Unit 8 - Security

avatar
Created by
Dylan Tappenden

Subdecks (6)

Cards (290)

  • An asset is anything of value to an organization
  • A vulnerability is a weakness in a system or its design, that can be exploited by a threat
  • A threat is a potential danger to a company
  • An exploit is a mechanism which takes advantage of a vulnerability
  • Mitigation is a counter-measure that reduces the likelihood or severity of a potential threat or risk
  • Risk is the likelihood of a threat to exploit the vulnerability of an asset, primarily with the aim of negatively affecting an organisation
  • Risk is measured by the probability of an event vs it's consequences
  • An attack vector is the path a bad actor can use to gain unauthorised access
  • Internal threats generally have the easiest vectors of attack
  • Data loss is when data is intentionally or unintentionally lost, stolen, or leaked to the outside world.
  • 4 example data loss vectors?
    Intercepted email
    Unencrypted storage device
    Removable media
    Not shredded hard copy
  • 5 hacking terms:
    Script kiddie - Inexperienced hackers using prebuilt tools, to harm, but rarely profit
    Vulnerability broker - Gray hat hackers who discover and report exploits to vendors
    Hacktivists - Gray hat hackers who publicly protest organisations or governments by accessing confidential info and performing network attacks
    Cyber criminals- Black hat hackers whether self-employed or part of a larger cybercrime organisation
    State sponsored - White or black hat hackers who work for a government generally targeting foreign governments
  • One hacktivist group is anonymous
    Another is Syrian Electronic Army
  • Stuxnet malware was used to damage Iran's nuclear enrichment capabilities
  • State-sponsored hackers create advanced, customised attack code