Acs_lec1

avatar
Created by
Diya

Cards (25)

  • Computer security
    The protection of the assets of a computer system
  • Assets of a computer system
    • Hardware
    • Software
    • Data
  • Hardware assets
    • Computer
    • Devices (disk drives, memory, printer)
    • Network gear
  • Software assets
    • Operating system
    • Utilities (antivirus)
    • Commercial applications (word processing, photo editing)
    • Individual applications
  • Value of assets
    • Off the shelf; easily replaceable
    • Unique; irreplaceable
  • Cyber security
    The practice of defending computers, servers, mobile devices, electronic systems, networks and data from malicious attacks
  • Vulnerability
    A weakness in the system that might be exploited to cause loss or harm
  • Threat
    A set of circumstances that has the potential to cause loss or harm
  • Attack
    A human or another machine which exploits a vulnerability to perpetrate an attack on the system
  • Countermeasure or control
    An action, device, procedure, or technique that removes or reduces a vulnerability
  • Threat
    • Vulnerability
    • Control
  • Confidentiality
    The ability of a system to ensure that an asset is viewed only by authorized parties
  • Integrity
    The ability of a system to ensure that an asset is modified only by authorized parties
  • Availability
    The ability of a system to ensure that an asset can be used by any authorized parties
  • Authentication
    The ability of a system to confirm the identity of a sender
  • Nonrepudiation (Accountability)

    The ability of a system to confirm that a sender cannot convincingly deny having sent something
  • Access control policy
    Who + What + How = Yes/No
  • Types of threats
    • Natural causes
    • Benign intent
    • Malicious intent
  • Examples of threats
    • Fire, power failure
    • Human error
    • Impersonation
    • Malicious code on a general web site
  • Advanced Persistent Threat (APT)

    Organized, directed, well financed, patient, silent
  • Types of attackers
    • Criminal-for-hire
    • Organized crime member
    • Individual hacker
    • Terrorist
    • Loosely connected group
  • Types of harm
    • Modification
    • Fabrication
    • Interruption
    • Interception
  • Method-Opportunity-Motive
    • Opportunity
    • Motive
    • Method
  • Confidentiality, integrity, availability

    Technical, procedural, physical controls protect against different types of threats
  • Different types of controls
    • Technical
    • Procedural
    • Physical