Introduction to Cyber Security

A collection of flashcards covering key terminology and concepts related to the introductory lecture on Cyber Security.

Computer Security

The protection afforded to an automated information system to preserve the integrity, availability, and confidentiality of information system resources.

Confidentiality

Assures that confidential information is not made available or disclosed to unauthorized individuals.

Integrity

Information and programs are changed only in a specified and authorized manner.

Availability

Ensuring timely and reliable access and use of information by authorized users.

Information Security (InfoSec)

The protection of information and information systems from unauthorized access, use, disclosure, disruption, modification, or destruction.

Cyber Security

The practice of protecting systems, networks, and programs from cyber attacks.

Vulnerability

A flaw or weakness in a system’s design, implementation, or operation that could be exploited to violate the system’s security policy.

Threat

A possible danger that might exploit a vulnerability.

Attack

A threat that is carried out, representing a potential harm to the system resource.

Countermeasure

Any means taken to address an attack, prevent an attack from being successful, detect the attack, and recover from the damage due to the attack.

Exploit

A piece of software or a sequence of commands that takes advantage of a bug or vulnerability.

Penetration Testing

The practice of testing an information system, network, or web application to find security vulnerabilities that an attacker could exploit.

Risk

The expected loss due to a particular attack.

Authenticity

The ability to verify that users are who they claim they are, and that the system receives data from a trusted source.

Accountability

The ability to trace back the actions performed by an entity to that entity.

Active Attack

An act that has negative effects on system resources.

Passive Attack

An act to make use of system information that does not affect the system.

Deception

A threat to system or data integrity where an attacker masquerades or falsifies information.

Disruption

A threat to system availability and integrity involving incapacitating or corrupting system resources.

Usurpation

A threat to system integrity where unauthorized actions take over system resources.

OSI Security Architecture

A framework to assess the security needs of an organization and define security requirements.

Security Attack

Any action that compromises the security information owned by an organization.

Security Services

Services that enhance the security of data processing systems and information transfers.

Security Mechanism

A process to detect, prevent, or recover from a security attack.

Threats on Communication Lines

Can be passive or active attacks affecting data transmission.

Vulnerability Assessment

The process of defining, identifying, classifying, and prioritizing vulnerabilities in information systems.