CS Basic Security Concepts - Sheet1 Flashcards
(33 cards)
What are the C.I.A Triad?
Three Security Objectives for info and systems
What do each of the letters in C.I.A stand for?
Confidenetiality, Integrity, Availability
What is Confindentiality as an objective?
Only allowing authorised access to information
What is Integrity as an objective?
Only allowing authorised changes and deletion to info, and only authorised changes to system
What is Availability as an objective?
Offering access and use of info in a timely and reliable manner
What are 2 concepts related to Integrity?
Authenticity and Accountability
What is meant by Integrity-related Authenticity? In terms of information and users?
The property of being genuine, verifiable and trustable (info is from trusted source, users are who they say they are)
What is meant by Integrity-related Accountability?
A goal, to ensure actions can be traced back to an individual
How do we implement Integrity-related Accountability?
Systems should keep record of all activities for future tracing if necessary
What are the 4 key assets in Computer Security?
Hardware, Software, Data, Communication facilities and network (e.g. routers)
What are the 3 types of asset vulnerabilities?
The system can become corrupted, leaky or unavailable
What happens if a system is Corrupted?
The system does wrong things or gives wrong answers
What happens if a system is Leaky?
The system allows unauthorised access
What happens if a system is Unavailable?
The system becomes unavailable or too slow to use
What is an attack?
A threat that is carried out
What are the 2 types of attack classification based on asset impact?
Active attack and Passive attack
What is an Active attack?
An attempt to change assets or affect their operation
Attacker attempts to alter, damage, disrupt, or manipulate system assets
It directly affects the integrity, availability, or operation of data or systems.
What is a Passive attack?
An attempt to learn or make use of information from system.
Does not affect assets
Compromises confidentiality but leaves the system’s operations untouched
A passive attack involves surveillance or data gathering without changing anything in the system.
What are the 2 types of attack classification based on attack origin?
Inside attack and Outside attack
What is an Inside attack?
An attack carried out by an authorised used of the system
Inside attacker = Insider
What is an Outside attack?
An attack carried out by an unauthorised used of the system
What is Risk?
A measure of the extent an asset is threatened by a potential event
Risk=f(Impact,Likelihood)
What 2 things are used to usually calculate the level of Risk?
The negative effects of the event, and the likilhood of it happening
What is a Countermeasure?
Any actions taken to deal with a threat or attack
