Overview of Computer Security Concepts

These flashcards cover key vocabulary terms and definitions related to computer security concepts, including definitions of security goals, types of attacks, and security mechanisms.

Computer Security

The protection afforded to an automated information system to preserve the integrity, availability, and confidentiality of information system resources.

CIA Triad

The three key objectives of computer security: Confidentiality, Integrity, and Availability.

Confidentiality

Ensures that private information is not disclosed to unauthorized individuals.

Integrity

Assures that information and programs are altered only in a specified and authorized manner.

Availability

Ensures that systems work promptly and service is not denied to authorized users.

Authenticity

The property of being authentic and verifiable, confirming the validity of a transmission or a message.

Accountability

The requirement for actions of an entity to be traced uniquely to that entity.

Authentication

The verification of the identity of the principal making a request.

Authorization

The granting of a request to a principal.

Security Attack

Any action that compromises the security of information owned by an organization.

Passive Attack

An attack that attempts to learn or make use of information from the system without affecting resources.

Active Attack

An attack that involves modification of data streams or the creation of false data streams.

Masquerade Attack

An active attack where one entity pretends to be another entity.

Replay Attack

The capture of a data unit and its retransmission to create an unauthorized effect.

Denial of Service (DoS)

An attack that inhibits the normal use or management of communications facilities.

Security Service

A processing or communication service that enhances the security of data processing systems.

Access Control

Prevention of unauthorized use of a resource.

Non-repudiation

Protection against denial by one of the entities involved in a communication.

Encipherment

The use of mathematical algorithms to transform data into an unintelligible form.

Digital Signature

Data that verifies the source and integrity of a data unit and protects against forgery.

Event Detection

The detection of security-relevant events.

Security Audit Trail

Data collected to facilitate a security audit of system records and activities.