Elementary Infosec Ch 01 Terms
About this set
Created by:
Cryptosmith on May 4, 2011
Subjects:
Description:
Definitions of key terms from Elementary Information Security, Chapter 1.
Classes:
Log in to favorite or report as inappropriate.
Order by
59 terms
Terms | Definitions |
|---|---|
 Acceptable use policy (AUP) | A written set of rules for the use of certain assets, typically information assets |
| administrator | A person who manages the technical and/or procedural aspects of an activity |
| asset | Physical items, data, or service required to achieve objectives |
| attack | An attempt by a threat agent to exploit an asset without permission |
| attacker | A threat agent who performs an attack |
| authentication | The process of verifying an identity |
| availability | Ensuring timely and reliable access to and use of information |
| basic principle of information security | A property that is often applied to ensure information security |
| black-hat hacker | A hacker who uses knowledge of security weaknesses to attack computer systems |
| botnet | A collection of networked computers remotely controlled by an attacker |
| boundary | A physical or logical security barrier |
| CIA properties | The security properties confidentiality, integrity, and availablity |
| compromised system | A system that is no longer safe to use because it has been attacked |
| confidentiality | Protecting sensitive information from disclosure to unauthorized recipients |
| Confidentiality, Integrity, Availability (CIA) | Three fundamental security properties |
| continuous improvement | A cyclical process that improves future performance based on past results |
| cracker | A person who understands and applies specific attacks on computer systems |
| defense | A security measure intended to resist an attack |
| Defense in Depth | The process of protecting assets by applying layers of defenses |
| Denial of service (DOS) | An attack that prevents authorized users from using an information system |
| Digital rights management (DRM) | Defenses that try to prevent unauthorized replication of copyrighted information |
| disclosure | A security failure that releases confidential data to an unauthorized recipient |
| forgery | An attack using bogus information that appears legitimate |
| hacker | A person with a high degree of knowledge and skill in attacking computer systems |
| high-level analysis | A brief description of a security situation in terms of the six-phase security process |
| hunter's dilemma | Protecting ones' self while leaving a neighbor vulnerable to attack |
| Identity (ID) | A unique name associated with a particular individual or entity |
| implementation | The security process phase in which we design and deploy our defenses |
| information security architecture | The set of boundaries and defenses that protect information security assets |
| information technology (IT) | The technology of computers, computer networking, and information management |
| insider threat | The risk posed by the possibility of attackers inside a security boundary |
| integrity | Ensuring that information assets are not changed by unauthorized actions |
| International Standards Organization (ISO) | An organization that maintains standard shared among several nations |
| Least Privilege | The principle of granting the minimum permissions needed to get work done |
| login | The process of identifying and authenticating a user to a computer system |
| masquerade | An attack in which the attacker assumes the identity of another computer user |
| monitoring | The security process phase in which the system operates and we monitor its security |
| natural threats | Risks that information systems face from natural events like storms or earthquakes |
| nonrepudiation | Assurance that undeniably associates a particular action with the originating entity |
| phone phreak | A person who performs unauthorized manipulations of telephone systems |
| Programmable Logic Controller (PLC) | A digital device for controlling a series of operations, but simpler than a computer |
| recommendation | A published set of guidelines that do not carry the mandate of an official standard |
| recovery | The security process phase in which we recover from an attack on the system |
| risk | Potential situations that threaten assets |
| risk assessment | The security process phase in which we identify and prioritize risks |
| router | A device that connects two or more networks together as part of the Internet |
| script kiddy | A person who uses attacks computers using automated scripts developed by others |
| security architecture study | A detailed description of an information security system in terms of the six phase process |
| security domain | The physical or logical environment within a particular security boundary |
| security plan | A plan for protecting an information system in terms of the six phase process |
| security policy | A statement of security requirements produced by a security process phase |
| security process | A continuous improvement process intended to provide security |
| security services | Techniques used to provide defenses against attacks |
| standards | A published set of guidelines that a community is obliged to follow |
| subversion | An attack in which a program is modified to operate on behalf of the attacker |
| systems engineering process | A multi-step design process that uses requirements to drive implementation and testing |
| threat agent | An entity that is motivated to attack particular assets |
| vulnerability | A weakness in a boundary or other defense that could enable an attack |
| white-hat hacker | A hacker who uses knowledge of security weaknesses to protect computer systems |
First Time Here?
Welcome to Quizlet, a fun, free place to study. Try these flashcards, find others to study, or make your own.