Podcast
Questions and Answers
What is the main goal of a control or countermeasure in computer security?
What is the main goal of a control or countermeasure in computer security?
What type of attack is intended to harm specific computers or users?
What type of attack is intended to harm specific computers or users?
What is the term used to describe a malicious computer security event?
What is the term used to describe a malicious computer security event?
What is the term used to describe the possibility of harm occurring?
What is the term used to describe the possibility of harm occurring?
Signup and view all the answers
What type of attackers are motivated by fun, challenge, or revenge?
What type of attackers are motivated by fun, challenge, or revenge?
Signup and view all the answers
What is the goal of attackers involved in organized crime?
What is the goal of attackers involved in organized crime?
Signup and view all the answers
What is the link between computer security and terrorism?
What is the link between computer security and terrorism?
Signup and view all the answers
What occurs when a threat is realized against a vulnerability?
What occurs when a threat is realized against a vulnerability?
Signup and view all the answers
What type of attack can harm any computer or user?
What type of attack can harm any computer or user?
Signup and view all the answers
What is the term used to describe a weakness that can be exploited by a threat?
What is the term used to describe a weakness that can be exploited by a threat?
Signup and view all the answers
Study Notes
Dealing with Harm
- Harm can be dealt with in several ways: preventing it, deterring it, deflecting it, mitigating it, detecting it, and recovering from its effects.
Controls
- Controls can be used simultaneously to deal with harm.
- Controls can be grouped into three largely independent classes: physical, procedural (or administrative), and technical.
Physical Controls
- Physical controls stop or block an attack using tangible means, such as locks, guards, and fire extinguishers.
Procedural or Administrative Controls
- Procedural or administrative controls use commands or agreements that require or advise people how to act, such as laws, regulations, policies, procedures, guidelines, copyrights, patents, and contracts.
Technical Controls
- Technical controls counter threats using technology (hardware or software), including passwords, access controls, network protocols, firewalls, intrusion detection systems, encryption, and network traffic flow regulators.
Vulnerabilities
- Computer systems have vulnerabilities, such as weak authentication, lack of access control, errors in programs, finite or insufficient resources, and inadequate physical protection.
- Each vulnerability can allow harm if paired with a credible attack.
Threats
- A threat to a computing system is a set of circumstances that has the potential to cause loss or harm.
- Threats can be considered in two ways: what bad things can happen to assets and who or what can cause or allow those bad things to happen.
Control Paradigm
- A control or countermeasure is an action, device, procedure, or technique that removes or reduces a vulnerability.
- A threat is blocked by control of a vulnerability.
Types of Threats
- Human errors can lead to harm, and malicious attacks can be random or directed.
- Malicious attacks can be committed by individuals, organized groups, organized crime, and terrorists.
Types of Attackers
- Individuals may attack for fun, challenge, or revenge.
- Organized, worldwide groups, organized crime, and terrorists may also attack.
Studying That Suits You
Use AI to generate personalized quizzes and flashcards to suit your learning preferences.
Description
Learn about the different ways to deal with harm from cybersecurity threats, including prevention, deterrence, deflection, mitigation, detection, and recovery. Understand the importance of controls in protecting against attacks.
