An object, person, or other entity that represents a constant danger to an asset
ThreatCategories
Acts of human error or failure
Compromises to intellectual property
Deliberate acts of espionage or trespass
Deliberate acts of information extortion
Deliberate acts of sabotage or vandalism
Deliberate acts of theft
Deliberate software attack
Forces of nature
Technical hardware failures or errors
Technical software failures or errors
Technological obsolesce
ComputerSecurity
The generic name for the collection of tools designed to protect data and to thwart hackers
Network Security
Measures to protect data during their transmission
Internet Security
Measures to protect data during their transmission over a collection of interconnected networks
AspectsofSecurity
Security Attack
Security Mechanism
Security Service
Security Attack
Any action that compromises the security of information owned by an organization
Types of Security Attacks
Passive
Active
Interruption
An asset of the system is destroyed or becomes unavailable or unusable. It is an attack on availability.
Interruption
Destruction of some hardware
Jamming wireless signals
Disabling file management systems
Interception
An unauthorized party gains access to an asset. Attack on confidentiality.
Interception
Wire tapping to capture data in a network
Illicitly copying data or programs
Eavesdropping
Modification
When an unauthorized party gains access and tampers an asset. Attack is on Integrity.
Modification
Changing data file
Altering a program and the contents of a message
Fabrication
An unauthorized party inserts a counterfeit object into the system. Attack on Authenticity. Also called impersonation.
Fabrication
Hackers gaining access to a personal email and sending message
Insertion of records in data files
Insertion of fake/false messages in a network
Security Service
A processing or communication service that is provided by a system to give a specific kind of production to system resources.
Confidentiality
The protection of transmitted data from passive attacks.
Authentication
This service assures that a communication is authentic.
Types of Authentication
Peerentity authentication
Dataorigin authentication
Integrity
Data cannot be modified without authorization. Protecting data from being modified or corrupted by unauthorized users or malicious software.
Types of IntegrityServices
Connection-Oriented Integrity Service
Connectionless-Oriented Integrity Service
Non-repudiation
Prevents either sender or receiver from denying a transmitted message.
Access Control
The ability to control the level of access that individuals or entities have to a network or system and how much information they can receive.
Availability
The property of a system or a system resource being accessible and usable upon demand by an authorized system entity.
Security Mechanism
Tools, protocols, or procedures designed to protect information, systems, and networks from unauthorized access, misuse, or damage.
Specific Security Mechanisms
Encipherment
DigitalSignature
AccessControl
AuthenticationExchange
Antivirussoftware
Firewall
Multi-factor Authentication (MFA)
Data is transmitted over network between two communicating parties, who must cooperate for the exchange to take place.
Whenever an opponent presents a threat to confidentiality, authenticityofinformation, security aspects come into play.
Informationaccessthreats intercept or modify data on behalf of users who should not have access to that data.
Servicethreats exploit service flaws in computers to inhibit use by legitimate users. Viruses and worms are two examples of software attacks inserted into the system by means of a disk or also across the network.
Basic Terminologies
Ciphertext
Cipher
Key
Encipher (Encrypt)
Decipher (Decrypt)
Cryptography
Cryptanalysis (Codebreaking)
Cryptology
Cryptanalysis
The art and science of analyzing and breaking codes or ciphers used to secure information.
TypesofCryptanalyticAttacks
Ciphertextonly
Knownplaintext
Chosenplaintext
Chosenciphertext
Substitution Techniques
Replacing plaintext bit patterns with cipher text bit patterns.
CaesarCipher
Replacing each letter of the alphabet with the letter standing 3 places further down the alphabet.
Playfair Ciphers
Treats diagrams in the plaintext as single units and translates these units into cipher text diagrams.
HillCipher
Involves substitution of 'm' ciphertext letters for 'm' successive plaintext letters.
PolyalphabeticCiphers
The same letter of a message can be represented by different letters when encoded.
Vigenere Cipher
A polyalphabetic cipher based on using successively shifted alphabets, a different shifted alphabet for each of the 26 English letters.