Getting Acquainted with Information Security

This is an ongoing list of information security concepts, definitions and acronyms. This is not your dictionary but hope you’ll find whatever brought you here in this list.

  • Information Security – a state of information where confidentiality, integrity and availability is maintained concurrently.
  • Confidentiality – authorized access only.
  • Integrity – authorized modifications only.
  • Availability – always available to authorized users.
  • Identification – claiming an identity when attempting access.
  • Authentication – process to validated claimed identity.
  • Authorization – verification of rights and privileges to confirm if you can perform the intended action.
  • Auditing – recording log of event and activities.
  • Accountability – reviewing logs for compliance and violations.
  • Non Repudiation – This ensures that suspect can not deny the event/incident had occurred.
  • Layering = Defense in Depth (search Defense in Depth)
  • Abstraction – To define what types of data an object can contain, it’s associated functions and capabilities of the object.
  • Vulnerability – Bug / Flaw / Weakness
  • Risk = Relative Impact if vulnerability is exploited.
  • Threat = Likelyhood of harmful event occurring.
  • Data Hiding – Preserving the data in secure environment.
  • Encoding (provides Usability) = transform data so that it can be properly and safely consumed by a different type of system (ex. browser should be able to display special characters properly). If you know the encoding algorithm, you can decode.
  • Encryption (provides confidentiality) = convert plain text to cipher text so that only specific people can reverse the conversion.
  • Hashing (provides Integrity) = there will always be same hash so modifications//tampering could be figured out pretty easily. This can not be reversed.
  • Obfuscation = make it harder to read (scramble the data). THIS IS NOT AN ALTERNATIVE TO ENCRYPTION.

Risk = Threats x Vulnerabilities x Impact
OR
Risk = Possibility of disruption x Expected Loss