Ensuring Security in a System

 Exploits

  • A piece of software, a chunk of data, or a sequence of commands that takes advantage of a bug or vulnerability to cause unintended or unanticipated behavior to occur on computer software, hardware, or something electronic (usually computerized). 
An Exploit can cause,
  • Gaining control of a computer system.
  • Allowing privilege escalation
  • Denial-of-service (DoS or related DDoS) attack.

Vulnerability Assessment

  • The process of defining, identifying, classifying and prioritizing vulnerabilities in Information systems, applications and network infrastructures and providing the organization doing the assessment with the necessary knowledge, awareness and risk background to understand the threats to its environment and react appropriately.

Penetration Testing 

  • Also called pen testing or ethical hacking.
  • The practice of testing a Information system, network or web application to find security vulnerabilities that an attacker could exploit. 
  • The process involves gathering information about the target before the test, identifying possible entry points, attempting to break in either virtually or for real and reporting back the findings.
  • Penetration testing can be automated with software applications or performed manually. 
Goals of Penetrating Testing

  • Identify weak spots in an organization's security posture
  • Measure the compliance of its security policy
  • Test the staff's awareness of security issues
  • Determine whether and how the organization would be subject to security disasters.

Comments

Post a Comment

Popular posts from this blog

What is Cybersecurity?

In today’s digital world, we use the internet for everything from banking and shopping to studying and working. But with convenience comes risk. That’s where cybersecurity comes in. 🛡️ What is Cybersecurity? Cybersecurity is the practice of protecting systems, networks, and data from digital attacks. These attacks aim to access, change, or destroy sensitive information, extort money, or interrupt normal operations. In simple terms: Cybersecurity is like locking your house, but for your computer and online data. ⚠️ Why is Cybersecurity Important? Every day, hackers try to: Steal personal information like passwords or credit card numbers Spread viruses or malware to damage computers Take over systems and ask for ransom (ransomware attacks) Spy on users or organizations for political or financial gain If we don’t protect our devices and information, anyone can become a victim. 💻 Common Types of Cyber Attacks Phishing – Fake emails that trick you into gi...
Read more

CIA Triad

Image
  Confidentiality ( C ) Ensuring that only authorized people can access certain data or systems. Confidentiality covers two concepts. Data confidentiality -  Assures that confidential information is not made available or disclosed to unauthorized individuals. Privacy -  Assures that the owners have control on: What information related to them may be collected and stored,  By whom and to whom that information may be disclosed. Integrity ( I ) Integrity means that information is accurate, complete, and unaltered. This term covers two related concepts.  Data integrity:  Information and programs are changed only in a specified and authorized manner. System integrity:  A system performs its intended function in an unimpaired manner.  Free from deliberate or inadvertent unauthorized manipulation of the system. Availability (A) Systems work promptly and service is not denied to authorized users. Additional Objectives Authenticity:  Able to verify t...
Read more