Security Fundamentals

This is an ongoing list of information security concepts, definitions and acronyms. This is not your dictionary but hope you’ll find whatever brought you here in this list.

  • Confidentiality – authorized access only.
  • Integrity – authorized modifications only.
  • Availability – always available to authorized users.
  • Information Security – a state of information where confidentiality, integrity and availability is maintained concurrently.
  • Cyber Security –
  • Identification – claiming an identity when attempting access.
  • Authentication – process to validated claimed identity.
  • Authorization – verification of rights and privileges to confirm if you can perform the intended action.
  • Auditing – recording log of event and activities.
  • Accountability – reviewing logs for compliance and violations.
  • Non Repudiation – This ensures that suspect can not deny the event/incident had occurred.
  • Layering = Defense in Depth (search Defense in Depth)
  • Abstraction – To define what types of data an object can contain, it’s associated functions and capabilities of the object.
  • Data Hiding – Preserving the data in secure environment.
  • Encoding (provides Usability) = transform data so that it can be properly and safely consumed by a different type of system (ex. browser should be able to display special characters properly). If you know the encoding algorithm, you can decode.
  • Encryption (provides confidentiality) = convert plain text to cipher text so that only specific people can reverse the conversion.
  • Hashing (provides Integrity) = there will always be same hash so modifications//tampering could be figured out pretty easily. This can not be reversed.
  • Obfuscation = make it harder to read (scramble the data). THIS IS NOT AN ALTERNATIVE TO ENCRYPTION.
  • Vulnerability – Bug / Flaw / Weakness
  • Risk = Threats x Vulnerabilities x Impact
  • Risk = Possibility of disruption x Expected Loss
  • Risk = Relative Impact if vulnerability is exploited.
  • Threat = Likelihood of harmful event occurring.
  • Threat Agent –
  • Risk Appetite –
  • Residual Risk –

About Samir

Global Portfolio Manager | Cyber Security Architect | Cyber Insurance Evangelist | Pre-sales & GTM | Researcher

Leave a Comment

Your email address will not be published. Required fields are marked *