Uncategorized

Security Fundamentals

Updated on Leave a Comment on Security Fundamentals

This is an ongoing list of information security concepts, definitions and acronyms. This is not your dictionary but hope you’ll find whatever brought you here in this list.

  • Confidentiality – authorized access only.
  • Integrity – authorized modifications only.
  • Availability – always available to authorized users.
  • Information Security – a state of information where confidentiality, integrity and availability is maintained concurrently.
  • Cyber Security –
  • Identification – claiming an identity when attempting access.
  • Authentication – process to validated claimed identity.
  • Authorization – verification of rights and privileges to confirm if you can perform the intended action.
  • Auditing – recording log of event and activities.
  • Accountability – reviewing logs for compliance and violations.
  • Non Repudiation – This ensures that suspect can not deny the event/incident had occurred.
  • Layering = Defense in Depth (search Defense in Depth)
  • Abstraction – To define what types of data an object can contain, it’s associated functions and capabilities of the object.
  • Data Hiding – Preserving the data in secure environment.
  • Encoding (provides Usability) = transform data so that it can be properly and safely consumed by a different type of system (ex. browser should be able to display special characters properly). If you know the encoding algorithm, you can decode.
  • Encryption (provides confidentiality) = convert plain text to cipher text so that only specific people can reverse the conversion.
  • Hashing (provides Integrity) = there will always be same hash so modifications//tampering could be figured out pretty easily. This can not be reversed.
  • Obfuscation = make it harder to read (scramble the data). THIS IS NOT AN ALTERNATIVE TO ENCRYPTION.
  • Vulnerability – Bug / Flaw / Weakness
  • Risk = Threats x Vulnerabilities x Impact
  • Risk = Possibility of disruption x Expected Loss
  • Risk = Relative Impact if vulnerability is exploited.
  • Threat = Likelihood of harmful event occurring.
  • Threat Agent –
  • Risk Appetite –
  • Residual Risk –

About Samir

Global Portfolio Manager | Cyber Security Architect | Cyber Insurance Evangelist | Pre-sales & GTM | Researcher

Related Post

Hello world!

Social Engineering

Compliance Audit: Curse of Necessity.

Social Engineering – Starting with the Flicks

Patch Management

Indian Cyber Laws

Leave a Comment

Your email address will not be published. Required fields are marked *