Information Security and Cybercrime

Information Security

practice of protecting data from unauthorized access, alteration, or destruction

Cybersecurity

subset of information security focused on protecting digital systems, networks, and data from cyber threats

CIA Traid

three fundamental principles of security:

• Confidentiality

• Integrity

• Availability

Confidentiality

ensuring the data is accessible only to authorized individuals

Integrity

preventing unauthorized modification of data

Availability

ensuring data and service are accessible when needed

Vulnerability

weakness in software, hardware, or configuration that can be exploited

Exploit

method or tool used to take advantage of a vulnerability

Threat

person, organization, or event that has the potential to harm data security

Risk

potential financial or operational loss due to security threats

Zero-Day Vulnerability

security flaw discovered before a fix is available

Authentication

verifying a user’s identity before granting access

Authorization

assigning access rights based on authentication

Biometric Authentication

using physical attributes like fingerprints or facial recognition for authentication

Audit Logs

records that track user actions within a system for security monitoring

Black Hat Hacker

malicious hacker who exploits security flaws for personal or financial gain

White Hat Hacker

ethical hacker who helps organizations find and fix security vulnerabilities

Gray Hat Hacker

hacker who investigates security flaws without malicious intent but without permission

Hacktivist

hacker who uses cyber techniques for social or political activism

Cyberterrorist

hacker who targets government or critical infrastructure for ideological reasons

Malicious Insider

employee who intentionally misuses access to harm a company

Phishing

fraudulent email-based attack that tricks users into revealing sensitive information

Spear-Phishing

targeted phishing attack aimed at specific individuals or organizations

Whale-Phishing

phishing attack targeting high-profile executives or influential figures

Smishing & Vishing

fraudulent attacks using SMS (Smishing) or voice calls (Vishing)

QR Code Scams

fraudulent QR codes leading users to malicious sites

Ransomware

malware that encrypts files and demands payment for decryption

Distributed Denial of Service (DDoS)

attack that overwhelms a system with traffic to make it unavailable

Trojan Horse

malicious software disguised as a legitimate program

Worm

type of malware that spreads across networks without user action

Spyware

software that secretly collects data from a user’s system

Keylogger

software or hardware that records keystrokes to steal passwords

Social Engineering

manipulating people into divulging confidential information

Pretexting

deceiving someone to gain access to sensitive information

Shoulder Surfing

observing a person entering sensitive data, such as passwords

Data Breach

unauthorized exposure or theft of sensitive data

Identity Theft

using stolen personal information for fraud

Firewall

security system that filters incoming and outgoing network traffic

Intrusion Detection System (IDS)

monitors system activity to detect unauthorized access

Antivirus Software

scans for and removes malicious programs

Least Privilege Principle

ensuring users only have access to what is necessary for their role

Security Awareness Training

educating employees to recognize and avoid cyber threats

Computer Fraud and Abuse Act (CFAA)

US law protecting against unauthorized computer access

National Infrastructure Protection Act (NIPA)

focuses on securing critical infrastructure

Patriot Act

enhances cybersecurity monitoring for national security purposes

Copyright Laws & Intellectual Property Protections

regulate the legal use of digital content and prevent unauthorized copying

Risk Mitigation

implementing safeguards to reduce risk

Risk Acceptance

acknowledging a risk but deciding not to act against it

Incident Response Plan

structured approach for handling security breaches

Computer Forensics

practice of collecting and analyzing digital evidence for security investigations