Foundations of Information Security - Topic 1 Vocabulary

This flashcard set covers the foundational vocabulary of Information Security, including the distinctions between InfoSec, Cybersecurity, and IA, historical milestones, the CIA Triad, the AAA framework, and common threat categories.

Cybersecurity

The protection of internet-connected systems — hardware, software, and data — from cyberattacks and unauthorized access, focused on threats from cyberspace.

Information Security

The safeguarding of information in any form (digital or physical) from unauthorized access, use, disclosure, disruption, modification, or destruction, focusing on the CIA Triad.

Information Assurance (IA)

The practice of managing risks related to the use, processing, storage, and transmission of information, emphasizing policies, risk management, and operational continuity.

Risk Formula

$$\text{Risk} = \text{Threat} \times \text{Vulnerability} \times \text{Impact}$$

Atbash Cipher

An ancient Hebrew cipher used around 1900 BC.

Caesar Cipher

An ancient Roman cipher dating back to 50 BC.

DES (Data Encryption Standard)

A formalized cryptography standard published in 1977.

Morris Worm

The first major internet worm, which appeared in 1988.

ILOVEYOU Worm

An early social engineering mass attack in 2000 that resulted in 50M+ infections and $10B damages.

ISO/IEC 27001

An international standard for Information Security Management Systems (ISMS) introduced in 2003.

Stuxnet

The first known state-sponsored cyberweapon, identified in 2010, which targeted industrial control systems in Iran.

WannaCry / NotPetya

Major ransomware attacks in 2017 that crippled hospitals, banks, and critical infrastructure worldwide.

Confidentiality

A core component of the CIA Triad ensuring that information is accessible only to those authorized to access it.

Integrity

A core component of the CIA Triad safeguarding the accuracy and completeness of information and processing methods.

Availability

A core component of the CIA Triad ensuring authorized users have reliable and timely access to information and resources.

Authentication

The process of verifying the identity of a user, process, or device before granting access (e.g., passwords, smart cards, or biometrics).

Authorization

Determining what an authenticated entity is allowed to do within a system, often using Role-Based Access Control (RBAC).

Accounting (Auditing)

Tracking and recording user activities for audit trails, compliance, forensics, and non-repudiation.

Non-Repudiation

Ensuring a party cannot deny the authenticity of their actions or communications, achieved via digital signatures and audit logs.

RA 10173 (DPA)

The Philippine Data Privacy Act, a legal framework governing the protection of personal information.

Incident Response

A structured approach to handling security breaches consisting of Preparation, Detection, Containment, Eradication, Recovery, and Lessons Learned.

Malware

Malicious software including viruses, worms, trojans, ransomware, and spyware that can affect all three CIA components.

Phishing

A form of social engineering (including spear phishing and vishing) that primarily affects Confidentiality.

Zero-Day Exploits

The exploitation of unpatched vulnerabilities before a vendor fix is available, primarily affecting Integrity and Availability.