Chapter 1
Networks (VI)
IS component that created much of the need for increased computer and information security.
Threat
a category of objects, people, or other entities that represents a danger to an asset.
Exposure
a condition or state of being exposed in information security, basically when a vulnerability is known to an attacker.
McCumber Cube
a graphical representation of the architectural approach widely used in computer and information security; commonly shown as a cube composed of 3X3X3 cells, similar to a Rubik's Cube.
Intentional Attack
a hacker attempting to break into an information system.
Indirect Attack
a hacker compromising a system and using it to attack other systems.
Loss
a single instance of information asset suffering damage, or destruction, unintended or unauthorized modification or disclosure or denial of use. When an organization's information is stolen, it has suffered a loss.
Security
a state of being secure and free from danger or harm. Also the actions taken to make someone or something secure.
Access
a subject or object's ability to use, manipulate, modify, or affect another subject or object. Authorized users have legal access to a system, whereas hackers must gain illegal access to a system. Access controls regulate this ability.
Network Security
a subset of communications security; the protection of voice and data networking components, connections, and content.
Exploit
a technique used to compromise a system.
Vulnerability
a weakness or fault in a system or protection mechanism that opens it to attack or damage.
Subjects or Objects
an agent entity used to conduct the attack or the object of an attack: the target entity.
Utility
an attribute of information that describes how data has value or usefulness for an end purpose.
Availability
an attribute of information that describes how data is accessible and correctly formatted for use without interference or obstruction.
Accuracy
an attribute of information that describes how data is free of errors and has the value that the user expects.
Authenticity
an attribute of information that describes how data is genuine or original rather than reproduced or fabricated
Confidentiality
an attribute of information that describes how data is protected from disclosure or exposure to unauthorized individuals or systems.
Integrity
an attribute of information that describes how data is whole, complete, and uncorrupted.
Possession
an attribute of information that describes how the data's ownership or control is legitimate or authorized.
Attack
an intentional or unintentional act that can damage or compromise information and the systems that support it. Attacks can be active/passive, intentional/unintentional, and direct/indirect.
Software Component (I)
includes applications, operating systems, and assorted command utilities. Most difficult to secure. Easy target of accidental or intentional attacks.
C.I.A Triangle
industry standard for computer security since the development of the mainframe. Based on characteristics that describe the utility of information: confidentiality, integrity, and availability
Unintentional Attack
lightning strike that causes a building fire.
Asset
organizational resource that is being protected. Can be logical, software information, or data. Or it can be physical. Basically what organizations want to protect.
Direct Attack
perpetrated by a hacker using a PC to break into a system.
Hardware Component (II)
physical technology that houses and executes the software, stores and transports the data, and provides interfaces for the entry and removal of information from the system.
Information Security
protection of the confidentiality, integrity, and availability of information assets, whether in storage, processing, or transmission, via the application of policy, education, training and awareness, and technology.
Computer Security
secure the physical location of computer technology from outside threats. Later came to represent all actions taken to preserve computer systems from losses
Control, Safeguard, or Countermeasure
security mechanisms, policies, or procedures that can successfully counter attacks, reduce risks, resolve vulnerabilities, and otherwise improve security within an organization.
Data (III)
stored, processed, and transmitted by a computer system must be protected. Most valuable asset of an organization and thus the main target of intentional attacks.
Protection Profile or Security Posture
the entire set of controls and safeguards that the organization implements to protect the asset.
Information System (IS)
the entire set of software, hardware, data, people, procedure, and networks that enable the use of information resources in the organization. Composed of 6 components.
Risk
the probability of an unwanted occurrence.
Communication Security
the protection of all communications media, technology, and content
Physical Security
the protection of physical items, objects, or areas from unauthorized access and misuse.
Threat Agent
the specific instance or a component of a threat.
People (IV)
threat to information security.
Procedures (V)
written instructions for accomplishing a specific task.