Test Your Computer Security Knowledge with This Quiz!

Understanding Computer Security: Key Concepts and Terms

• The NIST Computer Security Handbook defines computer security as the protection of automated information systems to achieve the objectives of preserving confidentiality, integrity, and availability.
• Confidentiality refers to the assurance that private or confidential information is not disclosed to unauthorized individuals, while privacy ensures individual control over collected information.
• Integrity covers data and system integrity, which assure that information and programs are changed only in an authorized manner and that a system performs its intended function free from manipulation.
• Availability ensures that systems work promptly, and service is not denied to authorized users.
• Computer security is a process that involves hardware, software, and people, and it focuses on balancing protection of confidentiality, integrity, and availability while maintaining efficient policy implementation.
• Cyber attacks are aimed at making one or more security pillars ineffective, and they can target users or carriers of an asset, causing direct damage.
• Active attacks attempt to alter system resources, while passive attacks attempt to learn or use information from the system without affecting resources.
• Inside attacks are initiated by an entity inside the security perimeter, while outside attacks are initiated by unauthorized or illegitimate users outside the perimeter.
• A countermeasure is any means taken to deal with a security attack, and it can prevent or detect and recover from the effects of an attack.
• An asset is the set of components within a perimeter, while an attack surface refers to the surface that can be potentially used by attackers, including hardware, software, and network components.
• Early computer security problems included moths found in a Navy computer and tone-producing "blue boxes" used to make free phone calls, which were later replaced by Cap'n Crunch cereal box whistles.
• Understanding computer security requires a structured approach, such as the MITRE ATT&CK framework, that describes how attacks can be conducted and how countermeasures can be put in place.

Understanding Computer Security: Key Concepts and Terms

• The NIST Computer Security Handbook defines computer security as the protection of automated information systems to achieve the objectives of preserving confidentiality, integrity, and availability.
• Confidentiality refers to the assurance that private or confidential information is not disclosed to unauthorized individuals, while privacy ensures individual control over collected information.
• Integrity covers data and system integrity, which assure that information and programs are changed only in an authorized manner and that a system performs its intended function free from manipulation.
• Availability ensures that systems work promptly, and service is not denied to authorized users.
• Computer security is a process that involves hardware, software, and people, and it focuses on balancing protection of confidentiality, integrity, and availability while maintaining efficient policy implementation.
• Cyber attacks are aimed at making one or more security pillars ineffective, and they can target users or carriers of an asset, causing direct damage.
• Active attacks attempt to alter system resources, while passive attacks attempt to learn or use information from the system without affecting resources.
• Inside attacks are initiated by an entity inside the security perimeter, while outside attacks are initiated by unauthorized or illegitimate users outside the perimeter.
• A countermeasure is any means taken to deal with a security attack, and it can prevent or detect and recover from the effects of an attack.
• An asset is the set of components within a perimeter, while an attack surface refers to the surface that can be potentially used by attackers, including hardware, software, and network components.
• Early computer security problems included moths found in a Navy computer and tone-producing "blue boxes" used to make free phone calls, which were later replaced by Cap'n Crunch cereal box whistles.
• Understanding computer security requires a structured approach, such as the MITRE ATT&CK framework, that describes how attacks can be conducted and how countermeasures can be put in place.