This is an ongoing list of information security concepts, definitions and acronyms. This is not your dictionary but hope you’ll find whatever brought you here in this list.
- Information Security – a state of information where confidentiality, integrity and availability is maintained concurrently.
- Confidentiality – authorized access only.
- Integrity – authorized modifications only.
- Availability – always available to authorized users.
- Identification – claiming an identity when attempting access.
- Authentication – process to validated claimed identity.
- Authorization – verification of rights and privileges to confirm if you can perform the intended action.
- Auditing – recording log of event and activities.
- Accountability – reviewing logs for compliance and violations.
- Non Repudiation – This ensures that suspect can not deny the event/incident had occurred.
- Layering = Defense in Depth (search Defense in Depth)
- Abstraction – To define what types of data an object can contain, it’s associated functions and capabilities of the object.
- Vulnerability – Bug / Flaw / Weakness
- Risk = Relative Impact if vulnerability is exploited.
- Threat = Likelyhood of harmful event occurring.
- Data Hiding – Preserving the data in secure environment.
- Encoding (provides Usability) = transform data so that it can be properly and safely consumed by a different type of system (ex. browser should be able to display special characters properly). If you know the encoding algorithm, you can decode.
- Encryption (provides confidentiality) = convert plain text to cipher text so that only specific people can reverse the conversion.
- Hashing (provides Integrity) = there will always be same hash so modifications//tampering could be figured out pretty easily. This can not be reversed.
- Obfuscation = make it harder to read (scramble the data). THIS IS NOT AN ALTERNATIVE TO ENCRYPTION.
Risk = Threats x Vulnerabilities x Impact
Risk = Possibility of disruption x Expected Loss