CSIT 460 Computer Security - Lecture 01

Flashcards for Computer Security Lecture 01

Computer Security

The protection of computer systems and information from harm, theft, and unauthorized use.

Threat

A threat is anything that has the potential to cause harm to your computer systems, data, or organization. Threats can be intentional or unintentional.

Risk

Risk is the chance that a threat will actually exploit a weakness (vulnerability) in your system and cause damage or loss. Risk combines the probability of the threat happening and the impact it would have if it did.

C.I.A

Confidentiality, Integrity, and Availability

Confidentiality

The property that information is not made available or disclosed to unauthorized individuals, entities, or processes.

Tools for Confidentiality

Encryption, Access Control, Identification, Authentication, Authorization, Physical Security

Encryption

The transformation of information using a secret, called an encryption key, so that the transformed information can only be read using another secret, called the decryption key.

Access Control

Rules and policies that limit access to confidential information to those people and/or systems with a 'need to know'.

Identification

The determination of the identity or role that someone has.

Authentication

The verification of the identity or role that someone has.

Authorization

The determination if a person or system is allowed access to resources, based on an access control policy.

Physical Security

The establishment of physical barriers to limit access to protected computational resources.

Integrity

The property that information has not been altered in an unauthorized way.

Tools for Integrity

Backups, Checksums, Data correcting codes

Backups

The periodic archiving of data.

Checksums

The computation of a function that maps the contents of a file to a numerical value.

Availability

The property that information is accessible and modifiable in a timely fashion by those authorized to do so.

Tools for Availability

Physical protections, Computational redundancies

A.A.A (Authenticity, Anonymity, Assurance)

A set of broader security goals related to trust, genuineness, and privacy.

Assurance

Refers to how trust is provided and managed in computer systems. Confidence that the system's security policy is enforced.

Trust management depends on

Policies, Permissions, Protections

Authenticity

The ability to determine that statements, policies, and permissions issued by persons or systems are genuine.

Primary tool for Authenticity

Digital signatures

Anonymity

The property that certain records or transactions not to be attributable to any individual.

Tools for Anonymity

Aggregation, Mixing, Proxies, Pseudonyms