Chapter 1 -itm 820

key security concepts

confidentiality, integrity, and availability

low impact of attack

A situation where a security breach results in minimal damage to an organization's operations, assets, or individuals.

moderate impact of attcack

A situation where a security breach leads to a significant disruption of operations, financial loss, or reputational damage to an organization.

high impact of attck

A situation where a security breach causes severe damage, potentially compromising critical operations, leading to substantial financial loss, regulatory penalties, or irreversible harm to an organization's reputation.

adversary(threat agent)

An individual or group that poses a potential threat to an organization's security by exploiting vulnerabilities for malicious purposes.

attack

Any kind of malicious activity that attempts to collect, disrupt, deny, degrade, or destroy information system resources or information.

countermeasure

A device or techniques that has as its objective the impairment of the operational effectiveness of undesirable or adversarial activity, or the prevention of espionage, sabotage, theft, or unauthorized access to or use of sensitive information or information systems

risk

A measure of the extent to which an entity is threatened by a potential circumstance or event. 1)the adverse impacts that would arise if the circumstances or event occurs. 2)the likelihood of occurrence

security policy

A set of rules and practices that specify how an organization manages, protects, and distributes sensitive information. It outlines the security measures and procedures to ensure the integrity, confidentiality, and availability of data.

systems resource (asset)

A major application, general support system, high impact program, physical plant, mission critical system, personnel, equipment, or a logically related group of systems
related group of systems.

Threath

A potential event or circumstance that could cause harm or loss to an organization.

vulnerability

A weakness or gap in a security program that can be exploited by threats to gain unauthorized access or cause harm to an organization.

Categories of vulnerabilities

-corrupted(integrity)

-leaky(confidentiality)

-very slow(availability)

Threaths

look for vulnerabilities

Passive attack

An attempt to gain unauthorized access to information without altering the system or data. This type of attack often involves eavesdropping on communications to gather sensitive information.

Active attack

An attempt to disrupt or compromise the integrity, confidentiality, or availability of a system by altering data or interfering with operations.

Insider attack

initiated by an entity inside the security parameter

outsider

initiated from outside the perimeter

Means to deal withs security attacks

-prevent

-detect

-recover

attacks surface categories

-network attack surface

-software attack surface

-human attack surface

security policy

Formal statement of
rules and practices
that specify or
regulate how a system
or organization
provides security
services to protect
sensitive and critical
system resources

security implementation

Involves four
complementary
courses of action:
• Prevention
• Detection
• Response
• Recovery

assurance

Encompassing both
system design and
system
implementation,
assurance is an
attribute of an
information system
that provides grounds
for having confidence
that the system
operates such that the
system’s security
policy is enforced

evaluation

Process of examining
a computer product or
system with respect
to certain criteria
• Involves testing and
may also involve
formal analytic or
mathematical
techniques
Computer Security
Strategy

strategies for computer security

-security implementation

-security policy

-evaluation

-assurance