Unit 8 - Security

    avatar
    Created by
    Dylan Tappenden

    Subdecks (6)

    Cards (290)

    • An asset is anything of value to an organization
    • A vulnerability is a weakness in a system or its design, that can be exploited by a threat
    • A threat is a potential danger to a company
    • An exploit is a mechanism which takes advantage of a vulnerability
    • Mitigation is a counter-measure that reduces the likelihood or severity of a potential threat or risk
    • Risk is the likelihood of a threat to exploit the vulnerability of an asset, primarily with the aim of negatively affecting an organisation
    • Risk is measured by the probability of an event vs it's consequences
    • An attack vector is the path a bad actor can use to gain unauthorised access
    • Internal threats generally have the easiest vectors of attack
    • Data loss is when data is intentionally or unintentionally lost, stolen, or leaked to the outside world.
    • 4 example data loss vectors?
      Intercepted email
      Unencrypted storage device
      Removable media
      Not shredded hard copy
    • 5 hacking terms:
      Script kiddie - Inexperienced hackers using prebuilt tools, to harm, but rarely profit
      Vulnerability broker - Gray hat hackers who discover and report exploits to vendors
      Hacktivists - Gray hat hackers who publicly protest organisations or governments by accessing confidential info and performing network attacks
      Cyber criminals- Black hat hackers whether self-employed or part of a larger cybercrime organisation
      State sponsored - White or black hat hackers who work for a government generally targeting foreign governments
    • One hacktivist group is anonymous
      Another is Syrian Electronic Army
    • Stuxnet malware was used to damage Iran's nuclear enrichment capabilities
    • State-sponsored hackers create advanced, customised attack code