Help
Options
Didn't know it?
click below
click below
Knew it?
click below
click below
Don't Know
Remaining cards (0)
Know
retry
shuffle
restart
0:00
Embed Code - If you would like this activity on your web page, copy the script below and paste it into your web page.
Normal Size Small Size show me how
Normal Size Small Size show me how
Chapter 1 Security
| Term | Definition |
|---|---|
| Confidentiality | Preserving authorized restrictions on information access and disclosure, including means for protecting personal privacy and proprietary information |
| Integrity | Guarding against improper information modification or destruction, including ensuring information nonrepudiation and authenticity |
| Availability | Ensuring timely and reliable access to and use of information |
| Low Impact | The loss could be expected to have a limited adverse effect on organizational operations, organizational assets, or individuals |
| Moderate Impact | The loss could be expected to have a serious adverse effect on organizational operations, organizational assets, or individuals |
| High Impact | The loss could be expected to have a severe or catastrophic adverse effect on organizational operations, organizational assets, or individuals |
| Adversary (threat agent) | Individual, group, organization, or government that conducts or has the intent to conduct detrimental activities. |
| Attack | Any kind of malicious activity that attempts to collect, disrupt, deny, degrade, or destroy information system resources or the information itself. |
| Countermeasure | A device or techniques that has as its objective the impairment of the operational effectiveness of undesirable or adversarial activity, |
| Risk | A measure of the extent to which an entity is threatened by a potential circumstance or event, and typically a function of 1) the adverse impacts that would arise if the circumstance or event occurs; and 2) the likelihood of occurrence. |
| Security Policy | A set of criteria for the provision of security services. It defines and constrains the activities of a data processing facility in order to maintain a condition of security for systems and data. |
| System Resource (Asset) | A major application, general support system, high impact program, physical plant, mission critical system, personnel, equipment, or a logically related group of systems |
| Threat | Any circumstance or event with the potential to adversely impact organizational operations (including mission, functions, image, or reputation), organizational assets, individuals, other organizations |
| Vulnerability | Weakness in an information system, system security procedures, internal controls, or implementation that could be exploited or triggered by a threat source. |
| Corrupted Vulnerability | Loss of integrity |
| Leaky Vulnerability | Loss of confidentiality |
| Unavaliable or very slow vulnerability | Loss of availability |
| Passive Attack | attempt to learn or make use of information from the system that does not affect system resources |
| Active Attack | attempt to alter system resources or affect their operation |
| Insider Attack | initiated by an entity inside the security parameter |
| Outsider Attack | Initiated from outside the perimeter |
| Unauthorized Disclosure | A circumstance or event whereby an entity gains access to data for which the entity is not authorized. |
| Exposure | Sensitive data are directly released to an unauthorized entity |
| Interception | An unauthorized entity directly accesses sensitive data traveling between authorized sources and destinations. |
| Interference | A threat action whereby an unauthorized entity indirectly accesses sensitive data (but not necessarily the data contained in the communication) by reasoning from characteristics or by-products of communications. |
| Intrusion | An unauthorized entity gains access to sensitive data by circumventing a system’s security protections. |
| Deception | A circumstance or event that may result in an authorized entity receiving false data and believing it to be true |
| Masquerade | An unauthorized entity gains access to a system or performs a malicious act by posing as an authorized entity |
| Falsification | False data deceive an authorized entity. |
| Repudiation | An entity deceives another by falsely denying responsibility for an act. |
| Disruption | A circumstance or event that interrupts or prevents the correct operation of system services and functions. |
| Incapacitation | Prevents or interrupts system operation by disabling a system component. |
| Corruption | Undesirably alters system operation by adversely modifying system functions or data |
| Obstruction | A threat action that interrupts delivery of system services by hindering system operation |
| Usurpation | A circumstance or event that results in control of system services or functions by an unauthorized entity |
| Misappropriation | An entity assumes unauthorized logical or physical control of a system resource |
| Misuse | Causes a system component to perform a function or service that is detrimental to system security |
| Attack Surfaces | Consist of the reachable and exploitable vulnerabilities in a system |
| Network Attack Surface | Vulnerabilities over an enterprise network, wide-area network, or the Internet |
| Software Attack Surface | Vulnerabilities in application, utility, or operating system code |
| Human Attack Surface | Vulnerabilities created by personnel or outsiders, such as social engineering, human error, and trusted insiders |
| Security Policy | Formal statement of rules and practices that specify or regulate how a system or organization provides security services to protect sensitive and critical system resources |
| Security Implementation | Prevention, Detection, Response, Recovery |
| Assurance | Encompassing both system design and system implementation, assurance is an attribute of an information system that provides grounds for having confidence that the system operates such that the system’s security policy is enforced |
| Evaluation | Process of examining a computer product or system with respect to certain criteria. Involves testing and may also involve formal analytic or mathematical techniques |
| Standards | Standards have been developed to cover management practices and the overall architecture of security mechanisms and services |
| National Institute of Standards and Technology(NIST) | NIST is a U.S. federal agency that deals with measurement science, standards, and technology related to U.S. government use and to the promotion of U.S. private sector innovation |
| Internet Society (ISOC) | ISOC is a professional membership society that provides leadership in addressing issues that confront the future of the Internet, and is the organization home for the groups responsible for Internet infrastructure standards |
| International Telecommunication Union (ITU-T) | ITU is a United Nations agency in which governments and the private sector coordinate global telecom networks and services |
| International Organization for Standardization (ISO) | ISO is a nongovernmental organization whose work results in international agreements that are published as International Standards |
Created by:
SiennaRad