Introduction to Information Security

0.0(0)
studied byStudied by 0 people
full-widthCall with Kai
GameKnowt Play
learnLearn
examPractice Test
spaced repetitionSpaced Repetition
heart puzzleMatch
flashcardsFlashcards
Card Sorting

1/34

encourage image

There's no tags or description

Looks like no tags are added yet.

Study Analytics
Name
Mastery
Learn
Test
Matching
Spaced

No study sessions yet.

35 Terms

1
New cards

Information Security

_______ (often called InfoSec) is the practice of protecting information and the systems that store, process, and transmit it. The purpose is to prevent unauthorized access, disclosure, alteration, or destruction of data.

2
New cards

Confidentiality

_______ ensures that information is only accessible to people who have the proper authorization. Unauthorized individuals should not be able to view or steal sensitive data.

3
New cards

Confidentiality

Example: A hospital keeps patient medical records encrypted so that only doctors and authorized staff can access them. If hackers or unauthorized users try to open the files, the data would remain unreadable.

4
New cards

Integrity

________ focuses on maintaining the accuracy, consistency, and completeness of data. It prevents unauthorized changes, whether intentional (like hacking) or accidental (like human error)

5
New cards

Integrity

Example: In online banking, when you transfer money, integrity ensures that the transaction details are not altered by a hacker during transmission. Hashing and verification methods confirm that the data remains unchanged from sender to receiver.

6
New cards

Availability

_____ ensures that information and systems are accessible to authorized users whenever they need it. Even if technical failures or attacks occur, services should remain functional.

7
New cards

Availability

Example: An e-commerce website must be online 24/7. If its main server fails, a backup server should automatically take over so that customers can still place orders without interruption.

8
New cards

threat

A _____ is any potential cause of an unwanted event that could harm a system, organization, or individual. It represents “what could go wrong.”

9
New cards

Human-made threats

_______ – hackers, malware, phishing, insider attacks.

10
New cards

Natural threats

_____ – earthquakes, floods, fires, storms.

11
New cards

Technical threats

______ – hardware failure, software bugs, network outages.

12
New cards

vulnerability

A _____ is a weakness or flaw in a system that can be exploited by a threat. It is essentially a “security hole” that makes the system less secure.

13
New cards

risk

A ____ is the chance or probability that a threat will successfully exploit a vulnerability, leading to damage, loss, or disruption.

14
New cards

Risk

______ = Threat × Vulnerability × Impact

15
New cards

Early Era

  • Focus: Security was mainly physical.

  • Information was stored on paper documents, filing cabinets, and physical media.

  • Protection methods included locked rooms, safes, guards, and access restrictions. 

  • Example: Military or government offices restricted access to sensitive files by using safes and requiring security clearance.

16
New cards

Mainframe Era

  • Large centralized mainframe computers were introduced in government, research, and businesses.

  • Security concerns shifted from purely physical to logical access control.

  • Password protection became one of the first methods of securing computer systems.

  • Example: Universities and corporations required login credentials to access mainframe systems.

17
New cards

Networking Era

  • Computers became connected through local area networks (LANs) and eventually wider networks.

  • This introduced risks such as unauthorized remote access and spreading of malicious software.

  • First generations of firewalls and antivirus software were developed to prevent external attacks.

  • Example: Worms and early viruses began spreading, showing that security had to go beyond physical locks and simple passwords.

18
New cards

Internet and Cybercrime Era

  • The rapid growth of the internet opened global access but also created global threats.

  • Hackers, viruses, worms, and denial-of-service (DoS) attacks became common.

  • Cybercrime emerged, with attackers stealing data, spreading malware, and committing fraud.

  • Organizations and governments responded by developing laws, standards, and security policies (such as ISO/IEC 27001, HIPAA for healthcare, and early data protection acts).

  • Example: The “ILOVEYOU” virus (2000) spread worldwide, infecting millions of computers and causing billions of dollars in damages.

19
New cards

Modern Era

  • Security challenges became more complex and global.

  • Rise of Advanced Persistent Threats (APTs), state-sponsored hacking, and organized cybercrime.

  • Growth of cloud computing, mobile devices, and Internet of Things (IoT) increased the attack surface.

  • Ransomware attacks became widespread, locking critical systems until a ransom was paid.

  • AI-driven attacks and automation introduced new risks but also new defense tools.

  • Data privacy regulations such as GDPR (Europe) and HIPAA (US healthcare) enforced stricter rules for protecting personal information. 

  • Example: Major ransomware attacks like WannaCry (2017) affected hospitals, banks, and businesses worldwide, highlighting the importance of cybersecurity

20
New cards

Information security

_____- is a broad field that extends beyond just installing technical tools or software. It covers the people, processes, and technology within an organization, ensuring that information remains protected in all its forms.

21
New cards

Human behavior

______ is often the weakest link in security. Even the most advanced systems can be compromised if users are careless.

22
New cards

Employees

must be properly trained to recognize threats (such as phishing emails or social engineering).

23
New cards

Organizations

____ should enforce security policies, such as strong password requirements, proper handling of sensitive data, and restrictions on unauthorized software.

24
New cards

Security

____ also involves well-defined procedures and rules to ensure that information is managed safely

25
New cards

Risk management

_____ – identifying and reducing potential risks.

26
New cards

Incident response

_________ – how to react when a security breach happens.

27
New cards

Audits and compliance

______ – checking that systems follow laws, standards, and company policies.

28
New cards

Technical tools

_____ are essential for protecting systems and data.

29
New cards

Firewalls

_____ – block unauthorized network traffic

30
New cards

Encryption

_______ – protects data from being read if stolen.

31
New cards

Authentication systems

______ – verify the identity of users (e.g., biometrics, two-factor authentication)

32
New cards

Intrusion detection systems

_______ (IDS) – monitor and alert on suspicious activity.

33
New cards

Digital data

_____ – stored in databases, hard drives, servers, or cloud platforms

34
New cards

Physical data

________ – printed documents, ID cards, contracts, or even USB drives.

35
New cards

Data in transmission

_____  – information sent through networks, the internet, wireless communication, or even phone lines.