Basic Cybersecurity Terms

 System Resources

  • System Resource or asset that needs to be protected
Assets types needed to protect.
  • Hardware - Computer System, data storage, communication devices. 
  • Software - Operating systems, program utilities and applications. 
  • Data - Data and password files,  databases. 
  • Communication facilities and networks - LAN, WAN, routers, etc.

Vulnerabilities of system resources

  • A flaw or weaknesses in a system’s design, implementation, or operation and management that could be exploited to violate the system’s security policy. 
What in CIA is violated:
  • When the resource is corrupted       ➡️ violate Integrity
  • When the resource is leaky               ➡️ violate Confidentiality
  • When the resource is unavailable    ➡️ violate Availability

Threat 

  • Possible danger that might exploit a vulnerability.
  • It represents a potential harm to the system resource. 

Attack 

  • A threat that is carried out (threat action) 
  • Two attack types:
    • Active attack:  An act that has negative effects on system resources
    • Passive attack: An act to make use of system information but it does not affect the system 
  • The origin of an attack:
    • Inside attack    : Carried out by an entity inside the security perimeter.
    • Outside attack : Performed by an unauthorized users.

Adversary 

  • An entity that carried out an attack
  • A threat agent or an attacker.

Countermeasure 

  • Any means taken 
    • To address an attack, 
    • To prevent an attack from being successful, 
    • To detect the attack if the attack is successful, and 
    • To recover from the damage due to the attack.

Risk 

  • The expected loss due to a particular attack. 







Comments

Post a Comment

Popular posts from this blog

What is Cybersecurity?

In today’s digital world, we use the internet for everything from banking and shopping to studying and working. But with convenience comes risk. That’s where cybersecurity comes in. 🛡️ What is Cybersecurity? Cybersecurity is the practice of protecting systems, networks, and data from digital attacks. These attacks aim to access, change, or destroy sensitive information, extort money, or interrupt normal operations. In simple terms: Cybersecurity is like locking your house, but for your computer and online data. ⚠️ Why is Cybersecurity Important? Every day, hackers try to: Steal personal information like passwords or credit card numbers Spread viruses or malware to damage computers Take over systems and ask for ransom (ransomware attacks) Spy on users or organizations for political or financial gain If we don’t protect our devices and information, anyone can become a victim. 💻 Common Types of Cyber Attacks Phishing – Fake emails that trick you into gi...
Read more

CIA Triad

Image
  Confidentiality ( C ) Ensuring that only authorized people can access certain data or systems. Confidentiality covers two concepts. Data confidentiality -  Assures that confidential information is not made available or disclosed to unauthorized individuals. Privacy -  Assures that the owners have control on: What information related to them may be collected and stored,  By whom and to whom that information may be disclosed. Integrity ( I ) Integrity means that information is accurate, complete, and unaltered. This term covers two related concepts.  Data integrity:  Information and programs are changed only in a specified and authorized manner. System integrity:  A system performs its intended function in an unimpaired manner.  Free from deliberate or inadvertent unauthorized manipulation of the system. Availability (A) Systems work promptly and service is not denied to authorized users. Additional Objectives Authenticity:  Able to verify t...
Read more

Ensuring Security in a System

 Exploits A piece of software, a chunk of data, or a sequence of commands that takes advantage of a bug or vulnerability to cause unintended or unanticipated behavior to occur on computer software, hardware, or something electronic (usually computerized).  An Exploit can cause, Gaining control of a computer system. Allowing privilege escalation Denial-of-service (DoS or related DDoS) attack. Vulnerability Assessment The process of defining, identifying, classifying and prioritizing vulnerabilities in Information systems, applications and network infrastructures and providing the organization doing the assessment with the necessary knowledge, awareness and risk background to understand the threats to its environment and react appropriately. Penetration Testing  Also called pen testing or ethical hacking. The practice of testing a Information system, network or web application to find security vulnerabilities that an attacker could exploit.  The process involves gathe...
Read more