Software Security Lecture Week 1

A collection of vocabulary flashcards covering key concepts in Software Security, including definitions and important terms from the lecture.

Security

The protection of systems, data, and resources against unauthorized access, disclosure, alteration, or destruction.

Security Breach

An incident where unauthorized access results in the compromise of confidentiality, integrity, or availability of data.

Confidentiality

Non-disclosure of information, ensuring that sensitive information is only accessible to authorized individuals.

Integrity

Assurance that information is received as it was sent, without unintended alteration.

Availability

Ensures that systems are functional and available to authorized users when needed.

Active Attack

An attempt to alter system resources or affect their operation.

Passive Attack

An attack that involves monitoring or eavesdropping on transmissions without altering them.

Denial of Service (DoS) Attack

An attack that prevents or inhibits the normal use of communications facilities.

Masquerade Attack

When one entity pretends to be another to gain unauthorized access.

Nonrepudiation

Assurance that someone cannot deny the validity of a message they sent or received.

Vulnerability

A weakness or flaw in an asset or system that can be exploited by a threat.

Risk

The likelihood and potential impact of a threat exploiting a vulnerability.

Mitigation

The process of reducing the likelihood or impact of potential threats by addressing vulnerabilities.

Encryption

The process of transforming data into a form that is not readily intelligible, providing confidentiality.

Access Control

Mechanisms that limit and control access to systems and applications.

Threat

A potential danger that may exploit vulnerabilities in an organization's assets.

Ransomware

A type of malware that encrypts a user's files, demanding payment for decryption.