiality, integrity, and availability

Unintentional Attack

lightning strike that causes a building fire.

Asset

organizational resource that is being protected. Can be logical, software information, or data. Or it can be physical. Basically what organizations want to protect.

Direct Attack

perpetrated by a hacker using a PC to break into a system.

Hardware Component (II)

physical technology that houses and executes the software, stores and transports the data, and provides interfaces for the entry and removal of information from the system.

Information Security

protection of the confidentiality, integrity, and availability of information assets, whether in storage, processing, or transmission, via the application of policy, education, training and awareness, and technology.

Computer Security

secure the physical location of computer technology from outside threats. Later came to represent all actions taken to preserve computer systems from losses

Control, Safeguard, or Countermeasure

security mechanisms, policies, or procedures that can successfully counter attacks, reduce risks, resolve vulnerabilities, and otherwise improve security within an organization.

Data (III)

stored, processed, and transmitted by a computer system must be protected. Most valuable asset of an organization and thus the main target of intentional attacks.

Protection Profile or Security Posture

the entire set of controls and safeguards that the organization implements to protect the asset.

Information System (IS)

the entire set of software, hardware, data, people, procedure, and networks that enable the use of information resources in the organization. Composed of 6 components.

Risk

the probability of an unwanted occurrence.

Communication Security

the protection of all communications media, technology, and content

Physical Security

the protection of physical items, objects, or areas from unauthorized access and misuse.

Threat Agent

the specific instance or a component of a threat.

People (IV)

threat to information security.

Procedures (V)

written instructions for accomplishing a specific task.


Ensembles d'études connexes

Salesforce Sales Cloud Certification

View Set

IHI:Q103 Testing and measuring changes with PDSA cycles

View Set