Definitions and Key Points Week 1-2-8 PDF

Summary

This document provides definitions of key concepts in computer security, including security, computer security, network security, internet security, and information security. It also covers topics such as confidentiality, integrity, availability, and authenticity within the context of security systems.

Full Transcript

Definitions

1. Security: The quality or state of being secure; free from danger.

2. Computer Security: A generic name for the collection of tools designed to protect data
and thwart hackers.

3. Network Security: Measures to protect data during their transmission over a network.

4. Internet Security: Measures to protect data during their transmission over a collection
of interconnected networks.

5. Information Security: A well-informed sense of assurance that the information risks
and controls are in balance.
6. Confidentiality:
 Data Confidentiality: Assures that private or confidential information is not disclosed to
unauthorized individuals.
 Privacy: Assures that individuals control what information related to them may be
collected, stored, and disclosed.
7. Integrity:
 Data Integrity: Assures that information and programs are changed only in a specified
and authorized manner.
 System Integrity: Assures that a system performs its intended function in an
unimpaired manner, free from unauthorized manipulation.

8. Availability: Assures that systems work promptly and service is not denied to
authorized users.

9. Authenticity: The property of being genuine and being able to be verified and trusted;
confidence in the validity of a transmission or message.

10. Accountability: The security goal that generates the requirement for actions of an
entity to be traced uniquely to that entity.

11. Security Policy: A formal statement of rules and practices that specify how a system or
organization provides security services to protect sensitive and critical system
resources.

12. Risk: An expectation of loss expressed as the probability that a particular threat will
exploit a particular vulnerability with a particular harmful result.
13. Threat: A potential for violation of security, which exists when there is a circumstance,
capability, action, or event that could breach security and cause harm.

14. Vulnerability: A flaw or weakness in a system's design, implementation, or operation
that could be exploited to violate the system's security policy.

15. Adversary (Threat Agent): An entity that attacks or is a threat to a system.

16. Countermeasure: An action, device, procedure, or technique that reduces a threat, a
vulnerability, or an attack.

17. Security Service: A service provided by a protocol layer of communicating open
systems, which ensures adequate security of the systems or data transfers.

18. Security Mechanism: A mechanism designed to detect, prevent, or recover from a
security attack.

19. Message Authentication: Protects against active attacks by verifying that a received
message is authentic and unaltered.

20. Public Key Infrastructure (PKI): An integrated system of software, encryption
methodologies, protocols, legal agreements, and third-party services enabling users to
communicate securely.

21. Digital Certificate: An electronic document containing key value and identifying
information about the entity that controls the key.

22. Digital Signature: An encrypted message that can be mathematically proven to be
authentic, ensuring the document remains unchanged during transmission.

Key Points
1. Types of Security:
 Physical Security
 Personal Security
 Operations Security
 Communications Security
 Network Security
 Information Security
2. Key Objectives of Computer Security:
 Confidentiality
 Integrity
 Availability
 Authenticity
 Accountability
3. Threat Consequences:
 Confidentiality Threats: Unauthorized disclosure, exposure, interception, inference,
intrusion.
 Integrity Threats: Deception, masquerade, falsification, repudiation.
 Availability Threats: Disruption, incapacitation, corruption, obstruction, usurpation.
4. OSI Security Architecture:
 Focuses on security attacks, mechanisms, and services.
 Major categories of security services include:
 Authentication
 Access Control
 Data Confidentiality
 Data Integrity
 Non-repudiation
5. Risk Assessment Process:
 Check existing security policies.
 Analyze, prioritize, and categorize resources.
 Consider business concerns.
 Evaluate existing security controls.
 Leverage existing management and control architecture.
6. Security Incident Management:
 Involves preparation, reaction, and assessment of security incidents.
7. Vulnerability Management Process:
 Discovery, repair, notification, and deployment stages of software vulnerabilities.
8. Security Controls:
 Preventive Controls: Prevent malicious activity from occurring.
 Detective Controls: Uncover evidence of malicious activity.
 Corrective Controls: Fix problems that have occurred in the environment.
9. Cryptographic Tools:
 Message Authentication Codes
 Secure Hash Functions
 Public Key Authentication
10. Protocols for Secure Communications:
 Secure Socket Layer (SSL)
 Secure Hypertext Transfer Protocol (S-HTTP)
 Secure Multipurpose Internet Mail Extensions (S/MIME)
 Privacy Enhanced Mail (PEM)
 Pretty Good Privacy (PGP)
 Secure Electronic Transactions (SET)