Topic 1 Flashcards by Charlene Dilig

Any transaction online, including online banking, software services, remote service providers, or online course platforms.

E-commerce

How well did you know this?

Not at all

Perfectly

What is E-commerce?

Any transaction online, including online banking, software services, remote service providers, or online course platforms.

How well did you know this?

Not at all

Perfectly

Characteristics of information to be useful

Accurate
Timely
Complete
Verifiable
Consistent
Available

How well did you know this?

Not at all

Perfectly

Characteristics of information to be useful

You might want:

Privacy
Protection against phishing, vishing
Integrity
Authentication
Authorization
Confidentiality
Non-repudiation
Availability

How well did you know this?

Not at all

Perfectly

Aspects of Information Needing protection

Availability

timely, reliable access to data and information services for authorized users

How well did you know this?

Not at all

Perfectly

Aspects of Information Needing protection

Integrity

you can only see the data but you cannot change it, protection against unauthorized modification or destruction of information

How well did you know this?

Not at all

Perfectly

Aspects of Information Needing protection

Confidentiality

assurance that information is not disclosed to unauthorized parties

How well did you know this?

Not at all

Perfectly

Aspects of Information Needing protection

Authentication

to identify and verify user’s identity , security measures to establish the validity of a transmission, message or originator

How well did you know this?

Not at all

Perfectly

Aspects of Information Needing protection

Non-repudiation

you cannot deny the authenticity/validity of an act you committed, sender given proof of data delivery and recipient given proof of sender’s identity so that neither can deny processed data

How well did you know this?

Not at all

Perfectly

Aspects of Information Needing protection

Availability
Confidentiality
Authentication
Non-repudiation

How well did you know this?

Not at all

Perfectly

is the resource being protected

Assets

How well did you know this?

Not at all

Perfectly

Assets

Physical assets

devices, computers, people

How well did you know this?

Not at all

Perfectly

Assets

Logical assets

information, data (in transmission, storage, or processing), and intellectual property

How well did you know this?

Not at all

Perfectly

Assets

System assets

any software, hardware, data, administrative, physical, communications, or personnel resource within an information system

How well did you know this?

Not at all

Perfectly

Attacks

Passive attack

an attack in which the attacker observes interaction with the system

How well did you know this?

Not at all

Perfectly

Active attack

an attack in which the attacker directly interacts with the system

How well did you know this?

Not at all

Perfectly

Unintentional attack

an attack where there is not a deliberate goal of misuse

How well did you know this?

Not at all

Perfectly

Exposure

is an instance when the system is vulnerable to attack

How well did you know this?

Not at all

Perfectly

Compromise

is a situation in which the attacker has succeeded

How well did you know this?

Not at all

Perfectly

is a recognized, action specific, generalized or theoretical that an adversary (threat actor) might be expected to take in preparation for an attack

Indicator

How well did you know this?

Not at all

Perfectly

Consequence

is the outcome of the attack, may cause the information system to lose effectiveness and may have other costs

How well did you know this?

Not at all

Perfectly

Consequence

Disruption

targets availability

How well did you know this?

Not at all

Perfectly

Consequence

Corruption

targets integrity

How well did you know this?

Not at all

Perfectly

Consequence

Exploitation

targets confidentiality

How well did you know this?

Not at all

Perfectly

is a type of consequence, involving accidental exposure of information to an agent not authorized access.

Inadvertent disclosure

Taxonomy of attacks with relation to security goals

1. Threat to Confidentiality 2. Threat to integrity 3. Threat to availability

# Taxonomy of attacks with relation to security goals Threat to Confidentiality

1. Snooping 2. Traffic analysis

# Taxonomy of attacks with relation to security goals Threat to integrity

1. Modification 2. Masquerading 3. Replaying 4. Repudiation

# Taxonomy of attacks with relation to security goals Threat to availability

Denial of service

# Security Attack Confidentiality

information needs to be hidden from unauthorized access

# Security Attack Integrity

protected from unauthorized change

Availability

Available to an authorized entity when it is needed

1. Accurate 2. Timely 3. Complete 4. Verifiable 5. Consistent 6. Available

Characteristics of information to be useful

timely, reliable access to data and information services for authorized users

# Aspects of Information Needing protection Availability

you can only see the data but you cannot change it, protection against unauthorized modification or destruction of information

# Aspects of Information Needing protection Integrity

assurance that information is not disclosed to unauthorized parties

# Aspects of Information Needing protection Confidentiality

to identify and verify user’s identity , security measures to establish the validity of a transmission, message or originator

# Aspects of Information Needing protection Authentication

you cannot deny the authenticity/validity of an act you committed, sender given proof of data delivery and recipient given proof of sender’s identity so that neither can deny processed data

# Aspects of Information Needing protection Non-repudiation

1. Availability 2. Confidentiality 3. Authentication 4. Non-repudiation

Aspects of Information Needing protection

Assets

is the resource being protected

devices, computers, people

# Assets Physical assets

information, data (in transmission, storage, or processing), and intellectual property

# Assets Logical assets

any software, hardware, data, administrative, physical, communications, or personnel resource within an information system

# Assets System assets

an attack in which the attacker observes interaction with the system

# Attacks Passive attack

an attack in which the attacker directly interacts with the system

Active attack

an attack where there is not a deliberate goal of misuse

Unintentional attack

is an instance when the system is vulnerable to attack

Exposure

is a situation in which the attacker has succeeded

Compromise

Indicator

is a recognized, action specific, generalized or theoretical that an adversary (threat actor) might be expected to take in preparation for an attack

is the outcome of the attack, may cause the information system to lose effectiveness and may have other costs

Consequence

targets availability

# Consequence Disruption

targets integrity

# Consequence Corruption

targets confidentiality

# Consequence Exploitation

Inadvertent disclosure

is a type of consequence, involving accidental exposure of information to an agent not authorized access.

1. Threat to Confidentiality 2. Threat to integrity 3. Threat to availability

Taxonomy of attacks with relation to security goals

1. Snooping 2. Traffic analysis

# Taxonomy of attacks with relation to security goals Threat to Confidentiality

1. Modification 2. Masquerading 3. Replaying 4. Repudiation

# Taxonomy of attacks with relation to security goals Threat to integrity

Denial of service

# Taxonomy of attacks with relation to security goals Threat to availability

information needs to be hidden from unauthorized access

# Security Attack Confidentiality

protected from unauthorized change

# Security Attack Integrity

Available to an authorized entity when it is needed

Availability

Topic 1 Flashcards

(61 cards)