Lecture 1

avatar
Created by
Cayenne pepper

Cards (14)

  • Cybersecurity
    Security of information systems and networks with the goal of protecting operations and assets in the face of attacks, accidents and failures
  • CIA Triad

    • Confidentiality
    • Integrity
    • Availability
  • Seven Security Domains

    • Organization
    • End-User
    • Physical access
    • System
    • Software (Application)
    • Network
    • Data (Information)
  • Assets
    • Tangible assets (physical items)
    • Intangible assets (information resources, intellectual property, reputation)
    • Employees
  • Vulnerability
    Weakness that could be triggered accidentally or exploited intentionally to cause a security breach
  • Threat
    Potential for something or someone that may trigger a vulnerability accidentally or exploit it intentionally
  • Risk
    Likelihood and impact (or consequence) of a threat actor exercising a vulnerability
  • Vulnerability, Threat & Risk

    • No security guard or controlled entry, Intruder, Theft
    • No user-controlled access, Employee, Data modified
    • Inadequate Preparation, Flood, Property damage / loss of life
    • Outdated virus protection, Virus, Loss of Data
  • Types of Threat Actors

    • Hackers / Hacktivists
    • Nation States
    • Cyberterrorists
    • Organized Crime and Competitors
    • Trusted Insider
  • Hackers / Hacktivists
    • Individuals who have the skills to gain access to computer systems through unauthorized or unapproved means
    • Hacktivist group uses cyber weapons to promote a political agenda
  • Nation States

    • Develop cybersecurity expertise and use cyber weapons to achieve military and commercial goals
    • Advanced persistent threat (APT) is a stealthy threat actor, typically a nation state or state-sponsored group, which gains unauthorized access to a computer network and remains undetected for an extended period
  • Cyberterrorists
    Intentionally use computers, networks, and public internet to cause destruction and harm for personal objectives
  • Organized Crime and Competitors

    • Organized crime seeks criminal profit, typical activities are financial fraud and blackmail
    • Competitor-driven attacks could aim at theft or disrupting a competitor's business or damaging their reputation
  • Trusted Insider

    • Perpetrator of an attack is a member of, ex-member of, or somehow affiliated with the organization's own staff, partners, or contractors
    • Insider threats are often more difficult to identify and block than outside attacks