10 Questions
What is the main goal of a control or countermeasure in computer security?
To neutralize threats or close vulnerabilities
What type of attack is intended to harm specific computers or users?
Directed attack
What is the term used to describe a malicious computer security event?
Attack
What is the term used to describe the possibility of harm occurring?
Risk
What type of attackers are motivated by fun, challenge, or revenge?
Individuals
What is the goal of attackers involved in organized crime?
To engage in fraud, extortion, and money laundering
What is the link between computer security and terrorism?
Evident
What occurs when a threat is realized against a vulnerability?
Harm occurs
What type of attack can harm any computer or user?
Random attack
What is the term used to describe a weakness that can be exploited by a threat?
Vulnerability
Study Notes
Dealing with Harm
- Harm can be dealt with in several ways: preventing it, deterring it, deflecting it, mitigating it, detecting it, and recovering from its effects.
Controls
- Controls can be used simultaneously to deal with harm.
- Controls can be grouped into three largely independent classes: physical, procedural (or administrative), and technical.
Physical Controls
- Physical controls stop or block an attack using tangible means, such as locks, guards, and fire extinguishers.
Procedural or Administrative Controls
- Procedural or administrative controls use commands or agreements that require or advise people how to act, such as laws, regulations, policies, procedures, guidelines, copyrights, patents, and contracts.
Technical Controls
- Technical controls counter threats using technology (hardware or software), including passwords, access controls, network protocols, firewalls, intrusion detection systems, encryption, and network traffic flow regulators.
Vulnerabilities
- Computer systems have vulnerabilities, such as weak authentication, lack of access control, errors in programs, finite or insufficient resources, and inadequate physical protection.
- Each vulnerability can allow harm if paired with a credible attack.
Threats
- A threat to a computing system is a set of circumstances that has the potential to cause loss or harm.
- Threats can be considered in two ways: what bad things can happen to assets and who or what can cause or allow those bad things to happen.
Control Paradigm
- A control or countermeasure is an action, device, procedure, or technique that removes or reduces a vulnerability.
- A threat is blocked by control of a vulnerability.
Types of Threats
- Human errors can lead to harm, and malicious attacks can be random or directed.
- Malicious attacks can be committed by individuals, organized groups, organized crime, and terrorists.
Types of Attackers
- Individuals may attack for fun, challenge, or revenge.
- Organized, worldwide groups, organized crime, and terrorists may also attack.
Learn about the different ways to deal with harm from cybersecurity threats, including prevention, deterrence, deflection, mitigation, detection, and recovery. Understand the importance of controls in protecting against attacks.
Make Your Own Quizzes and Flashcards
Convert your notes into interactive study material.
Get started for free
