Use LEFT and RIGHT arrow keys to navigate between flashcards;
Use UP and DOWN arrow keys to flip the card;
H to show hint;
A reads text to speech;
16 Cards in this Set
- Front
- Back
Assets |
Something that has value to an individual or an organization |
|
Threats |
Anything that has the potential to cause the loss of an asset |
|
Threat Agent |
Actual person or entity that carries out a threat |
|
Vulnerability |
Weakness in a system. |
|
Exploit |
Procedure, a piece of software, or a sequence of commands that takes advantage of a vulnerability to actually carry out an attack |
|
Sophisticated Attacks |
Complex attacks that make it difficult to detect and thwart. - Use common Internet tools and protocols, making it difficult to distinguish in attack from legitimate traffic. - Vary their behavior, making the same attack appear differently each time. |
|
Proliferation of Attack Software |
A wide variety of attack tools are available on the internet, allowing anyone with a moderate level of technical knowledge to download the tools and run an attack. |
|
Attack Scale and Velocity |
The scale and velocity of an attack can grow to millions of computers in a matter of minutes or days due to its ability to proliferate on the internet. Because modern attacks are not limited to user interactions, such as using a floppy disk, to spread in attack from machine to machine, the attacks often affect very large numbers of computers in a relatively short amount of time. |
|
Confidentiality |
Confidentiality ensures that data is not disclosed to unintended persons. This is provided through encryption, which converts the data into a form that makes it less likely to be usable by an unintended recipient. |
|
Integrity |
Integrity ensures that data is not modified or tampered with. This is provided through hashing. |
|
Availability |
Availability ensures the uptime of the system so that data is available when needed. |
|
Non-repudiation |
This provides validation of messages origin. For example, if a user sends a digitally signed email, they cannot claim later that the email is not sent. Non-repudiation is enforced by digital signatures. |
|
Physical Security |
Physical security includes all hardware and software necessary to secure data, such as firewalls and antivirus software. |
|
Users and administrators |
Users and administrators are the people who use the software and the people who manage the software, respectively. |
|
Policies |
Houses are the rules and organization implements to protect information. |
|
Types of Threat Agents |
Employee Spy Hacker |